I’ve gone through a number of hosting companies. My NOC is at Expedient in Indianapolis (Carmel). They do a great job for my testing needs. They have a large, well-designed facility, lots of power and, most important, they know what they’re doing and do it 24/7.
In my role as someone who knows the difference between UDP and TCP, I get asked a lot to recommend an ISP or cloud host for purposes of web and mail hosting for small businesses, organizations and even generic civilians. Over the years, I’ve found some common difficulties that can mean the difference between enjoyable experiences and long, drawn-out support problems with incumbent frustration.
To make sure you have a good experience with your cloud host, use this checklist.
Checklist for selecting an ISP or cloud host
1. Can you reach a human 24/7? You must check to see if you can get a human who knows about the products offered by calling the cloud host company yourselves. I’m sorry—too many of them lie. From their website, look on their support pages, get the number, call it and wait until you can get a human at midnight EDT. No human? Pass. Sometimes you need a human. And if the company advertises it, they should make sure one is available.
2. When you’re looking for web hosting, make sure that your hosting permits privileged user shell access via ssh. Imagine hosing a setting inside your WordPress site and needing to change a MySQL value. Some ISPs/cloud hosts allow access to the database that contains WordPress settings, and maybe you can fix things using this method—often through the PhPMyAdmin app. Or not.
If you need ssh, some organizations require that you accept full responsibility for having offered that access. You can do yourself a favor if ssh privilege is granted by immediately configuring ssh so that root can’t log in (see settings for ssh.conf or its equivalent in your hosted version), making a username that’s nonsensical and creating a killer ugly password to connect. Then change the password randomly for your own protection.
3. Can you access the customer site control panel? Every ISP/cloud host uses a customer site control panel of some kind. Some use cpanel, while others have any number of variations that allow you to control your assets. These need to be accessible to you, and you need to use nonsensical log-ons to get to them—because these control panel apps have the keys to your online kingdom. Access should be different than the account log-on in all ways, username and password, if that’s possible. Here, too, passwords should be changed randomly.
4. Make sure you have a security tool. No one likes to look at the logs, so the logs get filled with info that civilians can’t understand at all. In the logs, you’ll find that your site is getting picked on by hacker bots 24/7. They use common names and entrance points to try to steal your stuff. Apps like WordFence, a plugin for WordPress, are expensive, but they do a good job helping admins identify who’s trying to knock their walls down and allowing them to block.
Another reason why I like WordFence specifically is that it can block by country. If you don’t want international visitors using battering rams on your log-on, fence them out. Other popular web hosting apps, such as Joomla, have their own equivalents. Yes, they increase your costs, but they also reduce big cracks.
5. If you don’t like what you find, or if controls are difficult and/or the ISP/cloud host makes life difficult for you, move. Switch hosts. Work with them to get a partial or full refund. This also means you need to use apps salient to the hosted infrastructure to back it up and move it somewhere else. This can be very easy, or very difficult, depending on what you’ve deployed. So, this rule is important: Don’t deploy what you cannot backup and move within a reasonable amount of time. If you can’t do this, you’re dependent on someone who can.
6. Read the terms and conditions and other parts of your agreement carefully—the entire set of documents—then read it again until you understand it. They’re not easy to comprehend, but you need to know what’s going on inside each and every agreement you sign, digitally or otherwise. There are gotchas, show stoppers, no ways, not-on-my-watches. Read them before you agree to them, not afterwards. If you can’t understand them, welcome to the club. Do your best.
7. Immediately test the theory of backing up your data and restoring it. Get familiar with how to do it. Take screenshots so that you can remember what you did. Keep these screenshots in a place where you’ll remember them, like a folder named “Site Logon Instructions”. Don’t just throw them into the Download folder. Please.
8. Make sure you can transfer your domain at low to no cost first before attempting to move your online assets. This sometimes can take minutes, OR DAYS. ISPs/cloud hosts don’t want to give up your business and can make it difficult for you to transfer your DNS to another provider. Make sure that when you do, you cancel the remaining part of the contract with the old, no-longer-used-host and then track the refund—if you even get one. Be diligent. Send emails. Be kind.
This is only a partial list. There are lots of ways to get hurt, and I’ve seen too many of them. Right now, I’m battling getting 1and1.com to respond to a customer support request—24/7, my left ear lobe.