As long as I’ve been using computers, I’ve heard that I needed to back up my data. The same is true of a WordPress Web site. Think about the amount of time and the expense that has gone into building your site. If something were to go wrong, do you have an easy way to return the site to a time when it was working? Should the site become infected with malware, can you easily return the site to a time it was free of the malware? If true disaster struck, do you have a way to resurrect the site? It isn’t uncommon that a potential client with an existing site comes to me and they have no backups at all!
In this post I’ll cover three types of backups to perform on your WordPress site. There is not a single right answer as it is a good idea to use all three types.
Hosting Company Backups
There are probably thousands of companies offering WordPress site hosting. Many of these plans include some form of backup performed by the hosting company. It is common that they backup your site daily and some even offer the option for you to manually backup at a specific time. Performing a backup right before installing the latest version of WordPress, a theme or a plugin is a good idea. Should something go wrong with the update, you can quickly restore the backup you created.
Even if you don’t do a backup right before installing an update, having a daily backup means you can quickly roll back to the site you had less than 24 hours ago. If you realize malware appeared at a certain date, you can restore the backup from a time before the infection (assuming it was in the time period of backups the hosting company retains).
It is extremely important that you choose WordPress hosting that includes backups for the reasons already listed and likely many more that I didn’t list. In our WordPress Maintenance Plans, all of the hosting we provide includes backups as part of the hosting.
While having backups as part of your hosting is a very good thing to have, it should not be the only backup of your WordPress site. I’ve run into two situations where other methods of backup were needed and there is a third I thankfully haven’t encountered.
In the first instance, the client had their own hosting plans and let the payments lapse. The hosting company gave them a grace period and even that passed without payment. So the hosting company deleted the site. They had no backup and the site had to be re-built from scratch. Not only did this mean a bigger expense, but it also meant being without a site for a period of time.
The second instance was even more severe as the data center housing thousands of servers was destroyed in a fire. The company I was working with had a site that contained massive amounts of data and would have taken enough time to rebuild that it could have driven them out of business. Thankfully they had a backup and had everything back online in a week or so.
While I have no direct knowledge of another instance, it is also something that should convince you to have alternative methods of backup. What happens if the hosting company goes out of business and takes your site (and others) with it?
On-Site Backups
The next type of backup is an on-site backup where a WordPress plugin is used to backup the site. This is extremely important if your hosting plan doesn’t include backups, but is also a good idea as a second-layer of safety when you do have backups as part of hosting.
The first thing you’ll need is a good backup plugin. Check out 6 Best WordPress Backup Plugins (in 2023) for a rundown on the top options. We use UpdraftPlus for our on-site backups and it also happens to be the top choice in that article.
Off-Site Backups
Of course an on-site backup is still not a solution should there be a problem with the hosting or hosting company. It is just a very large piece of data on the server. If you are going to create an on-site backup, you should take one more step and have those backups sent off-site.
One of the reasons I really like using UpdraftPlus is that it makes it easy to have that on-site version of the backup sent to your favorite cloud service. I’ve used this feature to send backups to both Amazon Web Services (AWS) and to Dropbox. Those are only two of the many options they offer.
Should any of the disaster scenarios (discussed earlier) happen, restoring the site can be as simple as spinning up a new WordPress instance and restoring the backup stored off-site.
In Closing
You shouldn’t consider the three types listed as something where you should choose the “best” option. That’s because the best solution is to implement all three types of backup. If you aren’t sure if you are getting the backups you need or aren’t comfortable with implementing them, I encourage you to consider one of our hosting and maintenance plans and we’ll take care of it for you!
Before I talk about the actual pains and gains, I want to first list the description of the plugin provided in the WordPress repository.
“This plugin is designed to link WordPress with the SiteGround Performance services. It WILL NOT WORK on another hosting provider.”
So if you are hosting a site on SiteGround, you should be using the plugin. Sites hosted elsewhere can not use it at all. I’ve used the plugin on a number of sites hosting for myself and for clients on SiteGround and have some very positive and very negative results. I’ll discuss those below as well as some basics on configuring the plugin.
It Killed Stripe
The worst pain I had was on an e-commerce site. Visitors trying to make a credit card payment via Stripe would get an error message. After a lot of back and forth with support personnel, the only way to get Stripe working again was to disable SG Optimizer completely. Strangely, I have at least five other sites on SiteGround using the same e-commerce setup and they’ve not had the Stripe issue. While there may be a way to get SG Optimizer working with Stripe on the problem site, it isn’t worth the potential loss of sales for the client.
