The Plesk WordPress Toolkit is one of the most powerful and robust pieces of software you can use to manage WordPress websites. It helps solve a lot of problems hosts and developers face. Lucas Radke takes us through some of those problems, and how Plesk can help.
The majority of users use WordPress.
What are the most common problems for hosting providers?
What are some ways they can prevent or quickly fix those problems?
How much can does WordPress mitigate these problems?
Joe: (0:02) Hello and welcome to Next Level Ops, a podcast that explores tools, tips and techniques for hosting and managing websites presented by Plesk. Today our guest is Lucas Radke and we’re talking about WordPress. Specifically, the WordPress Toolkit and common problems that WordPress can cause for hosting or service providers. So, it's a great conversation. I am very familiar myself with WordPress, so I was able to ask a lot of good questions here and Lucas provided us with a lot of great answers. So, let’s get into that interview. But before we get started a quick reminder, as always, subscribe to this podcast to get the latest episodes as soon as they come out. All right. Let’s get on with the show.
Hey everybody and welcome to Next Level Ops a podcast brought to you by Plesk. We are talking today to Lucas Radke. He is a product manager at Plesk. We’re going to be talking about the most common WordPress problems for hosting providers. So, WordPress is a very popular content management system. Because so many people use it there are a lot of things popping up that users and hosting providers should know about. Lucas is the man to tell us about those things. Lucas how are you today?
Lucas: (1:26) I am doing great Joe. Thank you.
Joe: (1:29) All right. Thanks for being here. I appreciate it. I have been using WordPress since 2004. So, that is a very long time. It's come a long way. Within the last year or so, I got to play with the WordPress Toolkit which is a product that you offer on Plesk. I've got to say I was extremely impressed by it. It made a lot of things really easy, a lot of pain points that I as a web developer experience for my clients. So, let's kind of talk about what it can do for hosting providers, right? So, let's start off with why this topic is important. Do you feel a majority of your customers use WordPress through Plesk?
Lucas: (2:20) Thank you for the question. So yes. When we look at the data we collect in Plesk, we see that a big chunk of our users access the WordPress Toolkit on a daily or weekly basis to manage their instances from their own dashboard where they see everything. We discovered it has multiple reasons. One, for example, is after launching the WordPress Toolkit, we saw a lot of new customers coming to Plesk because of the WordPress Toolkit and it's easy to use features. So, those are then users who only use WordPress mostly and where the WordPress Toolkit was their reason to give Plesk a try. On the other hand, we see a lot of hosting partners who are offering the WordPress Toolkit to their customer because it makes their life also easier. For example, back in my previous job at a bigger hoster, we saw a lot of problems of having unmanaged WordPress instances getting hacked which then led to bad performance, security issues and also a bad reputation both for us and WordPress as a CMS.
Joe: (3:37) Gotcha. So yeah. That's a really great point, right? Because the great and terrible thing about WordPress is the amount of freedom you have, the amount of freedom to set up whatever website you want relatively cheaply. But also, the freedom you have to cause problems for either yourself, your client, or your hosting provider. If you're on a shared host, if your website is compromised, then it’s possible that other websites are compromised as well. So, let's jump right into it, right? Because there are a of couple things I do want talk about. Like how do you figure out what problems to support, but perhaps we should start with what are some of the most common problems for hosting providers when it comes to WordPress specifically?
Lucas: (4:31) So from my experience I can name three different things. So, the first one is performance. Second is updates and last but not least, security. Because most of the customers expect a high-performance website no matter how much they pay for it and they all want to reach for the 100 score in Google page speed. So, you as a host are responsible for 80% of their website's performance. At the end they rely on you that you have good infrastructure beneath, databases up to date and reachable and such stuff. Yeah. Instead of them paying mostly extra for managed servers or VPS they mostly try to install multiple plugins to increase the performance and stuff. Which then leads to the next issue, the updates. Because once those plugins are installed, they are hard to update, or people don't update. So, updating the WordPress core isn't hard anymore thanks to the work of the community. So, it's just a simple click or daily check which is running. But we can’t say that yet for plugins and themes because some developers don't take that much care about updating their plugins and themes. Also, the end-users don’t go to the WordPress dashboard daily and update everything and test it and everything. So, you as a hosting provider need to also make sure that those plugins and themes are updated. Also because of the security and stability of your platform at the end because non-updated plugins and themes lead to an open door for hackers. When talking about shared hosting environments, as you already said, we have that noisy neighbor problem that you as a hoster need to make sure that you isolate each user and keep other users safe, even for the one user who got hacked or sending out spam and increasing the CPU tasks or something.
Joe: (6:55) Gotcha. Yeah, so it's kind of like a knock-on effect right? People want better performance, they want the best features or whatever, so they do things to accomplish that cheaply and then the rest happens, right? They add more plugins, they probably add more plugins than they need to add. I've seen instances where more than one page builder has been installed on a WordPress site and then they were wondering why their site is so slow or why they are having conflicts. Then those plugins don't get updated and you have the security issues. So, I think you're absolutely right. When stuff like this happens, people are more likely to either blame WordPress core or blame the host. So, unfortunately or not, the onus is on the host to try to fix some of these problems. So, in your experience and your observations what can you do or what can the host do to kind of mitigate these issues? I know that some of that is built into WordPress Toolkit, but generally speaking how do they make sure that their customers have the most performance they can have at the level they're paying, that their site is updated and secure?
