Looking for an ideal WordPress web hosting. Interview with Jeff Mills from WordPress VIP

Maciej Nowak, Partner at Osom Studio, is searching for it in conversation with Jeff Mills, Partner Director at WordPress VIP. They discuss the needs of large enterprises and how web hosting affects their business. Together they exchange tips on what to watch out for when choosing hosting for your company.

Maciej: Hello everyone. My name is Maciej Nowak and welcome to Osom to Know podcast where we discuss all things WordPress. My today’s guest is Jeff Mills of Automatic who is a partner and director of WordPress VIP platform. In this episode, we are talking about what makes a great hosting platform, how to select one, and what are the consequences of a poor choose. We also cover what is WordPress, VIP, and how it all started, what it means to work with a hosting provider on an enterprise level and without further do, please enjoy my conversation with Jeff Mills.

Intro: Hey everyone. It’s good to have you here. We’re glad you decided to tune in for this episode of the Osom To Know podcast. 

Maciej: Hi Jeff. How are you? 

Jeff: Hey, Maciej. Very well, thank you. Very well. Beautiful day here. 

Maciej: Yes. Is the heat wave finally over ? 

Jeff: Yeah. Yeah. It’s kind of over, but we’ve just got the tailor of it now, so it’s just, just pleasant weather. Nice and sunny. I think we’ve got this, uh, we’ve got a, a nice summer ahead now. Unlike the rain we’d normally look forward to, you know? 

Maciej: Yeah, yeah. Along the said, bit rainy. Yeah. Yeah. This is pleasure to meet you. I mean, not meet you, but to talk to you on the, um, on, on our podcast. So thank you very much for accepting the invitation, and today I would like to discuss a fundamental topic for every web developer, which is hosting. So what do you think when you think, uh, hosting. 

Jeff: Yeah, it’s interesting, right? I suppose if we took it, take it from my perspective, um, we are obviously a 100% WordPress. So hosting for us is, is in, is in within a niche, if you like. Um, we, we are not covering every cms. We, we, we look at this as a very, um, WordPress driven solution that we offer. But if we think of WordPress, VIP, we’ve gotta think about who we are marketing to and we are here purely for the enterprise. So we are here for the, the largest, the biggest, the brightest, the most security conscious customers around the world. Um, so it’s people like AccuWeather and Al Jazeera and the Sun Newspaper and HSBC and Santander. Um, and so when we think about hosting, we’re obviously thinking about what’s needed by the customer, uh, and our customer. It will be kind of one of those, uh, pillars. It will be how secure are you? How stable are you? Um, how scalable are you? How fast are you? Um, and all of those things are combined normally. Um, now some customers will be way more interested in a particular one of those pillars. It may be that they’re, they absolutely need the fastest. To run through. And half of that is how the website is built, as you know, but half of that is how it’s hosted at the backend. I mean, it’s no good putting it on a $5 a month, uh, plan with, uh, one of the, you know, low end providers. Um, you need to make sure that that thing is gonna be just zinging right from the start. So from our point of view, our hosting is actually done by our own data centers. We have our own 30 data centers around the world. We own them down to the metal. Um, and they’re built purely to host WordPress in the most secure, fast way that you possibly can. Um, so yeah, we have a very specific view on that. Uh, you’ll, you’ll go to many other hosts where they’ll, they’ll take your stuff and, and flip it over to Google or uh, um, Amazon or somewhere, which is fine. Um, but you need to know what you’re getting into there. 

Maciej: Sure. Because while I’m thinking about hosting, you know, I’m also from the, WordPress industrial, let’s say, but when you look at the hosting websites, hosting provider, web hosting providers websites is like, I have a feeling that it’s like a commodity, like every provider provides most of the time the same service. The wording is nearly the same. The packages are similarly PLA priced, and there is. Mm, there’s nothing that can make them different or make them, you want them to hire them, make me want, hire them, right? So it’s like, um, everyone looks the same and there are so many of hosting providers that there is. Um, it’s a, it’s, it’s a difficult choice if you don’t know how to look for a good provider. So for our listeners, Could you give some kind of recommendation how to think about choosing, uh, hosting platform so that, you know, our, our listeners could pick the best one for them?

