If you didn’t register a domain name when you selected a hosting provider, then you probably did in the Domain Registration portion of this series.  After registering your domain, the next step is to get DNS (Domain Name System) configured so that when you type www.yourdomainname.com, your web-host responds and presents a web-page.

What is DNS?

At 30,000 feet, DNS is a hierarchical distributed naming system for resources.  It translates domain names (e.g. mydomain.com) into IP addresses (111.222.111.222) on the internet.  For the purposes of this article, we’re only really concerned about getting your domain name to point at your web-host.  And fortunately, that’s pretty easy.

What’s an IP address?

An IP address is a unique identifier that matches to your domain name.  IP addresses must be unique on the Internet (e.g. there’s only one 111.222.111.222).  Using a DNS configuration tool, we map that IP address to a domain name. Just because you registered your domain name with, say, GoDaddy… doesn’t mean that your DNS has to point to GoDaddy’s web-servers.  For example, if you registered your domain via GoDaddy, but you’re hosting your web-site on DigitalOcean, you can point your name servers at DigitalOcean. (e.g. n1.digitalocean.com, ns2.digitalocean.com, ns3.digitalocean.com).  In other words, if you login to GoDaddy, and go to Domain Management, you’ll be able to Manage the nameservers. In the above example, if ns1/ns2/ns3.digitalocean.com are listed in GoDaddy’s Domain Management page, that’s all you really need to do (assuming your site is up and configured at digitalocean).  What you’re doing by configuring the name servers there, is telling DNS that DigitalOcean is authoritative for your domain.  Once you do that,  all that GoDaddy is doing for you is pointing at the third-party DNS host.  So, if you want to make changes to DNS (e.g. create subdomains, configure a mail server, setup some types of CDNs, etc.), then you need to do it through DNS management console of your DNS host.  In this example, if you login to DigitalOcean, here’s what the DNS Management Console looks like: What’s all of this stuff?

There are several different types of records, including A, CNAME, MX, SRV, and NS records.  If you’ve already configured your nameservers to point at DigitalOcean, then any changes you make here will be translate into behavior changes when folks type your web-address.  So, if your WordPress host is running on DigitalOcean, then all you need to do is create an A-record at point it at the IP address of your digitalocean WordPress server.

Where is my IP Address on DigitalOcean?  You can find the IP address of your DigitalOcean WordPress server by clicking on “Droplets”, and matching the IP address of your WordPress server (e.g. in our example, we’ll use 111.222.111.222). A-Records After you have that, click on the DNS in the left hand navigation column and create a new A-record.  In most cases, you’ll want to create a new A-record for “www”, and match it with your IP address. Alternatively, you could use “@” matched with your IP address.  Using the “@” symbol, is a reference to the root domain itself.  So in practice, here’s what this means…you probably want folks to reach your web-site by going to https://www.domain.com – so create an A-Record to point from www.domain.com to your IP address.  You probably also want folks who just type http://domain.com to reach your domain name, so create a second A-Record pointing “@” to your IP address.  That way, folks typing www.domain.com, or just domain.com will be directed to your IP address.

CNAME Records

A CNAME record works as an alias of the A record.  That way, if an A Record’s IP address changes, the CNAME will follow to the new address automatically.  You might want to go ahead an create a CNAME record to point www to the root domain via “@”.  And then you can also use a wildcard to direct any mistyped records (e.g. wwq.domain.com) to domain.com by pointing an “*” to the root domain “@”.

MX Records

An MX (mail exchanger ) record is a type of resource record for record that specifies the mail server responsible for accepting email messages on behalf of a recipient’s domain, and a preference value used to prioritize servers.  While beyond the scope of this article, the lower preference value (e.g. the lower number), the higher delivery preference, meaning that sending mail servers will look first to the highest priority to deliver (e.g. lowest number).  You can assign multiple records the same priority level to provide a type of load-balancing, or you can assign backup servers based if you have design considerations where the backup server is limited in some manner (e.g. high-latency internet connection, etc.).

Domain Registration

If your choice of CMS platform was foundational, and your selection of hosting provider important, the priority that you give your domain registrar is several orders of magnitude less important.  There are many ways to register a domain, but typically you’ll either go through your hosting provider, or one of the big name registrar’s out there like GoDaddy.

By volume, GoDaddy is the largest domain registrar in the world.  They surpassed Network Solutions nearly a decade ago, and though they’re privately owned and not obligated to do much in the way of reporting, the Wall Street Journal reported in 2011 that they sold a 65% stake in the business to a trio of big private-equity companies – KKR, Silver Lake Partners, and Technology Crossover Ventures for a reported $2+ billion dollars.  If their name still doesn’t ring a bell for you, you might recall GoDaddy from their marketing –they usually have a SuperBowl advertisement of some kind.

