Don't let your web developer host your website

Never let the developer building your website host it for you too. Never. End of story. We get it — you need a new website, you're told they'll take care of everything. You don't need to worry about a thing. Sounds great, right?

An unfortunate, but common tale

The most common complaint we hear from website owners is they feel like they don't have control over their own website. They don't have access to any information and have never been provided with login credentials for their host. When they request something, it takes too long to receive it. Ask for a simple change and they are faced with an excessive quote for what instinctively feels like very little work. Often website owners will end up paying far more in "minor requests" than the cost to build the entire website. Worst of all, if they want to move their website elsewhere, they can sometimes be faced with leaving a passive-aggressive provider that plays hard-ball and makes the transition slow and difficult.

We understand. You have no idea how often we hear this. We can almost predict it from the frustration in a potential client's voice. It doesn't need to be this way.

Types of website hosting

To understand better options, it's important to get familiar with some of the basics of web hosting, including the common types. Here's a breakdown of the differences between shared, dedicated and VPS hosting.

Shared hosting

Shared hosting is the most common form of hosting and is offered most frequently to new website owners. As the name suggests, when you use shared hosting you are sharing resources, like CPU, RAM and storage space. It's a cost-effective option because the server resources are shared amongst all users on that server. You're probably all paying the same fee even though your usage may differ significantly.

The downside of shared hosting is that if another website on your server receives a spike in traffic, it can impact the performance of your website. Less reputable providers may also overburden a server with too many websites and you may find that your website performance leaves a lot to be desired. Shared hosting is typically provided as part of a package from a website developer. Often the server is owned by them, or the server is owned by another party but the web developer has full administrative rights over that server. This is a common scenario where your web developer has control over your web server — but it's your website, so wouldn't you want control over the web server it resides on too?

Dedicated hosting

Dedicated hosting is at the opposite end of the spectrum compared to shared hosting. Rather than sharing resources, you have one server that is dedicated to your website only. Sound expensive? It is. On the upside, you have full control over your resources and can customise everything to meet your individual needs, but the flip side is that it costs a lot more.

VPS hosting

Wouldn't it be great if there was something between shared hosting and dedicated hosting that had the benefits of both? Introducing VPS (Virtual Private Server) hosting. VPS hosting sits on the same hardware as other users just like shared hosting, with one major difference — your domain is the only one allocated to your particular virtual compartment. The means you get your own operating system, dedicated storage space, scalable CPU, scalable RAM and bandwidth. In short, you get all the benefits of dedicated hosting without the need to pay for a dedicated server. And the price? You might be surprised to know that VPS hosting is about the same as what you'd pay for shared hosting — possibly even less. Plus, you can have your own dedicated VPS service all under your management without being under the thumb of your web developer.

Maintain control with independent hosting

Be wary of cheap shared hosting services bundled as part of your website development. You're probably not going to get the best performance out of your website and, if you decide to change providers, you may have difficulties getting the information needed to migrate your hosting seamlessly. Sharing server resources with who-knows-how-many other websites is never a good idea, especially when you can have dedicated server resources for a comparable price with VPS hosting.

Hosting recommendations

We recommend the following minimum requirements for your hosting:

  1. Use an independent, reputable and globally recognised hosting provider like Amazon Web Services (our recommendation), Microsoft Azure or Google Cloud. Don't use hosting servers that are owned or primarily controlled by your web developer.
  2. The hosting master user account, or owner account, is held by your business, registered under an email address controlled by your business.
  3. Keep your username and password secure. A password manager like Dashlane is excellent for encrypted password security and never forgetting passwords.
  4. Ensure your web developer has separate login credentials. Don't ever share usernames or passwords. It's not only a very bad idea, but it's also a breach of obligations to your hosting provider.
  5. The login for your web developer has permissions sufficient to perform their role — nothing more.
  6. You can remove any user (including the web developer) at any time and add new users as required.

Your web developer can implement a master user account on your behalf and get everything set up using temporary credentials. Before paying for your site, ensure the master user account is transferred to your email address and you have selected your own password. This will ensure that nobody can take ownership of your hosting account.

by Saint Rollox Digital

Connect to Amazon Lightsail using SFTP

If you're running an Amazon Lightsail instance, chances are that you'll want to edit files directly on the server. To do that, you need to connect to your Lightsail instance using SFTP (SSH File Transfer Protocol or Secure File Transfer Protocol), which is a more secure option than traditional FTP (File Transfer Protocol). It allows server-to-server transfers between your and your Lightsail instance in a safe way, allowing you to upload, download or edit files securely on your Lightsail server.

Choosing an SFTP Client

There's many different clients available and most support SFTP. Two of our favourites are Cyberduck (Mac OS and Windows) and Nova (Mac OS).

Cyberduck is available for free, so it tends to be a popular option if all you're looking for is an SFTP client. It supports other protocols and cloud storage systems as well, such as FTP, WebDAV, Amazon S3, OpenStack Swift, Backblaze B2, Microsoft Azure, Files.com, OneDrive, Google Drive, and DropBox. However, it's not a text editor, so you'll need to edit your files in another application.