Jeff: Yeah, no, that, that’s a really good point. And you’re right, there are a plethora of hosting options out there and it’s pretty hard to, um, cut one from the other just by looking through scores of websites. Uh, one, one of the really easy rule of thumbs is if it’s cheap, it’s cheap for a reason. If you look at the site and you think, wow, that’s an amazing deal. It’s an amazing deal for a reason. They’re cut in corners somewhere or, or they’re just, they’re just not giving you a full service. Um, so you can probably do a very easy rule of thumb of just looking through that, that way. Um, um, and it may be because they’re not using the fastest servers or they’re gonna limit your bandwidth or they’re going to limit your storage, that there’ll be something happening in the background or, um, their support level will be, you know, a bit like when you phone Microsoft Support, someone will tell you to turn it off and on.n Um, so we, we are at the far end of that. We’re at the, the very far end of that, whereas we are all about service. Um, so for instance, even on our lowest tier, um, we will give you unlimited bandwidth, unlimited storage, um, unlimited support, um, and that’s 24 7 support as well. So it doesn’t matter what time you’re trying to get hold of someone, we have. 60 operatives in 30 countries around the world that can jump on a call and make sure that you are running in the right way. Um, also, um, you need to look at the hosting provider to see who their partners are as well. I mean, we have the best partners in the world. Um, we have 80 odd partners around the, around the world, um, that all build websites, um, in the right way. um, because we don’t like to host just any old WordPress site. We wanna make sure it’s been built right to start with. Um, if it’s been built poorly to start with, that could look bad on us as well. So we are, you know, we’re very in tune with our agency partners to, to make sure that they’re, you know, they’re doing things the right way too. So, yeah, there’s, you know, you could probably go into the min minute details of each, uh, hosting platform if you want. Um, but I have a really quick and easy rule of thumb is if they’re cheap, they’re cheap for a reason. 

Maciej: All right. That, that makes sense. Yeah. Uh, you know, the, the, the margin level has to have to come from somewhere, right? So if you, um, if you’re hosting on edge chip server, you know, you, you are compromising something. But, um, that’s true. Um, and what would you say is the most difficult, um, aspect of choosing the hosting? 

Jeff: Yeah, I think, I think it’s probably cuz there, like you said, to start with, because there are just so many choices out you know, where would you start? Um, so I think first of all, you need to think about the size of your company itself, right? What, what, what do we think? How important is this to me is our digital front end, you know, our main window to the world, which in fact is most, Companies now, it really is even local shops that, you know, their, their main outlet is still the web rather than people going in and outta the shop. So you need to think about how, how important that is to me. So am I gonna get guaranteed uptime? Am I gonna get the storage requirements that I need? Am I gonna get the bandwidth that I need? Um, and, overarchingly, am I gonna get the support I need. Can I actually just get hold of someone as and when I need to? Because if your website goes down, the, the longer it’s down, the more money you lose. So you need to be very confident at the backend that the, the service is there. Mm-hmm. . 

Maciej: Yeah. So you mentioned, uh, losing money when choosing proof hosting, or can you, can you elaborate on what are the consequences of choosing proof hosting or maybe proof hosting is like a le leading question, but I’m thinking rather about the consequences of choosing poorly. So not choosing hosting that is not fitting your, uh, your, your purpose. 

