The Care and Feeding of Your WordPress

WebsiteKeeping Your WordPress Site Healthy, Fast, and Secure

by Cindy CullenStarted programming in 1983

AS in Computer Data Processing, NSTI 1987BS in Computer Science, APSU 1989

Corporate World – General Electric Information Services, American Chemical Society, Iostudio

Freelance since 2003WordPress Health Insurance Protection –

wpHIP.comFascinated by PowerPoint animations

Websites have changed a bit since we started building them

Back then…O Static HTML pagesO Mostly text – tables and formsO Online brochureO All custom codeO Build it and leave it aloneO Few changes – had to call the web

designer/programmer to make themO Expensive

Today we have WordPress…O Open source – everyone can see the codeO Community of developers/programmersO Dynamic – lots of moving partsO Applications – software instead of brochuresO Content Management SystemO Anyone can add, update or remove contentO Frequent changesO InexpensiveO One size fits all

As technology grows, our sites need to be…

O Functional, helpful, and usefulO Optimized for speedO Optimized for search enginesO Protected from hackersO Safe for our visitorsO Up 100% of the time

What is the MOST important thing you can do to keep your

WordPress site healthy, fast and secure?

It all starts with hosting

O Linux vs. WindowsO Shared vs. VPS vs. Dedicated vs. CloudO UptimeO BackupsO Disk Space and BandwidthO SupportO SecurityO Extras – email, statistics, domains, etc.O WP friendlyO Test sites or areas to test changes before

pushing them to your site

What is the second MOST important thing

you can do to keep your WordPress site

healthy?

WordPress Updates

O Core updates

O Plugin updates

O Theme updates

Why Update?

O Keep hackers outO Keep your site up and

runningO Protect your resourcesO Protect your

visitors/customers

Updating your WordPress Site

WordPress core updates

Plugin updates

Theme updates

What Could Go Wrong?

O Compatibility problems

O Lose Customizations

O Site might go down

WordPress is a Content Management System (CMS)

O It was made so that anyone can make changes to the site

O Anyone can add, change or delete:O content – pages, posts, menus,

widgets, custom post types, media, comments, users, etc.

O plugins – new functionality = new code written by ??

O themes – new look = new code written by ??

All we need to change your site is:

O A username and password

O An invitation into your site through code:O pluginO themeO security hole

O Access to your hosting account

WordPress makes it easier for YOU to maintain your

website.

That also makes it easier for others to change your site

too.

This means: you must go to extra lengths to keep your

site secure.

What You Need to Know about How WordPress Works

Code/Files Database/Content

O FTPO Appearance-

>EditorO ThemesO PluginsO Media/Uploads

O Everything elseO PagesO PostsO SettingsO MenusO Widgets

CustomizationO When I customize a plugin to work better

for me, I change the codeO When I customize a theme via FTP to work

differently, I change the codeO When I change the contents of a page

from the WordPress dashboard, I change the database

O When I change the menu through the WordPress dashboard, I change the database

O When I change the menu in the theme files either by ftp or through appearance->editor, I change the code

WordPress updates replace files and code and may change the

database

WordPress Code/Files

Theme updates replace files in

the wp-content/themes folder

Plugin updates replace files in the

wp-content/plugins folder

Media is stored in

wp-content/uploads folder

Core updates may replace files

in any and all the other files and folders

All updates may affect the database

If updates affect files, code and/or the database then…O My customizations could be lostO My plugins may not work well

togetherO Code badly written could corrupt my

databaseO Cod badly written could conflict with

settings on my hosting account

What if updates go wrong?

O Change back to twentyfourteen theme

O Deactivate pluginsO Can’t get in to do that? Delete or

move plugins by FTPO Use developers tools in your

browserO GoogleO Call an expert

Developer Tools in Browser

O Chrome and Firefox O View->Developer->Developer ToolsO command-option-I on Mac

O SafariO Enable Develop menu in Advanced

preferencesO IE

O Tools->Developer ToolsO F12

How do I avoid problems with updates?

O Good HostingO BackupsO Good ThemesO Good PluginsO Rename plugins or keep copies of your

customizationsO Compare plugin files before the updateO Child ThemesO Test sites

WordPress BackupsO Backups take up disk spaceO There is no need to backup the

WordPress core filesO If your hosting provider is making

backups, you may not need to make your own - it’s probably just costing you money

What should we backup?

Remember the only files that change are in your

wp-content folder

The only other file that is normally changed on your site is

wp-config.php

Your database changes

most often.

So, you only need to backup these three things:

wp-content folder

wp-config.php

database

When should you back up?

O How often does your site change?O How important are the changes?O Is your hosting provider already

making backups? How long are they being kept?

O Costs to backup in time and moneyO Costs to recover – some hosts

charge to recover

How often does your site change?

O posts, pages, menus, widgets, etc. – changes by you or your contributors - database

O comments – databaseO plugins added, changed, deleted –

code and databaseO themes added, changed, deleted –

code and database

What about premium plugins to update my site (such as backupbuddy)

O Is it worth the costO of the plugin?O in disk space?

O Must be stored somewhere safeO Must be managed well – what to

backup, when, did the backup work?, can you get to the backups easily?

O Is it needed? Or are my hosting provider backups enough?

How I do itO My hosting makes daily backupsO My hosting keeps backups for 21 daysO My hosting restores everything, or just 1

file, or a database at no additional costO Make child themes instead of changing

the original themeO Before a critical update:

O backup critical files and the databaseO test updates on a test siteO compare code in plugins

Child Themes

O functions.php

O style.css

O template files

Updating the twentyfourteen theme doesn’t affect my twentyfourteen child

theme

Test sites for creating sites, testing updates or making changes

O domain or subdomain name for the site if online

O disallow search engines from indexingORO setup a local environment – wamp, mamp,

xampp

Either way:O URL problems in files and the database

Search Engine Optimization

O Yoast SEO pluginO Schema Creator by RavenO Content, content, contentO Search engines love healthy sitesO Search engines work for their

customer, the searcherO Call an expert

SSL Certificates to protect your data

O Encrypt data being sent to and from your website

O Use HTTPS:// and show the lock on your browser

O You need one if you are collecting sensitive data such as social security numbers or credit cards

How to keep your site healthy, protected and fastO Don’t use free themesO Delete themes you aren’t usingO Don’t use more plugins than you

needO Delete plugins you aren’t usingO Don’t use ‘admin’ for your usernameO Use a strong, cryptic passwordO Update your site regularlyO Backup your site often

Keeping your site fast, secure and healthy

O optimize your imagesO use captcha to cut down on spamO limit the number of login attemptsO optimize for search enginesO limit the number of post revisionsO optimize your databaseO choose responsive themes or mobile

versions of your site

Keeping your site secure, healthy and fast

O Interact with your visitors often through newsletters, forms and comments

O Monitor your site for breakins, hackers, malware, and downtime

O Use caching, content delivery networks, and accelerators to speed up your site

O Optimize your code files for speedO Split testing to see what works

Keeping your site healthy, secure and fast

O Checking for broken linksO Malware scanning and detectionO Change defaults (login, database

prefixes, folder names, folder locations, etc.)

O Add content regularlyO Change your passwords oftenO Use an SSL certificate when appropriateO Block IP’s if necessary

How Much Protection is too much protection?

O How important is your website?

O How important is your data?

O How much are you willing to pay to get it back?

Thank You!For more information contact me:

Cindy Cullen

615-509-1528cindy@wphip.com

wpHIP.comPeace, Love and Smooth Operatin’