Preparing the place to actually run a WordPress program. Broadly speaking, there are WordPress.com and another WordPress which is installed on Web Hosting Service ( self-hosted WordPress ). We cannot understand the difference at first, even using Google search (*_*).
Use AI ( copilot ) for your unknown
Difference from WordPress.com
WordPress.com is a cloud (internet space) provided by Automattic , a company that produces WordPress . It is easy to use because it is specialized for WordPress. But the fee is a bit expensive.
Other WordPress uses a cloud space which is called a ” Web Hosting Service “. In there, use a self-hosted WordPress. The cheaper the fee, the more you have to do yourself. However, you may be able to get one or two original domains for free forever (WordPress.com is free for one year).
If you want to use WordPress, these two options are only ( there is another way exactly, but it is extremely difficult ).
WordPress.com can create a homepage for free, but most plug-ins cannot be used for free. WordPress without plugins means that you can only create a cheap homepage than other web applications, so you will naturally move to a paid plan ( business plan or higher ).
Business plans are a bit expensive ! High security however
My recommendation is to contract with “Web Hosting Service” at first. In fact, the monetization just depends on content, so there is no need to think about it first. I think the setup for monetization takes the same difficulty for both. And you can move your site to WordPress.com later. If you don’t think about monetization ( or if you think about monetization after getting the skills ), Web Hosting Services are definitely recommended.
Is the faster the better ?
If you decide to sign a contract with a web hosting service, you cannot find which host you should choose.
If you google it in this time, you cannot find it more. Because every hosting service says, ” Our service is excellent ! ” It makes you confused, so when you check the comparison sites on the internet, it will make you fallen into the depth. Because it’s hard to understand the meaning of machine specs for amateurs.
It is like this ——
Memory 8GB, 6 cores, storage is 300GB with SSD !
Is it excellent ?
Installing Nginx, you won’t worry about the mass access !
Is that ? My site doesn’t display properly, but no one accessed ?!
Transfer volume is 15TB / month. Very luxury. . .
My monthly download volume is about 500MB at most ~~
—— There are a lot of hosting service of selling speed, but even on the fast service, we can see its display becomes slow. It cannot be said that ” the faster is the better “.
There are many reasons why WordPress pages might be slow to display —— the page structure is too complicated, there are too many plugins installed, etc. Even when the data is not cached on the hosting service, the display is delayed ( sometimes it waits forever. . . ).
Sorry. This page is Japanese only.
The animation is not displayed correctly unless you wait for a while. Nothing to say, plugins are kept to the minimum.
My smartphone has 3GB of CPU memory, but it causes a delay to display the above page. About 15 seconds under Wi-Fi environment, about 20 seconds under 4G environment are. On my computer, it takes 5 seconds in a Wi-Fi environment.
By the way, with a gaming PC such has 16GB memory, the animation started within 1 second. Very fast.
Hence, it’s just okay for the machine spec is high —– that is not true. Because the homepage should be created with the smartphone even can browse. The CPU memory of low-cost smartphones are currently about 3 to 6 GB, so you should make a homepage for them.
“If it takes more than 3 seconds to display, the exit rate of homepage increases”
So, make a homepage that can be viewed even on a 3GB smartphone normally.
Thus, it is considered enough only to have 4GB memory on web hosting service. The number of cores is also considered to be related when you will make many websites or when you will get the mass access. It does not matter at first. And even an old computer can be used for editing. It just takes longer to display.
In addition, I’ve been making homepages for five years and uploaded a lot of videos and images, but the amount of storage which I used was 25GB. It’s hard to use up.
In short, knowing the spec doesn’t mean so much.
Criteria for selecting Web Hosting Service
The points of selecting web hosting service that I think are below.
- 1. Don’t choose based on price
- 2. View past failure history
- 3. Is Administration Screen integrated ?
- 4. Are Security Measures perfect ?
—— The fees are similar, and I can’t find the difference of display speed on every service. The choice is depended on ” whether the hosting service is prone to failure “. When you see the history of past failures on the net, you will find quite a famous service caused a lot of failures. I won’t choose too cheap one, because they might reduce the cost of maintenance.
In the search, enter ” service name ” and ” failure “.