Working Through the Settings
There are four tabs to configure and I’ll go through each of them separately with the settings you should choose. Feel free to experiment with the settings to get the best performance for your site.
First up are the Supercacher Settings. In short, there are three switches on this page and you want to turn all three of them on. You may have trouble enabling all three if you haven’t enabled things in the SuperCacher app of your site’s cPanel. Note that the app has tabs for Static Cache, Dynamic Cache and Memcached and you need to configure a site on all three to use all of the SG Optimizer settings.
Using these caching settings will speed up your site and decrease the load on the server. As long as they don’t conflict as I described with the Stripe processing, you definitely want to use this caching.
Next is the Environment Optimization tab. In the screen shot, the Enable HTTPS is turned off. This is something that may or may not be useful to you. As the site shown has it enabled in other ways, it wasn’t necessary to turn it on here. SiteGround provides a way to set the version of PHP used on a site deep within cPanel. An easier way is to choose to set it manually here. In that case, you can select an exact version. Or you can select Managed PHP and SiteGround will update it automatically to what they consider is the newest stable version.
The final two switches fro GZIP Compression and Browser Caching should both be activated. GZIP Compression will make all files leaving your site compressed and thus smaller. Smaller files gives faster performance. Browser caching will tell a visitor’s browser to hang on to content longer so it doesn’t have to be downloaded again.
Front End Optimization provides seven separate switches each with a clear description of what it does. I typically turn on all but the last switch. I like having emojis on a site so I’ll put up with the slight decrease in speed. If emojis aren’t important on your site, go ahead and turn it on for some extra speed.
The last tab, Image Optimization, has a number of settings dedicated to the graphics on your site. You’ll note that I have the first switch disabled and all of the rest enabled. I’ll explain why soon. Below the top switch is a button that will optimize all bitmap graphics on your site. Depending on the number of files, this could take a very long time so you may want to do this before leaving the office at night.
Next we have the lazy load options and I keep them all enabled. When these are enabled, images are only loaded when they are visible in the browser window. There is certainly a good reason to wait to download them if they can’t even been seen.
Now let’s talk about why I have New Images Optimization turned off. When this plugin first appeared, I noticed I often had trouble loading PNG files on my sites. It was around the same time WordPress 5.0 shipped so I wasn’t really sure what caused it. There was a pretty simple workaround so I didn’t let it bother me.
Recently a much bigger problem reared its ugly head. Many of my projects use the Divi Theme. A very useful feature is the ability to import pre-built layouts as a page starting point and nothing I did would allow a layout to import successfully. After a very long back and forth with SiteGround support, the problem was having New Images Optimization enabled. Once it was turned off, the layout imported perfectly the first time.
It was quite difficult to get to this solution as the SiteGround support reps wanted to find every excuse possible even though I made it clear from the very beginning that the issue only happened on SiteGround sites. PNG files were blamed. Themes were blamed. Other plugins were blamed. Thankfully I was persistent enough to push them to find the real culprit. With any luck, this plugin can be fixed so that this setting can be enabled without causing any problems. Until then, I’ll keep it off.
WordCamp Phoenix was held a couple of weeks ago and it is great to spend two full days with other WordPress users of all levels. One of the speakers that always delivers great content is Aaron Campbell. His main job is working on the security of the core WordPress software and he has a real knack for explaining complex security issues in an easy-to-understand way.
His talk at the most recent WordCamp was titled “Why the Open Web Matters” and he gets his point across by talking about video games and tractors. Yes, tractors! You can watch the entire session on WordPress.tv or I have embedded it below.
This is not a problem specific to tractors. It also affects the fastest production car ever made. The only way to maintain that car is with a specific Compaq computer from the early 90s. Read McLaren needs a 20-year-old Compaq laptop to maintain its F1 supercar for the details.
Cleaning Up a Hacked Site
While there are many things you can do to protect Web sites, the hackers won’t stop trying. If you don’t have good protection, the hackers are far more likely to succeed in hacking your site. Should your site get hacked, you’ll need to get it cleaned.
Sucuri is one of the leading providers of Web security and they have authored detailed steps for How to Clean a Hacked Website. There are separate instructions for WordPress, Joomla, Magento and Drupal sites.
We’d love to help protect your site so the likelihood of getting hacked is minimized. Please consider one of our WordPress Maintenance Plans. They are a small investment into keeping your site working hard for you!