Jeff: Mm-hmm. . Yeah, that’s real. And I, I’ve seen it more and more recently as well with the Lauren hosts about the guarantees of uptime as well, of being amazing uptime statistics, whi, which can be offered, um, because the fallback is, if it does go down, it’s not their fault. A problem with your site rather than something they’ve done at the backend. And, and, you know, the failover of hardware in the hour is fairly easy to look at. Um, I think the other things that you need to probably think about in there is, um, when they say a guaranteed up time, there’s no fallback If they don’t meet those targets. Um, whereas with our premium hosting, there absolutely is our guarantee of 99.9 or 99.99% uptime is backed by a guarantee. If, if you drop below that, then we’ll recompense you for that. Um, so, you know, we, we’ll put our money where our mouth is. Um, the other things that losing money as you go is if your host is slow and not performant   That will hit your Google ratings or, or wherever search engine ratings you’re looking at. Um, and you will start dropping off where you want to be. Um, and the only way around that is to then start paying to be up the rankings again, which kind of defeats the object. Um, it’s another good reason to make sure that your host is one that, um, is gonna make sure that they, you know, it’s a scalable solution and it doesn’t matter what you. Um, you know, if you suddenly get four times the traffic coming through, it will just expand and run with it. Um, otherwise you, again, you, you start losing money because you drop rankings or, or worse still, it just falls over. Um, for whatever reason. Maybe your database size exceeds a limit that you, you, you know, you didn’t need. Um, and that’s an, you know, that’s quite important as well because when we look at the type of customers that we have, um, they don’t wanna keep check of that sort of, I don’t wanna keep looking to make sure my database size is doing the right thing or the wrong thing. So our, our kind of idea is to take all of those DevOps things away from you. Um, and that’s why we kind of give that unlimited storage unlimited database, you know, just unlimit this stuff. . Um, the only thing we kind of track is, you know, how many page views you’re doing per month. And it doesn’t mean you don’t, you can’t exceed it, but it’s just the way that we, we put the mechanics in for pricing. Um, if you go over, that’s okay. We’re not gonna come and sting you for money. Whereas a lot lower end providers definitely will because they, they need to make their money, um, that way. Um, whereas we don’t, we will let that with the flow and what we’ll do is we’ll work with you over the coming year to say okay. Great g, great guns, guys, you’re four times bigger than you were a year ago, which is exactly what you needed. But we need to think about what that’s gonna mean for next year and make sure that we, we, um, work out the pricing structure for next year. So people like CFOs love us because we, we can hang out, out on giving you a price at the beginning of the year and it won’t change.

Maciej: Mm-hmm. . Okay. And you mentioned, uh, the uptime 99.9% or even higher. So what happens when, um, the server environment goes down? Because, you know, not just as you mentioned, part of the problem might be your website, how this is structured. So sandbag, um, like created this, this issue. But, uh, the other thing is the hosting environment. And most of the time, in your opinion, it’s like, most of the time it’s the website itself or the, or the hosting. And what happens if the hosting fails? 

Jeff: Yeah, that, that’s a really good point. So we monitor 24/7 apart from having people, we have a monitoring system that’s just on there all the time and it’s checking for all sorts of things. You know, if, if, you know, if scaling has gone mad or if you’re get an attack of some sort. So we are checking for all those things all the time and, and we normally see something happening way before a customer. We ever see something or notice something happen. . So internally we can flag that. We can immediately start looking in the background, see if there’s something happening with one of our servers, um, or, or if it looks as though there’s something in the website that’s causing something to race, um, and then we can start proactively working on that as well. So we can start pinging our customer to say, guys, did you realize. X, y, Z is happening. Um, if it is something on our our side, we can still ping a customer to say, guys, just to let you know, uh, we’re having an issue at the moment, but we’re, we are looking to remediate that right now. And, and that’s what we’re doing in the background. And that’s another good point that we have like 24 7 coverage, um, on support is that people can do this no matter where it is in the world. Um, we have some amazing redundancy because we own the 30 data centers that we run, um, around the world, um, that we can start re-routing. Uh, Traffic. Um, so we, we, we have our own builtin CDN like structure where, um, wherever you come in from the world, um, you’ll get the, the, the nearest server to you. Um, so you’ll get extremely fast, um, response rates. Um, but if there is a problem with that particular server, then we can reroute to the next nearest one for you. So it’ll automatically kind of make sure that you’re getting the fastest traffic through to you. 

Maciej: Mm-hmm. . Oh, that, that, that’s interesting. So, you’re saying you have created 30 data centers. This, this looks like a little bit of a, um, content delivery network. So why not use, or are you using, or why not use what, why not use like industrial, um, leader in CDN like CloudFlare to integrate, uh, with your services? Um, or, or, or, or are you using them or are you No. What’s the reasoning behind? 

