Today we have Victor Drover from Watchful in this episode of LMScast with our host Chris Badgett. They have a powerful tool to help you manage, backup, update and secure your sites in record time on your schedule. It’s great for agency owners or anybody managing multiple sites.
Vic was in the widgets business and a lot of his clients were telling him that they are spending too much time maintaining their websites so they could focus on marketing and getting more leads instead. So, Vic partnered up with a friend who had a prototype for backing up about 150 client sites, he saw the potential of the tool, improved it, and released it to the public in 2011. This tool brings a lot of automation to the workflow of safeguarding, saving a lot of time and money for agencies or multi-site owners.
So, their tool backs up your site when you are not looking to protect it from unwanted breakdowns. If something goes wrong with your site, it makes it easier for you to get back live without losing anything. So, what goes into the backup? Not just the site, but also security scans, updates, uptime monitoring, and traffic reporting to ensure site health. The security scan checks all our website files, the index, and the frontend for signs of malware and also if your site is blacklisted to users who are visiting your website.
So who are his clients? It can be anyone actually. But he has seen DIY customers with 5+ sites who just want to simplify the process, and then there are some enterprise customers with small IT teams who have a closed system but just take Watchful’s services to update a lot of websites at once without them have to do it as a huge project. The best thing is that they can even push updates to a very specific item on the website instantly, like the media player, or a plugin so that the admins don’t have to log in to each site and update it. It saves his clients uncountable hours.
Even more, Watchful can update from zip files as well, so if your developer gives you a patch to a plugin or tool, you can easily search in which of your websites it is installed and instantly roll out the fix to those sites. Auto updates can also be scheduled according to your wish.
Reports are sometimes an overlooked element for developers. But for Watchful, it is where they make the main touchpoint for the recurring project work. It mainly includes Google Analytics insights like keywords, top pages, traffic, etc which helps regular clients who don’t want complicated dashboards an easy place to start. Plus, they also list out a history of what was changed on the site. The agencies can benefit from this reporting by being able to send the report from their email address with their branding and custom message baked into it.
How often should you set the frequency of your website’s backups? For a fairly static site, like a portfolio or a brochure site once a month is more than enough. But for e-commerce, daily or even multiple times a day is feasible. It all depends on how you use your site and where hackers might try to find vulnerabilities on your site. Sometimes what they do is they corrupt something in your site and wait for months or years before they strike. So, having these backups going back years actually helps you compare your last working backup and see when and where what went wrong.
You can shout out to Vic on Twitter, @VicDrover, or the contact form on watchful.net. The free account is free and not a free trial. So sign up without having to worry. They also have a website maintenance Facebook group specifically for keeping websites up-to-date, just search WebSite Watchers.
Here’s Where To Go Next…
Get the Course Creator Starter Kit to help you (or your client) create, launch, and scale a high-value online learning website.
Also visit the creators of the LMScast podcast over at LifterLMS, the world’s leading most customizable learning management system software for WordPress. Create courses, coaching programs, online schools, and more with LifterLMS.
Browse more recent episodes of the LMScast podcast here or explore the entire back catalog since 2014.
And be sure to subscribe to get new podcast episodes delivered to your inbox every week.
Episode Transcript
Chris Badgett:
You’ve come to the right place. If you’re looking to create, launch and scale a high-value online training program, I’m your guy, Chris Badgett. I’m the co-founder of LifterLMS, the most powerful learning management system for WordPress. Stay to the end. I’ve got something special for you. Enjoy the show.
Chris Badgett:
Hello, and welcome back to another episode of LMS Cast. My name is Chris Badgett and I’m joined by a special guest. His name is Vic Drover. He’s from a company called Watchful, that’s over at watchful.net, which is a software tool DIY to help you manage, backup, update and secure your sites in record time on your schedule. It’s great for agency owners or anybody managing multiple sites. Vic, welcome to the show.
Vic Drover:
Hey, thanks, Chris. Great to be here. I can’t wait to chat with you and tell everyone about our stuff and talk about website maintenance.
Chris Badgett:
Awesome. Well, one of the challenges with having a learning platform or doing multiple projects simultaneously as an agency is just keeping everything updated. Tell us about the problem that you wanted to solve with watchful.net. What is the main issue that this completely solves?
Vic Drover:
Originally, I was a little bit selfish. I was selling widgets at that time and we had lots of customers using those, and we’re pushing out the updates. And our customers were telling us, “Hey, it’s great that you’re putting out the updates but we’re spending more and more time updating, less time getting new clients and building new services and tools for our customers.”
Vic Drover:
So I partnered up with a colleague of mine and they had been working on this remote management tool and they just had it in-house and they hosted it from their office and used it to manage their … I think they had 150 websites on there that had allowed them to remotely keep an eye on backups, schedule backups and do plugin updates and software updates.
Vic Drover:
So we took that and saw a big need for it. And yeah, we went out in 2012. At that time, there wasn’t really a lot of competition in the space. That’s changed obviously in the last 10 years for sure. But it was really just selfishly first to say we need to do this. And then our widget business, we saw that there was a need there for the clients.
Vic Drover:
And the other, I guess, side of that, it was a selfish purpose but the world was going to services at that time versus products. I’m sure you’re familiar with that process also. And the timing was also very good, 2011, 2012. And we rolled that little wave and it transitioned our … We actually don’t sell widgets anymore. We’re 100% digital services as a result, and recurring revenue, of course, which most agencies also desire for a cash flow and security and things like that.
Vic Drover:
That’s kind of the short version of how we came into existence.
Chris Badgett:
For freelancers, WordPress professional is growing and I’ve been on this journey myself from 0 to 17-person team size in my case. But at what point, how many number of websites does it really start hurting or what range where it’s like, “Oh, I need to be more efficient here. I need something to be more systematic or more of a remote management tool to manage all these websites for my clients.”
