Portal Home > Knowledgebase > Articles Database > Looking for VPS hosting that is very secure for accounting firm
Looking for VPS hosting that is very secure for accounting firm
| Posted by Barryrollins, 08-16-2016, 12:49 PM |
|
Hello!
I am designing a new site for our accounting firm and I am looking for hosting. I will be using Wordpress to create the site, I already have the template I will be using ready to go. My main concern is security. We will be using Citrix on our site basically as an electronic filing cabinet where clients can upload files for us to review and we can upload files for them to sign and return or download for their records. I don't think dedicated hosting will be in our budget, but I could see us spending up to $50 a month to make sure our files are secure. Any suggestions?
|
| Posted by UH-Bobby, 08-16-2016, 01:07 PM |
|
Hey Barry!
$50 is very reasonable, you shouldn't have a problem obtaining this. Do you need cPanel also, or just a VPS? In any case, I'd recommend selecting a hosting provider that will work with you to customize the VPS and lock it down per your requirements. With Citrix, will the files be stored there or stored on the server?
Thanks!
|
| Posted by Barryrollins, 08-16-2016, 02:02 PM |
|
I am not familiar with C Panel, please feel free to enlighten me! Citrix will be storing files on their server. I have researched that end fairly extensively and Citrix or Box looked like my best options, and we are already doing business with Citrix.
|
| Posted by madRoosterTony, 08-16-2016, 03:36 PM |
|
cPanel is a control panel that makes setting up things like databases, email addresses, etc easy.
If you are truly concerned with Security, you will not use WordPress. It's the #1 hacked script on the web currently. Once they gain access to it, they can see your Citrix integration and possibly gain access to it.
|
| Posted by HostersGlobe, 08-16-2016, 03:47 PM |
|
What server configuration are you looking at? And are you looking for a managed vps?
|
| Posted by WPCYCLE, 08-16-2016, 04:44 PM |
|
If you are looking for security...within your budget, a managed VPS would be a better option. A shared account could have possible security issues, but with a VPS, better security practices could be implemented for WordPress and possibly Citrex as well. The best option would be a dedicated server, but that is not on your list...and even Dedicated servers have to be secured properly.
Also from the conversation so far....if most of your needs are going to be from the WordPress dashboard, then you may not need an account that is supplied with a control like cPanel.
Essentially anything can be hacked or exploited. If not WordPress, then the server itself...cPanel...any panel...Apache....all can have issues unless secured properly. It's true that WordPress is the most attacked, but anything that is popular falls under the same fault. Popular social media accounts are attacked and broken into on a daily basis, but passwords like mydogatemyhomework1980 doesn't help either.
|
| Posted by Barryrollins, 08-16-2016, 04:53 PM |
|
I am somewhat new to this game although been doing a lot of research. It is interesting as one poster notes word press is not the way to go for security, while several other IT guys I have spoken to said it is good as it is so common and the loop holes are constantly getting closed. Sure there are tradeoffs in any respect.
I just spoke with Citrix (fileshare may be a more notable name of the company with Citrix being a product, not sure) and he said they will handle all the security for the file transfers as well as email encryption. Honestly he did not sound so worried about security for the site itself. Seems to me like someone could hack the site, get the credentials, and then wreak havoc on my information which would basically ruin a very well established business. Does that sound right?
Assuming it is a managed VPN network I need, or something similar, any suggestions on the actual hosting company to look at?
Thanks again for all of the ideas and help!
|
| Posted by Nationhost-Chris, 08-16-2016, 05:00 PM |
|
With the right encryption and protection, i don't see a problem with VPS based storage for accountancy data. $50 a month is ideal ballpark figure.
|
| Posted by SenseiSteve, 08-16-2016, 05:01 PM |
|
Since you're using WordPress, be sure to use a security plugin like WordFence or All In One Security right from the get go. Delete any themes or plugins you're not using, and keep versions of everything up to date and compatible. Good luck to you, sir.
|
| Posted by WPCYCLE, 08-16-2016, 05:02 PM |
|
Such an issue depends on how the clients interact with the website, and whether or not their information is saved directly in the website's database, or if the website will just act as a portal while the outside website handles the client information.