AI program doesn’t tell it certainly.
Is Administration Screen integrated ?
It means whether it is easy to handle.
The part of PC’s control panel is called various names, and WordPress.com does not have such one. Home page is the control panel ( home screen becomes the administration screen ). It looks smart.
Other web hosting services can also create other sites which does not use WordPress, so their control panels become doubled.
Other Web Hosting Service often used ” cPanel ” as the control panel, which is hard to use up, so we often have to check the manual in first. But it doesn’t matter because the setting we need will be automatically configured at the time of contract. As it has high scalability, you can become the internet expert when you understand it. You should think it for that cPanel can do a lot of things after.
Are Security Measures perfect ?
It means whether hackers cannot destroy your homepage.
Common attacks by hackers are ——
Brute Force Attack : Stealing ID and passwords by frequent accesses.
Virus Mail : Open of image or attached file causes virus infection.
Man-in-the-middle Attack : Intercepting communication then stealing data.
Backdoor : Malicious program in a program makes a root for hacking.
Normally, every hosting service has countermeasures against them, so that is not a problem in here. And WordPress itself is hard to be infected by any computer viruses because its programs are published on the net, which is called ” open source “.
Thus, the point I think the most is whether we can seal any security holes which the hackers can draw into. It is called ” entrance control “. If the hacker draws into ( = crack ) your administration screen, it will be easy to steal your personal data although he dose not falsify the data. Two-factor Authentication ( 2FA ) is commonly used for this control.
One-Time password which requires 6-digits is often used for 2FA, which are ” Google Authenticator ” or ” Microsoft Authenticator “. It is hard to enter 6-digits within 30 minutes correctly, however the hackers seem to be hard to enter 6-digits with encrypting the code, you should raise the security with using it.
But there are Web Hosting Services which cannot use this 2FA. Most of them are free hosting services, but in some cases, it is in the paid, too.
It is better not to select the service which cannot configure 2FA.
Ask AI for ” Does service name support 2FA ? ” Then ask for ” How do I enable 2FA on my service-name account ? ” If there is no story about cPanel, it configures original 2FA program on home screen.
The security vulnerabilities on Web Hosting Service
In exact, there are a lot of security vulnerabilities on web hosting services, so I will report these problems that I know.
1. Service has WebFTP
WordPress does not need a file manager and FTP software. They are useful for when you want to edit the files directly, but there is a WordPress plugin which is called ” File Manager “, so it is not needed now.
Any Web Hosting Services have ” file manager ” which is controlled by FTP software remotely. FTP is short for ” File Transfer Protocol “, and it is needed to create HTML ( old style ) homepages. FTP software can rewrite files freely, but it can also become the tool of attack by hackers.
If you separate your FTP account from login-ID’s account, hackers can crack your site from there, unless you configure 2FA on new FTP account.
Commonly to access file manager, you have to configure what is called ” FTP account “. By default, Hostinger have this FTP account, SiteGround does not have this one. Other hosting services which use cPanel are both of which does not have the initial FTP account ( Bluehost etc. ) and have it ( HostGator etc. ). There are some hosting services which cannot be deleted this initial FTP account. Even googling, it’s hard to know.
It can be said that is specialized for WordPress which does not configure FTP account automatically.
However, initial FTP account is supposed the same as login ID & password, there is no problem only if configuring 2-step verification ( 2FA ). But I recommend you to delete this FTP account if you can. The hosting service which configures cPanel can do it.
But WordPress.com doesn’t have file manager on its system
However, some hosting service has ” Web FTP ” which can access from anywhere, that is a security vulnerability. As far as I know, it’s able to configure 2-step verification on the login screen, but it cannot configure 2-step verification on WebFTP. As the login ID and password are the same as initial FTP account, so it can block the access by FTP software, however, if hackers enter the ID and passwords directly, they can access the file manager easily.
It’s just over when the login ID and password were leaked.
High security is not guaranteed unless SSH ( private key / public key ) is configured. SSH is a bit difficult to configure.
Don’t choose the hosting service like this one. It’s not for the beginners.