Vic Drover:
That’s a really good question. It’s probably going to be person to person but I will say this, when an agency realizes that they want to scale and need to scale and need tools to help them, that’s when this tool kind of becomes important for them. That could be someone running one website, not usually because the benefits are really when you have at least two. You’re not doing the same thing over and over on exactly the same sites, logging into every site, making sure every backup is current.
Vic Drover:
So at least two, I’d say, you get some benefit. Once you get past 5 to 10, and you decide that you want to be a serious agency owner or at least drive growth, that’s when I think you make the decision. And there are a lot of things you might be doing at that time to do bulk tasks, and automate tasks. Lots of stuff in the WordPress news recently about the Zapier workflows and kind of keeping your agency running smoothly and efficiently with automation. That’s in every sector these days.
Vic Drover:
And I feel like our clientele and WordPress Professionals, they’re just kind of getting started and anyone who’s trying to get there, get more done in less time, which saves them money and it allows them to grow their business. When they’re ready for that, I think that’s a good time. Anyone over … I’d say once you get to five sites, it’s probably too tedious if you ask me my personal experience. Of course, I get to use my tool for free.
Vic Drover:
So I would use it for two sites, but I think we offer a free tier for five sites, for example. And we pick five because if you have four or five sites, you can manage them on your own, especially with the auto updates that WordPress just put in if you’re happy with those or you like to use them. The auto updates in my opinion are probably not as common as people think. We have data on that. Most people don’t really have data except maybe automatic, of course, about whether or not people like auto updates. But in theory, automatic updates should save you a lot of time.
Vic Drover:
But if they take your site down unexpectedly, especially after hours, or the clients are really noticing when they’re having high traffic, for instance, on their websites, those are things you don’t want. So even if there are some free automation tools, I think when you use something like Watchful, there are lots of other services that do similar things.
Vic Drover:
Having a system that’s really trying to keep the integrity of, say, the update process or the backup process, a lot of what we do is make sure those processes have good integrity or happen at a time when it’s convenient. I don’t know if you … Did you use cPanel, I guess when you used to be building your agency site?
Chris Badgett:
Yeah.
Vic Drover:
Most developers have used that even though it’s having its own transition these days.
Chris Badgett:
What’s new these days, quick side note? I mean there was-
Vic Drover:
At cPanel?
Chris Badgett:
… cPanel, what’s there now?
Vic Drover:
So cPanel, I think, their big change is they got bought out, I believe if I’m not mistaken about the finances. But they’ve been pushing to change their licensing. And that’s forcing … So cPanel itself is not that different. It’s better than it was for sure. But at least in my experience, their pricing has changed, which motivates hosting companies who could have had a thousand sites on one license on a server, for example, for cPanel. Now, that’s not cost-effective anymore.
Vic Drover:
So hosts are building their own alternatives. So that’s the change. That industry is changing, I think, because of the cost pressure that cPanels have been putting on the hosting companies.
Chris Badgett:
Got you. Well, sorry for the tangent, but you are asking if I had managed my cPanel before, and then what were you going to say?
Vic Drover:
I got off my rhythm a little.
Chris Badgett:
It’s all good. It’s all good. Well, we can kind of pivot to my next question which is just around a freelancer or somebody building websites kind of getting past this idea. They have to be in feast or famine. You build a site, and you passed off to the client, and on to the next one. If somebody wants to build a recurring maintenance plan or care plan, what advice do you have?
Vic Drover:
I think one of the really important steps is to look at your customer base and we just actually published a really nice success story from one of our Watchful clients. They have a small agency with about 25 websites they manage. And they discussed … We brought out their journey of going from a couple of sites to say 25, definitely getting value doing things in bulk in automation. But the important part for them was educating their customers on everything that they were doing behind the scenes.
Vic Drover:
As I said, we focus a lot on integrity. Are your backups fresh when you do an update? Are you easily able to roll back, for example? Most places are checking for that. Now, the common … I think my cPanel discussion was going to talk more about kind of this integrity of the process. Are things happening when you want them to? The automatic updates in WordPress are not scheduled with our system. We’d like the secret sauce we have is that you can say, never update on a Friday at 3:00 p.m., for example. Never update if your backups are stale if you’re using automatic updates, for example.
Vic Drover:
That checking of the background is important. And I think the success story was published, it’s a company in California called Anchored Web. They were really struggling to put all of the things that they were doing, all the knowledge they learned, doing safe, reliable updates and maintenance and backups, all those things, educating their customers. So actually, they knew their customers well, and what they started doing was educating their customers about everything they were doing, taking all the maintenance and patching up in a way that their customers are going to understand and appreciate, and then balancing that off against, “Well, if you don’t do this, you get a big bill in two years because you have to redo everything,” or “Maybe you got a hack that you have to recover from,” et cetera.
Vic Drover:
So I would say, before you set your plan, figure out what either you want, what your customers understand or what they can reasonably expect from a good service and what that actually means. And what I would say is that means a reliable website that’s pretty much always up, never defaced, always secure, always backed up, and ready to go. So that’s a long kind of background but your question was what goes into your plan? And it’s got to be backups. It’s got to be security scans. It’s got to be updated, uptime monitoring, hopefully, some traffic reporting, things that you can kind of give to the customers and say, “These are all the things we’ve done to make sure your site is running smoothly and safely.”
Vic Drover:
And then hopefully, I guess the last advantage is if you’re constantly keeping your customer up-to-date with a good summary of the things you’re done when the customer wants to update, you’re top of mind with them because you’ve got a touchpoint every month, or every quarter. They know that you’re on your game, that your processes are tight, you’re reliable. All those things kind of build-up. And basically, from the care plan, you turn that into a new business not just recurring monthly care plans, but new project business too.
Chris Badgett:
Yeah. That’s awesome.
Vic Drover:
Which is great.