Nova is a text editor with built-in support for many programming languages - 27 to be exact, plus plain text.  The huge time-saver with this software is that you can edit files all within the Nova interface, without needing to switch to another application. It includes support for SSH/SFTP, FTP, Amazon S3, WebDAV HTTPS, Amazon S3 with IAM Role, Backblaze B2, Box, DreamObjects, DropBox, FTP with Implicit SSL, FTP with TLS/SSL, Google Drive, Microsoft Azure, Microsoft OneDrive, Microsoft OneDrive for Business, OpenStack Swift, Rackpsace Cloud Files and WebDAV. Do you really need anything more?

If you're looking for an excellent way to write code and be connected to your server environment at the same time, then Nova is an amazing choice, albeit not free. If you're just looking for a free SFTP client, then Cyberduck is hard to beat and easy on the wallet.

Connecting to Lightsail using SFTP

We're going to tell you how to connect to Lightsail using Nova and Cyberduck since they are both popular options, plus we'll be using the Terminal application in a Mac OS environment. The process is essentially the same for both, with just a few subtle differences between the Nova and Cyberduck interfaces.

Download the Lightsail private key

To connect to your server using SFTP, you'll first need to obtain the private key .pem file for your Lightsail instance. It is used in the SFTP client instead of a password and is a way to protect your connections from stolen passwords.

  1. Go to the Lightsail Account Page.
  2. Select the SSH keys tab.
  3. Click Download to obtain the .pem file.

Elevate permissions on the Lightsail private key

For the private key to work correctly, we need to elevate permissions on the file.

  1. Start the Terminal application on Mac OS from Finder under Applications > Utilities > Terminal.
  2. Type chmod 400  ensuring you include a space at the end of this command as shown - it's important!
  3. Drag and drop the .pem file you downloaded in the previous section onto the Terminal window.
  4. Hit return to run the command against the file.
  5. Type exit and hit return, then Cmd+Q to quit the Terminal application.

Move the private key to your .ssh folder

The .ssh folder in Mac OS is a designated location for storing private keys. You don't have to use this location, but most SFTP clients will automatically look here for a key when you first create a new connection. If you don't want to use the .ssh folder, you can add your private key .pem file from any location directly into the SFTP client. See more in the following section.

  1. From the Finder application, press Cmd+Shift+G on your keyboard.
  2. Enter ~/.ssh in the Go to folder field.
  3. Hit return or click Go.
  4. Drag your .pem file from its current location into the .ssh folder.

Connect to the Lightsail server using an SFTP client

Use Cyberduck to connect to Lightsail

  1. On the toolbar, click Open Connection.
  2. Select SFTP (SSH File Transfer Protocol) from the dropdown box.
  3. In the Server field, enter the Public IP address of your Lightsail instance.
  4. In Username enter bitnami - this is the default username for Lightsail installations and cannot be changed.
  5. From the SSH Private Key dropdown, select the .pem file you added to the .ssh folder earlier. If you've opted not to store your .pem file in the .ssh folder, select Choose then locate and select your .pem file and click the Choose button.
  6. Click the Connect button.
  7. Your SFTP connection is now open. To save this connection for future use, click Action on the toolbar, then New Bookmark.
  8. A new window will appear with the credentials you entered earlier.
  9. Set the Nickname field to a friendly name, such as your website domain name.
  10. Close the window.
  11. Double-click the new connection added to the Cyberduck interface.
  12. Your SFTP connection is now open, and you can add, remove and edit files.

Use Nova to connect to Lightsail

  1. Press Cmd+, on your keyboard to access Preferences.
  2. Click Servers.
  3. Click the + icon at the bottom left of the window.
  4. Set the Untitled Server field to a friendly name, such as your domain name.
  5. Ensure the selected Protocol is SSH/SFTP.
  6. In Address enter the Public IP of your Lightsail instance.
  7. In Username enter bitnami - this is the default username for Lightsail installations and cannot be changed.
  8. In the Password field, click the image of the key then Manage Keys.
  9. Click the + icon at the bottom left of the window then Import Keys.
  10. Find and select the .pem file you downloaded earlier. If you can't see the .pem file, you may not be in the .ssh folder. If so, navigate to Macintosh HD > Users > [username] > .ssh and you should see your private key .pem file. If you've opted not to store your .pem file in the .ssh folder, you can select the file from any other location.
  11. Click Import.
  12. Go back to the previous window by clicking the < icon in the toolbar.
  13. In the Password field, click the image of the key once again, then under Authenticate with Key select the .pem file you just imported.
  14. Set Remote Path to your preferred default location. For Bitnami WordPress installations, this will probably be the WordPress root folder at /opt/bitnami/apps/wordpress/htdocs.
  15. Set Remote URL to your website URL.
  16. Click Save.
  17. For quick access, you can now drag the server connection you created onto the Nova desktop.
  18. Close the Servers window.
  19. Double-click the new connection added to the Nova desktop.
  20. Your SFTP connection is now open, and you can add, remove and edit files.

by Saint Rollox Digital

Launch a WordPress website on Amazon Lightsail

Amazon Lightsail is an easy-to-use cloud platform that offers you everything needed to build an application or website, on a cost-effective, monthly plan. Lightsail is ideal for simpler workloads, quick deployments, and getting started on Amazon Web Services. It will help you start small, and then scale as you grow.

