In this post, we are going to explore 3 types of maintenance that will keep your site running well.
Backups are your first line of defense against problems with WordPress. A backup can be the difference between a minor hiccup and a total loss of your hard work.
Why should you back up?
You have worked hard to build your website and the content you share on it. If you don’t have backups of your site, then you don’t have any protection against mistakes or malware.
Backups are an essential tool for any WordPress site and are useful for many things.
Backup before editing your theme
Always backup your site before editing your theme. If you have any problems, your backup can return your site to its previous state.
When trying a new plugin, make a backup first
Plugins are very powerful, they extend or change WordPress in new ways. Plugins also come with some risks, code conflicts can break your site. In rare cases plugins may even corrupt your database.
Hacks hurt less with backups
Was your site hacked before? Once a hacker sinks their claws into your WordPress site, it seems like you can’t get rid of them. Modern exploits bury themselves deep inside WordPress to avoid detection and removal. Advanced Persistent Threats or APTs, are attacks can be impossible to remove completely. The best defense here is a strong offense, one that starts with backups. If your site is ever compromised, all you need to do is recover from a clean backup and you are online again.
Moving your WordPress to a new host
If you ever decide to use a new hosting provider, you will need a backup to recover your site on the new host. A complete backup will have your entire site all in one package and makes moving a breeze.
What is in a backup?
When you back up a WordPress website, you are creating a snapshot of your entire site at that time. A complete backup will consist of all the data in your database, your themes, plugins, and uploads.
How big is a backup?
The size of each backup will vary, though on average will grow a small amount for each post you create. The size of backups between two different sites can be significant. Let’s compare two sites, the first site is a blog with text and a few photos, our second site is a video training site.
The basic blog will result in a very small backup size, with most of the data coming from themes and plugins. The video training site with lots of images and videos, will be huge!
Where should you store backups?
If you are already using a backup plugin like UpdraftPlus then you know there are lots of options. It is important to know the difference between “onsite” and “offsite” backups.
Onsite vs Offsite Storage
There are two types of storage to consider when looking at backup storage. The most common form of storage is “onsite”, this means that your backup is in the same place as your site.
Onsite storage is storage that is on your site
Onsite storage should be temporary, until you move your backup offsite.
Offsite storage is storage that exists separate from your website. This may be Dropbox, Google Drive, Amazon S3 or an FTP server. Offsite storage is the best way to protect your backups and can make recovery much easier.
What about cPanel backups?
If you have cPanel or another web hosting admin dashboard, you may have seen a backup feature. In our experience, most providers store your backups on the same server as your site. If a hard drive failure occurs in this scenario, you would lose your entire site.
The “One is None” Principle
When you have two, you have one. When you have one, you have none This wise saying is especially true of WordPress backups. If you only have one backup and you lose it, you have no backups. We recommend that all WordPress owners use offsite storage for their backups.
How often should you backup?
How often should you lock your door? Only when you value what’s behind it. The same holds true for WordPress backups, as a general rule of thumb, one backup per day at least.
Websites with daily updates or high traffic may need hourly backups.
Should you back up before making changes?
Yes! Performing a backup before making changes to your site should be part of your routine. Having a recent backup enables you test changes with certainty. You know that you have a backup and can recover your site, no matter what happens.
Are you testing your backups?
Testing your backups should be the first thing you do after you enable backups. When you test your backup, you get an opportunity to check the data. This process also helps you build confidence in your backup solution. The best time to test your backups is before you need them to work. Taking time to test your backups on a staging server lets you find issues before they find you.
The best way to test backups
The best way to test your WordPress backup plan is to use a staging site. A staging site is a second web server that you use to test your backups and experiment with new plugins and themes. Your staging site can be a new folder on your website, a subdomain or another server.
If you use your production site for staging, always use a different database.
By testing your backup on a staging site, you can make sure that your pages all look good and your plugins still work.
WordPress Updates – Core, Themes and Plugins
Types of Updates
The three primary types of updates are Core, Theme and Plugin updates. Each type of update covers different areas, we will explore each one below.
Theme developers update their themes to add features and fix bugs. Sometimes a theme gets new color palettes or an updated image slider.
Plugin updates are the most exciting updates for your site. When you update a plugin, you may get new features, new shortcodes or security fixes.
A core update is any update produced by the core WordPress project. New features like the Gutenberg editor get delivered via core updates.
Why are updates important?
Updates are how your WordPress receives new features and bug fixes. Updates also increase the security of your website by preventing well known hacks.
Have you been neglecting your WordPress maintenance? You are taking a huge risk. In 2017, 1 vulnerability left 1,500,000 sites hacked because they had not updated WordPress.
Protect your site for free today! Login to your WordPress dashboard and update your website.
Security should be in the front of your mind when managing your website. But security is hard, right? It is, to completely secure any system requires in-depth knowledge of several technologies.
To understand how to secure WordPress, you must look at the threats facing your site.
SQL Injection is the technical term for hacking your database. When your site is vulnerable to this type of attack, hackers can change anything on your site.
When a hacker has access to your database, they can see everything in your WordPress. Your posts are there of course but what else can the bad guys get? Plugins like WPForms and WooCommorce collect information from your users and store it in your database. If an attacker is able to gain access to it, they can steal email addresses and contact info. Once your data is in the hands of criminals, you have no way to know what they do with it.
Content & Link Hijacking
Once a hacker has control of your WordPress site, they can change the content of your pages. They can change the links on your site to send people to malicious sites or completely replace your content with their own.
Well crafted hacks can remain undetected for years if you aren’t paying attention.
Remote Code Execution
Remote Code Execution in WordPress is the most dangerous kind. This advanced technique allows a hacker to control your server. Once they have complete control, they can use your server to impersonate you. At this stage, the attacker already has access to your database so they can pretend to be you. Hackers can then use your good name and SEO ranking to commit fraud and destroy your reputation.
Usernames and Passwords
This is often overlooked but securing your WordPress login details can improve the security of your site for free. If you are setting up a new installation, DO NOT USE “admin” as your username. Why? If you use a default username, then hackers are halfway there already!
Ops Department recommends that you use a password manager such as LastPass that can generate secure passwords. This feature can be used to generate a username as well.
Whether you use a password manager, using “g7aK6Gna2” is a much safer username than “admin”.
Password security is a complex subject since some sites require things like “special characters” and other sites won’t allow you to set a secure password.
WordPress is a modern system with support for complex passwords, you should use it.
WordPress Security Plugins
WordPress has many popular security focused plugins. We aren’t in the business of listing off a ton of plugins with affiliate links so we will only cover two, no affiliate links 😉
fail2ban is one of the simplest and most effective security measures you can implement to prevent brute-force attacks. This tool has been around a long time in the webhosting world. It works by watching login attempts to your WordPress and blocks anyone trying to perform a brute-force attack on your site.
WordFence is one of the most popular security solutions available for WordPress. This one plugin provides a WAF(Web Application Firewall) to detect hacking attempts and block them before your site is compromised.