Chris Badgett:
And what do you see, if you’re advising somebody, should they … There’s a couple of paths here. One option would be the client has their own hosting account at X company, or do you see more of your people offering the hosting and maybe wherever they’re managing it and then they put this service on top of it and the client just has a website and pays for this website in an ongoing monthly fee which includes maintenance and stuff, and then new project work. What’s the most common setup here for what you see?
Vic Drover:
I think the most common setup that we see at Watchful, and this is something interesting that I don’t fully understand about the psychology of agency owners, is that they want to keep all the magic. They want to keep the whole experience magical and some mystery. And I do understand that. They don’t want, for instance, if I’m a website owner and I hired you to do this maintenance for me, but I know all your secrets, I can take those secrets, give them to someone else and say, “Can you quote me for the same work?”
Vic Drover:
I think agency owners are always terrified that something like that will happen. I think when I was doing agency work 15 years ago, that I think I felt that way. But the more information they gave, I feel like my customers earn that trust that it was hard for them to get to somebody else because they said, “Oh, it’s reliable. Here’s the reporting. It’s not too expensive, for example, and I’m getting what I paid for. There’s good value.”
Vic Drover:
In the end of the day, if you’re keeping your customer because of some obscurity of what you’re doing, maybe that means they don’t really trust you properly. Maybe that’s not the best customer for you. But I think the most common that we see is that people that use our service, use a hosting service and they keep all that private from their clients. But I think most of our customers are using … Our price point is really super competitive, so we’re a little lower. Our users tend to be a little lower on the revenue side in terms of how much they might have an annual revenue, for example, or how much they might charge per hour.
Vic Drover:
But that said, I think they mostly have individual hosting accounts that they manage for their clients. If you’ve got a customer who is managing their own hosting, they can probably use our tool themselves. So I think that’s less common for us.
Vic Drover:
The only other side of that is that we have some really big customers and this is where maybe dovetails with lifter a little bit. We have lots of educational customers who have a site for every department and then for every working group on campus and maybe every class as a website. We’re talking hundreds, sometimes thousands of science. And for those folks, it’s a whole different thing. Their entire corporate infrastructure is locked down. They’ve got all the servers. They’ve got a full-time IT staff, usually, maybe a team of 5 to 10 to manage, say, 600 websites.
Vic Drover:
That’s kind of a whole other step. That’s the kind of the opposite side and they’re using us mainly because they don’t want to update 600 sites. They’re getting massive, massive gains because with one click, they can say, let’s update everything on every site. I think very few people do that. But they can say, “Oh, this piece of software is super reliable. I’m going to update that on all my sites one click and walk away.” And they come back in five minutes and they’re all updated.
Vic Drover:
So they’ll pick and choose their favorite software or their most reliable software, and push those out. So that’s going to be the other end of the spectrum. But most of our customers and more of the DIY stuff, individual hosting accounts for each customer. And customers are hopefully paying them to be their IT kind of consultant and mostly focusing on their own businesses, and not so much on their websites.
Chris Badgett:
I love that idea.
Vic Drover:
At least the technology is on either website.
Chris Badgett:
Yeah, I love that. I definitely have been guilty of this as a freelancer, and agency owner of really pushing too much on the client to take on technical responsibility or, “Hey, now, you need to get this account or this company.” And what they really wanted especially the ones that were well-financed was like you said, an outsourced IT department so they didn’t have to worry about it.
Vic Drover:
100%, 100%.
Chris Badgett:
I think it’s very common for technical people to sometimes, one, leave money on the table by not faring out that dream recurring. There are the big projects but then there’s the dream recurring stuff that’s not only a win for you as an agency but also for the client and a busy client and what they actually want.
Vic Drover:
Well, project work can also be recurring and I know in the WordPress business, I don’t hear passive income talking too much. That’s more like a Tony Robbins kind of shady consultant speaker or whatever. But I think we’d often talk about where it’s a multi-retainer that’s for the same thing every month and we all want something like that because it goes to our strengths and maybe we’d productize our service and we can offer it easily and repetitively.
Vic Drover:
But you can also have a site and we have … You and I discussed before the show about some pocket clients. We have these pocket clients and we built them a really great website. And now, they come at us with these projects a few times a year and they’re building on their original payout and their site is just becoming so powerful, has great features really helping them grow their business. But it’s a recurring project work which where developers get a lot more interest than, “Oh, crap, I’ve got to update 600 times.”
Vic Drover:
I do think that agency owners shouldn’t necessarily think it’s just my maintenance plan that’s recurring. You can definitely get some recurring project work but having a good maintenance plan, and I made this point earlier, make those good touchpoints either monthly or quarterly or annually so that when a project comes up if it’s going out to bid, you’re on the top of that list so you can submit it. And that gives you an advantage when the decision makers are deciding on who to give it to.
Vic Drover:
“Oh, this is a little bit more expensive but they did great work. Great experience with them, I talk to them every week, every month, et cetera.”
Chris Badgett:
That’s awesome. There’s kind of a buzzword in the WordPress community, or not a buzzword but a term called WaaS, websites as a service where the way I see people doing it is they find a niche where, like as an example, we have a customer. Her name is Sally. She helps natural alternative health practitioners basically have their website which happens to include like a teaching component on it, which is why she uses LifterLMS in that case, so these people could have like a marketing site for their business. They’re in services, and then also teach courses.
Chris Badgett:
And it’s like this full website as a service for this niche. If somebody is going to create like some kind of niche learning component website as a service, what do you recommend they do? Like how they set up their hosting and then also use a tool like Watchful to keep everything up to date so that these clients, especially if they’re in a non-technical niche, they’re just signing up for a website. It’s done for you and this WaaS entrepreneur.
Chris Badgett:
There are too many acronyms here but the Waas LMS entrepreneur, what could somebody do if that sounds interesting to them and they think they can do it, but they’re not quite sure how to put all the pieces together?
