Category: Maintenance.

error-page

If you’re like me, and you like to ‘clean up’ and reorganize your business for the new year, then this article is for you. You may have the best-built website that money can buy, but if you’re not maintaining or outsourcing to have it maintained, then you’re at risk for website meltdown. No scare tactics here…just part of running your business efficiently. If you haven’t already cleaned up your website or blog, now is a good time to complete this task before the start of a new work week. Even better, I would recommend you set up a regular maintenance schedule, like on a quarterly basis.

Below is a good comprehensive, 8-tip maintenance checklist to start your website clean-up task today. I’ve been creating and managing WordPress sites for seven years and this list is a compilation of items that I have had implemented on all of my sites and my client sites in order to avoid any issues that could cause the site to go down or be compromised.

  1. Back up your WordPress site (database and theme/media files) – you can accomplish this by either using the free WP-DB Manager plugin for the database backups and downloading your media and theme files to your computer or you can subscribe to the Backup Creator plugin ($7 one-time fee) or the Backup Buddy plugin ($80/year for 2 sites).
  2. Update your WordPress site to the most recent version – WordPress always alerts you of a new version of their platform that you can either update automatically or manually. Word of caution…be sure you back up your site first before upgrading to the new version of WordPress. There have been known issues that could cause your theme or plugins to “break” or malfunction. Not all plugins or themes are compatible with the newer versions of WordPress.
  3. Update the most recent version of your WordPress theme (without losing any styling from your current theme) – there is a plugin for that! Most of your newer (mostly paid) themes provide a link within your WP dashboard to update your theme to its newest version, but if you have a free theme that does not provide automatic updates, and you want to update your theme, you can do this by using the plugin called the Easy Theme & Plugin Upgrade Plugin.
  4. Update your installed plugins – WordPress also alerts you of updates to your installed plugins. I definitely recommend you keep these up to date because if one of those plugins is a security plugin, making sure you have the updated version will help increase the security of your site.
  5. Check your feeds and blog links (including affiliate links) for broken links – a great tool (plugin) that will check your links is called the Broken Link Checker plugin. It’s much easier to automate this task, especially if you have a lot of links on your site.
  6. Protect your site from hackers – this is key in making sure your content and WordPress site files are not compromised by hackers or a virus that was placed on your site. There have been instances of this happening in waves, unbeknownst to major hosting companies. The first thing I would do would be to contact your hosting company. They usually have steps you can take to check and clean up your site. One of the first things you need to do is change your login password. Also, make sure your username is not named, “admin”. An “admin” username can allow hackers to easily crack into your site and make a mess of it. Two plugins I recommend you use for site protection is either the BulletProof Security plugin or the WordFence plugin. Both are great security plugins, but my favorite is the BulletProof plugin.
  7. Check traffic stats for incoming link activity – you can check your traffic stats using the Google Analytics Plugin for WordPress. If you find something out of place, you can act upon it before it gets out of control.
  8. Repair and optimize database tables – If you use the WP-DP Manager Plugin, you can automatically repair and optimize your WP databases. This is just as important as protecting your site because if something goes wrong in your database (and it can), then you have a tool that will detect issues and correct it. Another way you can check and repair your databases is to access your site database in your hosting account. All hosting accounts have a MyPHPAdmin module that gives you access and control of your databases.

I also created a blog maintenance checklist that you are welcome to download for free. You can find it HERE. Feel free to tweak the list to accommodate all your needs. At the end of the checklist, I provide you links to the plugins I mention so you can review them before you decide to install and configure them on your WordPress site.

If you have any suggestions on other items to look for and manage on your WP site, feel free to share them in the Comments box below. I’m always happy to get input and opinions on things that work for you or don’t work for you.

Until tomorrow…Day 5 of the UBC

Like what you’ve read? Sign up below to receive regular updates.

 

For the last day of the Ultimate Blog Challenge (Day 31), I have the privilege of sharing with you a guest blog post from a wonderful VA colleague and friend that I met while being on this challenge.

