From the perspective of somebody who has to do this for a living.
I cannot access WHM / Remote Desktop / SSH
So many people keep losing their passwords, or if they remember their passwords, are still somehow able to enter them incorrectly too many times and consequently get themselves locked out of the system.
WHM (Web Host Manager – its part of the cPanel hosting control panel system) is the biggest culprit. There’s a process called cpHulk daemon which can – if configured to do so – block people from accessing the server if a password is entered incorrectly too many times. It is an indication that somebody is having to enter their email password manually and is getting it wrong (number 1 reason people get locked out in my experience), similarly for FTP access (number 2 reason), or they’ve forgotten their cPanel or WHM password.
One thing that would cut this down is if people were using password managers. You can free ones, but my recommendation is for 1Password from AgileBits. They have versions for OS X, Windows, iOS and Android devices. It can store any confidential information, but passwords are its speciality. It can also generate strong passwords. Moreover, so much more. All you need to do is to remember ONE password. That is all.
My other advice is to set-up an SSH public/private key pair and upload the public key to your cPanel/Linux server. By doing this, it allows you to access your server (hopefully you’ve remembered to set a password for the key – and use 1Password to remember it for you) if you get yourself locked out.
Not leaving the root/Administrator password to be able to log in and resolve an issue
If you have managed support with your hosting company and didn’t leave them your root or Administrator password, you’ll find that it’ll take much, much longer to get your problem resolved.
It is particularly frustrating if a hard drive has failed, Apache has gone TITSUP (Total Inability To Support Usual Performance), or the server has run out of disk space (a very common problem). We cannot do anything unless we have your root password. Different web hosting companies have different ways of handling this, but most allow you leave the password in a secure, private environment.
I have managed support, please can you install Super Walrus V?
The first thing to know about Managed Support Club is it is not a direct replacement for a full-time systems administrator. A systems administrator can cost you anywhere between £20k – £60k+ a year depending on the level of complexity (and the experience of the sysadmin) you require.
Managed Support can cost between £50 – £150 a month, and gives you at least a basic level of systems maintenance. It should cover configuring and maintaining a basic LAMP (Linux, Apache, MySQL and PHP or Windows (IIS) system.
What it does not do is to provide you with a systems administrator who will set-up and configure a full set of super high availability clustered services including all the front end servers, the firewalls, the database backends (including SQL replication) and pushing content to all the CDNs and keep it all maintained for you. Otherwise managed support beyond the initial set-up is usually limited to each server in the cluster for maintaining the OS and underlying LAMP stack.
Much of any managed support service is automated – e.g. stuff such as OS updates/patches, control panel software updates is applied automatically overnight. However, you could ask for specific configuration to be applied (such as SSL configuration, basic MySQL tuning and optimisation, Apache tuning, installing additional OS software and so on), or have them look at a particular issue.
What it managed support would not cover is the installation or support of your expensive Super Walrus V program, or whatever exotic third party program or script you need. Most managed support contracts would not support third party applications such as Magento, WordPress, Drupal or so on.
The point is – there are limits as to what managed support can and can’t cover. Always check before buying. Look at your internal IT support structure first.
Not testing your backups
Even if you are paying for a managed backup service, it is your data. You should take the time to perform test restores from time to time (once a week, once every two weeks or once a month) to ensure that it works. If things do not work, it may not be the fault of the hosting company. If your computer or server is playing up, the data being backed up may be compromised and, therefore, restoring a backup may be a waste of time.
It is also important for backups to be held locally on the premises. It may be on a desktop/laptop. It may be on an external hard drive. It may be both. However, it is vital to have local backups.
I simply cannot stress enough how important it is to have multiple backups too.
Never assume that just because it looks to be working that it is. Test, test, test.
Not listening to what you are being told
I hate to say I told you so to customers, but I’ve told them so.
I come across many problems where if a client had only spent a little more money or has attempted to investigate what I’ve told them, it would have saved them considerable headaches.
- Security advice (e.g. keeping WordPress up to date)
- Using a firewall (whether something like UFW or CSF or if your web hosting provider has one – using that – or even a combination thereof)
- Using malware detection software (“maldet” is a very good open source program)
- Keeping PHP and Apache up to date (so many compromised servers due to legacy code which means that customers are reluctant to update PHP and Apache or MySQL)
- Use of a web application firewall (either Mod_Security, or a third party service such as Sucuri, CloudFlare or Incapsula – yes, they can be expensive if protecting multiple sites, but it’s a small price to pay)
- Cramming as many sites as possible onto a single cPanel server and wondering why it’s slow and/or it keeps on running out of memory.
I understand that one of the problems is of cost – but everything costs money. Spending a bit of extra money for your hosting helps things in the long term. There isn’t a “cheap” option – not unless you are technically proficient.
Think of it as DIY. If you have a go, and you do well, you can make considerable savings. However, if (like me) you are a walking disaster area with a brush or hammer, you’ll want to pay people to do it for you – and this costs money.