Vic Drover:
Yeah, I think there’s an important connection to what we spoke about earlier, and that that person is ready to scale. You don’t go to the trouble of setting up your niche kind of offering unless you’re going to scale. And you wanted to scale and you know that niche inside and out, and you’ve put everything that they might need in there and they’re ready to go.
Vic Drover:
So first, A, we know they want to scale. That means we know bulk or automated tasks are going to save them time and they also know that. So that’s where remote management tool like ours is going to save them a ton of time right up front. Already they know it’s going to help them save them time because they could scale a hundred of those in the next year and they know they’re probably not going to be as overwhelmed as it would be to do it individually. So there we go, we know we’ve got a use case for that part.
Vic Drover:
As far as the hosting is concerned, again, it depends I think a little on your budget. If you’re going down the WP Engine managed hosting route, they’re going to have everything you need for that. If you need to keep spinning up sites, that’s really not an issue. If you’re an individual, I really prefer the … Their managed servers, like you have the whole server yourself. I’ve gone that route which I’ve been very happy with. But I think you can also do it if you’re just spinning up an individual hosting account for each of these clients. Doesn’t scale as well because you got individually have that provisioned, whereas managed hosts will take care of some of that lifting for you.
Vic Drover:
But here’s one tip I would give and we used to do this when we get client work. We use Watchful to maintain our niche website as a service offering because by the way … Say you do 10 of these a year. The WaaS you set up in January is out of date come February, let alone the following January. If you’re continuing offering that and you’re spinning up a copy of that site and then customizing it for that client, logo, colors, et cetera, those things are out of date and they need to be updated when you’re going to go live.
Vic Drover:
So we used Watchful. We had four niches that we were targeting and we would just keep those updates on a regular basis. So when we roll them up for a new client, they were ready to go, the latest WordPress, latest plugins, themes updated, and everything was ready to go. So that was a good use we thought with our own tool, so it was easy for us. But we do definitely suggest people do that. And people put their staging sites in a similar way in there so their staging sites can be updated before they’re pushing to live.
Vic Drover:
The only thing I would say with our audience because it’s a lot of DIYers with say, 5 to 25 sites, I don’t think a lot of our users are really using the staging development and production environment workflows. And so I’m not sure that we get a lot of people. I know we don’t get a lot of people putting staging sites in there. But we do allow, for instance, if you want to put your use HTV basic authentication on your site, we fully support that to you. We could, for instance, manage or develop or update a site that you’ve made private just using basic auth so that you can keep it quiet until it’s ready to go or maybe ready to push those updates, et cetera.
Vic Drover:
Does that answer your question?
Chris Badgett:
It does. Yeah, that’s super helpful. Going further with that kind of use case of somebody building out this kind of WaaS templated offering in a niche, you offer white label reports. What’s in there and how … I think sometimes internet or tech professionals kind of overlook the value of a report. But a client who has a report, number one, they learn how to value the service you’re offering. But what else in the report and any advice around what an agency or entrepreneur could do with that report for their clients?
Vic Drover:
Yeah. The report for us is the main touchpoint to keep you top of mind if you want recurring project work. But it does justify the value of your maintenance, of your care plan, whatever, however, you’re selling it to your customers. Maintenance-
Chris Badgett:
What kind of details are in it?
Vic Drover:
That’s right. And so we’ve got Google … We support Google Analytics so you can have your monthly traffic or quarterly traffic. Your top keywords although that is less and less value coming from Google these days. As you know, most of them are not reported right, so that’s only so much. But you know your top pages, which ones are getting the most traffic. So kind of a basic Google Analytics.
Vic Drover:
We haven’t gone further to say, let’s [inaudible 00:22:59] for custom Google Analytics report in there just because we didn’t start saying, are we a website maintenance service or are we now a more slightly marketing? It’s easy to expand in areas that probably most people are going to use. If they need that much marketing reporting, they probably have a service for that separate [crosstalk 00:23:19] report.
Chris Badgett:
Just to note a color on that, the Google Analytics interface, I’m a professional online businesses owner and I still get lost inside there. A regular non-technical client, even just having the basics, so the traffic, just like those fundamental analytics-
Vic Drover:
Traffic, keywords, and popular pages like you don’t even know anything with the internet to understand those same things. And that’s about kind of I think … Server integrators don’t want more information than that, let alone the site owners [inaudible 00:23:53] began. Again, there’s some target information in there. If you have people who are really focused on growth, it wouldn’t be enough for them.
Vic Drover:
But that’s the analytics side. We have our uptime summary there, so what were your 7-day, 30-day and all-time uptime stats and then any downtime events that occurred that month? And then the other things are all related to what kind of maintenance you did. Was a plugin added or deleted? Are updates pending? Did the backup fail or was your backup successful? And we have all that listed out. And you can pick and choose what you want in there.
Vic Drover:
When I was using this for clients, I really didn’t tell them when a backup failed. I got a notification when a backup failed and I made sure that backup got sorted out. But I sent them a list of all the successful backups. Why would I tell them things that failed, right? So you can get as specific as you want in there.
Vic Drover:
The other thing we have and this is a cool, neat feature, is you can have custom entries to the logs. Basically, you can pick anything from the logs and include it in the report. So if you have a custom note that, “Oh, here. I did this maintenance on the backend or Chris sent me a patch for XYZ and you applied it.” I can put those as entries in the logs and send … And maybe that’s the only thing I include in my report, so the custom work I did. And that can go out monthly with your regular reporting.
Vic Drover:
So we like that feature a lot especially if you’re integrating with the API, maybe either pulling information to Watchful or using Watchful API to say, “Take your maintenance activity and attach it to your invoice.” So we just had a client who used his own invoicing and they take their maintenance staff, and pull it in. Zoho has a scripting language. I didn’t know this, and they pull in this site maintenance information from Watchful in the Zoho and every month, sent it out with their invoice.
