Managing a WordPress site seems like a daunting task. Even when built using a user-friendly content management system (CMS), the complexity of a website's structure can be dizzying, especially for site owners without a lot of technical knowledge. Mikel Bruce, Development Expert and Founder of TinyFrog Technologies, simplifies the process of maintaining your WordPress site by comparing it to periodically tuning-up your car.
When building and designing a website, you might feel like your work is finished when it launches — you would be wrong.
After investing resources, time, and energy in building a custom website, your next task involves maintenance.
There are a variety of tools and components necessary to keep a site running efficiently, including plugins, software, security applications, and servers. Monitoring and maintaining this delicate system is necessary to ensure that your site operates smoothly.
In many ways, ignoring maintenance for a custom website is like spending thousands of dollars on a new car, but then deciding only to get liability insurance, skip oil changes, and never rotate the tires.
In the context of a car, the idea of ignoring the upkeep for such a huge investment sounds absurd. Failing to maintain a custom website is no different.
Below, I outline a checklist of preventative maintenance techniques to address major security pain points for websites. In the same way heading to a body shop on a regular schedule helps to maintain your car, these techniques and tactics ultimately allow you to keep your site running and protected.
What is WordPress? Why is it so popular?
In order to perform the necessary tune-ups that keep your site secure, it’s important to understand the platform the site runs on. Many sites today are built using a content management system (CMS), or software that allows users to create, edit, organize, and publish content on the web.
Of the numerous CMS options you can choose from when building a site, WordPress is by far the most popular. As of March 2017, 29% of all sites using CMS platforms were built on WordPress.
The popularity of WordPress hinges on the numerous advantages it offers over other systems. These advantages include:
- Free and open source technology: you incur no licensing fees for using it.
- Support community composed of developers: they continually upgrade and contribute add-on technologies and plugins to the platform.
- Easy-to-use backend: no knowledge of HTML or coding required to update your site.
There are also disadvantages to using WordPress:
- As open source software, it’s vulnerable to hackers.
- Customization requires a qualified developer to perform maintenance work on the backend.
- There’s a risk of slower load times if you host your site on a server that’s not optimized for WordPress.
However, as long as you understand the challenges prior to using a CMS platform to support your site, there are many steps you can take to avoid them becoming a serious hassle.
What are the security risks associated with WordPress? What are the solutions?
With popularity comes increased security risk. A number of sites built on WordPress have turned it into one of the top three platforms targeted by hackers.
According to a 2016 report by Sucuri on infected websites, 74% of infected sites were built on the WordPress platform.
According to this same report, the primary causes for site hacks on CMS sites were outdated software and plugins.
In response to security threats, WordPress frequently releases updates for the 6,887 known vulnerabilities and security risks.
From January to March 2017 alone, Wordpress released three separate security and maintenance updates. In addition, Wordpress issues updates for the more than 49,000 plugins in its official directory on a daily basis.
The regularity of WordPress security updates relates to the utility of routine vehicle maintenance, such as changing the oil, rotating the tires, and checking the fluids in your car. These tasks, while not especially difficult, are nonetheless crucial, as failure to perform them may result in more significant issues or a hefty repair bill.
This concept of regular maintenance should apply directly to your site, in that manually reviewing and updating your site’s software on a regular basis is critical to keeping it secure.
Taking these four steps as part of a preventative maintenance program can greatly impact the safety and operation of your site.
1. Invest in 24/7 Site Monitoring Tools to Reduce Security Threats
In order to keep track of security threats posed to your site, consider investing in security scanning software.
Cutting-edge scanning technology monitors your WordPress website 24/7 and detects and removes malware, and other damaging viruses before they can do any damage.
This software serves a purpose similar to a car’s dashboard, detecting when you are low on gas or tire pressure.
While security scanning software, like a car dashboard, does not offer a definite solution for the problems they identify, ignoring the warning signs potentially leads to larger issues, like flat tires or engine problems.
Scanning software is especially valuable for website owners who don’t realize there are problems with their websites until a hack occurs or they fall victim to malware.
Failure to realize problems until a major issue occurs is, unfortunately, common, particularly among website owners who lack technical skills.
For example, in 2016, 61% of the webmasters who were hacked never received a notification from Google that their site was infected.
2. Ensure that Your Site Has the Requisite SSL Certificate
Secure Sockets Layer (SSL) is the backbone of the secure Internet. It protects your sensitive information, plays a primary role in improving search engine ranking, and proves the security of your site to your visitors.