This WebFTP is only supposed to be in Japan
2. Service has webmail
It is called ” webmail ” which mails are all on the internet. It is very useful for we can read these mails anywhere, but it is also useful for the hackers to understand the target’s movements. They can read them anywhere, too.
Gmail is one of webmail.
Any email services of web hosting service are webmail.
It should be considered that any webmail services cannot configure 2FA ( It is not certain even if you will use AI. . . ), so you should need to change the password of webmail from Login ID’s for not stolen your password of login ID. If you delete the email account, that means to delete one entrance, you can raise the security high.
Gmail has high security which can configure 2FA. It is better.
You should not resister email account, or delete it after
3. Security measure is reCAPTCHA only
Many hosting services configure reCAPTCHA for security measure.
It’s like this.
It is for preventing brute force attacks by robots ( also called bot attacks ), however, it cannot prevent from human’s access manually. I can access my service which configures this reCAPTCHA from anywhere, but I’ve never been suspected as a robot or unauthorized access yet (*_*;.
I wish it will suspect the accesses from other PC or smartphone a bit. . .
It is better not to choose the service which only configures it.
It is the more important for security to restrict the login attempts.
reCAPTCHA suspects it from ten times, then it can be repeated twenty times at least. That’s too many.
Anyway, it will be able to establish the high security when both reCAPTCHA and 2FA are configured.
Commonly, it is supposed enough.
4. No WAF settings
Bold (^^;.
There is something of a strong will. . .
WAF is short for ” Web Application Firewall “, which spec is different from every hosting service. Common spec is to block the virus mails, to block too many comments, to block the access with making a blacklist when hackers will change the system files, and like that. It cannot work until hackers will change system files, and cannot intercept changing other files. It even cannot work when the hackers only watch the personal information (*_*;. It means that hackers can destroy your homepage. Such WAF is not needed.
Security measures can be managed by two-factor authentication and plugins, so there is no need to force.
The program of WordPress is hard to be infected by computer viruses, and it soon reports the security vulnerability when it is found, it is easy to measure by yourself. But it is not perfect, so it is the more reliable for security that you will install Jetpack of paid plan or like that.
Go to the homepage of web hosting service then check the security. AI only tells common security measures.
5. Service cannot block the access you don’t want
Web hosting service can block the access by every IP address, that is also called ” creating a blacklist “. To tell the truth, Jetpack the security plugin does not have this function, therefore, WordPress.com does not have this function by default. Jetpack itself has the function of blocking unauthorized access by hacker however, it cannot block the IP address which is not of malicious hacker ( for example, it cannot block the access of person who you don’t want ), cannot block the unauthorized access immediately when you have been hacked.
But when you will upgrade WordPress.com to Business Plan or higher, as you will be able to use security plugins which is not Jetpack, you can block the access you don’t want.
6. Login screen appears every time
In Google Account or Microsoft Account, the login screen will be disappeared after your first access has been done. Many smartphone apps, too. We cannot watch the login screen twice.
But most Web hosting services require the login screen every time.
Why can’t do it —— !!!
That’s all I think.
This login method is called OpenID, that can be implemented for free. . .
The login screens of web hosting services are usually encrypted ( sometimes it is called secure login ), and they says it secure. But there is a security vulnerability that you will send your login ID & password every time. There is a risk that your ID & password will be decrypted by man-in-the-middle attack. In the hand, this login method the sends encryption keys each other, so it does not send your login ID & password every time.
This login method does not seem to be perfect, but it is definitely safer than sending your ID and password every time.
WordPress.com has this function.
I think it has very high security.
7. Not block the access from non-trusted device
This one. It is called ” Google Prompt “.
Any hosting services don’t do it, there is a security vulnerability for unauthorized access.
Hackers can access your homepage from anywhere if your ID & password are leaked.
By the way, when you will configure this Google Prompt as 2FA on the above OpenID, you can build quite high security.
8. No email notification for unauthorized access
To see any homepages of web hosting service, they only tell how much they measure for security. But to tell the truth, it is not certain how much it is safe (^^;. As the security measures is assumed for the worst, after making a contract with the server, it is good for you to attempt unauthorized access from another computer by yourself. It is the situation that your ID and password are leaked to others. If you can receive an e-mail at this time, your service is excellent. If not send any emails, it is just okay there is the access logs you can see easily.