Vic Drover:
So their client, when they’re paying, calls the details right there, everything they want them to see. So that’s a really cool use case.
Chris Badgett:
I love that. That’s some solid tips there. What happens when things don’t go well? What if an update happens and something … How do you know if something goes wrong? What goes on there like if you update like WooCommerce or something and there’s a problem?
Vic Drover:
We don’t have any detailed testing or functional testing on that. And I think actually that’s probably one of the opportunities like there are so many competitors in WordPress maintenance right now. But one of the big opportunities with GoDaddy Pro and all those things, one of the biggest opportunities is functional testing. And I think that’s in its infancy. So as it develops, we’re going to keep working on that.
Vic Drover:
But yeah, there are services where you can have it continually testing your WooCommerce purchase process, for example. But it’s not just that. Does your contact form still work? There are visual regression tools that just look at, does the site look the same. That’s okay if it’s not a functional test. I actually don’t need every pixel to be identical after an update, but I really need to make sure my contact form works.
Vic Drover:
So I’d say that’s an area where we still need to do some work and most of our competitors, also colleagues … Let’s call them colleagues. Most of our colleagues that need to do similar, it’s a big problem. And how do you do that without letting the … Let’s say you want to test the contact form? Where do the contact forms go when they’re completed? They go over to the customer who owns the site, right?
Chris Badgett:
Right.
Vic Drover:
How do you test that so that you know it’s working but you’re not annoying the customer? He may be just fine that you’re doing it but there should be a way that you can test it without necessarily notifying the customer. And there are ways to do it manually but I think we definitely need some better tools for that.
Vic Drover:
I do want to say one other thing, you mention white labels before, that’s also super important because remember I mentioned that … And I’m sorry if I’m going off script.
Chris Badgett:
No, you’re fine. Go.
Vic Drover:
Agencies, they want to keep their secrets all secret. So, if they get a report from Watchful about their website that Agency B made, they’re wondering, “Why is this going to me?” So, the white label part is important because they want to make sure it comes from them as the agency owner to their customer and be, “I want to be kept out in the loop. I want my clients to succeed.” I don’t need their customers-
Chris Badgett:
You’re not trying to advertise through them.
Vic Drover:
Yeah. That’s not who I’m advertising to. I’m advertising to agency owners. And other agency owners are never getting these reports. They’re not sharing them with each other. So, not only do we, of course, let them put their own logos but they can send the reports from their own email accounts. They can just put it their SMTP server details and then the reports are going from there addressed with a custom message, report attached, so it’s literally coming from the agency owner server directly to the customer and we’re kept out in the loop entirely. That’s the best way to do white label, of course.
Chris Badgett:
That’s awesome. You have a feature around intrusion detection. One of the things people are worried about is security and people hear all these stories especially the end client about the sites getting hacked and everything. So, tell us more about intrusion detection and how an agency could leverage that feature.
Vic Drover:
I appreciate you bringing that up. We struggled for a long time for, do we want to become like a security company that is doing security research and think there would be a firewall and all those things like that. Sucuri, there are many … Just Jetpack itself is doing this kind of work.
Vic Drover:
That’s probably not, I think, our primary focus but you should still want some measure of confidence that their site is reasonably secure. You can never promise anyone full security. If it’s public on the internet, there’s a chance it can get attacked, especially some of those is motivated, the personal connection for some reason.
Vic Drover:
Our goal is really to educate people on kind of best practices, scan for the most common things and then do a deep scan when people want to do it. We’re in the process of automating our deep scan. We haven’t done that yet.
Vic Drover:
So, let me break down the basic three areas. The first part of the scan is kind of the best practice scan. And it tells people, especially for new people coming into the website, say, the development world or website integration world, one of the security basics. Obviously strong database passwords, strong passwords in general, all the kinds of basics that we would, having the right permissions on your folders and your server. We think of them as basics because we’ve been in the industry for 20 years, you and I. But I think a lot of people just getting in maybe are not aware of that.
Vic Drover:
So, our first step is, “Hey, these are what we consider the most common best practices. And if you’ve not fixed them, please fix them and then rescan and make sure they’re fixed.” That’s one. Two is we do … For our free accounts, it’s once a day. On our paid accounts, it’s like every three hours. We look at your configuration file, your function.php file, the index.php file, your theme, and a few other key files that are targets for defacing and hacking in general.
Vic Drover:
The most popular target is the low-hanging fruit, and we make sure those are changed or not changed. We’d do a checksum analysis to make sure they’re unchanged. And if they are changed, you’d get a notification and then you can do something about it and maybe you need to do something more intense.
Vic Drover:
And then we have a deep scan which will actually look for common signatures of malware that will look at every file on your site but it’s quite … I mean that’s an intentional process. It’s scanning every file in your web root for these signatures. So, that’s something that it’s not, you’d do it and then you kind of come back and make sure it’s okay.
Vic Drover:
And then finally, we have a Sucuri scan. We’ve integrated their free site scan. I’m sure you’ve heard of that, which checks the front end of your site for obvious signs of malware or defacing and also checks to see if your site is on a blacklist like on a Google or McAfee blacklist which would throw errors in the browser when people go to visit.
Vic Drover:
So, we’ve got a kind of a suite of security tools and we’re in a process of automating that so you can kind of have it running once a day and not have to manually throw it up there. But we’ve kind of tried to approach it from four different levels without necessarily becoming an antivirus research company. Again, we’re trying to thread that needle a little bit. Well, it’s necessarily not our wheelhouse but we see our job as improving people’s maintenance experience through bulk tools and automation.
Vic Drover:
If we can integrate Sucuri’s data, for instance, that’s a better fit for us because they’re experts in this. We don’t want to compete with Sucuri or Jetpack on malware signature detection, for example.
