WordPress Maintenance and Support Services.

Don’t risk your business being splashed across media as the latest hacker victims. 

Latest Australian Hack Updates
from Packet Storm Security.

Website Maintenance means peace of mind for you.

If your website is built inside of WordPress, then ensuring its software is kept updated to latest the release is one of the simplest ways to minimise your risk of being hacked, and improving the site’s system stability.

WordPress is composed of layers of software, each with potential updates:

• WordPress Core
  This is the internal software that creates the WordPress system framework.
• Theme
  Themes are used in WordPress to support layout and design.
• Plugins
  Add on functionally with the website is provided via ‘plugins’.

WordPress ‘core’ software updates

This is the software framework that WordPress operates within.  It’s maintained by a community of dedicated WordPress enthusiasts, who regularly release updates to address things like:

• bug fixes
• add new features
• improve performance
• enhance existing features to stay up to date with new industry standards
• fix ‘exploits’

As updated software is made publicly available, the versioning details may reveal an issue that has been resolved in that release. The public as well as Hacker’s can review the updates for each version, then their software can crawl through the internet looking for WordPress sites that haven’t been updated, and then target the reported exploit.

If they discover your website hasn’t been updated, it immediately becomes a hacking target, with the hackers software probing your site knowing exactly what its weaknesses are.

WordPress Theme Updates

Themes provide the look and feel for your website. They are inter-connected to the core WordPress software. As themes contain software components, they may need to be updated from time to time, in much the way that the WordPress core software does. There may also be a need to update the theme in response to core software changes.

What is different about themes is that they are usually created by individuals and organisations who are outside of the WordPress core software team. This may result in a couple of issues for WordPress website owners.

Theme updates can be problematic.

Theme Updates rely on the theme author to produce updates, so updates may be delayed or even not addressed at all.
This can be the case especially for older and/or less popular themes where there is no ongoing support.

Ongoing theme support is a critical consideration for your new website.  The theme is usually selected by your web developer when they build your new website. As an owner, you often have little or no knowledge about or input on the select theme. Then one day you find that the theme embedded in your site is no longer supported and you are left exposed to hackers or there are technical issues with your site due to the unsupported theme. In this situation, the site will most likely need to be re-built using a theme which is better supported, a service we have been able to provide to our Clients.

Web developers can also deploy your website with a ‘locked’ theme that cannot be updated and so also runs the risk of hacker exposure and/or technical compatibility issues with the WordPress core. Again, this is something that is typically not disclosed to the client when the site is built.

Here’s what we suggest for a new website theme.

If you are having a new WordPress site constructed, we strongly suggest you insist that the developer ensure:

The Theme selected has a clear support plan.
This may require that you licence the theme (referred to as a ‘premium theme’), and/or also pay an annual maintenance fee for the theme.
These fees are usually trivial – maybe $US 50 for the theme licence which probably includes 12 months support.

The complete theme is installed into your site, and not just a locked or a child theme

As a general rule, I suggest you ensure that the theme also has a large installed base with an active support community for websites using that theme.

Plugin Updates

Plugins are also produced by a diverse range of software developers, so similar to themes, there may be updates required after a core software update.

There are also several active test communities eg Wordfence who investigate and report potential exploits they find in plugins. Fortunately, as the Wordfence team are good guys, when they find a vulnerability or exploit they contact the theme or plugin author to first allow them time to produce a fix before announcing their finding to the world.

Again, the issue here is that as soon as hackers also get this information they can reconfigure their hack scanning software to find victim websites for this new exploit before they are updated.

WordPress Content Updates

Included in the portfolio of WordPress Maintenance activities we provide for your business is making minor edits to your website on your behalf.  While WordPress is allegedly easy to update, often with is not the case. So if you would prefer a staffer to do updates because you imagine this will be quicker and easier, you or they might be surprised at the complexity of making ‘simple’ edits.

Which editor is in my site?

Until just a couple of years ago, editing WordPress was a relatively simple task.

Content updates generally involved just the ‘classic’ WordPress editor. It is simple and straightforward to use.  So they would simply learn how to use the WordPress ‘classic’ editor.

More recently the number of WordPress editors that can be used for content updates has exploded, and so your internal team would need to be proficient in using one of these editors:

WordPress Classic Editor

The original WordPress editor (now known as the ‘classic editor’) essentially became redundant at WordPress version 5.0. while it was functional, it was limited for more sophisticated layout configurations.