Lucas: (8:23) So an easy task for hosters is mostly to offer the latest technologies, not speaking about having a lot of choices but just offering the latest PHP versions, keeping your MySQL on MariaDB to be up to date, don’t save money on the server hardware at the end or proactively reach out to users who may succeed their shared hosting accounts to switch to VPS or managed servers or something like this. And also, in terms of security just have your MOT security rules for example up to date. Offer services to update plugins and themes for the customer or just proactively approach them saying hey. We discovered that you have a plugin and theme which is unsecure, which then also means for you as the hoster that you need to be up to date in terms of what are the known vulnerabilities out there, what big new theme or plugin has a security issue and where do I need to react as a hoster?
Joe: (9:36) Yeah. I think those are great tips, right? And make sure offer, especially lately the PHP versions have focused heavily on performance, I think. So, that can be an easy win for you that the customer doesn’t have to worry about. Be proactive is another one. As we record this, I think it was last week a bug was discovered in Let’s Encrypt and any security or any SSL certificate that had that security flaw was voided and I have one hosting provider who uses Let’s Encrypt and I had to reach out and ask them about it. You know, I saw some hosts like tweeting what they were going to do. Some hosts emailed and the hosting provider that I was using, I was like what's going on with my site? Am I gonna have to spin up these SSL certificates again? They just kind of said they were monitoring the issue and we’ll will let you know. I was like you’ll let me know? You don't know? Whatever. This is not a soap box thing for me but to your point, being proactive is so important, I think. Especially for some of the non-savvy users, right? Who maybe don't know about SSL and Let’s Encrypt and wouldn’t heard about that. So, have the security measures in place. So, with that, how do you feel…this is not a question that I prepared you with before the show but I'm generally curious…automatically updating themes and plugins is that something that you think is a good idea or kind of a terrible idea or proceed with caution sort of? What's your take on that?
Lucas: (11:36) So, it always depends on how you prepare for it. So, if you just run a CLI script which updates everything on the minute base or something, it's probably a terrible idea. But if you start to plan updates like doing backups before, doing checks before and after a new website and also approach your customers that you might just update their website. Please take a look or ask them before it's ok for them to update or not. Then automatic updates are good idea and as we all should know the WordPress project is already working on a solution to update themes and plugins automatically. So, hosters should start to look into it and prepare themselves because not every plugin and theme will update without any hassles and they need to prepare their support and everything for it. Because it's then again, the issue I haven't changed anything on my website, it's not looking like before, it defaults on the hoster.
Joe: (12:49) Yeah. Yeah that's a really great point, right? If a customer is not sure, then they're going to blame the most visible thing which, as you said, is WordPress or their hosting provider. I suspect probably a lot of hosting providers get WordPress related support questions that maybe they can’t handle, or they’re not prepared to handle, or just there's so many variables in WordPress, right? Supporting it is its own separate entity; like companies focus specifically on that.
Lucas: (13:25) That’s also one point for the popularity of those big managed WordPress hosters because they have great WordPress support at the end. You as a customer pay a huge amount of money to them so that you can always assure that once you call them, they help you.
Joe: (13:46) Yeah. Yeah, again that's another great point because if you have a hobby site and you're on shared hosting and it goes down for a couple of hours, like fine. But if you have an eCommerce site or a services site where like leads coming in from the website is the most important thing, then it’s worth investing that money, so you don't have to worry about it and potentially lose business. So, this is really good information. Before we get into what hosting companies can do, or the specifics of what the WordPress Toolkit does, how much can WordPress core mitigate these problems? You know you mentioned that they do automatic core updates for minor releases and that they're working on a way to automatically update themes and plugins without potentially breaking the site, but that still seems like it'll be a little bit on the user or the host to make sure things just don’t like completely break. So how much does WordPress mitigate some of these problems?
Lucas: (14:56) So in the past few releases we strongly see a big increase of security mostly because WordPress is forcing a strong password. A few releases ago there was that new check where you always need to prove that you still have access to your email address and such stuff to make sure that you don't lock yourself out, but also the site health checker who's in the dashboard of WordPress. It checks for updates, PHP versions, all the stuff you need to run WordPress safely and secure are really helping the hosts also.
Joe: (15:45) Yeah. That's fantastic and then of course, there are other plugins that can help. iThemes has a suite of plugins, like site sync, right? Which will let you know what needs to be updated. But are there any other plugins that you could recommend to kind of help again mitigate some of these issues?
Lucas: (16:10) So, having a security plugin doesn't harm at the end, but it always ends on the level where WordPress also ends. Like it still runs on the same PHP and stuff, so iThemes security is great; Wordfence and stuff because they also think around the corner sometimes, like checking for new users, enabling two factor authentication and such stuff, which isn't yet implemented in WordPress. That totally makes sense in terms of security.