Chris Badgett:
Well, related to that, it does make sense. Let’s kind of talk about the backups piece. What do you recommend for people like in terms of frequency and how long to keep and how does it work with your company? Because backups are … There’s different types of backups. What is your backup advice for somebody running an agency with multiple sites?
Vic Drover:
First, the number one thing, is offsite backup storage, period. Most people download a free plugin for backups and most of the free plugins don’t offer cloud storage. So first, make sure you can put it on Dropbox or put it on Google or put it on Amazon. We actually have a blog post on the cheapest cloud storage both for the free plans and then the paid plans. And there are two kinds of paid plans. One where you pay per usage, the usage-based model, and the other where you pay in bulk for, say, a hundred gigabytes of space.
Vic Drover:
If you want, I can send that to you and you can put it in the show notes and people need to just compare. If you had under 15 gigs of a backup stored at any one time, then you can get away with a free Microsoft account or Google account, and it kind of Bob’s your uncle, you’re in a good place. But for instance, we keep one backup a month forever, so I recommend everyone does that. For all of our clients, we have that going back to the beginning of their site. We never delete the backup taken on the first of the month, period.
Chris Badgett:
That’s so great. I’ve never heard that. That seems like just a solid practice.
Vic Drover:
I can’t say it’s … I mean we’re spending $7 a month at Backblaze to use their B2 service. It’s fantastic. We’ve also used Amazon Glacier and just regular Amazon S3, of course. But that’s our kind of overall, make sure you got one backup a month for history.
Vic Drover:
And you are never going to go restore a backup from two, three, four years ago ever but here’s when it comes helpful. When you have some kind of attack or intrusion and you’re wondering what the source was or when it happened or how it happened, having those backups are critical. If you find out tomorrow that you got hacked three years ago, and this is not uncommon because if the hackers are smart, they will do something sneaky and just let it sit there so you can’t tell. Those are some of the most dangerous hackers.
Vic Drover:
And when you do find out that, “Okay, the first time this happened was September 2019, now I can go back to my September 1st backup, compare it to my October 1st backup that year and find out what happened. And that’s going to probably help me solve this problem, find out what happened and give me some confidence that I’ve patched a hole once I’ve solved it.” So, that’s why I like those long-term backups and never throwing them out.
Vic Drover:
Regular backups then depend on how busy your site is. If you’ve got a brochure site, frankly, once a month is fine. Maybe just what I said is going to be enough for you.
Chris Badgett:
But if you’re not changing your content very much?
Vic Drover:
Sure, that’s when I have a brochure site. If you’ve got an eCommerce site, you probably want daily file backups and then you probably want a second backup profile doing your database because you’re going to have lots of transactions that you need to keep track of in case something goes wrong. And so then, you could be hourly if you want or maybe every four hours, every six hours you’re doing the database only backup, which is a lot faster, a lot less intense on your system.
Vic Drover:
Generally, I think for most of our clients, they either have weekly backups and then they store either one a quarter or once a month kind of in perpetuity. Those are what we have. One unique thing about our system, I think, is that we don’t store your backups, so we don’t want your backups. Especially in these days of privacy, if you have lots of services like ours, they’ll do the backup for you and then things like that.
Vic Drover:
We build our service around letting people use their own backup tool. So for instance, we support All-in-One WP backup, we support Explorer which we acquired two years ago, and a few other ones. We’re just doing UpdraftPlus right now, so that will be coming out in a few weeks. And so we’re letting people kind of bring their own backup solution because that’s what our users have historically asked for.
Vic Drover:
We do get, not uncommonly, a request for, “Hey, can you just do the backups?” And we’ve always resisted that and I want to continue to do that forever. But if we’re going to offer a backup solution, then we’ve got to charge for the solution, we’ve got to charge for the storage, we’ve got to charge for maybe taking it out of Glacier or giving it back to you so you can restore it.
Vic Drover:
I think that just adds cost that for what I would say is a DIY system, do-it-yourself. It kind of makes the cost more than premium and I don’t necessarily my premium cost but we’re trying to give at an affordable solution that people can scale.
Chris Badgett:
Are you recommending for the agency like your client, that offer a full-stack IT service scenario including hosting that the agency would hold, it would be like for example the agency’s Dropbox account, that the backup is on and that’s a service value add to the hosting part of their offer?
Vic Drover:
Absolutely. I should mention this earlier, it’s a really great differentiator to say to a customer, “So, you offer hosting site as part of your monthly fee. And so you’ve got 2 gigs of data storage,” but never really on that hosting account for that customer. If they would actually fill that up, let’s say … Well, for sake of math, let’s say 1 gigabyte, let’s say you have a 1-gigabyte slice and they’re 99% full because of the photos and whatever they’ve got on there, obviously, they need to upgrade or they’re going to have performance issues.
Vic Drover:
But just think of the backups. Let’s say it’s a busy site. I’m doing daily backups. It’s a gig backup every day, seven days a week, 31 days a month, those storage spaces add up. So now, you can actually … If you’re trying to get people in at one price point and then move them up which you move them up the sales ladder, and Chris Lemons has been talking about this a lot recently, you may have seen. That’s a really good differentiator. “Hey, we’re going to do daily backups but your total backup storage space is, say, 10 gigs.” That means we can only store backups for 10 days.
Vic Drover:
If you want a longer storage time on your backups, either A, get rid of the garbage on your site if they have garbage. If not, let’s move you up the ladder and get you … And maybe that’s a separate … Maybe I’m not going to another care plan but it’s an add-on that gets me from 100 bucks a month to 125 bucks a month. That’s a nice little add-on that can be quite cheap because storage is so cheap. But it can be a way for you to push people up the sales ladder a little bit.
Chris Badgett:
Is that kind of some stock advice, is to offer that you keep 10 days’ worth plus the one month, the first of the month going way back? That’s kind of like a good backup offer.