Shawn SnyderRead on what Shawn Snyder of SRS Virtual Assistant had to share when “The Day My WordPress Site Was Hacked”. Then be sure you take her advice in protecting your own WordPress site.

hackedIt was Monday morning and I was on a call with a dozen others who are my peers. Each of us helps the small business owner with their businesses in one way or the other. It was at the end of the call and we were each sharing our websites and going over how to make little improvements here and there. Time was running out and there was just enough time for one more website review, I volunteered. As my site was coming up for all to see suddenly the screen turned a maroon red with an outline of a security officer with his hand stretched out and the words of “Don’t precede malware danger.” There was more, but I was too horrified to remember exactly what it said. I was concerned about my website that I had spent hours on being ruined plus humiliated that the people on the call had seen me so vulnerable.

Protect Yourself

My first step isn’t one you have to take, but it helped me. I had a good old fashion pity party. I cried and railed against the evil hackers (that where probably 13 and smarter then me.) And then I did what I should have done before I even started my website. And here is where I want you to start as well. Learn how to protect yourself before you get hacked. The beautiful thing about WordPress and why so many of us recommend it is because it is so easy to learn. Unfortunately, that can also be a detriment to the health of our sites. We have to learn how to add a security fence around our site.

Keep Updated

Here are some things I learned the week of coming back from being hacked. It can and will probably happen to you. I had gone five years on the internet without being hacked and got lazy. I had several domains being hosted together. I didn’t keep them all updated with the newest plug-ins and themes. There is such a thing called cross contamination of sites that share a hosting spot. And if your site has outdated items on it that becomes an opening for hackers and then it just spreads. I had a backup plug-in but when I went to check to see how to get the site back it didn’t cover all of the different areas of the website. It was worth the amount of money I paid for it. Zero.

Keep Informed

I was scared and didn’t know what I was going to do. I don’t know code how was I going to wade through lines upon lines of code finding the problems. I went looking for people who could clean my site and it was expensive. By this time I was frustrated and angry at myself. How could I let this happen to all the work I have done. And what was I going to do now. I remembered a year ago I went to a conference in Atlanta and meet a woman who worked helping other small business owners keep their WordPress sites safe. I contacted her on Facebook and was directed to a site called safewp.com. They give out weekly WordPress security reports, best WordPress security practices and best of all a weekly webinar which was going to run that night.

The webinar was on a plug-in called Wordfence Security. This WordPress plug-in is by Mark Maunder and to me it was nectar from the gods. This plug-in scans your site and looks for trojans, malware and viruses. It repairs themes and plug-ins. It shows the changes in the files that where infected, it scans for malware, it shows which traffic is human and which is crawlers.

There are two versions the free and paid members. I have the free version and that night after I loaded Wordfence onto my site I was blown away. It showed that I had 13 malware problems. But I am jumping ahead of the story.

After you have Wordfence activated, you will go down to the options setting. You put in your email and the API key you get. Scroll down to the alerts section, you can go with the default, Regina from safewp.com showed us some great alternatives as well.

There is a scan schedule, but that is only available for paid members. I can tell you I have ran the scan every night before I go to bed since I got all the issues fixed. It is such a comforting site to see a green prompt at the end of the scan. There is a country blocking area for paid members where you can block off whole countries from having access to your website.

There is a blocked IP address section as well. You can manually block IP’s, there is a section of IP’s that are locked out from the login and IP’s who were recently throttled for accessing the site to frequently. You also have the capability of clearing the IP’s.

The next setting is the live traffic setting. This is so interesting it lists all hits, and then it breaks it down into humans, registered users, crawlers, Google crawlers, pages not found, logins and logouts, top consumers and top 404s.

The next setting is the scan setting. This is where it goes over all the sections you checked in the options setting. It has a scan summary, a scan detailed activity and an issues section. The issues section is where I got my bad news of 13 malware problems. It tells you the issue and gives you several different things to do. My issues where many but thankfully it was an easy to fix problem that came from one outdated plug-in. I deactivated the plug in and the malware problem is gone.

So, that is my story of when my WordPress site got hacked. I hope you are able to learn from me and never get your site attacked or hacked. Each night, I run the scan on Wordfence and go to sleep with the green message telling me I have no security issues on my site.

Please feel free to leave a comment or question below for Shawn and I’ll be sure she receives your reply.

Until tomorrow… 🙂

Warmly,

a-sig