Jeff: Yeah, and we do allow that. We, we don’t have, um, a specific CloudFlare integration, but we have plenty of our customers that want to use CloudFlare as well for all sorts of reasons for auditing, logging, all sorts of information. Um, so yeah, absolutely people can do that. Um, I suppose we’ve grown up with our. , um, our data centers because our sister company wordpress.com runs on the same infrastructure, um, and they’re running 140 million websites or so around the world. Um, we we’re at the other end of that, so even though we’re on the same in infrastructure, we do a lot more with it. Um, to make sure that our high-end customers are getting the right service. Um, so we, we just have an amazing infrastructure already. So having said that, we have had some big clients that would like to make use of their GCP licenses or their Amazon licenses. So we, we are in the background. We are looking to see if we’ve got something over the next little while that we can actually put all of our good staff. On someone else’s network, um, to satisfy those clients as well. So yeah, hopefully we’ll have something to talk about, uh, maybe, uh, maybe next year rather than this year about doing that too.

Maciej: Okay. So, so that’s interesting. So it would be like you would be providing your know-how, um, in an, an encapsulated way that can be put on the client server.

Jeff: Yep. That’s it. Yeah. So effectively our stuff, it can be picked up and packaged if you like. Um, all of the monitoring and the, the techy stuff there. And as you know, Maciek, I’m not the most technical person in the world, so I can probably say enough before I start hanging myself. Um, but it can be picked up, um, and put in your local environment, for instance, so you can put up, pick up a VIP system, put it on locally with all the Docker stuff and make that run. Um, it’s. What I understand that’s a little bit more tricky with someone like an AWS for instance, but it, it can be done. Um, so we are looking at making sure that we, we can try and service customers that way too. 

Maciej: Oh, okay. So I’m thinking about this in a way that you can have a such solution or the same solution in on, on-premise. So you would be providing, um, encapsulated, um, VIP service on, on premise, on on client servers. Yeah. I’m not sure if we’re going as far as on premise. I think we’re gonna work with public cloud for, um, yes, yes. This is what I was thinking. But, but, but, but, but owned by the client, uh, or oriented in, in the cloud by the client.

Jeff: I, I believe so. Yeah. I might be overstepping my knowledge on that one, but, all right. That’s what I understand. Yeah.

Maciej: Sure, sure, sure, sure. Uh, thanks. Um, and, um, you were talking a lot about the VIP why is, why this is so incredible, um, um, you know, service. And I wonder how did it all start? So, what is the story behind creating, uh, workplace VIP. Um, environment and maybe because maybe not everyone, knows about, WordPress VIP can you give in the first place? Uh, can you give us a little bit, overview of what is, WordPress VIP service organization? You know, what, what is the story behind it and what is it? What is it? What is what this is?

Jeff: Yeah, no problem. So yeah, let’s think about kind of potted history of webPress, VIP came around. Um, so, um, Matt Mullenweg is the guy who co-created WordPress back in 2003 or whenever it was. Um, and, and then kind of op made the open source so everyone could play with it. Um, um, but on the back end of that, he created a group of companies under the umbrella name called Automatic, um, and probably the most famous one of that is wordpress.com. Um, to help with the, the hosting enviroment beyond someone help, you know, create, doing stuff with the software. Um, and I think, you know, in the first year or so, the bloggers and the kind of small entities jumped on it because it was so easy to use. It was so easy to create great looking websites very quickly. Um, and that really quickly expanded into, um, bigger business. um, bigger business needed something a little bit more robust, um, to sit behind it because it is, WordPress is an extensible system. People can go in, create themes and plugins and play with the code. And, um, and by doing that can open up all sorts of things like security issues or speed issues by, by playing with that, um, where is there something like 50 odd thousand plugins that are available for WordPress now. and some of those have been written by the 10 year old at the end of your road, and you wouldn’t wanna put that in your, you know, industry hardened cms. Would you? Um, so. a few years after that understanding that it had gone into the business, uh, it got into enterprise, um, WordPress vip was exactly set up to make sure that anyone using a set an industrial scale had somewhere safe to go, um, to make sure that things like the plug-ins that you’re using were still secure. Um, and, and you know, that that’s kind of, I think it was about 2000 eight or nine I think we started, uh, WordPress, VIP as an entity to do that. Um, and so that, that’s exactly what we’re there for. Um, it’s ju it’s, uh, the automatic group of companies. I mean, and it, we include other things like parsley, analytics, um, and Tumblr. Um, there, there’s a whole group of companies that all sit under this umbrella, but really to support the open source and WordPress world. But yeah, WordPress, vip is just, just taking it onto that enterprise scale of making sure that it doesn’t matter if you are, if we think about AccuWeather for instance, I think it’s something like a, a billion processes per day going through through WordPress. I mean, it’s just mind, mind blowing. Um, there’s no way that you’d want to run WordPress like that on a low end provider, um, because it would just, uh, crash and burn every day. Um, but making sure the systems work solidly behind WordPress because it did jump into that enterprise is exactly why we were set up.

