Maintaining your WordPress website
We love our web developer cousins, but there seems to be a general view that once they’ve delivered your shiny new website, the job is done. From your website’s perspective, the reality is quite different indeed. There are important ongoing maintenance tasks to be performed on your WordPress website, and that’s where Website Concierge steps in.
There are 2 important forms of Updates for your WordPress website:
Content Updates: We’ll ensure that important information in your website is updated usually within 24 business hours.
Software Updates: We’ll ensure your website software is kept updated to keep it running reliably and minimise your exposure to hackers.
We take WordPress Updates Seriously
Updating your website regularly is core to minimising your website exposure to hackers. Hackers can range from nuisance vandals, or increasingly, criminals using the internet to ransom and undermine businesses online presence. These guys use hacking software to find websites they can break into by detecting the presence of ‘exploits’ or software defects. These secret back doors enable them to stealthily compromise your website.
As Website updates often contain fixes for exploits, applying them to your website will lessen the likelihood the hacker will be able to break into your website.
So one of the simplest, but most effective ways of keeping hackers out of your website is it to ensure it’s internal software is up to date.
How we do Updates
Website Concierge uses tools to continuously monitor your website’s software versions, then alert us when there are updates available, as they come available. We can then update that software in a timely fashion.
These days, checking for and updating software on a routine basis is simply not adequate to sufficiently protect business websites. A proactive update strategy such as ours is necessary to more adequately manage the risk of your website being compromised. The days of a routine update each month will leave your site far to exposed to hackers.
In a contemporary commercial world, a compromised website is as damaging to your business as not being able to open your showroom and office to prospective clients. So minimising exposure to hackers is an important risk mitigation strategy.
Being updated means peace of mind
If your website is built inside of WordPress, then ensuring its software is kept updated to latest the release is one of the simplest ways to minimise your risk of being hacked.
WordPress is composed of layers of software, each with potential updates:
- WordPress Core
WordPress ‘core’ software updates
This is the software framework that WordPress operates within. It’s maintained by a community of dedicated WordPress enthusiasts, who regularly release updates to address things like:
- bug fixes
- add new features
- improve performance
- enhance existing features to stay up to date with new industry standards
- fix ‘exploits’
As updated software is made publicly available, the versioning details may reveal an issue that has been resolved in that release. Hacker’s can review the updates for each version, then their software can crawl through the internet looking for WordPress sites that haven’t been updated, and then target the reported exploit.
If they discover your website hasn’t been updated, you immediately become a hacking target, with the hackers software probing your site knowing exactly what its weaknesses are.
WordPress Theme Updates
Themes provide the look and feel for your website. They are inter-connected to the core WordPress software. As themes contain software components, they may need to be updated from time to time, in much the way that the WordPress core software does. There may also be a need to update the theme in response to core software changes.
What is different about themes is that they are usually created by individuals and organisations who are outside of the WordPress core software team. This may result in a couple of issues for WordPress website owners.
Theme Updates can be problematic
Theme Updates rely on the theme author to produce updates, so updates may be delayed or even not addressed at all.
This can be the case especially for older and/or less popular themes where there is no ongoing support.
Ongoing theme support is a critical consideration for your new website. The theme is usually selected by your web developer when they build your new website. As an owner, you often have little or no knowledge about or input on the select theme. Then suddenly you find that the theme embedded in your site is no longer supported and you are left exposed to hackers or there are technical issues with your site due to the unsupported theme.
Web developers can also deploy your website with a ‘locked’ theme that cannot be updated and so also runs the risk of hacker exposure and/or technical compatibility issues with the WordPress core.
Here’s what we suggest for a new website
If you are having a new WordPress site constructed, we strongly suggest you insist that the developer ensure:
The Theme selected has a clear support plan.
This may require that you licence the theme (referred to as a ‘premium theme’), and/or also pay an annual maintenance fee for the theme.
These fees are usually trivial – maybe $US 50 for the theme licence which probably includes 12 months support.
The complete theme is installed into your site, and not just a locked or a child theme
As a general rule, I suggest you ensure that the theme also has a large installed base with an active support community for websites using that theme.
Plugins are also produced by a diverse range of software developers, so similar to themes, there may be updates required after a core software update.
