This document discusses the importance of maintaining and monitoring a WordPress website to prevent issues. It provides tips for choosing a reliable server, securing the site, using a limited number of trusted plugins, backing up the site frequently, and keeping the core, themes, and plugins updated. The document recommends hiring a support professional to regularly check for security vulnerabilities, update components, and backup the site off-site. It provides some local and online support options for readers to consider.
2. Who Is Shawn?
Shawn DeWolfe
Web developer. Web designer. Entrepreneur.
Started in WordPress in 2011.
Started with Web design in 1996.
Started programming in 1984.
Consulting site:
Shawn DeWolfe Consulting || https://shawndewolfe.com
3. What Dragons and Websites Have In Common
● The live in secluded places (server rooms vs. caves)
● They guard treasure (confidential data vs. gold coins)
● They are tempermental
● They can have a
weakness in their
defenses
● They need to be cared for or they go berserk
4. My Support Pre-History
● As part of the development process and the customer retention
process, support played a big role.
● Back in the old days, that included server support: literally
sitting in front of the server getting it back into a good state.
● In the early days, you learn what you don’t know.
● You learn what can be automated, regimented and even tasked
off to others.
● While I’ve done 23+ years of support, I only recently started to
isolate that as a dedicated service.
5. The Basics of Support and Maintenance
● Reliable server space
● Good support from the server company
● Good selection of plugins
● Finite list of plugins
● Buttoning down your security in the install
● Good security practices
● Frequent reviews of plugins and security
● Restore points
6. Reliable Server Space
Start with the foundations. Your server space has to be reliable:
● Consistent - are weird things happening?
● Powerful - if they are miserly with resources, it will hurt your site
● In the “Goldilocks Zone” for pricing (if a deal seems too good to be
true, it is).
● Respected - when the mob speaks, listen.
7. Good Support from the Server Company
● Look for a hosting company where the support is responsive to your
needs.
● Look for one where it is easy to log a support ticket. If they come up
with an unsatisfactory answer, what happens when you challenge
them on that?
● When assessing your potential host, ask questions through their
ticketing to sales system. Sales will show their best behaviour. If it
isn’t very good, their tech support is likely to be even worse.
8. Good Selection of Plugins
● Choose plugins that are stable and safe. Look for those that have been
updated within the last six months - do they still have a heartbeat?
9. Finite List of Plugins
● All code costs resources, even (and especially) free open source
plugins.
● The more code running on your site, the more complex it will be.
● Complexity will lead to fragility.
● Fragility will throw your site: heavy memory use, exploits, debugging
difficulty.
Some developers limit themselves to 10 plugins. If that’s too stringent,
pick a maximum that accomplishes your site goals, then colour within
the lines.
10. Buttoning Down Your Security in the Install
Bad code will fail fast. Often, security is the driver for your support issues.
● Make sure your database password is complicated.
● Set your SALTS - these are in the wp-config.php file. They are the seeds for
your security. If they are left to the default of ‘put your unique phrase here’
any smart hacker can take control of your site.
● The best tool for buttoning down security is from iThemes -
https://ithemes.com/security/
● Lock down security permissions on files and directories. iThemes security will
give you a report of good and bad directory settings.
11. Good Security Practices
● Make sure your admin username is NOT “admin”.
● Make sure that password is also complex and then change the password
frequently.
● Be stingy with the admin role and give it out to as few people as possible.
● Use iThemes to change the backend login from wp-login.php to something
cryptic but memorable and bookmark.
12. Frequent Reviews of Plugins and Security
● I use a plugin called “Redirection” (https://en-
ca.wordpress.org/plugins/redirection/).
● Redirection traps all of the 404s. Often, 404s are a tell of bad actors probing
your site for loopholes. Review them. You can use iThemes to block user
agents - robots - that are probing your site for exploits.
● Visit the iThemes screen in your site and do the security check-up every week
or so.
● Keep plugins up to date. Check this daily. There have been recent exploits
that would have large impacts if not caught quickly.
13. Restore Points
Use a method of backup to restore your site if the worse comes to worst. Three
options that I like -
● Softaculous, via CPanel install, allow for the back-up of your site install. It
also allows for a restoration from your backup.
● WP Migrate DB allows for backup of your database. The pro version allows
for recurring back-ups. - https://deliciousbrains.com/wp-migrate-db-pro/
● Use Duplicator Pro to create a complete backup - that includes data and
files. To get Pro version - https://snapcreek.com/
TEST YOUR BACKUPS
14. The Aspects of Solid Support & Maintenance
● Frequent core, theme and plugin checks, and frequent plugin updates
● Off-site backups (ideally 90 days)
● SSL implementation
● Protection from DDoS attacks
● Inclusion in a CDN
● Uptime monitoring
● Domain name renewal date tracking
● Security monitoring & malware cleanup
(1 of 2)
15. The Aspects of Solid Support & Maintenance
● Security monitoring & malware cleanup
● Google Analytics setup
● Weekly page speed monitoring & optimization report
Nice-to-Have Features
● Free premium plugins (opt-in)
● Unlimited small (30-minute) tasks, 24x7 basis
● Several hours per month of advanced tasks
(2 of 2)
16. Locally
Jacob Buurma - https://vibrantcontent.ca/about - Offers a support plan
to his clients to keep everything safe.
John Overall - https://www.johnoverall.com/wordpress-web-hosting -
Offers hosting that includes support and maintenance of WordPress
plugins
We have a list of WordPress support providers. If you want a copy, email
clientcare@shawndewolfe.com with the subject of “WP Support List”
Get Help! (1 of 3) - Local Experts
17. Get Help! (2 of 3) - Done for You
Done for you!
There are services that offer all-in-one hosting and WordPress support.
Two that come to mind (there are many): WP Engine and Flywheel.
These done-for-you services bundle hosting with support.
WP Engine - https://wpengine.com
Flywheel - https://getflywheel.com