Maciej: All right. Mm. And, um, where is WordPress VIP right now? So what is the roadmap, roadmap ahead of vip you? You, you mentioned one feature, like feature possibility to, um, to move to the client environment, but what are other options you are considering to, um, to Rolling House? To wordpress vip. 

Jeff: Yeah, well I think we started on that route already, so yeah, that was one of the things we did. I mean, the other thing that we did last year was brought point Pasley analytics to within the skin of WordPress, vip as well, it can be used standalone. Um, but especially with the, the change in Google Analytics that have come up, um, the changes that are right around the corner from them pass the analytics sits there really nicely, um, analyzing at a content level. Um, so we can flesh out our, uh, our offering that way and I think, uh, I’m not gonna give the game away, but there’ll be more of that coming as well. So we’ll start fleshing out the things that people really need, always want to do with websites. Um, you know, obviously we know another sister company is WooCommerce for instance. So WooCommerce sits very nicely within WordPress and within WordPress vip but there’s other things that we do all the time for our customers, like personalization, um, you know, just those things. So we’ll, we’ll start, you know, fleshing those out as time goes on and, and building out a wider environment, uh, rather than just, we we’re not just a host.

Maciej: Hmm, sure. And you mentioned there are already 30 data centers. Can you give us some more numbers regarding coworkers, vip, and you know, for our listeners to understand, uh, the scale maybe of, of the operations? 

Jeff: Yeah. Yeah, I, I mean, it’s, it’s staggering. In fact, I don’t even have the latest statistics, but it’s, it’s billions of processes per day that are running through WordPress across those, those, um, uh, 30 data centers. We, we have customers that are doing, you know, um, uh, press agencies that are doing, you know, Tens of millions of page views per day just for their one publication. Um, we have, we have other customers that are doing very small amounts, but they’re really interested in the security side of things. Um, that there’s, uh, I, I’d love to be able to mention some of the customers that we have, but we’re under NDA that we can’t mention them, but if you can think of in the US. The, the most, the, the website would have to be the most secure website in the world. Um, actually runs under WordPress and under WordPress vip. Um, and you know, that’s a tantamount to, to how good we are, if you like. I think we are the only host that’s, um, FedRAMP certified. Now for a, a lot of us in Europe, we, we don’t think about that too much, but in the US that’s the highest grade that you have to go to to make sure that you can host government website. and FedRAMP security is a really in-depth process that we had to go through for a couple years to make sure that we can do that. Um, and now do, um, so yeah, uh, I I’d love to give you a little bit more on that, but I’m not allowed. 

Maciej: All right. True. Yeah. Yeah. You, you, you cannot reveal your secret sauce. Yeah. Yeah. Okay. Um, alright. And, um, wordpress VIP is the no platform, but there are also agencies around, uh, around, around this platform and, uh, now this is a strict process. Uh, you, you have to, you you have to go through, um, to be, uh, to be like, um, allowed to to into the family, if I may say so. Yeah. So can, can you tell us a little bit, a little bit more about, um, wordpress vip partners?