When I read it, I had my own thoughts on the reasons listed so I’ve taken the seven reasons from that post and have provided my answers below. Three other reasons came to mind as I thought about why I feel Unleashed is a great choice and they are included after the initial seven. As we focus solely on WordPress development, the solutions below are all based on WordPress.
1. Professionals can customize beyond templates
Every WordPress site has a theme (template) that determines the design and features of the site. Sure, there are a bunch of free themes available and some of them are OK. We’ve tried a lot of themes and found that there are many of them that are difficult and/or don’t work nearly as well as the demo.
Over time, we’ve developed a small number of themes that we use on most of the sites we build. We know how they work in depth and know that we can deliver a wide range of designs from them. There are also ways to extend our favorite themes to give them even more features and options.
Should you build a site yourself, you might choose a great theme and it’s possible you get a really bad one. When a bad theme is used to build a site, it can be very hard to switch to another theme at a later time.
2. The ROI is worth the initial cost
Let’s say you want a pizza for dinner tonight. It is simple to go to your favorite pizzeria and get a large pizza with a few toppings for $15-20. The alternative would be to make your own crust, either purchase or make sauce, get some cheese and the other toppings. Then add the time involved to take the raw ingredients and make the pizza. In the end, you could have a gourmet pizza or a complete dud and you will have spent a lot more money and time to get there.
Yes, a good Web site is an investment. If you work with a developer and provide the content required, it will save you money. Even if you built it yourself, you’d still need to come up with the content. What is your time worth? Expect that it can take you 3-5 times as many hours (minimum) to build a site as well as a good developer. In the end, will your creation be a masterpiece or a dud?
By using a pro, your site will be working for you sooner and will be designed to meet (or exceed) your goals. This brings a return to you sooner and that return will likely be much greater.
3. You can choose the right developer
No single developer is the right fit for every project and you’ll find many choices when looking for someone to build an awesome WordPress site. Clients sometimes judge only the cost and not what the developer can delivery. The goal is to have a site that best delivers on your goals while delivering a great return on investment.
We pride ourselves on being part of the GoDaddy Pro program as well as being a Google Partner. The online world changes every single day and we focus on educating ourselves on those changes so that we can deliver sites that follow all the latest standards. This also allows us to minimize the time and costs involved.
4. Managing your own content is still possible
At its heart, WordPress is a CMS (content management system). It is designed to allow multiple users to change content to varying degrees. Some clients only want minimal abilities to change a few words or photos. Other clients want full control of a site. Either option is possible and the abilities can even be changed at any time.
This also brings up the famous Spiderman quote “with great power comes great responsibility.” If a client has the ability to edit anything on the site, they also have the ability to accidentally create problems by clicking the wrong thing. We work with clients so they know how to complete the processes most important to them to minimize potential problems.
5. eCommerce functionality is doable
With a WordPress site, eCommerce functionality can be as simple as installing a plug-in. While it is technically quite easy, a good eCommerce site is much more complex. What types of products and/or services are you going to sell? What types of payments are you going to accept? Do you need to ship products? Are they downloadable? These are just some of the questions that need to be answered.
WooCommerce is often mentioned as it is the most popular tool for adding eCommerce to WordPress. That does not mean it is the right answer for your site. We have found other tools that are better choices for our clients. Not only do we recommend these tools for clients, we use them on our own eCommerce sites so we know them inside and out.
6. Your site will be mobile-friendly and responsive
With nearly 2/3 of all Web traffic coming from mobile devices, it is an absolute must that your site works great on mobile devices. Visitors to your site could be on a computer screen that comes in nearly any size. Throw in the variety of tablets and mobile phones and there is just no single size anymore.
When we design a site, it is designed to be responsive. That means it adapts it to the screen of the device on which it is being viewed. Not only does it need to adapt to every screen, it needs to be usable on every screen. Your blog post must still look great on every screen. Visitors should be able to shop in your eCommerce store on every screen. Google created a certification test to make sure developers followed mobile best practices and all of our designers have passed the test.
7. Websites are constantly changing
One of the best parts about building a Web site on WordPress is that the platform itself is being regularly updated. We prefer to work with themes and plugins that are also regularly updated. First and foremost, this helps to keep your site secure. But these changes also support new and improved features.
Not only does the technology itself improve, we also focus on improving our skills and knowing that latest best practices in Web design. While you may choose not to have your site updated regularly, we’ll be ready to update it when you need it.