Lightsail derives its computing power from Amazon EC2, repackaged in a simple, intuitive interface that makes it easy to set up a virtual server, even for a complete novice. Lightsail comes with numerous pre-configured options, so you don't need to worry about complicated server settings. You can be up and running in minutes and start focusing on building your website right away.

Although Lightsail offers both Linux and Windows servers, we're going to discuss setting up a Linux virtual private server. Linux/Unix is the most popular option for running a website, and you don't need to know anything about Linux. Unless you have a compelling reason to do so, such as running applications built on Microsoft’s .NET Framework, you are likely to be well-served with a Linux host.

For this article, we're going to assume that you already have an AWS account. If you don't have one, you can create an AWS account for free. Amazon also publishes information on how to create and activate a new AWS account.

Set up a WordPress instance

Create instance

  1. Visit lightsail.aws.amazon.com.
  2. Click Create instance.
  3. The Instance location is where your server will be. It should default to the area nearest you, which is usually the most appropriate choice. If you want to host your server in a different location, choose Change AWS Region and Availability Zone to select from other places worldwide. We recommend choosing the server location nearest you since this is probably where most of your web traffic will be. If you need increased performance elsewhere in the world, you can set up load balancers in different geographic locations later on, but note that each load balancer incurs additional costs.
  4. Under Pick your instance image > Select a platform then choose Linux/Unix.
  5. Under Pick your instance image > Select a blueprint ensure the App+OS option is active and choose WordPress.
  6. Regardless of your backup plans, it's a great idea to activate the Enable automatic snapshots option. With automatic snapshots, Lightsail will automatically take a daily backup for you at the time you specify. Lightsail keeps the seven most recent snapshots, so you can rest easy knowing that you’ll have a full weeks' worth of backup history. Use snapshots to restore your instance to a previous state or to create multiple new ones that are replicas of the original. Enabling the feature is free, but you pay for the storage of your snapshots on Lightsail at very reasonable rates. Lightsail also optimises your snapshot storage so that for each consecutive backup, you’re charged only for the data that's changed from the previous one.
  7. If you choose Enable automatic snapshots, select a time and timezone for the daily backup. We suggest you choose a time when you think traffic will be at its lowest, such as 03:00.
  8. Select an Instance plan. Amazon Lightsail offers a variety of plans to meet different needs. For a simple WordPress site, the smallest should be just fine. If you're running a WordPress site with many plugins or complicated themes, then a 1GB or 2GB plan may be preferable, so you can increase the WordPress memory limit for optimal performance. If you're not sure, select the most basic one - you can create a replica instance on a larger plan at any time, then remove the smaller one. Note that you can not restore a snapshot from a larger plan to a smaller one because the disk image is already too large. If you want to go back to a cheaper option, you'll need to restore your WordPress site manually to the smaller instance - plugins such as All-in-One WP Migration are excellent for this.
  9. In Identify your instance enter a name using only letters, numbers, hyphens and underscores. We suggest using a name like MyBusinessName-512MB-Sydney-ZoneA-001 which is:
    • Your website/business name
    • Instance plan memory size
    • Location and Zone
    • A sequential number (this is useful for clearly differentiating between multiple instances)
  10. Click Create instance.

It will take a short while for your instance to build. When it's ready, it will show the status of Running.

Create a static IP

Your instance will have a Private IP used to communicate securely with other Amazon resources over a private network. It is also assigned a Public IP which makes your website accessible over the Internet. However, the Public IP will change every time you restart the instance. To ensure that your site is always available at the same IP address, you need to allocate a Static IP address. A Static IP is free of charge as long as it is attached to an instance.

  1. Go to the Networking tab.
  2. Choose Create Static IP.
  3. Verify that the Static IP location matches the AWS Region and Availability Zone you selected when creating your instance, or choose Change AWS Region and Availability Zone to correct it.
  4. In Attach to an instance, select the instance name you created earlier.
  5. Give the Static IP a suitable name. We suggest using a name like BusinessName-StaticIP-1, which is:
    1. Your website/business name
    2. The words "StaticIP" to identify what this object is
    3. A sequential number (an instance can have up to 5 IP addresses)
  6. Click Create.
  7. Note the Public IP address for later reference in steps below.
  8. Click Home.

Obtain password

  1. Go to the Instances tab.
  2. Select your instance.
  3. Click Connect using SSH to connect to the server using Lightsail's built-in SSH web interface.
  4. Type cat bitnami_application_password and hit return.
  5. Copy the password shown.
  6. Type exit and hit return to close the SSH connection.
  7. Close the SSH window.

Connect to WordPress

  1. In a web browser, visit your new WordPress website at your Public IP address with /wp-admin added to the end.  For example, if your Public IP address is 123.456.789.0 then you would visit 123.456.789.0/wp-admin in your web browser.
  2. Log in as username user with the bitnami_application_password obtained in the previous section.

You're now ready to start configuring and building your new WordPress site.

by Saint Rollox Digital