Jeff: Yeah, absolutely. So we have probably two sides or three sides of our partnerships really. Um, one side is our agency partners, uh, WordPress vip even though we do a lot of this backend, we actually contribute to WordPress, um, core code all the time. And we have some of the best developers in the world, but we don’t actually build websites for people. Um, and if someone comes to us about hosting, they’re quite often looking for something to be built or at, at the same time and that’s where our agency partners come in. Uh, and obviously we have Osom as, uh, a great, uh, polish, uh, agency of ours. Um, and we know that when we, we kind of vet each other if you like. Uh, you know, when macho and I started talking last year sometime, um, about how we work, and it was a case of, right, okay, what do you do? Okay, what do you do? Mm-hmm. . Exactly. Show me some of your works. See how it works. Um, you know, are you, are you looking to build WordPress in the right way? You’re not just gonna throw up a theme and chuck a bunch of content in and say, yep, there you are, you’re done for, uh, I’ve done a day’s work and you’ve got a website now. Um, so we are looking for, um, agency partners that, um, have built, uh, and are planning to con, continue to build for the enterprise. And they have customers that rely on them. Um, and, and they have customers that have long-term maintenance plans with them cuz they can trust them. Um, and so we look into all of those things. So that’s on the agency. . Uh, we also have a technology partnership side. And so these are, these are for the people who do create great plugins. Uh, and like I was saying before with the 50 odd thousand. plugins that are already available. There’s probably a handful that are true enterprise grade. So we like to partner with those guys and, and when our customers come to us and start talking about we want to do something in personalization, we have a group of technology partners that, that can run with that. And that’s the great thing about being WordPress. It’s kind of this agile cms. It’s not like, um, an Adobe where you, you take their personalization option and that is the. Th that’s it. We at least have a, um, um, a, a, a slew of those type of technology partners. Um, and they’re all great in their own way, but a customer might like one over the other because of X functionality, and that means they can swap in and out of those partners as well. But still trust that we know that these technology partners have done it before with big clients and they run with us. and then our final partnership area is kind of the, um, service industry type partners, you know, the big service industries around the world, like Wipro or you know, the, those kind of big entities. And we, we kind of work with them as well because they work at things on a slightly different level. So we, we, we do work with the, the service providers too.

Maciej: Mm-hmm. . Okay. And can you talk to us about, um, technology partners a little bit more, because this is interesting because with WordPress. I mean, WordPress is so popular and so easy to start building that the enterprise, um, enterprises or big companies looking for a proper agency to build the project for them, it’s like selecting the hosting, um, platform. There are so many hosting providers. Everyone can host a PHP code, nearly everyone. And, um, this is so easy to select a partner, but then it’s like, um, selecting a plugin that was written by 10 year old, 10 year, 10 years old and this, you know, isn’t suitable for enterprise environment. So, uh, what do you think about, um, I mean what makes, uh, an an enterprise level pluggin, you know, what, what, what features there are that makes it stand out from the all other similar plugins that are not suitable for enterprise. 

Jeff: Yeah, that’s a really good point. And you’re right, because there are so many, we can’t track them all. There are just too many. Uh, and I’m sure some of the, the really small ones, um, um, are, are amazing. Um, but we would, we would never know. We don’t hear about them. So there are two angles that we, we work through and so sometimes we have our customers come to us direct, talk about these, and then what we do is we go back into our databases. Someone presents us XYZ plugin. It says, have you heard of this? How does it work? Is it okay? And so what we can do is look back through our customers and see if anyone’s using it and if there’s been any problems with it. So that’s a, that’s a nice first step. 

Maciej: Um, so, okay, can I stop here? So this works like your, your existing client is asking you as a platform about the particular plugin, and you’re able to see if this plugin was causing any problems for your other cl other, uh, clients?

Jeff: Yeah. We, we can look back in history and through our support tickets and so on to say, right, okay, we know a customer’s had a problem because of, because of XYZ. Okay. Uh, or actually we’ve never had a problem with that one before. And it runs nicely on our system because we can see that it’s been tested with it already. Um, and, and not just our customers comes to us out, but our agency partners as well. because they have exactly the same thing that this plugin looks like it’s gonna do a job that we don’t need to code ourselves. Um, it’s quite, you know, it’s a complicated thing. It’ll be an easier way for our customer or your customer if you like, um, to have that plugin instead. But is it really gonna be stable and secure and, and scalable and all the things that we need of that plugin. Um, so that’s kind of the angle it comes from normally and, and how we understand where that works. And then we have, um, like a counterpart to me on the agency partner side, a technology partner. That’s out there looking for these guys that, that do do it the right way to say, right. Okay. Can we kind of work in a more formal way together? 