8. Keep all elements maintained and secure
It is thought that once a Web site is launched that all work is done for a long period of time. That just isn’t the case. It is not uncommon that some element of the site has an update almost every single day. If a client prefers, they can handle all of these updates. A far better value is to select a maintenance plan where all the updates are installed on sites for clients.
This keeps elements updated and keeps the site more secure as well. Additional layers of security are available for clients who want true peace of mind.
9. Your pages can be tested and optimized
If a user builds a site, will they test it on a variety of devices or do they decide it looks great on their own computer so it must be perfect? We want to test pages on computers, tablets and phones so that the user experience is consistently good.
Even when a site looks good on devices, it may not be optimized. Are images the right size in both dimensions and download size? Will the page perform well in search results? Can adjustments be made to make the site load as fast as possible? These are all tasks a pro will perform so that you get the best results from your site.
10. Resource for support after the site launches
When a site is first launched, it is only the beginning. Changes will inevitably be made. New content will be added. Quite possibly new features will be needed. Where is your time best spent? Is it becoming an expert on WordPress or working on your own business? Regardless of whether you are going to update the site or you want a developer to do it, we’re here to help.
We’d be happy to discuss your needs to see if we are the right developer for your project. Visit our Contact Us page or give us a call at 480-595-0065.
With any site built on WordPress, there are three major components that regularly get updated. There is WordPress itself, the theme or themes installed and the plugins. If they are not all updated in a timely manner, problems could arise. We recently saw evidence of this on a couple of sites.
A client contacted us about an order placed in their online store. On a specific order, the wrong amount of shipping was charged. We investigated the shipping rates on their site and it had all the right info so there was something else causing the issue. Anytime we go into the back end of a site for a client, we take the time to install any available updates.
On this shopping site, we tried a few sample orders and couldn’t re-create the problem. Why had the problem happened the first time? Quite simply it was because the plugin for the shopping cart hadn’t been updated recently.
While visiting another site recently, we ran into an issue with the business directory. We could search the directory, but the page would not scroll on the results page. This was great for whichever business was listed first, but really bad for anyone else. As this wasn’t a site we built, we contacted the business to let them know about the problem. It was fixed within an hour and it turned out the problem was a plugin that needed updating.
Making sure a site is updated regularly was the driving force behind our decision to offer maintenance packages. We wanted to make the entry-level package as inexpensive as possible and our Bronze package does handle the updates described above. For clients that was more service, we offer Silver, Gold and Platinum packages with increasing levels of services.
Clients can choose to do the updates themselves. Some do visit their site regularly and keep things updated. We find that most don’t. They can choose to have it done when other changes are made, though often this ends up costing more. Lastly, they can choose a maintenance package that install updates very regularly so that everything runs smoothly.
Each time we hear about a Web site being attacked, the owner of the hacked site doesn’t understand why their site was targeted. The short answer is that the bad guys are rarely looking to attack a specific site. Instead they are looking for sites that are vulnerable. Let’s go over some of the specifics that can make your site vulnerable and ways you can protect it.
For a minute, pretend you are an enterprising hacker and you want to make the most money possible. If you are going to attack sites, wouldn’t it make sense to go after the most popular platform on the Web? WordPress powers 28% of all sites (as of this writing) which is far more than any other platform. Because of this, it is targeted regularly.
What Needs Updated
There are three major components to the WordPress ecosystem that can be vulnerable. First is the core WordPress installation. Next are themes installed in WordPress. Every site must have at least one theme and it is common to have 2-5 installed. The third are plugins that are added to a WordPress site. Typically sites will have 10-25 plugins installed. All of these components provide a way for bad guys to compromise your site. Let’s look at each component separately.
In a given year, the core WordPress is updated 5-10 times. Updates address known security issues, fix bugs and add new features. For site security, the most important reason to install an update quickly is to make sure the security issues are patched. When you purchase hosting for a WordPress site, it may include automatic installation of the core WordPress files. It also may not. We’ve seen sites that haven’t had the core WordPress updated in several years and those sites are huge targets for hackers.
For those of you who have hosting plans that automatically update the core WordPress, you can at least breathe easy on that component. Most site owners probably don’t even know if the updates are automatic so this is something worth investigating. If your site isn’t updated automatically, you need to develop a plan to check for updates and get them installed in a timely manner.
Do You Have a Good Theme?
