Website Hosting & Security

The purpose of this page is to provide you with information about the hosting and security that we offer, and why we offer those things together.

    • Our Hosting & Security Packages

    • WordPress Website

      From $350 AUD/Quarter

      • Automatic WordPress Upgrades

      • Manual WordPress Upgrades

      • Fix Website If Hacked

      • Fast Hosting Speeds: 10-20 ms

      • 99.99% Uptime

    • eCommerce WordPress

      From $550 AUD/Quarter

      • Automatic WordPress Upgrades

      • Manual WordPress Upgrades

      • Fix Website If Hacked

      • Fast Hosting Speeds: 10-20 ms

      • 99.99% Uptime

    • Web Hosting In Australia Comparison

    • Matter

      From $117 AUD/Month*

      • Hosts Website

      • Hosts Email

      • Automatic WP Upgrades

      • Manual WP Upgrades

      • Fixes Website If Hacked

      • 10-20ms Hosting Speed

      • 99.99% Uptime

      • Located in Singapore

    • Pressidium

      From $25 USD/Month

      • Hosts Website

      • Hosts Email

      • Automatic WP Upgrades

      • Manual WP Upgrades

      • Fixes Website If Hacked

      • 10-20ms Hosting Speed

      • 99.99% Uptime

      • Located in Singapore

    • SiteGround

      From $4.95 USD/Month

      • Hosts Website

      • Hosts Email

      • Automatic WP Upgrades

      • Manual WP Upgrades

      • Fixes Website If Hacked

      • 10-20ms Hosting Speed

      • 99.9% Uptime

      • Global (Singapore Servers)

    • Our Hosting & Security Process


      1. Upgrading WordPress Core

        We make sure WordPress core on your website is updated to the latest version. But before we push that update live we make sure that there are no bugs or issues in the latest version. Often we’ll wait a few days to update this to the new version to make sure that it is completely secure. There have been cases in the past where the latest WordPress update causes quite severe issues for websites so we are very proactive in preventing this.

      2. Upgrading WordPress Plugins

        This can be where most website owners find the most trouble, often they aren’t sure which plugins to update so opt to not update any at all. This can lead to serious security issues, there will often be some sort of “backdoor” into the old version of a plugin that can make your website vulnerable. Our team keeps up to date with all of the popular plugins and similar to WordPress core often won’t push an update if we know it’s going to break something on the website. We’ve been updating plugins on sites for years so we’ve seen almost everything and know what warning signs to look for and pitfalls to avoid. These updates are performed monthly or fortnightly depending on how many updates have been released.

      3. Alerting with any issues

        If our team finds any issues then we’ll alert you to make you aware of it. In most cases, this won’t be a problem but if there are potential issues we see happening in the future then we’ll let you know.

      4. Will fix any hacks free of charge

        We are confident in the high level of security that we provide and to date, we haven’t had a website hacked. But in the case that your website does get hacked we will fix it free of charge.

      5. Daily Backups

        Our hosting provides daily backups that will be retained for 2 weeks. If there is ever an issue then we can restore back to a previous version of the website. When we make any updates to WordPress or Plugins on the website we will create a new backup just in case something goes wrong. This happens more often than you’d think, we will then work out what plugin is causing the issue and fix it.

    • Get A Quote Now

    • Web Hosting & Security – Why it’s worth it

      So a couple of quick key questions that people ask about this service we provide you know what do you do? why is it so much more expensive?

      It’s more expensive because most of the work is manual, there is a lot of a human time that goes into reviewing the plugins that need to be upgraded, we obviously have a huge number of plugins across all clients that we look after doing this, we upgrade WordPress core, it’s obvious really but we also upgrade all the WordPress plugins and we’ll alert you if there are any issues. I mean that is really a big part of it, we’ll go through and do a little test make sure everything’s okay and if there’s anything wrong we’ll roll it back, work out what is wrong and fix it if applicable or if it’s a larger issue we’ll get in touch and let you know.

      eCommerce Website Upgrades

      Then with some particular clients, so this is again a bit more expensive but for a mission-critical eCommerce platform, we’d actually do all of the upgrades and everything in staging so we would take a clone of the website and put it aside, do all the upgrades there, test everything, make sure it’s all okay and then roll that code back over the top of the production side after having taken backups of course.


      Now every time any upgrades are done, there should be backups but we also do backups every day, they’ll retain for about two weeks on the server yeah pretty awesome really. So if you choose host your website yourself you should definitely run backups when you’re doing the upgrades, we do the backups as well every day.