Maciej: Mm-hmm. . Okay. So this is how you can help your clients selecting the proper plugin. But what about those, uh, features? So, which plugin would be considered like enterprise level or is it just, it’s not buggy code, or is this enough?

Jeff: Yeah, it’s interesting. Well, kind of in, in some ways. Yes. Um, if it’s buggy or slowing things down or, you know, doing something, we, we look for the security side as well, because, you know, we’re looking at if it’s doing something nefarious or, or maybe not nefarious, maybe it’s just, it’s um, it’s dragging some data away and it’s not critical data but it w we have a system in place that says, okay, this is what it’s doing in the background. I mean, forms plugins are a, are a perfect example. Some form plugins, um, take some of your data away as you, as you, you know, you touch your information and it goes off to their servers. Now it doesn’t mean they’re doing something bad with it, but you need to know it’s happening. Um, so we have, I mean, we have an openly available code scanner a PHP code scanner that can run through security risk for you and give you some feedback on that. So that’s kind of a, a nice, easy first, first step, and it’s something we offer to any of our customers as well. So when you commit code to WordPress we can automatically run that code scanner for you to say, okay. Uh, This is good, this is bad, this is indifferent. Um, normally when, when it’s about our agency partners that are building things, there’s not an issue because they’re doing things the right way anyway, but it’s a nice secondary check as well just to say, are you sure about this? Now, that doesn’t mean that we are kind of Big Brother and we’re gonna stop you putting that code out there if you don’t want, you know, if you want to, but at least you are aware something’s happening and you know, then it’s the, the, the deal is on you if you want to produce it that way or not.

Maciej: Mm-hmm , that’s interesting. I read a report. I cannot, I, I don’t remember the name of the report, but it was, uh, some NGO analyzed a couple of thousands of very popular pages in the US and it turned out that the data that is put into the form, Even though it’s not submitted, it’s stored. So for example, it’s, it, it’s stored like partially filled forms. When you get back to the website, the, the, the data’s already there. So it’s on the, um, keystroke level. Wow. So the, it’s locked on keystroke level and, you know, no one knows if it is used or not, but it’s stored. So it’s, it is hijacked, uh, and I mean, it’s not terrible but, uh, you can think that it can be tempting to use it. And you know, in Europe you have GDPR regulations, and this is not so, you know, it’s not so, um, how to say this politely? No, it’s, it’s not aligned, I would say with the, with the idea of GDPR and managing your data so, because if you didn’t submit. It means that I would expect this is still on my pc, on my computer, and not transmitted to the, to the, um, to the other, uh, participant.

Jeff: Yeah, no, I think that’s fair. I, I hadn’t heard of that one, but I Yeah, I’m sure that it can happen. So, yeah, I mean, from a hosting level, we are GDPR compliant. Uh, so from a hosting level, um, yes, we do push stuff over to the states from, from, uh, the eu, but everything’s obfuscated before it goes. . So IP addresses are obfuscated and so on, and so we don’t actually push anything, um, that’s not GDPR compliant across to, um, other, um, data centers. Um, and we do stuff for kind of security and redundancy and all those sorts of things that you would need from us to do that. We need to do that sort of stuff, but we just go through every step to make sure that we are GDPR compliant. Um, I think, um, stuff like that that you’re talking about is on the build side.

Maciej: Of course. Yeah.

Jeff: Um, which is, 

Maciej: on, the plug site even 

Jeff: and even on the plugin side. Yeah, absolutely. Um, and a customer can do that anytime they want to, but luckily again, if they come to us, uh, we will code scan that for you if you wish. Mm-hmm. . Um, and we’ll give you a security report back on what we thinks happening with that particular plugin.

Maciej: A and do you have any kind of, uh, scanner that goes 24 hour, um, a day scanner, scanning, you know, the behavior or rather security? , uh, from the perspective of the security on the client website, for example? 