Being the biggest name in domain registration and web-hosting doesn’t come without detractors.  GoDaddy has been criticized over the years, often by competitors and former employees, as being in violation of various ICANN rules, particularly as they relate to domain name portability(e.g. the domain’s are difficult to port out).  Another area that they’ve received criticism for is their “upsell” approach.  If you’ve ever registered a domain name, or picked-up a SSL certificate through them, you’ll know exactly what I’m talking about.  What starts as a simple domain registration, can easily (or even accidentally) become email services, web-hosting, private registration, managed hosting, premium listings, and more.  They’re also known for their coupons – nearly everything that can be purchased through them has a coupon.  None of this is necessarily a problem, but it is something folks complain (loudly) about.

As you might imagine, GoDaddy isn’t universally loved by the WordPress community.   Having a wide range of clients, we’ve worked with many different domain name registrars.  I don’t personally have a problem recommending GoDaddy for domain registration, and SSL certificates, but at the same time I’m not really passionate about registrars.   I can’t recommend them for their web-hosting, let alone managed WordPress hosting, as there are just so many out there that do it better.  Name registration, on the other hand tends to be a low-value problem to solve.  At around $15 per year, there are probably higher-value things for you to focus your attention on.  From my standpoint, I mainly care about what the Nameservers field says… this points to wherever your DNS hosting lives, and may point to GoDaddy’s name servers. Wherever those point, that’s where you can manage your DNS settings from.  By default, that will be GoDaddy (e.g. ns1.godaddy.com, ns2.godaddy.com).

Some popular alternative domain name registrars that I’d recommend considering include, NameCheap, Moniker.com, Hover.com, Gandi.net (which includes free private registration), dotster.com, in addition to most web-hosts.

Did you check out Part 1?

In a market with an almost an unlimited number of choices, why is it so hard to find the right WordPress host?  After all, aren’t all of the building blocks low, or no-cost?  Between WordPress, Linux, inexpensive computing, and an endless supply of commodity providers that all look alike, doesn’t this resemble a perfectly competitive market? At least, it seems to at a glance, doesn’t it?

But if that’s the case, why is your current host so bad?

And why are there so many articles on who to choose, and why to choose them? (FYI… most reviewers are compensated though an affiliate program.  I’m not.).

It’s with you in mind, that I put together this article.  My goal is to present the topic from 30,000 feet, help you understand where the market is, and help you make the right choice.

Small Business Owners, Freelancers, and Startups 

If this describes you, and your business is doing anywhere from zero to $30 million in sales, then you probably don’t want to host your own WordPress site.   Temping as though it may be, particularly if you have a stack of servers in a datacenter somewhere, or a huge vSphere licensing investment, it’s still probably not worth your time to do.  On top of that, I just don’t know of many startups, freelancers, or small businesses that resemble what I just described.  Is it possible for you to host your own WordPress site?  Sure, you can technically do that with your residential high-speed connection and an old workstation with a LAMP stack running on it.  In fact, I bet someone on your team already pitched that idea, didn’t they?

… and that will work just fine, right up until the time when one of a thousand things that you didn’t know to plan for happens.  Then… you’ll have a mess.

So sure, it’s possible to host it yourself.  But realistically, in the majority of cases, I don’t buy what your developer or operations folks are pitching.  Unless they have recent specific experience, and it also happens to be a valuable way for them to spend their time (now, and in the future as they maintain the site), then it’s unlikely that you belong in the WordPress self-hosting game.  Why?  For reasons that start with security and reliability, but ultimately end with the business case…. as in, do you actually have a reason to be in the WordPress hosting business?  Think about it this way… unless you reasonably stand to profit the investment you’re making in your WordPress infrastructure, why are you doing it?  Those expensive dev and ops resources that you have messing around with a WordPress VM… their time could probably be spent doing almost anything else.  After all, no matter how smart, well meaning, or capable they may appear to be, the reality is that WordPress hosting has already already been done better, and more cost effectively elsewhere, by companies that are backed with venture capital and can boast hosting north of 150,000 sites.  So yeah, your technical team might be able to get you up and running – but why are you spending your resources that way?  Sure, it’s an interesting Engineering challenge, but does it create any real value for you?  If you have developer or operations folks, the low-hanging fruit surely isn’t in reducing a cost that runs well under $2k per year, is it?  In short, it’s just really difficult to justify self-hosting in today’s market, if it’s not in some way either profitable or core for you to do so.