WordPress has plugins that have been able to fulfill almost the same purpose of your needs, and the key to security in this case was the focus on the uploads. How they're uploaded, what gets uploaded, and disabling any exploits during the upload, and you should have trouble-free service.
|
| Posted by madRoosterTony, 08-16-2016, 05:34 PM |
|
The issue with Wordpress is that security leaks happen all the time and most of them are zero day exploits, which typically means the hackers have them before Wordpress even knows they are there. Do they get patched? Yes, Do most clients update their websites the day patches are released? No, most people wait til its convenient to upgrade, simply because with most patches, you have to review your customizations to make sure they patch does not break anything.
So what does this leave with you with? Often an site with code that can be exploited for weeks and or months before its patched, due to the end user.
The other issue is most hackers keep personal lists of websites running Wordpress, so the second they get their hands on an exploit, they start checking all the sites they have a list of. So you might get lucky and get your site patched before a hacker gets to you one time, but the next time what if you are on vacation when the exploit is released?
As WPCycle says, its all depends on Citrix will ties into Wordpress if you data will be safe or not.
As some have mentioned there are many Wordpress plugins that provide extra security, but many of these block commonly known things and do not stop some exploits.
You are better off not using a free CMS system at all, as they all suffer from similar issues. (Joomla, Drupal, etc). If you need a CMS, then you are better off looking at ExpressionEngine (https://ellislab.com/expressionengine) or PulseCMS (https://www.pulsecms.com/) as these are paid supported and encrypted systems they are not as much of a target for hackers as they have easier targets like Wordpress. Thats not to say they havent had their own exploits, they have. They are just a much lower target.
The most secure website is always just pure HTML, but thats not always an option.
|
| Posted by PlatinumVPS, 08-17-2016, 02:23 AM |
|
If you'll only host WordPress then why don't you try WordPress specialized host like, Media Temple, DreamHost, WPengine, etc. Their servers are far more secure than a VPS could be, and highly tweaked for the WordPress.
|
| Posted by ZerOne Hosting, 08-17-2016, 04:33 AM |
|
If your business will be ruined if someone gets access to the documents you want to share then do not use a website to distribute them. I'm sure there's a SaaS solution for this kind of situation that will help you get close to 100% security (there's no such thing as 100% secure, you can only get close to that).
The platform (Wordpress, HTML, whatever) does not matter. Everything is hackable. Settle on your tradeoffs and get something that makes you feel as safe as possible.
|
| Posted by net, 08-17-2016, 05:29 AM |
|
I don't agree. These providers or specialized setup doesn't mean it is secure already.
Considering he is using WP, this will add more security risk depending on who maintained this WP site.
If he is paranoid, he should start of knowing what data center he will be using, provider, system administrator that will manage his VPS or developer that will maintain his WP site, etc....
It is not just about a provider that he will consider..... many things.
Closing hole is not that easy.
|
| Posted by web-earth, 08-17-2016, 06:23 AM |
|
I guess narrow specialization helps only to run websites more smoothly but not more secure.
Much depends on the provider you use hosting services from. I mean the type of secure they use.
|
| Posted by SYNUK, 08-17-2016, 06:26 AM |
|
Maybe you can consider IRIS instead so you only have to worry about the site itself which should be easily handled in a shared hosting environment.
http://www.iris.co.uk/cloud-solution/iris-openspace/
|
| Posted by vps_newbie, 08-17-2016, 11:17 AM |
|
@Barryrollins should understand that everything on the VPS and everything it does are fully accessible to the VPS provider's employees. If Barry's accounting firm or its customers might be a high profile target now or in the future, then a VPS may not be the correct solution from a security standpoint.
WordPress vulnerabilities appear far too frequently throughout the year, and this has been going on for many years. As @madRoosterTony points out, many (most?) WordPress vulnerabilities become known when large numbers of websites are hacked. The attackers use zero-day exploits (previously unknown vulnerabilities). It does not matter that WordPress is quick to respond with updates to close vulnerabilities if your website is one of victims that got hacked. In fairness, many of the vulnerabilities are due to WordPress plugins. Nonetheless, the best predictor of future behavior is past behavior, so I would not feel comfortable recommending WordPress as the basis of a website that must be secure.
|
| Posted by WPCYCLE, 08-17-2016, 11:30 AM |
|
I would have to say that such comments would make one more scared than trusting.
1. Employees having access to information. There's thousands and thousands of websites where a host employee could have access. The question would be why would an employee want or need such access to their job on the online and create a lawsuit towards the company. In essence, there's no way around that. All servers/accounts that are hired for the service of hosting will have someone administrating such service.