Jeff: Um, well, I think we do. I mean, I’m not sure about, uh, plugin level. I mean, so, uh, from a code level, we do it when it’s loaded up and start, you know, if you want to use it, then we’ll check it for you. Um, but for security, absolutely. We have 24 7 security running across the system just to see if you’re being attacked, you know, if there’s, someone’s trying to spam you. Um, I mean, a kismet is another one of sister companies that can run in the background too and we have jet pack running analytics in the background as well. That’s another one of our com companies. Um, but yeah, we are, we are always checking just to see if someone’s attacking you. And it’s actually, we’ve got a really good case study. That was a couple years ago now, um, where we had one of our large publishers, which was running something like 10 million pages per day regularly. And then one day it went to 20 million, which is a huge spike. Um, and it, and it, there was, there wasn’t anything like an election going on or a big sporting event. Um, so our monitoring system picked up. That was something happening but actually through monitoring it, we realized it was okay. It was just, it was normal, just really high traffic and, and really high traffic. Um, a, a weird time of day as well. Um, and it wasn’t till the next day when everyone kind of calmed down and looked to see what was happening. It was the Kobe Bryant air crash in the US] Oh, I see. The helicopter crash where. God, uh, unfortunately passed away. Um, and, and of course the news agencies just went nuts in the US over this. Um, and because of the way we build our infrastructure, we run with those spikes. You know, we, we’ve, we expand and we make sure it all keeps on running. Uh, and it was the next day you found out about all the sites that did fall over. Um, because of that type of spike.

Maciej: Really? So other sites were down because of this kind of event?

Jeff: Yeah. In the US not, not vip not WordPress vip sites, but other sites in the US because the traffic, it was an unexpected spike at a weird time of day. Um, and, and, and sometimes, I mean, uh, uh, We’re okay with this sort of stuff, but other providers, um, they, they have a finite solution where a spike will just make it crash or slow down or, um, um, so yeah, there’s plenty of sites that 

Maciej: And who kind, you, you have case study on this, um, on this event, how you scaled?

Jeff: Uh, yeah, I I’d say maybe case study is a bit strong. Maybe it’s a, we have a, a few lines on it cause it happened. Uh, and, and we know what happened. I mean, very similar things happened during things like election times. Um, we have a lot of kind of, um, election based public. That that happen. Um, and you see the kind of numbers that suddenly shoot up, um, through election periods. Um, and so yeah, we are just sitting there making sure that those things just, they just carry on running like quad clockwork. We don’t, we don’t kind of, um, throttle them in any way or slow them down. They, they will just keep running as if 10 people are on the site, there’s now a hundred thousand on the site.

Maciej: Mm-hmm, okay. Yeah. So that’s interesting. So, because this is interesting because you never know with elections, everyone is on, on, on, uh, on the lookout for, for this kind of news because maybe one, um, one person will do something stupid or not stupid about it, will gather the crowds, uh, to the, to the article. But you, you can be prepared and with, uh, stuff like this or, you know, tsunami for example. This is, this is you, you, you cannot know about such. 

Jeff: Absolutely. No, that’s it. And, and it is amazingly how frequently they do happen around the world. You know, these weird spikes that you’re not expecting. Uh, and that’s normally if you ever go to a site, something like that has happened. If you, if you are getting a, an error on the site or a slowdown on the site or, or something like that, it’s normally because of that sort of stuff outside of the things we were talking about, like plug-in errors and people doing silly things with code. Um, if it’s running, running, running as normal and then one day something like that happens, there’s a couple of reasons. Either the, the host is having a problem, or you’ve had this weird spike or weird kind of thing that’s happened within your site to make it slow down and do that stuff. 

Maciej: Mm-hmm. . Okay. Thanks. All right. Um, so Jeff, thanks a lot for, for making the time, uh, to have this conversation. Uh, this was super interesting to learn more about, uh, internals of, uh, workplace v i p and about the history a little bit. So thank you very much. 

Jeff: Great stuff. Good to speak to you Maciej. 

Maciej: Great. Thank you. See you.

Jeff: Cheers. 

Intro: If you like what you’ve just heard, don’t forget to subscribe for more episodes. On the other hand, if you’ve got a question we haven’t answered yet, feel free to reach out to us directly. Just go to www.osomstudio.com/contact. Thanks for listening and see you in the next episode of the Osom To Know podcast

Next article

Get a grip on CI/CD – Interview with Maciek Palmowski

Avatar photo

By Maciej Nowak

Join Osom to know newsletter!

Get your monthly dose of WordPress information.