Ask AI for ” Does server name record access logs ? ” If you can see the story about cPanel, it means that you cannot get the access logs easily.
By the way, when you will do the unauthorized access, you should browse by secret mode. In Chrome it is called ” New Incognito Window ” and in Edge is ” New InPrivate Window “. If you access it by normal mode, you do not save your ID & password in the cookie, then delete the history later.
However, it is quite difficult to do the unauthorized access by yourself. It is because your internet provider manages your access by dynamic IP. As your IP is changing regularly, the security cannot identify whether your access is authorized or unauthorized ( In this situation, Wordfence still detects such suspicious accesses. However, it is a WordPress plugin, so it cannot block the unauthorized access to steal personal information in the homepage ).
It is supposed a security vulnerability.
Recommended Web Hosting Service
You should choose a web hosting service which is specialized for WordPress. Be careful of there are a lot of hosting services which have problems about security or not specialized for WordPress, even though they claim to be ” only for WordPress “.
Please tell me other specialized services, if you know.
WordPress.com installs Jetpack from the start, which can display the changes of registration information to activity logs, so it is easy to notice the falsification by unauthorized access. However, you will need to upgrade WordPress.com to the Business Plan or higher in order to display all accesses in your activity logs ( for the hackers just watch your personal information ). In addition, the affiliate navigation is excellent, it even can notify your updates to WordPress community. The advertising effect is supposed high. As Jetpack works with Google search engine, you can easily expect an increase of access. And it has many access points all over the world, so it also expects to draw into the top of the search domestically and internationally. Is it a matter of cost-effectiveness ? According to Google, monetization depends on the content.
SiteGround.com has the activity log and access log that displays even the changes of registration information from the start. It has similar security to WordPress.com with the lower cost. It used to take time to display, but now it is improved. Support for affiliates is also substantial, and it has an original blog, so your site will be introduced for free.
Bluehost has ” SiteLock ” for security measure, which can get high performance by additional fee. Its WAF ( security measures ) automatically removes computer viruses, and blocks malicious hacker’s access. However, you need to download the access log by yourself, it is a little troublesome. You can configure to send warning emails for unauthorized access and virus infections. And it has many access points all over the world, so it also expects to draw into the top of search domestically and internationally. There are an original blog and pricing plans that will increase the number of visitors.
ConohaWING is a famous Japanese web hosting service. It has email notification for all logins, so that is easy to detect the unauthorized access. When you receive a notice of access which is supposed the unauthorized access, you can immediately block the access. The access logs are there on easy to watch. However, the WAF settings are not excellent, and also, it needs a Jetpack or an external CDN to advertise, because it does not have an introducing blog and original CDN. There is an original character called ” Konoha Mikumo ( 美雲このは )”, that shows a typical Japanese subculture ( Otaku culture ).
If you will have to use Japanese web hosting service, you should choose this one. Because it has firm entrance control. But you must understand Japanese language for the use.
Which server you choose is a personal decision.
Conclusion
If you are not particular about high fees, WordPress.com is the best choice. However, a business plan or higher is required to be able to use the plugin. Without plugins, WordPress is lesser than other web applications.
If you don’t want to spend money, SiteGround.com is the best choice. If you are thinking about the world deployment, Bluehost is the best choice.
Can’t you understand by seeing the price and specs suddenly ? !
I think so.
—— All web hosting services can generally run fast, so you don’t need to think about the performance.
The matter is just supposed the capacity of the storage. Whether the 10GB storage will be used up soon, that is not. The usage of the WordPress system and plugins is not a big deal, so it just depends on the amount of images and videos you have uploaded, and the amount of backups you have done by backup plugin. I have used 25GB for five years. 10GB will be fine for the start.
Also, if you think about the affiliate ( monetization ), it is also important whether it has CDN ( Content Delivery Network ). This is responsible for everything from security to monetization, and will be expected the increase of access from the world at least. Jetpack is this plugin and Cloudflare is the external CDN.
WordPress.com and Bluehost.com are configured it regularly.
It’s good you should have. Check the spec.
You got it !
Leave a comment(コメントを残す)