The Cheap way

If you’re a freelancer looking to spend less than $5 per month, then you’ve got plenty of options, my friend.  In fact, the vast majority of hosts are of the 1-click, $5 per month WordPress hosting variety.  I’m sure you’ve seen many of these names before.  Companies like…

HostGator, Dreamhost, BlueHost, 1and1.com, LaughingSquid.com, inmotion, webhostinghub, siteground, godaddy, westhost, justhost, site5, hostmonster, siteground, and on, and on.  To the tune of several hundred more.

If you thought differentiating between phone systems was hard, then hold the phone… because these companies are nearly identical.  In fact, several of them are now just brands owned by the same parent company, Endurance International Group.  Have I worked with all of them?  No… there’s just too many.  I can’t tell you precisely what differentiates 1and1.com from HostGator this week, beyond the sale that 1and1.com is running today.  But, guess what?  Their customer services folks can’t either.  Of the handful that I’ve worked with, they’re all fine and good enough for small sites, blogs, and whatnot.  Sure, their support, uptime, and responsiveness all vary wildly, but it’s all the same cluttered marketplace.  I can’t speak to which host is really the flavor of the month, because it changes that often.  But averaging them out, I’ve yet to be impressed, or surprised.  If this seems like the right fit for you – just go ahead and pick whoever is running a sale this week.  And if you stay with them for long-enough, your experience will range from good to bad, and everywhere in between.

Managed way

If you’re coming at the topic of from a clean-slate, you may already be familiar with the inexpensive commodity hosts outlined above.  Beginning around 2009, providers started offering what’s become known as Managed WordPress hosting as an alternative to shared webhosting.  Since then, several companies have come to market with offerings that recognized there was a market not being served… folks with needs well beyond what the shared hosts could, or were interested in providing.  Managed WordPress hosting is about abstracting out the hosting layer from the WordPress layer environment.  Or, if you have a networking background… if budget web-hosts live at the data link layer, Managed WordPress hosts live in and above the Application layer.  In any event, here’s the general pitch…

Managed WordPress Hosts do everything that you don’t want to do, or that you don’t know you should be doing.

Things like Automated backups, managed WordPress and plugin updates, content delivery network (CDN) integration, and seamless scaling.  Never thought you’d need to be able to handle 50 million visitors a month, did you?  Not a problem, they planned for it and baked it into their solution.  What if you don’t have a clue, and need amazing support?  They have you covered.

Here are some of the bigger Managed Hosting names:

• Pagely – A self-funded company that recently moved their infrastructure over to AWS – the original Managed WordPress host.
• Flywheel – Focused on design and ease of use
• WP Engine – Perhaps the biggest name in Managed WoWordPressosting, they’re now VC-backed, but have experienced growth-pains this year
• Synthesis – Known for security
• Pressable – Known for reliability
• mediatemple.net – Now owned by Godaddy, but operates independently

The fact that many small businesses don’t think they need some of the features are, perhaps, a different conversation.    While your site might not ever serve up the number of visitors that TechCrunch, or CNN do, many of the features that Managed WordPress hosts bake into their platform are nice to have, and given that the cost runs somewhere between $49 and $200 per month, it’s still quite affordable.  Most importantly though, they’re doing all of the heavy lifting for you.

Is Managed WordPress hosting for real?

Here are a couple of the most common criticisms of Managed WordPress hosting.

“It’s just a higher-cost version of shared hosting”.

“So you’re charging me for something I can do myself?”.

Are these accurate? Or, more importantly are these legitimate? I don’t think so.  Look at it this way…  budget web-hosts are incentivized to maximize the density of their environments, as-in stacking as many customers as possible onto a piece of hardware so that they can still profitably run those $1.00 per month promos.  On the opposite end of the spectrum, Managed WordPress hosts are in the business of having happy customers that don’t even think about “hosting”, and rightly assume that the Managed WordPress Hosts are in the business of making sure the back-end is always capable of providing their end-customers with a great experience.   Put differently, would you rather have the budget host that’s putting out fires everyday?  Or would you rather spend a few hundred extra dollars a year to not have to worry about it?  Perhaps the biggest differentiator though between Managed WordPress hosting and budget hosting is support, because they’re incentivized to deliver the best customer experience possible, in order to continue justifying the premium they charge.

Of course, it’s true that you could probably do it all yourself.  But is that really the most valuable thing you, or your team can be doing for your business?

The Hard Way

So what’s left?  Virtual Private Servers (VPS).

If you’re coming at this as a SysAdmin, a web developer, or from an Engineering background, the most tempting option is usually the hard way.  I wish I could say that I just didn’t understand the temptation… but I get it it, even if I don’t agree with it.  Before you go down this path though, think about what your time is worth.  What’s the opportunity cost to rolling it yourself?  More than that, unless you’re a Linux admin by trade, one who just so happens to also be a web developer, and loves tweaking Apache or Nginx, setting up MySQL databases, and the like… then it might just be that your time is more valuable doing something other than re-inventing this wheel.

