Your website is made up of code and files. A new website is not unlike a new car. It’s pristine and running like a top. But, we all know what happens a few years/miles down the road… something is going to break…
Keeping that “new website smell” is important. If your clients or Google hop inside your website and it smells like B.O. with dents everywhere, they’re gonna be looking for a new ride.
OK, before I take this car analogy too far, let me get to the point…
A well maintained website is a successful website.
For this post I am going to focus on WordPress as the content management system or CMS. WordPress websites make up the bulk of what our clients use and WordPress is the most popular CMS solution.
That said, these general rules can apply to other platforms like Drupal, Joomla!, SiteCore, proprietary CMS’s, custom platforms, and others.
Follow these steps below and you will see success and avoid catastrophes…
- Security: Keep your WordPress website secure
- Backups: Make regular, off-site backups of your full website
- Software: Update WordPress and plugins the right way
- Spit and Polish: Keep your website attractive and useful
Security: Keep Your WordPress Website Secure
Seems like a no brainer, right? Well, let me ask you something. Do you know how many people have a login to your website? Are those people keeping their passwords strong and secure?
Any website with a login page is a target for attacks. Some of these attacks, like a DDOS, are done simply to disrupt and shut down. While others, like the dreaded ransomware attacks, actually take your files hostage and force you to pay to have them released.
I’m not saying that you eliminate all points of entry. Your team needs access to your content management system if you want to succeed. Content marketing, SEO, and other marketing efforts rely on your team’s ability to easily update your website.
WordPress Login: Passwords
With great marketing power comes great responsibility. You’ll want to make sure that your users all have strong passwords. The most common recommendation is to have upper and lower case letters, numbers, and special characters.
But, these are hard to remember. We recommend setting up a passphrase instead. This means your password is a sentence like:
My d0g is brown with spots!
These are recommended more than the hard-to-remember passwords from the past with a11 s0rts 0f cr4zy number$, L3tters!, and chara&cters.
You’ll want to institute a company-wide policy for password strength and updates. If you have a lot of users with access into the main dashboard, you might want to force them to update passwords every 60-90 days programmatically – meaning the system forces them to update their passwords on a timed basis.
And always make sure that your system forces users to create a “strong” password.
WordPress Login: IP Restrictions and Access Links
As we all know, people make mistakes. None of us are infallible. So, extra layers of security are likely to be warranted.
An easy way to block a whole bunch of people from getting into your WordPress dashboard or hosting server is to block all IP addresses except those used by your team. Each person using the internet is associated with an IP address. This is usually a number like 220.127.116.11
This will generally be related to your point of access, i.e. your company’s router or your wireless router at home. Your website developer can create a list of allowed IP addresses so only those who should have access, have access.
The downfall of this would be if you have team members who travel or work in public spaces, like a coffee shop. Regardless of the PITA factor though, we recommend implementing this level of security. The reduction in attacks will be noticeable.
Access Link and Username
A security flaw of WordPress is the login link. It is almost always going to be www.yourwebsite.com/wp-admin. That /wp-admin is the default access link for all WordPress websites.
So, hackers can simply sniff out these links and find vulnerable access points. By leaving this link as the default, you’re doing the hacker’s job for them. A simple change to the link will create an instant barrier that wasn’t there before.
So, www.yourwebsite.com/wp-admin becomes something like www.yourwebsite.com/abc-login
Also, because the website admin is usually the one with the most access, don’t use a username like ‘admin’ as this is the default and makes the hackers job too easy.
All of these additional access adjustments really add up to increase your website’s overall security. But, you’re not finished there. You need to do more…
Backups: Regular, Off-site Backups of Your Full Website
People often assume their hosting company is making backups of their files. And while this might be the case, these backups are often incomplete and less than ideal.
You should choose hosting solutions catered towards security with solid backup protocols out of the box. Then everything else you do is supplementary to that. Having redundancy is the best policy.
Relying only on your hosting company for your website backup plan could leave you in a bad spot down the road. They may be making regular backups, and they might even be backing up all of the files. But, they’re likely doing this on the same server where your website is hosted.
If that server goes down, you’re outta luck!