2. The issue with large WordPress issues are from users and hosts that are not educated. A large number of WordPress gurus will just tell people to sign up with a host under their affiliate link, which is usually an EIG host, and one-click away to a new WordPress website. At no point has the "guru" or host mention to the new customer to secure their website. No mention of blocking IP's. Not even a mention of a single security plugin, which at that point is many steps too late.
Saying past behavior predicts the future essentially means no one could use anything. All systems and hardware are prone to be vulnerable. Saying don't use WordPress is one thing, but then what about host who are still running outdated versions of PHP and MySQL? So even if the owner of a WordPress website did their job to secure everything, their webhost is a huge hole that they have no control over. Then when something happens, it becomes the blame the host - host pointing the finger at the customer dance.
|
| Posted by madRoosterTony, 08-17-2016, 12:36 PM |
|
Im not saying Wordpress doesnt have its place. I see hundreds of installs a day. But if security is a concern, especially with an an accounting firm, where a hacker could gain access to direct info that could info that would make them instant money (identity theft), why paint a target on your head from the start.
The biggest problem with Wordpress is they do not make it easy without major hacks to hide the fact that you are running Wordpress. So this is like putting a sign on you that says "Shoot Me" and then walking into a mental institution full of people that have easy access to guns. Does this mean you are going to get shot? No, it doesnt. But it does raise your chances of getting shot vs walking into the same institution dressed just like everyone else.
Bottom line is, if a hacker targets you, you need to have proper security in place. But with Wordpress many of the hackers are "script kiddies" that run code on the find on the dark web and with as many zero day exploits Wordpress has, this opens you up to hackers that may never try.
|
| Posted by vps_newbie, 08-17-2016, 02:03 PM |
|
... or at least help them consider their VPS management needs and requirements carefully.
Don't misconstrue what I said. @Barryrollins' has not volunteered any information about his accounting company or its customers. I said, "If Barry's accounting firm or its customers might be a high profile target now or in the future, ..." If Barry's firm handles accounts for well-known celebrities, for example, then VPS provider employees might very well be tempted. What if Barry's company provides accounting services for Donald Trump and Hillary Clinton?
True enough, but I must point out that there have been a large number of WordPress vulnerabilities in the past year, and the trend has been going on for several years. WordPress updates are not released in response to poor user configuration, they are released in order to patch vulnerabilities in WordPress. It is true that all products have vulnerabilities, but the number and frequency of WordPress vulnerabilities seems out of proportion to other products. That is why I would not recommend WordPress for a high-security server solution.
Security management is a never-ending, ongoing processes. The VPS customer must take full responsibility VPS management. That includes ongoing monitoring and updates as required. If the customer cannot manage the VPS on their own, then they must get someone qualified to do the job, whether it is the VPS provider or an independent manager.
The finger pointing between VPS provider and the customer often happens when the customer is ill-equipped to determine the root cause of the problem. Is it related to the host node, host network, or abuse from other VPS customers on the same host node? ... or did the customer buy a VPS with insufficient resources to meet the customer's requirements?... or is it simply poor VPS configuration? ... etc.? I see many complaints by customers about their VPS providers, when the responsibility for the problem is obviously the customer's, not the VPS provider. Again, well-qualified management could avoid the finger pointing.
|
| Posted by HostXNow_Chris, 08-17-2016, 03:17 PM |
|
cPanel gets my vote. Check the cPanel and WHM (included when using a VPS) demos at http://cpanel.com/demo/
|
| Posted by WPCYCLE, 08-17-2016, 03:22 PM |
|
In my previous line of work, I worked with high profile people and some celebrities in their genre...they're just people like everyone else. The work was the same. In hosting, I've dealt with political websites in various countries, at no point did myself or anyone that works with me suddenly become tempted to peek into files or emails.
Also, from friends I've grown up with who are now in politics...such resources as web hosting, when at the candidate is either the leader of a party or presidential...they already have people and companies in place for this. Trump or Clinton isn't sitting in bed signing up with HostGator or WiredTree. They're using the web hosting Obama has. That Bush had, and so on.
Now for a celebrities...even some of the well known ones we hear about have regular web hosting. It's up to the web host to secure the celebrity account the same as the mom&pop account. It's the same as work in other fields. If your rate is $80 an hour, just because the person is a celebrity, the rate doesn't magically change $390 an hour.
You said the key thing...poor user configuration. Almost everything computer related is prone to poor user configuration. The take it out the box, turn it on and use it setting. If one hires a reputable WordPress designer, and not someone who slaps plugins together, and then goes with a related host, the chances of issues are drastically reduced.