Vic Drover:
I do like that. We weren’t quite as, I would say, strategic about pushing people up the ladder. So, we just said, “Okay, you got a gig of storage. We probably saved you 30 gigs of backup and then 25 or something.” And then just the next plan was double the previous plan. We never sold the backup stuff as an additional separate piece, but I do think that that is a good strategy.
Vic Drover:
But in terms of storage, I think it’s really … Every time it sounds like something is maybe you’re giving too much for too little, I always think of what differentiators can be in the sales process. “Hey, we’re trying to decide between bid A and bid B. This guy has got no backup stuff in his proposal. I’ve given you my full backup, whatever price point I want to charge for that. Here’s my full backup plan. Here’s my security plan. Here are our agency security policies.”
Vic Drover:
When you’re comparing the A-B, don’t just compare them on price. Compare the offering, of course, the details. But agency security is, I think, almost as important as website security. And here’s one example I’ll give you, password security. A lot of our clients when we were building sites, they were happy that we would manage their … We were managing their passwords for them. We were managing their passwords so we could effectively offer them services, right? Their cPanels, their WHM, their registrar, all those things.
Vic Drover:
We just ended up by default managing them. They would say, “Oh, what’s our password for GoDaddy again?” “Okay, well, here it is.” But having security policies around information, around human resources, what did you do when a freelancer comes onboard? How can I, say, a customer who wants a website built, are you giving my WHM to some guy I never heard of in a country I don’t know? What are the security policies around that? Those sound like things that maybe agencies don’t think a lot of. I think this would-
Chris Badgett:
It’s super important.
Vic Drover:
Super important internally for you, for your insurance company. Your insurance company cares. I’ll tell you that much. And if you have an agency and you don’t have insurance, please change that right away. You need omissions and errors insurance in the US, at least. But those can be sales points, really important sales points. “Hey, you’re thinking why should you go with me, you’re trying to talk me down?” “Well, I can do this but I have to offer you less.” “Am I going to cut out my security?” “Oh, that other guy didn’t even offer security.”
Vic Drover:
I think folks can leverage some of those important differences when they think about kind of a holistic approach to their care plans, their sales process, their agency processes, and security. All those levels are critical.
Chris Badgett:
That’s awesome, solid stuff there. Our last question, it’s kind of a big one. But in terms of updates just to get into the weeds a little bit, I’m on your site and again if you’re listening or watching on YouTube, this is Watchful.net. We’ve got bulk software updater, commercial extension updater, and premium plugin updater. So, what are the differences? In WordPress anyways, we’ve got free plugins, and premium plugins. We’ve got free and paid themes. I’m not sure what you mean by commercial extension. What is that?
Chris Badgett:
What are we updating and what’s your advice around updates? I know some people are like, “Should I update every day?” If you’re just a regular user, they’re like, “What should I do?” But even for an agency, what’s a good practice of frequency and so on?
Vic Drover:
I think you found an older page on our site because we’ve migrated that language to talk about premium software, just to get rid of any confusion there. We support multiple platforms, which just kind of made a little more generic saying software. But WordPress specific-wise, of course, we’re talking core plugins, and themes. And as you mentioned themes and plugins can have a premium offering also.
Vic Drover:
So, we have a centralized license manager which we’ve been expanding. You and I spoke about it a few weeks ago, I remember. And so for the support and extensions, and this is all we’re growing things like PublishPress or GiveWP, if you have a premium license code, you can put that into our system. What does that do for you? One, you don’t have to put it on a client site. That client goes away, they’re not taking your license code.
Vic Drover:
So, that’s one. Two, you have a hundred sites, your license code changes because maybe your credit card lapsed and now you’re getting a new license key. You don’t have to update on a hundred sites, you got that essentially managed in your Watchful backend.
Vic Drover:
And when a site that has authority has been registered to update if it chooses a central key that you’ve put in there to make sure the updates authorize. So, that’s one of the centralized license key managers is at Watchful, and those are the benefits. Security for your key, you don’t have to give it to your clients and it allows you to make changes easily.
Vic Drover:
So that’s what that feature is specifically for updating the premium ones alongside the free ones. The free ones, you don’t need any authorization, of course. In Watchful, the free and the premium are side by side because you got your key centralized, as I said. So, if you, say, are going to a site and you’re looking at the updates for one specific site, it might be 20 updates. You can click one or two or update all.
Vic Drover:
And if it needs a key, it will request it for your key manager. If it doesn’t, it just updates and moves on to the next one. So that’s how our update process works. It’s a little bit different. Obviously, you can put your key on the remote site but again that’s risky if you have a big agency in my opinion.
Vic Drover:
So that’s how the thing works. In terms of how often should you update, most of our customers updated on a regular schedule. They don’t jump to update. Unless it’s security, zero-day vulnerability, obviously update right away. And I just want to publish or push one thing you didn’t mention. We have what’s called a remote update tool, meaning you can upload a zip file for a plugin and select all your sites and push it out in one click.
Chris Badgett:
On a zip file, it’s just right from a zip file. That’s pretty cool.
Vic Drover:
So for instance, you can write a script for this yourself, but let’s say … Well, I won’t use any specific plugin. PluginX gets a vulnerability, maybe I know how to fix it or maybe the developer sent me the patch which is on the repo yet. You can put that in our installer and it will send it out to whatever site you want. And even greater, you can do a little search for plugin A. It will list all the sites that had that installed and you select them and do this remote install you’re good to go until the next update comes out and you’ll properly update in a normal way.
Vic Drover:
So, obviously zero-day vulnerabilities, you want to get those updated as soon as possible. But otherwise, almost every update should be done on your agency schedule in a way, of course, that doesn’t impact the customer or the site owner. But we do a lot of talking on our blog about work-life balance. And a lot of the tools and features we built recently, especially the automation are designed to let people have a normal life.