Website Continuity – Maximize Your Uptime
Website continuity is the result of implementing layers of security (as mentioned above), updating website functionality and usefulness (discussed below), and multiple levels of backup.
A full off-site backup of your WordPress website will come in handy if your website is compromised in any way. Sometimes you might get a virus in there you just can’t seem to eradicate.
Or maybe you’re on a shared server and someone else’s site was hacked. That hack could bring the whole server down. We’ve seen it happen. A bad neighbor can ruin the whole neighborhood!
Be aware of where your website resides. Cheap hosting often means shared hosting. And who knows who your website is sharing space with. Things can go badly at any point.
We do most of our off-site backups on Amazon’s AWS service. Space is cheap and it’s straightforward to setup. We review the backups periodically to be certain they’re being done correctly. It would be terrible to be all confident and then realize your backups were configured or running incorrectly… or not running at all!
We recommend doing a backup on the hosting server, a remote backup on something like Amazon AWS, and a backup on your local servers.
Redundancy makes website continuity easier. And continuity means uptime which means better chances for success.
Software: Update WordPress and Plugins the Right Way
WordPress is a great CMS solution. Because it’s open source, there are tons of plugins and add-ons you can use to meet your web marketing and communication needs.
The core CMS and all of those plugins are software. Remember the days when you had to load a new version of software via a floppy or CD. Well, now that all happens online. Here are some reasons why you’ll want to keep your software up to date:
- Old software is more vulnerable to hacks and attacks
- Oftentimes, new versions of WordPress will contain a critical security patch after a vulnerability has been exploited.
- And don’t forget the plugins, these are pathways for attacks too.
- The longer you wait the more hackers have a chance to review the vulnerabilities and exploit them.
- Old software may not be compatible with new devices, browsers, or platforms.
- Plugins may conflict with one another as well.
- Take the proper time upfront to choose a quality plugin that gets updated frequently, i.e. read reviews.
- New software will contain more features and better performance.
WordPress CMS Core and Plugins
WordPress will remind you often that your CMS core is out of date. Most of the minor updates can happen automatically. But, the major releases should be done with care.
An update to your core CMS could cause a number of issues you’ll need to resolve:
- Older plugins are not yet compatible with the new CMS version and they break.
- You always want to update your plugins first, then your CMS.
- In most cases, the plugins have been updated recently to work with the latest version of the CMS.
- But, if not, they will cause problems you’ll need to address.
- Certain hard coding or styling may break with an update.
- The version of PHP necessary for your update is not yet available on your hosting platform
- Maybe your WordPress theme is not yet compatible with the version of PHP and it breaks.
WordPress Updates Done Properly
Many things can go wrong during an update. So, as much as you might want to press that “update now” button, it’s best to have a plan. We recommend the process below to ensure minimal/no downtime or functionality issues:
- Make a complete backup of the entire website (see above).
- Stage a copy of your website on a dev server. It can be on the same hosting account using a link like dev.yoursite.com.
- Make the updates on the dev server first, then check and solve any issues that arise.
- Once you’ve created a working dev version using all of the updated software, deploy this version live.
As long as you follow a process, institute proper safeguards, and test thoroughly, you will not have any issues. Take shortcuts at your own peril.
Spit and Polish: Keep Your Website Attractive and Useful
This last tip is more about UX and achieving goals than it is about keeping your website from falling apart. That said, I think a big piece of a website’s continuity is its popularity and usefulness.
Think of it this way, if no one uses something, how do you know if it works? If your website looks bad and offers little to no value to the user, it’s not going to get found and used often or at all.
A spit and polished website gets qualified, daily traffic. The functionality is utilized (forms, etc), and the site is shared with others.
Any of the following issues could affect your website’s performance:
- Bad design: design that does not support a desired user experience
- No optimization: images, video, files, and code are not optimized, resulting in bloat and slow performance
- Broken links or functionality: the site is not optimized (see above) and breaks when used on certain devices or platforms, i.e. mobile or tablet devices, and internet browsers like I.E., Edge, Firefox, and Google Chrome
Your website is the hub of your marketing and your communication with clients, members, or whomever your audience might be. Take this seriously and allocate the proper resources to its continuity.
The success of your digital marketing depends on it!
Need some help keeping your WordPress healthy? Ask us about our WordPress Plans.