Joe: (16:46) Yeah. That's great but you raise a good point, right? That WordPress security plugins and where WordPress ends, right? It's almost like leaving the front door to your house open while locking the bedrooms, right? So, you're securing inside the house but you're not doing anything to prevent people from actually coming in the house. That's where, you know maybe that's where tools like...that's where hosting companies can then add on their own level of security maybe. That's partially where the WordPress Toolkit comes in. So, we’ve been dancing around the WordPress Toolkit. So, let's talk about both of these things, right? What are some ways that hosting companies can prevent or quickly fix some of the problems that their users see using WordPress and how does the WordPress toolkit help?
Lucas: (17:40) Yeah. So, the WordPress toolkit checks for example for updates for plugins, themes and core. You can automatically enable them. We also have something called smart updates which always creates a stage of your website, tests updates there and then compares the live website with the updated website to see if there are any issues you would face if you just update. Also, our security checker goes through the most common list of things like having your rights, file rights, or permissions set. Don’t use the user called admin and such stuff.
Joe: (18:24) Gotcha. That's great, right? Especially the smart updates, again, as somebody who manages other people's websites a tool like that is invaluable, right? Because it does automatically what you would have to do if you're doing things right. If there's like, if we’re going to say do things the right way, then you should always update on a staging server. I know a lot of people, myself included, probably just see like a small .update to their plugin and they’re like it's probably fine. But having a staging server to do all of that stuff automatically means you don't have to worry if it's probably fine. You will know whether or not it's fine. So, that specifically is huge, I think. So, that sounds like a really fantastic solution but there is also more to the WordPress Toolkit, right? That again, can help hosting companies help their customers because that's really what we're looking at here.
Lucas: (19:29) Yeah. So, we try to solve the most used features. Customers could contact support from a hoster inside the WordPress Toolkit, like changing some files, maybe you need maintenance mode, setting up password protection with the htaccess file, block the access to an all full scan, for example or for bots enabling or deabling a search engine indexing and such stuff.
Joe: (20:06) Gotcha. That's great and that kind of solves the general support thing too, right? Because, again that's another tough nut to crack. If your support team is not trained on WordPress, then they're not going to know what things to look for, or to tell their users to, I do know, disable all the plugins and then enable them one by one to see what’s causing the issue. So, I think that's a really big help. So, as we kind of wrap up here, is there…let me ask you what your favorite WordPress Toolkit feature is and then we'll get into how can somebody get WordPress Toolkit if they don’t already have it?
Lucas: (21:02) So as you already mentioned if you update your WordPress website and something is wrong, you need to enable and disable each plugin. If you can reach the backend you normally would have need to rename folders or use the WordPress CLI. That’s one of the things I most like in the WordPress Toolkit. You simply can go to the plugins tab and deactivate and activate plugins one by one and directly see what is happening on the website. But also installing new plugins and themes by uploading them or linking them to WordPress.org.
Joe: (21:41) Wow that's great! So, you can manage WordPress without being inside WordPress essentially. It that right?
Lucas: (21:48) So, you can do nearly everything except creating your content. So, everything about the management of your website and everything beneath it can be done in the WordPress Toolkit.
Joe: (22:02) Yeah. That's amazing. Especially, as you said, if there is a problem and you get locked out, I think probably a common one is somebody hits update on a plugin or a theme and then they leave that screen to fast and suddenly their website’s in maintenance mode. They’re like…they don't know to FTP in and then delete the .maintenance file. So, being able to kind of do it outside of WordPress is a huge help there. That's great. So, the WordPress Toolkit is a feature of Plesk. If somebody is…does it come by default for all Plesk users or is there a way if they don't have it to be able to get it?
Lucas: (22:47) So, with the latest Plesk version, so since more than over a year we automatically installed the WordPress Toolkit with every new installation no matter what kind of license you have. Then we have WordPress Toolkit special edition which comes with a limited feature set. Included in all Plesk editions but in the pro and web host edition we have the full-size WordPress Toolkit with everything enabled and usable.
Joe: (23:18) That's great. I would strongly encourage you to check out the WordPress Toolkit. I will link in the show notes for this episode to some of the resources we talked about including a video on how to use the WordPress Toolkit done by yours truly. Lucas? Thank you so much for spending some time with us today and talking about some common WordPress problems. Just to go over those again, the most common ones are performance. Customers expect good performance. Updates. People often don't update their own websites. Doing core is easy but themes and plugins are not necessarily as easy. Then you have the security issue, right? These are all kind of knock-on effects. So, the WordPress Toolkit can help you with that. Anyway Lucas, thanks so much for your time. I really appreciate it.
Lucas: (24:10) Thank you for your time too.
Joe: (24:12) Thanks so much to Lucas for joining us today. It’s really interesting to see when a service provider has a majority of their users on WordPress kind of, what they see as far as patterns go and some of the most common problems and performance updates and security tends to always top the list. So, lots of great information for how to be proactive about those things. For all of the show notes, head over to Plesk.com/podcast. If you like this episode, please consider subscribing and leaving a rating and review an Apple podcast. It really helps people discover the show. Thanks so much to listening to Next Level Ops. Until next time remember to take it to the next level.