Well said. It's just too bad that we have to read the multiples of stories related your statement. The sad part....bad advice also comes from the community. Too many stories of new clients who need websites corrected because neither the host or previous designer knew what they were doing. That's a huge contribution to the issues that exist.
|
| Posted by Barryrollins, 08-18-2016, 08:51 AM |
|
To everyone...thanks for all of the discussion. The web forums I am a member of where I know a lot more about the subject often operate in the same way. New guy asks questions, experienced users answer and then debate begins between the different camps. Very useful debates and discussions and I appreciate them all.
At this point I am a little nervous about doing all of this myself so I am considering two slightly different angles.
1. We are currently using a site designed and hosted by a company that does only accounting websites (or at least that is their main profit driver). I designed a site using Weebly that is so much more functional than the one they designed it is ridiculous and it took me maybe one day. With more time I could easily do better. Should I consider having them host this site, or something similar I build on another platform, and leave everything else up to them? We currently have a way to do secure email transfers through the company Citrix that we could just continue using.
**One important thing to note is that I really want to have a customer login and electronic database for clients to share and receive files with on the site. I know citrix can provide this, so assuming just let the current company integrate it?
2. Is there a company I coulf trust to handle all of my security and hosting where I can just go to their site and build it on their platform? Someone seemed to mention two similar situations earlier in the thread where they did not use wordpress so they may be more secure.
Basically, I am not experienced enough here to be involved in the discussion or decide who is right and what is best. I would prefer to pay someone to make sure everything is secure rather than try to put that on me. I just have some graphic design experience, a good eye and concept for the website, as well as a really good friend who is a marketing exec to review my work and give advice.
Finally, we are a smaller firm and have no high profile clients, celebrities, etc... We do, however, have clients that net millions in earnings per year and many more who make very respectable salaries with a lot of investments. Honestly, even if my client only makes $20,000 a year and I do their return, they are my client and it is my duty to protect them and their information.
Thanks again for all of the help so far!
|
| Posted by HostXNow_Chris, 08-18-2016, 09:27 AM |
|
I haven't read all of the coments in the thread and just answering your own for now.
I think the best thing to do with your budget is to use a Managed VPS powered by OpenVZ as some use KernelCare which upgrades the main node i.e., you do not need to upgrade the kernel for your own VPS like you would with KVM/Xen. And if you used cPanel/WHM that would automatically do all security updates in the background. You then only need to request your hosting provider to upgrade Apache, MySQL and PHP when new updates are released.
You could then either use WordPress like you said or use File Manager software: http://demo.softaculous.com/enduser/...ares&cat=files or ERP http://demo.softaculous.com/enduser/...twares&cat=erp which are all FREE!
Or you may use paid software (maybe a little more secure if choosing software from a reputable business).
I'll check the responses from others now.
All the best.
|
| Posted by HostXNow_Chris, 08-18-2016, 10:07 AM |
|
Yes, what I said is excellent advice (sorry, blowing my own trumpet), and to add to that, I'll just go ahead and echo what some of the other members said regarding advice to do with making sure you choose a good provider, software, and system admin (optional). It is crucial to get this right when it comes to hosting financial data on a public network. A managed provider will take care of their system like cPanel/WHM on the VPS. But if you need more help with the software itself then you may need to hire a system admin for more personal support, as the majority of providers only provide best effort support for 3rd party software.
Good luck @Barryrollins.
|
| Posted by vps_newbie, 08-18-2016, 10:53 AM |
|
Maybe it is time to step back and rethink the issue.
Sometimes the problem is that the responsible person starts with a solution instead of doing a careful job of defining the requirements. In @Barryrollins' case, perhaps Barry started with "Create a secure website that lets me transfer documents to and from customers."
The real requirement might be, "Securely transfer documents to and from customers." It may be time to think outside the box.
Perhaps a better solution would be to have a basic website for the business where security is not so much of a concern (e.g. about the business, contact info, current events, whatever, ...). In addition, Barry can look for a separate, pre-existing solution for securely transferring documents between the accounting firm and its customers. Without doing any research, I can think of several ways to do it and several companies that have good systems. If you find the right company with the right solution, you offload your security concerns to someone that specializes in it. Then the problem (beyond security) is to find something that is user friendly and easy for his customers to understand and use.