Vic Drover:
I remember just being always working, never being able to take a vacation, always checking emails, terrible. And when we started moving to these, “Okay, I’m not going to update it if I don’t have a backup because I don’t want a surprise if something goes wrong when the site goes down, I can roll back in five minutes and then I can then maybe I need to stage that site tipped, do some testing before I update it. It needs more manual touch.”
Vic Drover:
But then I don’t ever want to push an update on a Friday afternoon. Why would I do that? I get the weekend coming, or four o’clock in the afternoon. So, you can schedule updates at Watchful to only be 8:00 to 3:00 P.M., Monday to Thursday. And then if you go on vacation, you can go in, kind of like in Gmail if you’d use that or for our listeners who use that, you can set your vacation window. You can say, “I’m gone from December 20th to January 3rd.” No updates will go forward. You can always go in and update manually but no automatic updates flicker.
Vic Drover:
With that in mind, usually, our people will sell maintenance plans. This is a nice segue back to what we talked about, when you’re thinking about maintenance plans, another cool feature is to add update frequency. So for your basic plan, maybe you get monthly updates. For your platinum, gold, bells, and whistles plan, you can offer weekly. And every Thursday is update day or every Monday or whatever day that makes sense for your agency.
Vic Drover:
And so you can also be creative about how you’re going to move people up the sales ladder depending on how comfortable they are. I’ve never really known, is a CSS fix really critical that I need to push it out the moment it comes out? Probably not.
Chris Badgett:
That’s awesome.
Vic Drover:
Do you agree? What do you think?
Chris Badgett:
No, I agree with you. There’s a work-life balance element and I love this idea of working through systems as opposed to just being reactive to like, “All right, this plugin has an update or whatever.” If it’s a security thing, that’s like critical, you should go. But it’s really about building a cadence that works for you and your clients and that everybody is happy. And that’s what really matters is having that system and that routine, that’s the offer. And automating as much as you can which your tool Watchful does.
Vic Drover:
Automating with safety with that integrity built in, that integrity check and checks and balances for backups or downtime, things that will put the brakes on if there’s an obvious problem. Do you want to know a little inside information about what our most requested feature is?
Chris Badgett:
Sure.
Vic Drover:
An automatic update delay. People want automatic updates, say, want to automatically update WordPress core?
Chris Badgett:
Like instantly, right? You’re trying to delay-
Vic Drover:
They want the delay. I don’t want to push an update until at least three days have passed because if anything is going wrong, they won’t like the next version to be already patched and pushed out before they go. That’s something we’ve been actually interested in. We’ve been working on it. And again, [inaudible 00:49:56] always the peace of mind issue.
Chris Badgett:
That’s how we think about it. We sell our software with WooCommerce, and I definitely want time to go by before WooCommerce updates and so on just to … For those of you listening, sometimes when there’s an update, there’s something called a hotfix where the software developer will roll out something really quick if they accidentally let a bug out especially a bad one or something so that update delay feature request, I totally get it.
Chris Badgett:
And it’s not bad like nothing is perfect. This is only natural that this occasion arises. But yeah, that’s awesome. Thanks for sharing that inside scoop of what we’d want.
Vic Drover:
We’ve engineered it out so that if we say, “Well, what happens when …” This is a bad expression or maybe not quite culture expression. But some plugins do what we call like a double tap. They make release and then they immediately realize an error and they put up the next one and that one also has like something they didn’t see in the first one and they have to do a double release. It’s not great for anybody especially if it’s an important plugin and it takes things out.
Vic Drover:
So, we actually did the engineering back end to make sure this is feasible, that if you said, I want, say, a four-day delay or a two-hour delay or whatever it is, that if another version comes, it resets the delay so that you don’t get trapped if there’s something happening with these multiple releases. So, we put a lot of thought into it and it’s well within our wheelhouse to get that done. So, I’d say that’s going to be the next build up for our updater.
Vic Drover:
And the final thing I would say on updating is you don’t want the WordPress repo where it tells you if your plugin is compatible with your version of WordPress, or not been tested in the last three versions have told you that. We have updates that updates success rates. So, not isn’t just compatible but wasn’t successful the first time we tried to update it. Sometimes, they fail.
Vic Drover:
And so we can actually rate each individual update and each individual plugin for how successful they are when we try to update them. And we can then say, “Oh, only update on a delay and then only if the success rate of this plugin or this release has exceeded XYZ.” So, we’re able to … We haven’t done any work on this feature. We are able to, however, because we have the update statistics kind of offer more integrity around that update process, better decision-making when the updates come out.
Vic Drover:
So, that’s something we’re also interested to do, not to compete with the repo but there are lots of things like premium updates, premium plugins that are not on the repo. Nobody has any information on how well they update or how successful they are or whether or not they’re compatible with your version of WordPress.
Chris Badgett:
Well, I definitely learned something today. I know you out there listening or watching have learned something today. This is Vic Drover. He’s from watchful.net. Go check out the website and the service, especially if you’re an agency and you’re looking to create more revenue in your business and value for your clients. Any final words for the people, Vic, and where they can find you to connect with you further?
Vic Drover:
Hey, jump at me or speak at me at Twitter, @VicDrover, the contact form on watchful.net, of course. The free account is free. It’s not free trial. Sign up, have a look around and see if it makes sense for you. Loved answering your questions or we’ll kind of talk more about website maintenance. Oh, I will plug one more thing. We’ve got a website maintenance Facebook group specifically for keeping websites up-to-date. Just search WebSite Watchers on Facebook, W-A-T-C-H-E-R-S, WebSite Watchers.
Chris Badgett:
All right, thanks, Vic.
Vic Drover:
Awesome. Appreciate it, Chris, take care.
Chris Badgett:
And that’s a wrap for this episode of LMS Cast. Did you enjoy that episode? Tell your friends and be sure to subscribe so you don’t miss the next episode. And I’ve got a gift for you over at lifterlms.com/gift. Go to lifterlms.com/gift. Keep learning, keep taking action, and I’ll see you in the next episode.