We all know that gut-wrenching feeling when you lose an unsaved document that you’ve worked on for countless hours. It’s a horrible feeling of despair. Usually, simply “saving” more often could have averted disaster.
Now imagine your WordPress site being damaged, corrupted, or changed without your permission. The impact could be far-reaching. Not just some lost words which you have to retype. But quite possibly lost enquiries (and sales if you are running e-commerce), removal from search engines and damage to your reputation. And more often than not, clicking “Save” won’t prevent the problem…
Some scenarios that could result in your files being lost or damaged:
- Your hosting provider experiencing technical issues
- Your hosting provider may be the victim of an attack which affects all websites they host
- Your WordPress site may be targeted by criminal hackers
- You may accidentally delete, overwrite, or damage your site’s code or database
These situations may not occur frequently, but if they do, I’m sure you can agree that it’s best to be prepared before a crisis happens. This guide will help you cover all bases to ensure that you maintain your sanity if disaster strikes.
Your Website. Your Responsibility
Leasing office space comes with responsibilities over and above simply utilising the space as your office. It is beholden on you to arrange insurance, an alarm system, maintenance, cleaning… Unless it’s a fully serviced office.
Did you purchase a fully serviced website?
If not, it’s your responsibility to make sure all aspects of running your website are covered. Read on to find out what you should consider or click here to learn about Managed WordPress Hosting.
What Can Go Wrong?
The most common problems are related to automated hacking of your website. Often this is so that criminals can utilise your website for distributing malicious software, or make use of the resources for conducting other attacks.
Because of the popularity of WordPress, automated attacks are common place. Learn about the types of Malicious Software attacks here.
Other issues are most commonly caused by installing badly coded or unreliable WordPress Plugins or Themes.
Steps To Take To Prevent A WordPress Crisis
BACK-UP YOUR SITE REGULARLY
The most important step is to create regular back-ups of your site. Before installing new plugins or themes make a backup. After making a lot of updates, take a backup.
How To Back-Up WordPress
Your hosting provider may already provide regular backups – in which case, you should make sure you know how to retrieve those backups and how to restore from them. Consider also setting up an automated download of the backup files and store them on your computer every night.
For hosting providers who aren’t making backups available to you, you might consider installing a Backup Plugin, such as:
- wpremote.com (no cost, simple and quick)
- BackWPup (no cost)
- VaultPress ($60+ per year)
- BackupBuddy (prices start at $80 per year)
REMOVE MENTIONS OF “WORDPRESS” OR “WP”
The tables in your WordPress database all start with a prefix – usually “wp_”. It’s better to randomise this so that it makes it harder to guess the table names.
Criminal hackers can easily identify what version of WordPress you’re running, what your theme is and what plugins you’ve installed. Often this is done automatically – they write software to trawl the internet looking for WordPress sites. Once they find a site, they automatically try to exploit it – one of they ways they do this is by assuming that all of the tables start with the default ‘wp_’ prefix. Thus if you change this to something random, it makes their job much harder.
Here are some links to articles which explain how to do this:
USE STRONG PASSWORDS
Ensure all your accounts and users are using a strong password. Read this article on creating a strong password.
Delete any unused accounts.
CHANGE THE ADMINISTRATOR NAME
By keeping the default administrator name for your WordPress account, you are doing half of a criminal hacker’s job as all that remains is to guess the password. Create a new Administrator account with a different name, log in to the new account and then delete the default admin account.
KEEP WORDPRESS, PLUGINS, AND THEMES UP TO DATE
One of the most important things you can do to prevent exploits is to keep your site up to date.
WordPress is in use by something like a quarter of all websites. In the entire world. That’s a lot of websites! The benefit of this is that security vulnerabilities and bugs are constantly being highlighted and fixed.
Updates come in various flavours:
- WordPress Core – major version changes. At the time of writing the major version is 4.5. Major version updates include all security fixes and feature changes. Major version updates should be tested before you install them on your live site to make sure your site theme and plugins are compatible with the new version.
- WordPress Core – security updates. At the time of writing the minor version is 4.5.3. Minor version updates usually include only security and bug fixes which do not materially change functionality. Therefore they are usually safe to install without testing – but always take a backup first in case something goes wrong.
- Theme updates. Depending on your theme creator, they may release updates. A good theme will be version controlled with major and minor version numbers similarly to how we describe above for WordPress Core.
- Plugin updates. Plugins will be regularly updated and again, like themes and WP Core, there will usually be versioned with major and minor release numbers.
Regular updates will apply constant fixes to security issues and hacker backdoors as they become known to developers.
REGULARLY CHECK YOUR SITE/DASHBOARD
Login to your site regularly and look for any unusual behaviour or problems.
USE MONITORING TOOLS
Activate monitoring tools like Google Search Console or Jetpack Monitor which will notify if suspicious activity it taking place on your site.
IMPLEMENT PROACTIVE SCANNING AND WEB APPLICATION FIREWALL
Even with all of the above protection in place, issues can arise and hackers can gain access to your website. Employing the services of a proactive solution to prevent this is highly recommended. A good solution will do three things:
- Proactively monitor your site files for any signs of malware
- Automatically remove malware
- Block unwanted visitors and suspected hacking attempts (Web Application Firewall)
The following solutions are available:
- https://www.wordfence.com/ (free and paid versions)
- https://wpdistrict.sitelock.com/ (paid versions only)
- https://sucuri.net/ (paid versions only)
- Paid for upgrade of https://jetpack.com/features/
How To Recover From A WordPress Crisis
Recovering from a mishap is possible if you’ve taken the precautionary steps listed above however if you’ve come to this article and it’s too late, the following steps can lead you in the right direction. Don’t panic.
RESTORE FROM BACK-UP
Depending on the problem, you can restore one, some or all of your site files including your entire database. If the problem was a hacking attack, you need to make sure you fix the issue which allowed the hack to be successful in the first place – that might not be obvious to you.
FIX IT YOURSELF OR HIRE AN EXPERT?
If you’re trying to recover from a hacking attack, you might ask your web developer to help you or try to fix it yourself.
However, in our experience, it pays to use an expert. The following are well-known, reputable and highly experienced in cleaning up and protecting your website:
Most of all, if you were to take one thing away from this article we suggest it be taking regular back-ups of your WordPress site. Trust us, this will save you from that gut-wrenching feeling of losing all of your hard-work.
You can see more tips on optimising your WordPress site for SEO and Performance here.
Thanks for reading!
- What is Managed WordPress Hosting?
- In-Tuition Cloud Services: Managed WordPress Hosting
- How to Optimise your WordPress Website