      We Don’t Host Email

      Nope, we don’t host email, not interested, don’t want to host email. So if you need email and you need it because most people when they buy domain name they’ll get a little kind of cPanel account and they don’t really realise that you don’t have to keep your website and your email all in the same place, so your email can actually stay there on that cPanel account if you already have it set up on there. Then you can move your website over to our service or SiteGround for example, now if you’re going to SiteGround that’s just an ordinary cPanel thing so you can move everything, you can move the website and email into there but that would be you buying from SiteGround, do it with them and they can help you, they can migrate you.

      We don’t host emails, emails can be problematic – nobody wants to pay decent money for management of emails until something’s gone wrong and then it’s obvious it’s somebody’s fault. But it’s very important that you put your email somewhere safe I would recommend Google Apps, we know a couple of companies who can do that for you and there’s also office 365 you can move all the email to there, that is the most common and the most reliable way of doing it.

      Our Recommendation: Separate Hosting & Email

      One of the fundamental things is that if something goes wrong with your website, you need to hold them responsible like “hey my websites gone wrong”. I mean if you’re with us we’d notice before you even log in but, if you’re going to go with even SiteGround I would probably recommend you split your email away from your website anyway. It’s worth monitoring it, for example, we have an account with a third-party service, we use Panopta and what we do is we’ll ping the servers on a regular basis just to make sure they’re all up and everything’s running.

      That’s worth doing if you are concerned about mission-critical stuff obviously that testing needs to be done in a decent way so that you don’t hit the server too hard, you don’t want to certainly hit it every minute and you don’t want to hit it with lots and lots of different protocols, you just want to maybe do a ping test or a string test where it fetches a page and it just looks for your name and the page just to make sure it’s still working correctly and it’s not just serving up a blank page which WordPress can do when stuff goes whoops.

      Case Studies: High Impact Security

      Yes, okay, so I can tell you a story about somebody that’s very risk-averse, so this company is an insurance broker, they are a very successful insurance broker and they’re pretty smart. They are used to selling people insurance, they know all about protecting your business or your car or your home they know all about that stuff where insurance companies take on the risk.

      So this insurance broker what they do is they will provide you with protection, now the protection in most cases is after the fact, so they sell a cybercrime policy where if something happens, somebody hacks into your website and somebody hacks into your business then they steal stuff. If you’ve taken some precautions and you get hacked where they take value or harm your business then they’ll cover you under the policy of how much that it’s worth.

      Now that’s very well but this company realises that just having the insurance is not as good as actually having the full protection of somebody who knows what they’re doing and who can protect their website, who can host it and put the steps in place to prevent an attack from being successful. So we have a bunch of different clients but this one, in particular, they need the website to be secure, they don’t store client data or anything, no credit card transactions or anything like that in the website, it’s just a corporate website with normal information. It mainly includes lead generation for them and their business but fundamentally it would be a reputational risk for them if the website was hacked.

      If they had crossbones on the homepage or issues like that, it’s pretty common to be defaced when it happens especially during a first attack and then the hacker would then go and post that on a hacker forum. Saying, hey, I hacked into this website and I got in like this and then along come other hackers. So you actually need to get on these things really very fast so for us as far as the client is concerned they know that their website needs to be kept safe and secure. We do charge this extra figure because we go through, upgrade WordPress, upgrade the plugins, alert if there are any issues, fix any hacks free of charge and do consistent backups.

      Case Study: Peace of Mind

      If a client ever has a problem, they can come to us ask a question and we monitor it and make sure that it’s safe and secure, basically, that’s one of the main things – peace of mind. I could probably tell you about a different client in the engineering space they decided they were going to take their hosting to somewhere a bit like SiteGround. They decided that they were going to finish up with the security service that we were providing, they were very happy with it, they just wanted to save the money instead of spending a couple of grand a year.

      Their website had big eCommerce components and managed a big portfolio of products well over 10 thousand products and what they wanted to do was actually have all of that moved across to another host much cheaper a couple hundred dollars a year, instead of a couple of grand and they’re technical people they migrated the site and they didn’t do a very good test when they migrated the site.

      Some things broke but that wasn’t terribly serious they were easy enough to fix and they got that all sorted out. They then moved the site and then when they were up and running, they actually found that everything was okay but they didn’t upgrade the site so they were back in the same position that we were in when we had clients who were just doing hosting not doing the upgrades.