It is possible that a theme never has updates released. While this may seem like a good thing since you don’t have to install the update, it typically means the theme becomes more vulnerable over time. Let’s pretend you use XYZ Theme (this is a fictional name) and it hasn’t been updated in a year. In total, we’ll say this theme is installed on 10,000 sites. When the hackers find an issue with that theme, they know they can attack a large number of sites very quickly. They aren’t targeting your site, they are targeting all sites with that theme.
Other themes are updated almost every week. While this can mean you have more updates to install, it also means the developers are making sure it is as safe as possible. This is one of many reasons we like Elegant Themes. Plus they are likely adding new features! The key is that someone must login to the back end of your site and install those updates in a timely manner. This is not a feature often included as part of your site hosting. So if you aren’t doing it, is someone else doing it for you?
Since most sites have a small number of themes installed, it is important to make sure they are all updated. Even the themes not active can be vulnerable. Maybe some of them should be deleted. Even then, the best plan is to make sure they are all updated regularly.
Plugins Provide Power and Vulnerability
Plugins make it very easy to add features to your site, even by adding a layer of security. But each plugin also provides one more component that can be vulnerable. You want a form on your site for visitors to contact you, right? So let’s pretend your site uses ABC Form Builder (again, a fictional name). It is a really popular plugin with 500,000 installs. And because it allows anyone to enter information, it is especially vulnerable if the developer has missed something. When you don’t update it for six months, the hackers will gladly come infect your site with malware.
Since most sites have at least ten plugins and these plugins are regularly updated, you have to really stay on top of it. On a given site, it is quite common to have at least five plugin updates in a given week. If any of them aren’t installed, the bad guys may have a way to attack your site.
We’re not aware of any hosting plan that includes plugin updates. Maybe your Web developer has included this in the plan they sell to you. What we’ve seen is that most site owners simply don’t install updates. It is those same site owners who don’t understand why their site was hacked. Are you installing plugin updates? Is someone else installing them for you?
The Basic Level of Protection
At the very least, every WordPress site must have a plan in place to install updates to the three components we’ve discussed. Even if this is only done once a week, it could take 10-15 minutes to login to the site and get everything updated. Over a month’s time, that could add up to as much as an hour. Will you take the time to do it? Do you want to pay your Web site developer for an hour of their time to do it?
This is exactly why we developed our WordPress Maintenance Service. Even our Bronze plan does more than simply keep these components updated. Instead of just doing it weekly, updates are installed more often to make sure security patches are in place quickly. So do you want to take an hour or more to do it? Do you want to pay for an hour of your developer’s time? Or do you want it done for a fraction of the cost on an even more regular basis?
What Happens When My Site Gets Hacked?
Each hack is different. Some hacks don’t seem to have any noticeable change to a site. Other hacks will take a site completely offline. Would not having a Web site for a few days hurt you? Some hacks install malware which infects visitors to your site and causes Google to label you as a bad site and remove you from search engine rankings. Would it hurt you if your visitors are mad at you and your site no longer appears safe to Google? Getting that label removed and re-gaining your Google ranking can take quite a bit of time.
We’ve also seen hacks where legitimate blog posts are deleted and a number of spammy posts were added. Would it hurt you if the posts you created were gone forever? Would your visitors trust you if your site had a bunch of spammy posts?
Instead of asking yourself why anyone would want to hack your site, you should just assume it is being attacked every single day. Why? Quite simply, it is being attacked. Installing updates regularly is the first line of protection. More can be done by making sure your site is backed up. Should it get hacked, the backup could save you. Active security protection can also be put in place to repel the attacks. This additional protection is part of our Silver WordPress Maintenance plan.
As I write this, I think of an appliance commercial from long ago with the tagline “you can pay me now or you can pay me later.” If you want to do the maintenance yourself, go for it. It’s just most of you aren’t doing it. I’d rather you invest in a maintenance plan to keep your site working well. If not, the cost to recover your site after a hack is probably going to be a lot higher. Add to that any lost revenue from being without a working site for a period of time.
Receive the latest WordPress, Divi, SEO and design news in your inbox for FREE from Web Design Solutions Unleashed.
We use cookies to ensure that we give you the best experience on our Web site. If you continue to use this site we will assume that you are happy with it.Ok
With nearly 2/3 of all Web traffic coming from mobile devices, it is an absolute must that your site works great on mobile devices. Visitors to your site could be on a computer screen that comes in nearly any size. Throw in the variety of tablets and mobile phones and there is just no single size anymore.