Does that help?
|
| Posted by HostXNow_Chris, 08-18-2016, 11:05 AM |
|
I would also like to add that WHMCS is not just for the web hosting industry, it can also be used for OP's needs. WHMCS has invoicing, file management, support tickets, etc. And there are loads of developers who make custom software with very affordable pricing for WHMCS too. WHMCS is more secure than WordPress, and WHMCS are also partnered with cPanel now too. WHMCS is also releasing an auto-updater which providing you do not have too much custom work; it could help keep your environment more secure too.
So I would look into that too.
|
| Posted by madRoosterTony, 08-18-2016, 12:54 PM |
|
What you may want to do is split the website and the client into two websites, using subdomains. So you have www.myaccounting.com which can be a website that is designed in whatever you feel most comfortable with. Then using cPanel (or similar), you create a whole new account as clients.myaccounting.com, instead of setting up as sub-domian within the primary account. On this page, you put a simple header and footer in raw html that matches your header and footer with the Citrix code. The main site just links to the subdomain, instead of the Citrix code and file being within the website code, so if the website is hacked, the hackers will not have any access to the client files. They have will have to either hack the VPS or Citrix itself, which is a lot less likely.
This would be possible with any VPS and the help of any company that offers management. Your $50 budget might be a little tight to get a fully managed VPS with the specs to run cPanel and your websites, depending on how much disk space you need for your clients. (i.e. are you going to leave client files on the VPS, or are you going to pull them locally after upload and delete). I do not think you are completely out of the ball park in price though. The fact that cPanel is normally $10 a month addon, if you could increase to $60 a month you should be free and clear. Also might want to check out the offers section as you might be able to meet your budget.
|
| Posted by MartynD, 08-19-2016, 11:43 AM |
|
What ever you decide to buy, buying a managed vps will be a lot easier for you or pay an external company to secure it for you. As securing the vps will be the first thing you do
I see people recommending cpanel And yes it is good, but you really don't need it, - few version of direct admin or something similar would suit you fine
|
| Posted by ZippyTheChicken, 08-20-2016, 02:07 AM |
|
ok so if you understand what your business is about then you understand that you are probably not up to this job.
its like banking.. you walk in and hand them money.. they hand you a receipt.. and your money is gone.. they don't put it in a vault with your name on it and throw a dollar at it every month for interest.. its in someone else's pocket...
Same deal with your business.. you aren't doing anything tangible like building them a deck your business has a lot to do with trust.. they trust you for advice.. they trust you to do things properly and to go farther out of your way then they would for themselves because you are the professional.
well whatever your job is.. I am guessing its neither a professional web designer / coder or a online security expert.
As a online designer since 1994 and as a coder and hoster since that time I can tell you .......
you need professional advice from someone that does this exact thing for businesses of your type.
the liability you are taking on is extremely high... this is why when I started in this business long ago and I was head hunted for positions with banks I never took them. I understand my limits.. and with almost a decade with wordpress and before that having written my own packages in php and perl and mysql
I can tell you .. no matter if you have 15 small clients or thousands you are way over your head... way way way over your head..
One of the first things I learned early when learning how to code and manage linux was
if they want in .. they're getting in
and thats the truth
There are people that study zeroday and zerohour exploits like heroin addicts..
I knew a guy back in the late 90's that wrote core code for redhat...
one of his things was a mouse driver ... and there were remote root exploits on a mouse driver...
you are way over your head....
I use wordpress but i use it as a bloging platform.. I would never use it for anything more important
as others have said there are major exploits against wordpress... having been a contributor myself to wordpress.org I can tell you... (unless something has changed dramatically with the way Matt deals with things) every wordpress site will have an active exploit against it that is going knowingly unpatched... I saw core developers flip the F out about this on freenode over and over and over again until they either got themselves banned to be shut up.. or they walked away.. People that spent full time on that project.. just shut up or go away...
and no plugin is going to save your butt
with that said
wordpress can be what it is.. a blogging platform .. not a merchant cart.. not a secure site.. not anything to do with users or passwords .. or private information...
just find some real help
find developers that build sites for doctors or banks.. ask them to help you and expect to pay them.
if you're not willing to do the best you can for your clients .. go work at walmart.. you know.. honestly.
|
| Posted by WPCYCLE, 08-20-2016, 02:50 AM |
|
Then why are major Television and radio stations using WordPress?
|
| Posted by vps_newbie, 08-20-2016, 09:40 AM |
|
Because posting current news stories with frequent updates and breaking news items fits very well into a description of "blog". @ZippyTheChicken noted that WordPress is well-suited to creating blogs. The Wikipedia article on WordPress starts with "This article is about the blogging software." I doubt that major television and radio stations would rely on a WordPress-based website to exchange highly sensitive confidential information with informants. Believe me, Edward Snowden did not trust a WordPress-based website to share his disclosures.