      But one of the problems that they faced was that without having done the upgrades some of the bits in the site weren’t working correctly. They had upgraded part of the site but they hadn’t upgraded all of it and because their website was quite complicated, they actually found that they were getting out of sync and there were some issues basically, some technical issues. Now, we would have spotted that and we would have rolled the upgrade back then we would have let them know that they actually had a little bit of code work that needed to be done to make two plugins talk to each other because the two versions were upgrading and they needed to be matched. Either we would have to do a bit of custom work to make sure they matched and talked to each other or you wait until one has an upgrade and then when you upgrade it you can just make sure that they talk to each other. That way you can just wait for the second one and then although there was an upgrade available for that, you just don’t take the upgrade yet and then they’ll work together.

      So they realised that our technical skills were reasonably valuable, certainly worth the value of an extra sort of $1600-$1700/year and they brought that website back to us. They just realised that they needed somebody who really knew websites, WordPress, in this case, inside out and that knew their website really well. We had already spent a year looking after the hosting, so we knew some of the quirks and issues about how it had been built by the developer.

      The good thing in their case was they kind of came back to us and said well alright we want you to take this back and we were able to go back and pretty much re-create the website within about 3 hours. The longest part of moving the website back across to us was actually the domain name pointing from one location to another. Even that didn’t take too long and then that’s it really.

      A couple of examples of clients that we’ve helped, we do have some maintenance plans but we talked about those on a different page, the maintenance plans do also go hand-in-hand with this service, so I’ll explain those elsewhere, there’s a table below that’s worth looking at in far as the maintenance plans have they go with these, if you’re considering maintenance plan with this then yet you’ll get a lot of benefits and a lot of value, and that will be explained more on the maintenance page.

    • Our Story – Why we do it this way

      The Beginning

      In the dim and distant past we used to offer security as a standalone service and more widely, we offered hosting as a service too, but the onus was on the client to upgrade their WordPress website on a regular basis.

      Now that’s pretty easy, it’s pretty reliable, it doesn’t take long but when you’re talking about dozens and hundreds and maybe thousands of clients, that can take a long time and it’s going to be quite time-consuming, but each individual webmaster should be logging into their site every few weeks to hit the update button. Yep, should be pretty painless.

      You should really take a bit of care and do a backup before you do that but with a bit of training even the average webmaster, a non-technical person can back up the website and then they can do their upgrade while they’re doing a morning coffee every other Monday which is kind of when we do it and we recommend it.

      Why we changed

      But, back in those dark days, the history of Matter Solutions, we offered hosting only and because clients see us as the experts when it comes to digital marketing and websites and hosting and so on they didn’t quite catch on that, they were responsible for that part of their website. That one small thing that we needed them to do, they saw us as being the one who needed to do it and that was a mistake on their part but probably bigger and more onerous was really that it was a mistake on our part.

      We let them get away with it, right? We let them not update the WordPress websites and occasionally some of them would get hacked and we’d go in and say “naughty naughty” you should update your website and then we’d upgrade it and clean it up and effectively what we were doing is teaching them that we would do it for them.

      Until one day in late July 2015 when a couple of websites got hacked at the same time and the infection on the server it actually hopped from one site to another site to another site and it ended up with over 15 websites all hacked, all at once, now the problem that happens then is that you don’t know quite how deep the hack has gone, is it just in each individual web site? Is it in the cPanel account? In the hosting server? or is it even a level above there that most people would never ever see, which would be the web hosting manager.

      The WHM which is kind of the authority at the higher level of the server which then delegates and creates all the cPanel accounts, now we had hacks of all sorts in there so those 15 client websites that got hacked, they ranged from:

      1. A bit of a defacement, skull and crossbones on the homepage kind of thing
      2. The website looking absolutely fine but just had a few links here and there
      3. Another kind of hack which would be the website looks absolutely spot-on, is all fine, but somewhere deep inside the website there would be a URL that responds with a page that looks say just like the Bank of America login and then some other hacked website would then be emailing Bank of America customers saying; hey, come here and login.

      Very bad, really very bad so there are phishing things they needed to be dealt with very quickly, the defacements all need to be dealt with very quickly, the good thing about WHM was I discovered very quickly without logging in which websites had and that hadn’t been compromised.

      It was a case of going in and disabling all of the cPanel accounts, cleaning out all of the websites, restoring them more from backup, back then we had a pretty good backup routine going and so just restored all of them from backup. Then communicate with all the clients that they needed to upgrade WordPress, which led to then getting responses from clients saying; I don’t know how to do that, so okay, all right, I went through, upgraded all of those and resolved the issue.