An SSL is a protocol that enables your browser to establish a safe connection with a website or web server. Essentially, an SSL certificate says that the identity of a website is authenticated.
Fortunately, today, SSL certificates are nearly unanimous. In January 2017, Google Chrome started marking all sites that request confidential information, but don’t have an SSL certificate, as an “UNSECURE SITE.”
Procuring an SSL certificate is like the process of registering your car and updating the sticker on your license plate every year. Getting caught without an SSL certificate potentially leads to a loss of website traffic in the same way the absence of registration tags results in unnecessary fines or tickets.
In addition to the security guarantees provided by SSL, according to the latest Google Transparency Report, secure web browsing through HTTPS is becoming the norm.
A website address beginning with HTTPS, short for Hypertext Transfer Protocol Secure, signifies that a website has an SSL certificate and that all data you send to and from the website is encrypted.
Note of caution: talk to a qualified developer or development team who is familiar with the HTTP to HTTPS migration about installing an SSL certificate. If not handled correctly, the migration process could cause downtime or redirect errors.
3. Conduct Daily Backups
One of the biggest issues facing most websites is crashing. The best method to protect your site in case of a crash is by conducting daily backups, which restore your site with just one click.
Think of backing up your site as using AAA, or another roadside assistance provider, when your car breaks down. You can trust that that your car will eventually be “restored,” even after breaking down or experiencing a significant issue.
Unfortunately, few web-hosting services perform frequent or full backups, which commonly results in losing the site and/or content if a site is hacked.
Failing to take frequent or full backups presents an increasingly serious threat to site owners, given that Google recorded an increase in the number of hacked sites of approximately 32% in 2016.
While certain hosting platforms automatically delete corrupted files, without a recent backup of the website, a hack could still mean the loss of images, content, or an entire database.
4. Optimize Your WordPress Site for Speed & Performance
In order to be considered effective, a website needs to perform well.
One instance where WordPress site performance suffers is slow loading speeds due to shared hosting. In this arrangement, the resources of the web-hosting server are allocated to multiple sites on a single server.
The risk associated with this arrangement comes to a head when one website on the server has issues, which in turn affect the other sites sharing the server, causing slow load times and occasional downtime.
To add to this risk, since increased customization, more plugins, and high traffic that correspond to more storage needs, using a shared server presents a sort of ceiling of performance your site may achieve.
Using traditional shared hosting environments, such as GoDaddy, Blue Host, or Host Gator, equates to putting the wrong type of oil and fuel in your car — essentially your car won’t perform as well as it would with its optimal additives.
Research shows that a one-second delay in page response can result in a 7% reduction in conversions. For example, Amazon calculated that if its page speed dropped by one second, the cost would amount to $1.6 billion in lost sales each year.
Instead of using shared server, host your website on a specialized WordPress environment. In addition to enhancing speed, moving your site to a managed WordPress host provides better uptime and scalability, meaning your website can handle a higher number of viewers than with shared hosting.
Website Maintenance Should Be Proactive
Anyone who owns a car knows the initial purchase price represents just the first of many expenditures necessary to keep the vehicle in tip-top shape. Through routine maintenance and an appropriate level of insurance, you eliminate problems caused by ongoing use and ensure coverage in the event of an accident.
Owning and operating a website requires the same proactive approach to prevent problems and keep it up and running as expected. The following recommendations, executed in this order, allow a site owner to keep their website in good shape.
- First, use a qualified development team or Personal Homepage (PHP) web developer to take care of security and website updates. WordPress is written using PHP, a scripting language for web development, which is why you need a developer skilled in this language to perform development and maintenance work on a WordPress site.
- Next, acquire security monitoring software to ensure your website has an SSL certificate, and run a site speed test on the website to review performance.
- Finally, assess your current hosting platform and consider using managed hosting services that are optimized for WordPress.
Similar to maintaining your car, you can attempt to address each “maintenance issue” by using different companies, managing it all yourself, or hiring a company that specializes in all of them.
Whichever method you choose to approach security tune-ups for your site, think of your site as a valuable and delicate investment, just as you would a new car.
About the Author
Mikel Bruce is the founder and CEO of TinyFrog Technologies, a full-service web agency specializing in WordPress secured hosting, maintenance, and website design. With its all-in-one WP maintenance and security package, TinyFrog currently protects over 500 client websites from “croaking” and has helped many businesses recover from a hacked website and Google blacklisting.