With respect, @WPCYCLE (Michael) represents a company that specializes in WordPress. Their website says, "Managed WordPress Web Hosting." As they say, "If all you have is a hammer, everything looks like a nail."
-> Can you name a website that is using WordPress to exchange sensitive medical patient information, which falls under HIPAA laws and regulations?
It may be possible to build a secure website based on WordPress for exchanging sensitive client accounting information, but I do not believe that WordPress is the best and most secure way to do it. I wonder whether @Barryrollins is up to that task, which may also involve higher levels of time and effort to manage, monitor, and maintain such a website. As they say, "Complexity is the enemy of security."
|
| Posted by WPCYCLE, 08-20-2016, 02:04 PM |
|
True. Many have taking it beyond what it was initially designed to do.
Well. I learned a long time ago to take on a task and do it well. When I worked in music, there are people who only worked certain tasks. A song for instance has to be mixed by two different people. The first one puts it all together, and the second person basically fine tunes the first persons work AND can send the song back to first person if it's not done right. There ears are trained differently. With WordPress, there's many things I see wrong all the time...even from "designers".
Which leads too...
I've come across a situation where a Shopping Cart company designed an online cart system for clients to use for their customers. Common like any other cart, but this is a paid system unlike free carts like oscommerce or the few other well known ones. The company designed it for PHP 5.2 when 5.2 was active. One customer chose to move to a better host and couldn't. The host dropped 5.2 since it was outdated, and the customer was stuck. Asking the cart designers if they had anything for PHP 5.5 at the time seemed to offended them.
So even with a dedicated solution...that solution has to be on top of things...even more than the WordPress community. Fortunately with open source, someone will have an answer, or if someone knows PHP well enough and can understand the logs, fix it themselves...but there's so many stories where the designer vanished or the company closed or can't be reached....so now the solution is a potential security risk or needs to be moved to another solution.
One of those you either win or lose at the same time.
|
| Posted by The_Dominator, 08-20-2016, 04:27 PM |
|
@Barryrollins my advice is to do the following, since you mention Citrix, and sharing of files and data and its accounting data. I would set up a Windows Cloud or VPS server in a Citrix XEN enviroment, and then providea citrix client to everyone that needs access to that server/files/ customers. I will assume the accounting firm sharing and collecting this data will not collect it from 100's of customers, even if it did, the cost of a citrix end point is not expense. the Windows enviroment will allow you to actually run quickbooks on the server or sage, or any software they have ( i am also assuming thier accounting software is not linux based) - then for the actualy website, you can put it on a small VPS - so they are seperate and if the wordpress site is hacked, the hack wont get to the windows server. Its a common set up. It might be a bit more than your budget, but it will cover the security rquirements and is straight forward and easy to implement.
|
| Posted by Barryrollins, 08-23-2016, 10:33 AM |
|
Thanks once again for the responses! A couple of thoughts again:
-I understand that I am in over my head, honestly knew it right off and at least thought to throw out some thoughts before jumping in the deep end. I am not against paying someone, and I also understand they are professionals and you get what you pay for. I am also an accountant so I have to do a cost-benefit analysis here. Currently the website likely brings us less revenue generation than the amount we would pay GoDaddy to host it on their cheapest plan. But... in the effort of changing that I decided to reconsider some things and I am still at two/three options:
1. cookie cutter site hosted by online company for accountants with file sharing integrated.
I am currently using a company like this and the ability to edit the site is insanely restrictive. I could do a better looking site with Weebly in an hour than after using their system for days I believe. That being said, there are several other companies in that game. Here is an example of a site included in the testimonials on getnetset.com (accounting site design). Good example as the file share provider that is integrated is the same as the one I will use.
laurelmdavilacpa.com/
2. I could design my own site with someone like Weebly or one of the Wordpress specific hosts, use it for more of a landing place that would direct clients to our office and contact information and leave it simply as that. This is close to what we have now. The file share could be set up by the company we are using through our email (as we currently do) or maybe in some other manner online, but not connected at all to the website.