VPS environments are pretty much what they sound like… dedicated virtual machines that you rent from an infrastructure company.  This is nearly identical to the “I can host this myself” approach to things, except that most of these providers have a solid and redundant infrastructure.  Meaning, when something breaks it’s usually your fault, not theirs.  With a VPS you get a dedicated operating system, where you have root access and can do anything you want on the virtual machine.  If you’re a SysAdmin, it’s just like logging into vCenter and deploying another instance of CentOS from a template.  The primary difference though is that the VPS instance is usually housed in a datacenter that’s built for availability, as opposed to your corporate datacenter which may or may not have things like multiple utility providers, or Internet connections.

Which VPS to choose?  Well, he’s a list of several hundred options.  If you must go down this path though, I’ve had good experiences with DigitalOcean.  From a cost standpoint, DigitalOcean competes in the same cost range as the shared web-hosts, as well as the VPS variety.  The difference though is that DigitalOcean doesn’t suck.  You can even think of DigitalOcean as AWS-lite with a cost resembling the commodity web hosts of the world.  They don’t yet have a platform that’s as massive as AWS or Azure, but you can spin-up “droplets” (VMs) similar to the way you would bring up new machines from templates in vCenter, or on AWS/Azure.  Snapshots?  Sure thing.  Backups?  Of course.  Their big differentiator though is that their VMs run on SSD drives.  And before you ask… Yes, they’re quite fast.

My Recommendation:

Why over complicate this?  A Managed WordPress host is there to take care of the details.  Sure, you can get a lower cost platform using a shared host, but your mileage will vary.  Of course, you can always build your own WordPress environment, or run a VPS instance – but it’s not usually a high-value use of Engineering resources (even if you have the technical expertise).  For managed WordPress hosting, I like Pagely based on their history, reputation, and the fact that they’re self-funded.

After you have Redmine installed and configured to the point where you can log in – go ahead and do so. Browse to Administration>Settings>Authentication tab>LDAP Configuration (in the bottom right).

Before you go and start changing things here, there are a few things you should keep in mind that will save you some time. Realize that you can’t do an anonymous bind to Active Directory. So, you need to actually specify a valid set of credentials for the service account. Now, I suppose they could have done something different here to reduce the configuration work… like relying on user login credentials and passing them to query AD. But in any event, you just need a normal domain user account should do just fine – anything that can query Active Directory. Why a domain account? Think about it another way… if someone plugged their laptop into your network, would they be able to query AD for user or computer objects? No… they wouldn’t, because they’d be anonymous. Even if they knew your domain name, had a domain controller’s IP address, the distinguished name, etc… no luck. So create a service account. Just FYI, my domain was at 2003 domain functional level.

As far as the Base DN – keep it simple… base DN means base. You probably don’t want CN=users, or CN=MyBusiness, or anything like that. In my case, I specified DC=domain,DC=local. As for the the attributes, they all come right out of Active Directory… there’s a bunch of places youcould find these if you wanted to spend the time to find them. Or, there’s a bunch of sites that already have this stuff listed (see the below for my config).

When you’re specifying the attributes, keep in mind that you don’t want any extra spaces (blank spaces) after the attributes. For instance, it should be ‘SAMAccountName’ (no quotes), NOT ‘SAMAccountName ‘. If you add a space, it breaks. If you don’t have those “optional” attributes, it breaks. Also – just FYI… if you’re under Authentication, and trying to run a “Test” of authentication, and it say’s successful – that doesn’t mean it’s actually working. You need to test Active Directory account logins from back on the main menu.

If you want to use on-the-fly account creation… you’ll need to make sure all of your Attributes are set correctly and that within Active Directory the attribute fields actually contain data for your users. This is very important. For example, if you have a user trying to login, but their account has “First Name”, and/or “Last Name”, and/or “E-mail” address fields blank (like if you have a “test” user account) – automatic user account creation in Redmine will fail. On top of that – it’s not very verbose about why it failed. So that might be something to file away in the back of your mind, so that when you find one account (or a group of accounts) somewhere that won’t login – you can make sure to check that they have all of the Active Directory attributes specified (just open up Active Directory Users and Computers and check-out the user object that is having a problem).

My Settings:

• Name: YourDomainOrWhateverYouWant
• Host: IP address of a Domain Controller (name is probably best)
• Port: 389
• Account: Domain\ServiceAccountRedmine01
• Password: SavedPassword
• Base DN: DC=domain,DC=local
• Login: SAMAccountName
• First Name: givenName
• Last Name: SN
• Email: mail