Using a forum to offer support

Public forums are great for self-service support (users supporting users), but there's some caveats. I'll detail some of those below. It's worth adding that some helpdesks like zendesk (the most recent time we've used it) have public Q&A; sections, which I think are a good middle ground between forums & helpdesks.

Pros & cons for forums

Before becoming useful, forums need to reach a certain level of momentum. Getting that momentum is often the biggest problem forums face. Posting lots of content won't necessarily build momentum quickly enough to attract users. Forums are very much like a vegetable garden, in that months of effort can bear fruit, but not without lots of time spent beating away pests & pruning forums constantly. As a small team, finding out what works best for your company is going to pay dividends. Forums, like anything, can prove to be a distraction from your core product. For a tech-centric product like say web hosting, wordpress theme developers, or some software product, forums can prove great & beneficial. For other types of industries, your mileage may vary. Tread wisely.

The Benefits of a Forum

  • Great way to build a community.

  • Often inexpensive to manage from a software standpoint.

  • It's wonderful to have self-supporting users, potentially freeing up your time to work on your product & business

The Negatives of a Forum

  • Building momentum is hard, & can be very tedious & expensive from a manpower (or womanpower, woo!) standpoint, especially upfront.

  • Forums require lots of pruning, updating & user management. When dealing with social interactions, suddenly having to remove the wrong person from a forum might damage your reputation or momentum.

  • You'll need to prune quickly to prevent spam, people posting affiliate links & trying to steal your clientbase almost constantly

  • Like anything, they can be a distraction from your product

There's many forums out there, and we haven't had time to audit them all in the recent years. Punbb, phpbb, vbulletin, vanilla, discourse & some others are the newer ones.

Using a helpdesk to make support easier

If you answer any more than a few emails a week, & do so in capacity that requires accountability & reasonable response times, it's likely time you started using a helpdesk. A helpdesk often is a centralized piece of software where folks can get support. Many feature frequently asked questions, knowledgebase articles & the ability to submit tickets and inquiries. There are many, many available versions with varied features. I'd highly recommend tinkering with each and finding one that fits your needs.

We've done a good bit of testing with each, and I'll list the pros & cons of each below.

The bulk of the software below have the following:

  1. Allow people to email you, and, for you to respond back via email. It'll convert those emails into tickets.

  2. The ability for multiple team members to login & manage said tickets. This makes for good accountability, and, allows everyone (whom might need to) to review said tickets.

  3. Allows tickets to be converted into tasks, knowledgebase articles & FAQ pages to make it easier for other users to look up answers for their own questions.

Self-hosted helpdesks

Self-hosted means that you'd be responsible to host the software yourself, either on a web hosting account at a company like Fused or elsewhere. Some have non-self-hosted versions available where the vendor hosts it for you. There's some advantages and disadvantages to self-hosted software.


  • Often open source to some degree, meaning you can tinker with the code & make changes as needed

  • You can move from host to host based on uptime & performance needs

  • There's very little vendor lock-in. You can export your data to another helpdesk as needed


  • You get to upgrade the software yourself! Yay .

  • You (or your host) get to manage the security of said product. This can be both a plus or minus, but for most folks would be a minus.


We've used Kayako what seems to be over a decade. It serves out purpose well, but, given it's age it's beginning to show some wear & tear. Kayako offers both a self-hosted (i.e., one you host on a web hosting account at a company like Fused) & hosted version (one kayako hosts). The software features live chat, a helpdesk that allows emails to convert to tickets and a decent knowledgebase system.

It's got a slightly antiquated interface, but nonetheless allows us to respond to inquiries promptly. It's a great system to consider, but lacks some social features like converting facebook posts/twitter responses into tickets. Nonetheless, it's got fairly open code, so if you're technical enough you can add your own modules.

Link to Kayako: Kayako


Cerberus is great. No complaints, slightly antiquated interface, but it "gets the job done".