3. This is my preferred choice. I figure this out with assistance from you guys, loosen up the cheeks some and spend more than $50 per month (maybe $100? still cheap, just loosening...). Here is an example of a website sent to me by the file sharing company as an example of someone using their service effectively.
smithandwooton.com/
There are things I would do differently with the design of the site, but if this is secure then I could be happy starting out with something like this. Am I completely off base?
Thanks again for all the discussion!
|
| Posted by WPCYCLE, 08-23-2016, 11:01 AM |
|
You're Welcome.
Many go this route and it works for them...until it's time to move or invest in a better website. The restrictions of those websites...it protects their system, and in many cases promote their brand and not yours. SEO only reflects their brand. Shopping cart systems where you use their system will have URL as such www-the-store-brand-dont-com/your-store So no matter how much advertising you put into your-brand, you're indirectly promoting the-store-brand.
The other issue which I have seen many times...not able to transfer content. One designer I know has a client that used a propitiatory website for years and later chose to have a new website built. Weeks of copying and pasting content or just content lost.
I think there might be confusing in terms of web host and web designing.
The best scenario if it works within your budget....a secure and reliable web host, and a reputable (and competent) web designer. The two are not the same.
A good web host will make sure the website is running properly, securely, and quickly. If you run into a designer that prefers to use a cheap host...run.
A good web designer will build what you want and make sure it's secure for your needs.
In terms of cost....the web host you chose will be your monthly cost. The website design will be a one-time cost...and if you chose to keep the person on for updates and maintenance, then whatever payment schedule is agreed upon.
With the smithandwooton website you posted....this goes along the idea mentioned earlier in the thread...the website on one host, and the file section on a sub-domain hosted by the filesharing company. With their set up, they seem to just have an HTML website, and a link to the other website.
The overall question is what would you like your setup to be?
1. Incorporate everything into your own website, which includes the file sharing system.
2. Have the website structured as smithandwooton's?
|
| Posted by Barryrollins, 08-23-2016, 11:13 AM |
|
"The overall question is what would you like your setup to be?
1. Incorporate everything into your own website, which includes the file sharing system.
2. Have the website structured as smithandwooton's?"
I was under the impression that the S&W site had the file sharing system integrated. Is it secure and feasible to do it as they have it, with the website on one host and a link for the file share? Seems to me like this would be the most secure anyway.
Looking at the S&W site, would you assume this to be where a designer was paid to build the site initially or they just used a service similar to what we were discussing above? For that matter, if it was designed by someone, could I not do the Wordpress and then integrate the file share with the linked method above?
|
| Posted by madRoosterTony, 08-23-2016, 01:22 PM |
|
Just to clarify, it appears that Smith and Wooton's site only allows clients to send files and they are just uploading the files to the server, which just glancing at their code appears to be a secure directory and then probably allowing the employee to download the file. Is that all you are looking for? Or are you wanting two file sharing. I.e. meaning you can put files in a client's folder and have them "login" to the system a securely download the files they need?
They are two totally ideas and systems, which would make the implementation different.
|
| Posted by Barryrollins, 08-23-2016, 02:36 PM |
|
I thought they had both. An option under the upload files tab where they can let anyone drop them a file without a login, and then the secure login in the top right that allows them to login to their own cabinet and download the files they need. Is it really just two different formats which both allow clients to email files to the firm, one secure and one anonymous?
|
| Posted by madRoosterTony, 08-23-2016, 03:15 PM |
|
Ok, that very may well be the case. In that case, my suggestion earlier would solve your issue to option #3. Basically setting up two separate websites on the same server. The isolation of the two websites will provide the security you need and prevent the issue if the website gets hacked, the hacker will not have access to the client files as they are in separate account on the server and isolated. This assuming you go with a managed hosting solution that the company setups up the server with proper security.
Then you just link the website over to the files website. So www.accountingfirm.com links to clients.accountingfrim.com. In this case you could use Wordpress as long as you understand that you will need to be constantly updating it and any plugins you use as well that it may get hacked at any given time. But because all your client data is on a unique account, your client data would be secure.
|
| Posted by The_Dominator, 08-23-2016, 05:31 PM |
|
I didnt read all the posts in details, but i noticed that your client uses Citrix. I will assume them, since its citrix, and you are not familar with cpanel. Then, i would suggest you set up a windows VPS with Citrix which will allow their clients to access and shared certain aspects of quickbooks, or what ever accounting software they are supporting. The the wordpress site as a seperate linuc server with cpanel. You now have 2 different enviroments and will help in securing client data and providing secure tunnels to their data.
