15NTC WordPress Day Website Maintenance Guide
•Download as PPTX, PDF•
2 likes•1,238 views
My Presentation from WordPress Day at 15NTC in Austin, TX. Basic, beginner information on how to do updates, protect your website from hackers, and set up scheduled offsite backups. Keep your WordPress website up and running with these simple tasks.
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (18)
Similar to 15NTC WordPress Day Website Maintenance Guide
Similar to 15NTC WordPress Day Website Maintenance Guide (20)
Recently uploaded
Recently uploaded (17)
15NTC WordPress Day Website Maintenance Guide
- 1. March 3, 2015 Clare Parkinson @clareparkinson 15NTC WordPress Day Website Maintenance
- 6. #15ntc ● Prompt updates ● Security ● Backup and recovery What needs to be done
- 7. #15ntc You can focus on content
- 8. #15ntc Money vs time: pay someone
- 9. #15ntc Money vs time: do it yourself
- 11. #15ntc ● Updates to WordPress core ● Security: scans and protection ● Daily backups ● Restore from backup WordPress managed hosting
- 12. #15ntc Update themes and plugins. Managed Hosting doesn’t:
- 14. #15ntc ● Updates to WordPress core, plugins, themes ● Security: scans and protection ● Backups ● Restore from backup DIY website maintenance
- 15. #15ntc 3.7.0 -> 3.7.1 Updates automatically! 3.7.1 3.8 You have to do it. WordPress Core updates
- 17. #15ntc Plugin: WP Updates Notifier
- 18. #15ntc Update on a staging site. or Update behind a “Coming Soon” screen or Update in a low-traffic period. Update Precautions
- 19. #15ntc Restore files from backup or Or get last known working version of plugin from Repository and reinstall via FTP Then get help from a pro. If an update goes wrong
- 20. #15ntc Security
- 21. #15ntc ● Updates ● Login security ● Get security notifications ● Delete what you don’t need How not to get hacked
- 22. #15ntc ● Use strong usernames: Don’t use “admin”, don’t use your domain name. ● Use strong passwords. Login security
- 23. #15ntc Use a plugin: ● Brute Force Login Protection ● iThemes Security ● WordFence Limit login attempts
- 24. #15ntc Track who’s trying to log in, what users are doing. ● WP Audit Security Log ● WP Security Log Track user activity
- 26. #15ntc Delete what you’re not using
- 27. #15ntc Backups
- 28. #15ntc Backups
- 29. #15ntc Your host can restore from backup. ● Maybe not recent ● Maybe not free Your host’s backups
- 30. #15ntc ● UpdraftPlus ● WordPress Backup to DropBox ● BackWPup Free ● BackUpWordPress Free backup plugins
- 31. #15ntc ● Database: your content and settings ● Files: Theme, plugins, and media Make your own backups
- 32. #15ntc ● wp-content/themes ● wp-content/plugins ● wp-content/uploads Files to back up
- 34. #15ntc Database daily + files weekly or Database + files daily or Database + files weekly Schedule your backups
- 36. #15ntc ● Click to restore: UpdraftPlus database ● Others: download from remote, unzip, ftp to your server Restore from backup
- 38. #15ntc You can focus on content
- 39. March 3, 2015 Clare Parkinson @clareparkinson 15NTC WordPress Day Website Maintenance Any questions?
Editor's Notes
- I’m not covering content updates, strategy, or website performance
- Somebody has to take care of the basic daily maintenance for your website. It’s like maintaining an engine - if you don’t keep up with the regular maintenance, it’s more trouble and work down the road. Between browsers, plugins, 3rd party APIs, a WordPress website has a lot of moving parts. Things can break. They probably won’t, but it’s good to be prepared. This is super basic information, but it’s something that a lot of website owners overlook. I’m using examples from my personal experience. There are a lot of different WordPress plugins and services, if you know a great one I haven’t mentioned, please speak up.
- The kind of website maintenance I’m talking about is daily upkeep to make sure the website is: Online and working Safe from hackers (brute force attacks) Can be recovered if something goes wrong, with a minimum of drama.
- The kind of website maintenance I’m talking about is daily upkeep to make sure the website is: Online and working Safe from hackers (brute force attacks) Can be recovered if something goes wrong, with a minimum of drama.
- The kind of website maintenance I’m talking about is daily upkeep to make sure the website is: Online and working Safe from hackers (brute force attacks) Can be recovered if something goes wrong, with a minimum of drama.
- Updates to WordPress core, plugins, themes Security: scans and protection, mostly against brute force attacks. Backup and recovery. Keep a complete copy of your website in a safe location.
- Do all this and you’re good. Relax and focus on your content.
- WordPress is free! Sort of. There’s a tradeoff: money vs time. Pay someone to take care of everything, or develop skills to do it yourself. Using managed Hosting + development services, vs using free plugins. You may still run into problems you can’t handle, but you can minimize their impact on your site.
- You can do everything the managed hosts and services do yourself, you just need to know what to do and the tools to do it.
- WP Engine: $29/month Pagely: $64/month Pressable: $21/month DreamPress: $20/month http://wpdevshed.com/managed-wordpress-hosting/ Migrating to managed hosting Some hosts do it for free fantasktic.com migrates, starting at $99 Plugins: WP Migrate DB Pro ($99), Duplicator (free, harder) DIY: FTP, PHPMyAdmin
- They can give WP specific advice, help you troubleshoot. Many hosts don’t have specific WordPress experience, so they can’t give you detailed advice when something goes wrong.