      We then decided to change the way that we did business as far as hosting was concerned, we’re not a hosting company, we never really have been hosting company, we have been providing hosting for our clients, our website and SEO clients primarily because we’ve been able to do it at say a higher performance than your normal kind of hosting arrangements and so that gives a little edge as far as SEO is concerned.

      But it was never really a goal to build a hosting business to be quite honest, I mean if it was we went about it the wrong way because it became more about caring for and looking after the clients rather than being a case of build this big hosting company and sell it.

      So fixed all the 15 websites, while they were getting fixed some more of them got hacked so you clean them up then realise that there wasn’t room to even say to the clients go on upgrade your bloody website, there wasn’t room for it because they’d get hacked again so quickly so what we ended up doing was unhacking them. Restoring them from backup basically, and then upgrading them very quickly so even just doing that as soon as they come online.

      Using WP CLI to just upgrade the whole thing, even shell scripts to get them upgraded, get them cleaned up and go through, do some scans, trying to look for code, the php function “eval” is a big signal that you’ve got a hack. The are legitimate instances of “eval” inside WordPress in a couple of instances but I went through hunting for those statements and functions and finding them in places you shouldn’t find them. That’s a big indication that you’ve got a hack, so I went through, did a lot of cleaning up, even went through scanning some of the sites hadn’t been hacked.

      Some didn’t look like they had been hacked and but we found that some of them were at risk and could have been touched by a hacker leaving an open door for another day. So we went through and just cleaned them all up, just got on and smashed through it, cleaned them all up and upgraded. We ran a little shell script that went through the server just checking for obvious hack signals in the PHP code, just trying to work out what version all these things were and then pretty much just get on the case of working on what on earth we’re going to do about it.

      So this all happened over a weekend so I have these intense weeks where I’m working intensely at work and then these other intense weeks where I’ve got my kids and luckily that weekend was a weekend that I was without my kids and I was able to sit down and really get into it around Saturday lunchtime, afternoon, evening into the night, through into Sunday morning, fixing all this stuff so I did – I just buckled down and got it all done. So cleaned all these damn websites and then the next thing was to just address the fact that we were carrying this thing.

      So I talked with the guy that we’d got on the sales team at the time and I said well we’re going to have to get onto all the clients and get them to upgrade, either they take our hosting with some sort of security where we do this for them or they need to find ordinary hosting elsewhere and we found a good hosting company at the time; Crucial was pretty good, but absolutely wouldn’t recommend them now.

      They’ve changed a lot of their policies, they have changed a lot of stuff I just don’t recommend them now.

      But at that time around 2015-2016, we basically just said that’s it, what we’re going to do is we’re not going to host you anymore clearly you’re not looking after your website, it’s just part of the deal, asked them to look at the original contract where it actually did say they were responsible. Then what we did was went out to all the clients and we charged about two and a half to three times more so that we could then do the upgrades.

      We worked out later on that it wasn’t enough money but that’s what we did, we charged more money, around about half the clients took us up on that offer and those clients that took us up on that offer, some of them are still with us at that price, so they’re sort of grandfathered into that price but we discovered like I said that it wasn’t enough and it ended up having to be about four times the price. What we found was that we needed to move to a better platform that provided great hosting as well as the ability to easily do security and backups and other additional things, which is why we eventually decided to switch everything over to WP Engine. We were with them for a while but then discovered that it wasn’t really as great as they said it was, so we ended up moving again to our current provider Pressidium.

      We’ve been fantastically happy with Pressidium ever since and one of the things that we did was we pinpointed some main aspects of Pressidium that were perfect for our needs. For example they were experts with WordPress and they banned certain plugins which is something we were already implementing which required doing lots of manual work to keep websites to our standard.

      So we pinpointed some particular plugins that really didn’t like to be upgraded and we discovered that it was often easier to replace them with something we had tried and tested. I mean if you’re a seasoned WordPress professional you’re just going to go yeah, obviously, I mean we’ve been upgrading WordPress websites for a long time now.

      We knew this stuff and when you’re doing dozens of websites all in one go, you work out pretty fast whether certain upgrades will or won’t cause issues. As an example, identifying terribly unpleasant upgrades of components and themes and the way that certain themes affect stuff. For example, we had Veda themes using WooCommerce and that just didn’t play nice at all.

      Where we are at today

      So we were able to start refining our pricing and now we are very comfortable with our setup and processes. Long story short, is we don’t do basic hosting for people, we only offer hosting and security as a business and that’s why our price for hosting which is hosting and security is from $350 a quarter current price as it 2018. But if you bring us an e-commerce site that’s going to be from about $500 a quarter due to its increased complexity.

