When configuring a new server, there are several components we consider essential to sustaining website properly. Making sure that a server is configured to be both reliable and fast goes without saying, but choosing the right combination of hardware and software is the key to making it all work.
When putting together your web server to ensure your technical SEO is in order, consider the following nine elements for a properly built server environment.
#1: Hardware – Dedicated Server
When choosing hardware, it’s important to use a dedicated server. Dedicated servers offer reliability and basic peace of mind. There’s management involved in any dedicated server, so you may need to utilize your hosting company’s managed services. For example, you’ll need some type of reaction monitoring. That way if the server goes offline in the middle of the night, you won’t be rudely awakened by tons of customer emails alerting you to the situation.
#2: Reliable hosts – Cloud hosting is not the option
When reliably hosting a website, you’ll want to stay away from the seduction of cloud hosting. Cloud hosting is great for data processing and being able to scale large amounts of data collection. However, when using cloud servers, we often see servers simply die, or go down. Our applications anticipate these situations, so it’s not a big deal with internal number crunching. However, you can imagine how much it would suck if your website simply turned off for no reason or due to an outage that you or your host’s network provider couldn’t control.
#3: Get Plenty of Ram
It’s important to use a server that has enough ram. Ram is very important, as it allows all of the software on the server (i.e. your website) to operate smoothly. Often times when a web server crashes due to traffic spikes, it’s because the server owner didn’t properly anticipate the ram needs accurately.
Every visitor to your website uses a small amount of ram. When tens (or hundreds) of thousands of visitors emerge on your website all at once, it uses a lot of ram all at the same time. When the available ram runs out, the server looks to use some hard drive space for the needed memory space. There’s typically a predefined amount of HD space available to the memory, and it’s usually small. It’s also slow, so it’s only used in an emergency situation. This is called swap memory. Once your swap memory is exhausted, your server typically fails, and your website goes down.
Ram can also have a big impact on website speed. By having plenty of ram, servers can place a larger number of ‘requests’ in memory. This allows for faster access to pages. A ‘request’ can be anything from an ecommerce page of products being rendered or a simple blog post that’s displayed on the page.
We recommend having between 8 to 16 gigs of ram available on a given server. The average website probably won’t use much more than 3 gigs. However having the extra memory allows you to maximize load time and performance.
#4: Hard disk space
Hard drives can be your best friend or worst enemy. Every website is stored across one or more hard drives. Server hard drives are similar in concept to the hard drive on your laptop, except it’s a lot more important that it functions quickly and reliably.
Depending on your budget, you may opt for a raid array of hard drives. A raid array is a collection of hard drives that function as one. In a raid array, the data for your website or application is stored and duplicated across multiple drives, so if one decides to die (which always seems to happen at the worst time), the rest band together and continue to function without you losing any data. It’s like using ten people to deliver the same message. If only eight follow through, the message is still delivered regardless of what happens to the stragglers.
#5: Hard disk speed
Data redundancy is important. However how fast the hard disk can be accessed is important as well. In the hard drive world, there are two types, those that access data by spinning a wheel like a CD, and those that store the data in memory chips which don’t move at all.
For hard drives that access data off the wheel, speed is measured just like a motor, in RPMs. That’s right, plan old revolutions per minute. A good minimum RPM for a standard hard drive is 7,200 and at 10,000, you’re flying pretty fast.
Hard drives that access memory off of chips are referred to as static drives or SSD drives. These drives don’t have any moving parts which makes the time it takes them to access data much faster. SSD drives are much faster but also more expensive. They’re great for squeaking out more performance from a server, but for the average website, they’re not always necessary.
#6: Server Software
This is by far my favorite area for delivering optimal performance. When it comes to server software, I’m a Linux guy all the way. I’m well versed in Windows/IIS servers, however as a marketer, and self-proclaimed SEO aficionado, I’ve come to generally dislike the Windows server platforms for more reasons than I can fit into this blog post.
My favorite overall Linux OS flavor is Ubuntu, but for web hosting, I’ve come to love CentOS. CentOS has web serving down, and if you host more than one site or application, it naturally works with WHM/cPanel.
#7: Beginners Use Apache, Pros Use Litespeed
There’s a large selection of webserver software on the market, however, Litespeed is my personal favorite. It runs on top of apache and has a licensing cost. Without going into deep technical details, it processes traffic differently than your typical apache setup. It delivers pages faster and doesn’t cause nearly the same load on the server as the basic apache build. The licensing fee is typically around $50/mo, but well worth it. I’ve seen apache fold like a cheap suit when under a basic DDoS attack, while litespeed ate that garbage traffic for lunch, and handled the attack like a champ. Our recommendation is to go with Litespeed.
#8: Choosing a Software Firewall
At Mad Fish, we’re big believers in the Configserver software firewall. It’s a horrible feeling to find out that someone has guessed a user’s password on your server, and started sending spam, injected source code into a website, or worse.
Configserver bans an IP from accessing any website on your server after a predetermined number of failed attempts. Without Configserver, hackers can run a script that will continuously guess and try user credentials and passwords. This sounds tedious, but when automated, hackers can end up bogging down a server’s overall performance, and make millions of attempts in a single day. Without a proper firewall, it’s a given that eventually hackers will figure out some way to access your server.
Using a software firewall, you can also configure your server to stop hacking attempts on non-typical server ports.
By adding a software firewall, you’ll sleep better at night knowing that you’re not being bogged down by bogus requests, and that your data is relatively safe. Please keep in mind though, that while a software firewall is a necessity, it’s still not full proof. We still see successful hacks with a firewall in place. This is why we always recommend against storing credit card or uber personal information in a website data base. Use a payment gateway or merchant account vendor for that.
#9: Choose your PHP Handler Wisely
A major point of entry for most hackers is Wordpress sites that have their “upload” directory chmod’d to 777. Many beginner Wordpress developers do this because it’s easier than properly configuring a server. By leaving any public facing directory set to 777, you are allowing anyone and their mother to upload a script to your website.
Enter PHP handlers. If you’re web users need to be able to upload files such as images, you’ll need a way for the server to write to itself. We recommend using a PHP handler such as SuPHP or DSO caching. Both of these handlers allow web visitors to operate as a predefined Linux user. These visitors have the ability to write to a web directory that allows the predefined user. This provides some control over where users can place files, and which files they can edit or delete. This also limits the amount of damage that a hacker can do to a single site.
Both of these handlers also have a great feature that prevents any documents from being able to function in a directory with permissions of 777. That means if your web developer makes a bone-head move, and accidentally allows anyone to access a directory, nothing will run from that location. Malicious scripts will not work from these locations (at least none that I know of).
Our favorite handler by far is the PHP DSO handler. The DSO handler is one of the oldest, but allows some of the fastest caching of web files and database queries. This means that database intense websites (i.e. Drupal, Wordpress etc.) tend to load as fast as possible, while also keeping the server somewhat controlled.
Wrapping it All Up
Some hosting providers will throttle traffic, or limit resources when websites experience a large amount of web visitors. In our world of SEO optimized websites, it’s imperative that sites are delivered as fast as possible to one or one million visitors. By implementing a solid web hosting environment for your website, you ensure not only optimal uptime during peak traffic, but also the reliable delivery of content for your customers and prospects.