|
| Posted by Barryrollins, 08-25-2016, 09:37 AM |
|
At this point maybe I have the best question. Who could I pay to create me a site similar to the Smith and Wooten site noted earlier? It sounds as if @madRoosterTony and @the dominator have the same or similar ideas. I would guess I could get this done reasonably, especially if the main site can be done through wordpress so that I could design it myself then let whoever I am paying just tweak it and add the citrix, security, etc, then I could pay them to host and maintain it. Make sense?
|
| Posted by madRoosterTony, 08-25-2016, 03:16 PM |
|
Just about any developer could help you get the Wordpress site setup and then you could tweak the content as you want it. Most developers will also help you maintain it and its plugins to ensure they stay as upto date as possible.
Many hosting companies have access to auto-installers such as Softaculous and Installatron. Softaculous has an option to keep Wordpress upto date, but not its plugins. Installatron has an option to keep most plugins upto date as well. Softaculous is $1-$2 extra a month on a VPS, Where Installatron is typically $3-5 a month. Both are cheap ways to keep Wordpress up to date.
Most managed VPS providers will assist you in setting up the separate website as well as doing a basic install of Citrix if you need too, but I would think Citrix would also provide this as a service.
The thing you have to remember is most of your established hosting companies are not web developers. They may have one or two developers on staff that can assist with troubleshooting things like how a hack happened, etc. But they are not going to have a full time development crew.
While we have access to a sister company that does do development work, they stay pretty covered and up and can not always get to our internal requests in a timely manner. So we have had great luck in using Upwork.com (formally oDesk) to find developers to do work we have needed done quickly. The key to using their service is to make sure you clearly state your requirements upfront, read the reviews of the developers that respond to your add, and ask a ton of questions before "hiring" them.
|
| Posted by WPCYCLE, 08-25-2016, 05:45 PM |
|
Considering the OP's request and needs...any developer and one-click installs are almost opposite of what they need. I have countless stories of fixing one-clicks and any developer. The best one years ago....instead of using css to customize each page of a 6 page WordPress website, they installed WordPress 6 times for each page, leaving the website owner to log into WordPress 6 times to make changes. Just something to think about.
|
| Posted by madRoosterTony, 08-25-2016, 06:44 PM |
|
I only bring up the two trusted cPanel plugins to install Wordpress as they can keep it auto updated without having to worry about hiring a developer and then making sure that developer keeps Wordpress updated in a timely manor. As the idea to separate the webistes solves the issues with access to the client's files, no one wants their website to be hacked if it can help be avoided by making sure updates are always applied.
|
| Posted by Barryrollins, 08-29-2016, 12:48 PM |
|
@madRoosterTony any way I can contact you directly via email? Looked at your site but saw no direct contact.
|
| Posted by madRoosterTony, 08-29-2016, 05:49 PM |
|
Barryrollins, I tried to PM you, but apparently you have them disabled on here. I would rather not post my direct email in public as when I have in the past, it has lead to mass amounts of spam. You can use our contact form at: https://www.madrooster.com/portal/contact.php, which will open a support ticket and if you address it to me, the team will make sure I get it. From there, I can email you directly my personal contact information.
|
| Posted by Hostiano, 08-30-2016, 09:32 AM |
|
Is cPanel secure and suitable for such application ?
If yes, Why?
If no, Why? and what are the alternatives.
|
| Posted by prashantmbhavsar, 08-31-2016, 02:28 AM |
|
Good thread...but can you please suggest good VPs provider which having good support and security..
|
| Posted by MartynD, 08-31-2016, 05:49 AM |
|
You'd need to secure it yourself. unless you pay for a managed VPS... plenty of guides on google about securing servers
|
| Posted by net, 08-31-2016, 05:55 AM |
|
Maybe he is looking for a managed VPS since he mentioned support and security?
|
| Posted by madRoosterTony, 08-31-2016, 02:31 PM |
|
Anytime you add additional software to a server that is not required you are adding the potential for security risks. As cPanel is not required, but more of a convenience piece of software, ideally it would not be added to this situation. But in saying that, the security issues with cPanel directly in recent years have been handled in the best way possible and have been few and far between. cPanel does keep the core software it uses upto date with security patches as well. So in one way you adding to the mix of things for hackers to hit, in another way you are making sure you are staying upto date on the server level.
|
Add to Favourites 
Print this Article
Also Read
Advice (Views: 733)
Shared Hosting
Shared Hosting