There are also several active test communities eg Wordfence who investigate and report potential exploits they find in plugins. Fortunately, as the Wordfence team are good guys, when they find a vulnerability or exploit they contact the theme or plugin author to first allow them time to produce a fix before announcing their finding to the world.
Again, the issue here is that as soon as hackers also get this information they can reconfigure their hack scanning software to find victim websites for this new exploit before they are updated.
WordPress Content Updates
Included in the portfolio of WordPress Maintenance activities we provide for your business, is making minor edits in your website on your behalf. While WordPress is allegedly easy to update, often with is not the case.
Which editor is in my site?
Until just a couple of years ago, editing WordPress was relatively simple task.
Content updates generally involved just the ‘classic’ WordPress editor. It is simple and straightforward to use. So if your staffer wanted to do updates, they would simply learn how to use the WordPress ‘classic’ editor.
More recently the number of WordPress editors that can be used for content updates has exploded:
WordPress Classic Editor
The original WordPress editor (now known as the ‘classic editor’) essentially became redundant at WordPress version 5.0. while it was functional, it was limited for more sophisticated layout configurations. My greatest trial those days was struggling with the original editor’s lack of support for pages with multiple columns. The old school approach for multiple columns was to use tables, but this lost favour as Cascading Style Sheets (CSS) presented more elegant and arguable more easily managed page building options.
The Gutenberg editor appeared in version 5.0 and was instantly abhorred as most innovations are. This block-based editor is now the default standard editor for WordPress. It has its own peculiarities and so understanding how you might add or edit a particular piece of content in Gutenberg is remarkably different from the same task in the ‘classic editor’. Frankly, its not too bad at all, and has a growing portfolio of add-ons for it. While there where some ‘winkles initially’, these have been ironed out now. It certainly doesn’t deserve the bad press it gets.
Theme and Block Editors
Around the same time Gutenberg appeared, so did numerous of ‘drag and drop’ editors including:
The default editor for the very successful Divi theme claimed to be used in over 700,000 websites.
The Divi Builder is elegantly integrated into websites using the Divi theme.
It provides WYSIWYG editing and very strong support services.
The Divi Builder offers 40+ built-in elements to help layout your page and add content.
3rd party developers also provide numerous Divi Builder extensions, usually on a small annual fee
This drag and drop editor has free and pro versions. Most simple tasks can be undertaken with the free version but at $US49 per year, the Pro version certainly isn’t expensive!
Other Block editors
A plethora of block editors are available as well. Many of these are loaded by default with a theme, or loaded by your web developer at build time. Each these editors have their own user interface which the operator needs to learn along related quirks etc.
As well as updates, a core WordPress maintenance activity is backing up your site. Our backup strategy has several notable aspects based on years of experience:
Weekly website backups.
We make a full backup of your website every week. We do this in low traffic times, so the backup process does not impact your website’s performance when visitors are most likely to visit. Should a catastrophic failure occur, we’re able to recover and restore a version of your website that’s no more than a week old. This ensures that any content updates made recently are more than likely included in that backup and can be reinstated.
Fifteen deep backup history
Our rolling backup storage strategy retains the last 15 weekly backups. That’s a total of 3.5 months of backup history. We do this so that should your website become infected with a virus, we have the option of selecting and restoring a backed up version from before the site was infected.
Our backup strategy stores the copies of your website in a separate storage system from your website. We do this to avoid the possibility that your website’s server is completely obliterated, so loosing your website and all of its backups. Just in case you think this is over-cautious its happened before here in Australia.
Database is backed up too
If you are familiar with WordPress you will know that the website content as well as other key information is stored in a database that’s seaprate form the website files. We ensure a restorable backup of your database is included in each backup so we can fully reproduce your website from our backups if we need to.
Non-Page content updates
There’s lots of content inside your WordPress website that’s not sitting inside pages. Footers and header and other special content have to be edited via ‘widgets’.
So a typical content update task is to first find out where that particular piece of content is editable in the back-end. Here are some examples of these type of non-page edits.
Widget Content edits
Widgets are content containers that appear in the same place on each page, for example in the footer, right-hand margin and other areas on the page. Widget content may need to be edited as text, short-codes or even script.
WordPress Menus appear in a separate area in the back-end. To make changes you’ll need an understanding of how the menu system works. Like widget edits, it is relatively easy to edit menus, if you know how.