- Unless you have pagely’s $64/month plan, you still need to do plugin and theme upgrades yourself. But with daily backups, and knowledgeable WP support just in case something goes wrong, doing it yourself is a lot less risky.
- If you run into a problem that managed hosting can’t handle, you can hire a pro… WPCurve.com will perform unlimited small tasks for $69/month. Patrick Rauland @bftrick, next up, will discuss. And if you don’t have the budget for managed hosting, you can perform the same tasks yourself.
- Same list as managed WordPress tasks/services, except with plugin and theme updates
- Since version 3.7 and above, your WordPress site will update itself when a new minor or security update is released. wp-config.php or certain plugins can enable auto updates of core, plugin, themes, but I never have.
- Immediately! Or as soon as you can. Because - if you change one thing, and something breaks, you know what caused it. When updating, update one thing, test everything, then update the next. For WooCommerce, follow this order: update WordPress, update theme, update plugins, update WooCommerce extensions, then update WooCommerce itself.
- If you don’t login to your site once a week, make sure you get notifications when something needs to be updated. WP Updates Notifier emails you when something needs to be updated. You can enter a techier person’s email. WordFence also sends notifications of available updates.
- Make sure you have a backup. These apply mostly to themes and plugins, not WP itself. WordPress core updates are usually totally ok, but take precautions if you have a new site you’ve never updated before, or if you have functionality (e.g. a theme or plugin) on your site since you last updated WordPress. Usually everything will be fine, sometimes something could break.
- Make sure you have a backup! More about backups soon.
- WordPress sites are constantly under attack, just because WordPress is a big target. 20% of top 2 million websites on the internet are on a WordPress platform. These aren’t Anyonymous or North Korea, these are just simple brute force attacks by bots. They’re spammers or pranksters. This was my friend’s personal professional website. It got hacked by someone, and she called me for help.
- Reduce or eliminate vulnerabilities on your website with some simple steps that can be done for free.
- Brute force attacks are bots (scripts) that look for WP sites and then just try to guess the username and password. They have a big list of possible passwords - a dictionary, and maybe a list of 100 common passwords - and just try to login in, thousands of times.
- Brute force attacks try to log in hundreds of times in a minute. It’s very obvious to the server when this happens; humans don’t do that. Install a plugin that will block an IP after a certain number of failed login attempts. I like WordFence. It’s free and you can set it and forget it. Just install it, activate it, and you don’t even need to mess with the settings.
- Sometimes you’re not even sure if you’ve been hacked, your site just looks weird or broken. Install a plugin that creates a log of all user activity. Check your user activity log for suspicious activity, like someone creating a new admin account. This log will give you information you can use to figure out how hackers are getting in, or you can give this info to a developer or tech support.
- Be aware of current threats and vulnerabilities in WordPress, themes, and plugins. Sign up for emails from WordFence or follow their blog: http://www.wordfence.com/blog/. They’ll tell you what the danger is and what to do about it.
- Delete everything you’re not using. Themes, plugins, users, old websites on the server. Any unattended WordPress site is vulnerable. If hackers get into one WP site they can get into another on the same server.
- Sometimes, thing just go wrong. Could be a bad plugin update, hackers, or something beyond your control.
- Rather than spending time tracking down the specific problem, the easiest thing to do is delete everything and restore your site from a backup. Delete WordPress, get the backup (your most recent working copy), and just recreate the site from scratch in an uncorrupted state. When my friend got hacked, she had no backup. I spent 4 hours getting back into her site and cleaning up the hack.
- Some hosts - large companies with good reputations - only take backups once every two weeks! And even the backup is free and available, you might have to submit a request or open a support ticket and wait. Or you may have lost access to your host account, and you need to track down the password or email a former employee, and meanwhile your site is down. http://www.iwmf.org/ was hacked in september 2014, took 36 hours to fix. It should only take 3 hours to get a broken website back online.
- Schedule backups, save to server. UpdraftPlus and WordPress Backup to DropBox both copy to remote storage. WPB2DB - better scheduling, only dropbox for remote storage. UpdraftPlus more options for remote storage, limited scheduling BackWPup Free - remote backup options are free except for Google Drive, need to pay for that. BackUpWordPress ALSO BackupBuddy, normally $80/year, is free if you can prove you’re a nonprofit.
- You don’t need to back up WordPress core, just the files that make your site unique. They’re all in the wp-content directory. Most backup plugins have options to include/exclude directories, so make sure you include these.
- How frequently is your website updated? How much media do you have? How much work can you afford to lose?
- All the free plugins I listed can be configured to these schedules. Figure out which one works for your website.
- Sometimes REALLY bad things happen. Your hosts data center catches fire. Earthquake. etc. Make sure whatever plugin you’re using is configured to copy your backup to a safe location in the cloud, e.g. DropBox, Drive, Amazon Web Services, etc.
- WordPress Managed hosting provides a one-click “restore” button, as do many paid backup plugins. For most free backups, you’ll need to do the restoration yourself, manually.
- Not much. Your website should be safe - even if there’s a major natural disaster in your host’s datacenter, your site can be recreated from your offsite backup.
- So you can relax and focus on your content.
- Any questions?