Link to Cerberus: Cerberus

Hosted helpdesks

Desk is a great product from salesforce. It has a decent interface, lots of applications available for mobile, ipad & desktop. It features a long list of social media integration (for twitter responses & such) and overall has a decent pricing scheme. It's SaaS only, which means salesforce hosts it for you. There's some limitations with that, mostly that you're locked into using their software. If you come across something you don't like, migration would prove tedious.

Link to


Zendesk is the product of a public company. It has a great interface, and supports lots of nifty features & includes many mobile device apps. & such. The one limitation is it's self-hosted only, and there's some questionable uptime stats. with their systems. Nonetheless, we've heavily considered & wielded their software -- it's good stuff.

Link to Zendesk: Zendesk

Providing good support as a small team.

Support is 24/7, 365 days a year, whether you're selling flower bouquets, or running a web design firm, it's the one thing we all have in common. Inundated in requests? Welcome! We feel your pain. One of our long-term web hosting clients Josh who runs a web development firm offering wordpress plugins & design, recently posted a blog post on this very topic. Support is hard, but not impossible.

Here's a few key things to keep in mind when offering support digitally, or alternatively through tangible methods like telephone & in-person. I'm going to detail a few basic points on what good support is, and, then below offer ideas for helpdesks, forums & everything in between.

Be clear on when support is available

Avoid confusion. Be upfront about your support hours & support limitations. Much like your open & close times (if you have them), avoid frustrating people trying to reach support & not knowing whether you're going to be there. Having clearly defined terms of when support is available is key. If you're going to be away on holiday, make note of it well in advance (and publicly).

This might sound tedious, but, if you've ever interacted with companies you know precisely how frustrating it is sitting in a phone queue, or waiting for an email from someone.

Boundaries & support limitations

Going above & beyond for clients can feel wonderful, but if there's a particular boundary you're not willing to go beyond consistently, define it well in advance. For us, fixing SMTP settings on someone's remote printer is that boundary. We do it, and it feels great, but we have no doubt it'd prove better for both us & our clients alike if we didn't involve ourselves in the process. Another example being, if you're a designer & don't necessarily want to get your hands dirty doing web hosting related stuff, or, a developer whom avoids logo design, make those points clear upfront. There's nothing wrong with saying that you're not the greatest at something, as long as everyone knows those limitations upfront.

You can always make exceptions, or refer people in the right direction, but try not to waste people's time with subpar work or support.

Limit support mediums. Less is more.

In the decade that I've been doing web hosting, the biggest key in providing great consistent support I've found, is limiting support mediums. If you've got twitter, facebook, instagram & $insert-new-social-medium here accounts -- people are going to reach out to you on them for support and they're likely going to be disappointed if you don't respond quickly & thoroughly. Make it clear where the best support can be had for your service. Limit the number of places that people can get support, but provide the best possible support through those avenues, which in turn, prevents people from seeking you out on those mediums.

You might find yourself tweeting to a company one day (I tweet to Bank of America more often than I call my mom), but it's not because twitter is the best avenue for support -- it's just the easiest route to get in touch with an entity vs. email, or digging around on their convoluted site. Find yourself doing that frequently, or, find your users doing it? It might be time to clean up your 'contact us' page, or, start offering support over twitter :)

The goal is to provide great support, so, try not to spread yourself thin by trying to do it in 300 different places, as it could prove difficult to be consistent. Consistency is key. As always, go where your users are.

Live support & telephones

Understanding when live support is advantageous to you & the customer both is extremely important. Live support (telephone or livechat) is great, but nothing's more frustrating than seeing "Livechat is offline" or waiting in a phone queue. Define availability clearly, otherwise, it can be a frustrating experience for both customers & support representatives alike. Fused has never had livechat available, and we've all but killed converted our phone system over to a click to call system because phone queues are awful. Yet, no medium can be greater to resolving issues quickly & promptly than a quick thirty second phone call. Find out what fits your organization.