      We’ll do all the upgrades and if something goes wrong, if something breaks we will roll it back and we’ll tell you and we’ll give you an estimate of what we think it would take to get it fixed. We would prefer for you to get us to do that, but you can take the back up and get some other developer to do that if you decide that’s the way you want to go. As part of our security package we guarantee the security of your website, so if you are hacked we will fix it free of charge. But one of the deals that we’ve got with our security service is that we keep very tight control over access, so if you need a third party to come in work on the site then suddenly your guarantee and is basically null and void for a while, we actually haven’t had a client take us up on this and get us to break the guarantee. What we’re doing is, we guarantee that your website will be secure, we will upgrade it on a regular basis. If you do want us to give a third party access then we’ll make our policy very clear with regards to our security guarantee.

      If you ever get hacked then we will fix it free of charge, it’s very simple really, we’re the ones taking responsibility for looking after your website, we take on the responsibility for hosting it and we trust the Pressidium hosting platform, those guys do a very good job. They’re there to support us with backups and restores and other cool things but my team will do the proactive stuff of upgrading and indeed knowing when not to upgrade and the only time we’ve ever had problems with this service is when clients have got sort of non-technical or half technical staff plugged into the back of the website and they’ve noticed that there’s a couple of plugins that aren’t fully up-to-date and then they’ve upgraded them.

      The thing is, we’ve specifically not upgraded those plugins because they’re not ready yet or there’s something wrong with them or there’s a warning out saying; hey, there is a bug in this upgrade, hold off until the next one. That is kind of part of why you’re paying four times more for the hosting you can go straight to Pressidium and start an account with them but you don’t have full confidence knowing your website is being maintained by people who are looking out for you. Pressidium provides a great service but they don’t include all of the things we’ve mentioned above.

      You can buy it from them, around $50 USD a month or $150 a quarter and that’s basically in the same data center as we are in (Singapore). I’ll come back to that in a moment as to why it’s significant. We also recommend SiteGround and they’re a pretty good and they’re very low cost, so they’re comparable with the hosting that we used to provide sort of to $200-$300 hundred every year, it’s good, it does its job, but I wouldn’t necessarily run a mission-critical, hardcore kind of website on there. But in comparison, our Pressidium server has exceptional uptime and very good security as well as the additional stuff we are doing for $350 a quarter. so, by all means, you can put something mission-critical on there.

      There are a couple of things that are worth noting, the Singapore thing. I specifically did a deal with WPEngine before they really started getting any traction in Australia because I really wanted them to put a server in Australia for us. We had to take an enterprise server which was way too big for the needs that we had at the time but because we’d been through this horrible situation of all these hacks and stuff, we took it on I mean basically went from hosting making us money to suddenly making a terrible loss but it was worth it for the security and for the confidence and also being able to go to the clients and say well look we can now host you and we can do all of this cool stuff manually for you and we did that.

      But the problem is that the performance just wasn’t there, it was pretty good but there was a whole bunch of CDN and caching things that were supposed to be happening but they didn’t, they never showed up, so I’m not going to back WP Engine but in the end we just didn’t really get what we paid for. We had worked with them for quite a while and we had a chat and stuff and decided to go our own way and we found Pressidium and we actually found that they offered the thing that we were supposed to be getting from WP Engine and they did it. We were very happy and the only thing I was initially nervous about was that their data center is all in Singapore whereas WP Engine actually had this stuff I think in Sydney.

      But the testing that we did to check the speeds and the latency and all the connections and all that sort of stuff, every single test, the WPEngine test server versus the Pressidium one, Pressidium won every single time and we’re very happy with that. So if you want basically the same excellent quality hosting that we get from Pressidium but you want to buy it directly from Pressidium, go right ahead, it’s $50 USD a month.

      The setup that we have with the Pressidium server is actually a little cluster of virtual servers and it’s better than you get for the $50 a month version, but it’s pretty close like it’s not terribly far away. So it’s a good stepping stone if you’re on some pretty poor hosting now or you got some normal kind of cPanel hosting and you want something with a bit more beef yeah, go to Pressidium. If you are looking for something where somebody really takes care of everything for you then yeah, give us a call and we’re happy to take care of you, if you just think you seen need some ordinary kind of hosting that’s just the same as everybody else, by all means, got to SiteGround this is really a stand out, again, their servers are in Singapore but yeah nice and fast.

    • Get in touch to see what we can do for your business!

      Contact Us

Back to top