Email is equally as painful, but it doesn't have to be. Helpdesks offer a good middleground, & perhaps you might consider offering support through forums?

Your mileage may vary. Now, onto our next post...

Securing WordPress

You're likely a WordPress user, admin., or, know someone who is. With it powering roughly 23% of the web, it's both popular with users, developers & hackers alike. Yay, WordPress is great (and powers this blog).

Securing WordPress is difficult, but not impossible. We're not experts on the topic by any stretch, but, given we host a few thousand websites powered by it -- we've got a few ideas on how to keep it secure. Some of these are fairly generic, and, others might give you a few ideas on howto keep your own install hack-free.

Much of this advice is tangible, and, will help with other aspects of WordPress site management as well (like performance). If you prefer to read text, scroll down below the image. There's a few other additional notes below as well.

Securing Wordpress

Securing Wordpress Link your friends to:

First, why should you secure your WordPress install? Who cares, right?

For starters, your site could be used to send spam to others. Worse, infect others & their systems with malware. Neither of those are going to make you any friends, and worse, it could impact your reputation.

Secondly, a hacked site will be quickly stopped by google & blocked from being viewed in chrome. You'll lose visitors & revenue, particularly if you operate a business.

Lastly, to be a good netizen. Nobody likes spam, exploits, or DDoS attacks -- and all of these can originate through your WordPress installation. There's many of us that end up having to stay awake sleepless nights to mitigate things like this, and, there's not enough whiskey to go around.

Update, update, update.

It goes without saying, the first step to keeping any piece of software secure is by updating your software as quickly as feasible when an update is released. This applies heavily to WordPress where a potential exploit might reside in a theme, plugin or the core software itself. As of 3.7, WordPress can automatically update itself. Managing these updates is trivial, often using a plugin. To just keep the core WordPress software in check, add this to your wp-config.php file (on it's own line): define( 'WPAUTOUPDATE_CORE', false );

Caveat: Some software within your installation might need updated manually, but, we'll talk about that more shortly.

WordPress Themes

Everyone loves themes, &, if you're anything like me you change your WordPress theme several times a year. Who doesn't love a fresh pair of clothes, but, let's not make it a hay-day for hackers, bots, & script kiddies alike.

Leaving a WordPress theme installed after you're done with it is akin to building an addition onto your home & forgetting a wall. You're leaving yourself open to attack. Less is more, & that applies more & more each day with WordPress.

Third-party theme websites

Acquiring the latest & greatest theme off of Themeforest & some of those great sites is wonderful, but, it leaves a few things left undone -- and this is frequently the number one source of attack aside from out of date installations.

First, and foremost: Often, anything you install manually will frequently need updated manually. If you install something outside of the WordPress interface, you'll need to update it manually.

You'll want to subscribe to any updates/newsletters the theme developer has. You'll be relying on them for many security updates for software that might be included in the theme, that may not have an easy-update method.

Secondly, despite my note that you'll be relying on them for security updates: Don't rely on them for security updates! Someone who has just a few themes out there might not be around to fix the latest-greatest-exploit in their theme. If murphy's law has anything to do with it, they'll be on a remote island sipping pina colada's while some good friend from afar is sending a few emails on your behalf, to all of your good friends :)

If possible, catalog what 'extra' functionality (3rd party code, besides the theme itself) might be in a theme, if at all possible (or, ask the developer when you acquire the theme) and keep an eye on releases to those pieces of software.

That's an awful lot of work, and, as much as I appreciate 3rd party theme developers -- it's (in my opinion) better choice to use themes available within WordPress itself via Appearance > Themes (Or, , rather than venture out on your own. The themes available there will still need to be updated, but, the process is slightly more streamlined.

WordPress Plugins & Security

Avoiding plugins altogether would be great, but, impossible of course. If at all feasible, avoid adding plugins that add minuscule functionality like an image carousel, for example. Far too many exploits originate from plugins. Less is more.

Secondly, removing any unused plugins is quite possibly the best thing you can do. Disabling them isn't sufficient, but deleting them altogether -- like themes -- will keep you a bit more secure.


Backups are by no means a way to prevent exploits, but, they make it easier to revert back to a "good" copy of your website in the event of an exploit. Frequently backup your website & wordpress installation (database & all) via your host's control panel & the 'Tools > Export' section of Wordpress.

The more backups you have, the merrier. Rebuilding a website from scratch is no fun, and, in some cases (like my own blog I started in '03) would be absolutely impossible without backups.

Your web hosting provider should be backing things up, but it never hurts to have a couple of extra copies of your data floating around -- don't trust their backups in a bind.

And, lastly, here's an infographic to link your friends to: Enjoy!

Advanced & misc. cruft

If that article bored you to death, my apologies. We're finding the average-joe/jane is getting their WordPress installed hacked left & right. There's some advanced & more generic tips below, in addition to our lovely image you can share with your friends.

Read only: Disable writes to any folders that won't need it.

We frequently come across someone using something like gravity forms to upload an executable PHP file and exploiting the installation. This, among many other exploits could easily be prevented by disabling writes to any folder by default, and, only allowing the ones that need it (cache folders, for example). We personally disable all writing by default, though, someone keen could still exploit it.

Reenabling writes for updates & such will be necessarily, but, can be automated (a cron. that reenables writes to folders, and, simultaneously updates wordpress, for ex.)

Lock down wp-admin

Disable logins to wp-admin to a certain IP addresses, and no more. Brute forcing installations is less popular for something like WordPress, but, frequently we'll see someone's password leaked through some other hack, and, that password being used on their WordPress installation.

Don't recycle passwords

It's 2015. Use 1password or keepassx. Avoid recycling passwords, however unimportant some of them may seem -- it often takes only a single account being exploited that results in a domino effect of hacks against your accounts.

The death of voicemail

Phonecalls can solve problems in seconds: They are amazing. There are honestly few things I enjoy more than the refreshing sound of a human voice. To be able to respond with a simple "Mmhm.", "Absolutely!" or something in between. I love them (and the clients, friends and family behind them), and, honestly it's one of the few reasons I continue to operate fused after well beyond a decade.

Voicemails, on the other hand? Voicemails are awful in every imaginable way. I can't even begin to list all of the reasons why voicemails are tragic.

Perhaps it's because if you're anything like me -- you often leave two voicemails instead of one, because you failed to include some snippet of extremely important information, often even your callback number. At best, you fumble over a few words and feel like a bumbling idiot. During a live call that somehow never happens, or, the human on the other end helps you up. Robots on the other hand are heartless, and respond with nothing but a painful empty silence.

At fused, we don't miss many calls -- yet, we still somehow end up with hundreds of voicemails, and every single one is absolutely painful to trawl through. More often than not, the only reasonable response to a voicemail is to call back, defeating the whole purpose of their meager existence.

Ugh. All of that could be settled with a single text, or, email even -- it's 2015. But, we love phone calls, regardless of how ugly voicemails are.

The future of voicemails: Their death, preferably

So, back in early 2014 we launched our phone call request system.

And it's amazing. You request a call, we get an email with a link -- simple. It cuts out the middleman, and saves us hundreds of dollars a month on phones & phone systems, to boot. Instead of any of us having to drone into empty space (or, listen to it), we're live instantly. There's some sincere benefits too, which I could rave on about endlessly -- I'll save that for another post.

Sure, once in awhile there's the odd game of phone tag, but, not having to listen to another voicemail has improved our lives significantly.

And that's why today, we've turned off our voicemail for good. (And, better yet, we'll be opening sourcing this whole thing soon so you too can be free of voicemails -- follow us on twitter to keep in the loop.)