The greatest trial those days was struggling with the original editor’s lack of support for pages with multiple columns. The old school approach for multiple columns was to use tables, but this lost favour as Cascading Style Sheets (CSS) presented more elegant and arguable, more easily managed page-building options.

With a modern website laid out across several columns, the classic edit is simply un-workable but these new block editors handle it well.

Gutenberg editor

The Gutenberg editor appeared in version 5.0 and replaced the classic editor. Sadly it was instantly abhorred, as most innovations are.  This block-based editor is now the default standard text editor for WordPress. It has its own peculiarities and so understanding how you might add or edit a particular piece of content in Gutenberg is remarkably different from the same task in the ‘classic’ editor.

Frankly, it’s not too bad at all and has a growing portfolio of add-ons for it.  While there were some ‘winkles’ initially, these have been ironed out now. It certainly doesn’t deserve the bad press it gets. Nevertheless, for the uninitiated, working with a block editor can be challenging.

Theme and Block Editors

Around the same time Gutenberg appeared, so did numerous of ‘drag and drop’ block editors appeared, including:

Divi Builder
The default editor for the very successful Divi theme claimed to be used in over 700,000 websites.
The Divi Builder is elegantly integrated into websites using the Divi theme.
It provides WYSIWYG editing and very strong support services.
The Divi Builder offers 40+ built-in elements to help lay out each website page and add/edit its content.
3rd party developers also provide numerous Divi Builder extensions, usually on a small annual fee.

Elementor
This drag-and-drop editor has free and pro versions. Most simple tasks can be undertaken with the free version but at $US49 per year, the Pro version certainly isn’t expensive!

Other Block editors 
A plethora of block editors are available as well. Many of these are loaded by default with a theme, or loaded by your web developer at build time. Each these editors have their own user interface which the operator needs to learn along related quirks etc.

Website backups

As well as updates, a critical WordPress maintenance activity is making backs for your site. Our backup strategy has several notable aspects based on years of experience:

Weekly website backups.

We make a full backup of your website every week. We do this in low-traffic times, so the backup process does not impact your website’s performance when visitors are most likely to visit. Should a catastrophic failure occur, we’re able to recover and restore a version of your website that’s no more than a week old. This ensures that any content updates made recently are more than likely included in that backup and can be reinstated.

Fifteen deep backup history

Our rolling backup storage strategy retains the last 15 weekly backups. That’s a total of 3.5 months of backup history.  We do this so that should your website become infected with a virus, we have the option of selecting and restoring a backed-up version from before the site was infected.

Offsite Backup Storage

Our backup strategy stores the copies of your website separately from the web server your website lives on. We do this to avoid the possibility that your website’s server is completely obliterated, as well of all of its backups.  Just in case you think this is over-cautious, this happened in Australia back in 2011.  Refer: https://www.webberinsurance.com.au/learn-distribute-it-hacking-incident

Approximately 4,000 websites and the related business emails on 4 servers were deleted. The hackers also deleted all of the backups for these sites. The cost of the event led the hosting company Distribute IT to go into liquidation, so their client’s ended up with no opportunity whatsoever to recover their websites. 

This is long enough ago for many web hosts to become complacent and for newbies in the industry to be unaware of the event and its catastrophic ramifications. I recall several businesses in the industry declaring bankruptcy to escape liability for businesses that completely lost their websites and had no chance to restore them quickly. It was a tense time, and unfortunately, the lessons that should have been learned have been forgotten by many, but not the team Website Concierge.

Even today, I grimace when speaking to people who assure me their hosting provider holds backups for 24 hours because that is all that’s really necessary…  

Is the website database is backed up as well ?

If you are familiar with WordPress, you will know that the WordPress website content, along with other key information, is stored in a database that’s separate from the website files. If your web host is backing up files but not the associated database, they cannot possibly restore your website from their backups. 

Ensure a restorable backup of your database is included in each backup so when the situation requires it, you can be confident your website can be fully re-created from backups.

Non-Page content updates

There’s lots of content inside your WordPress website that’s not sitting inside pages. Footers and header and other special content have to be edited via ‘widgets’. Some content elements that are generated by plugins may require editing within the plugin itself.  

So a typical content update task is to first find out where that particular piece of content is accessible for edits. Here are some examples of these type of non-page edits.

Widget Content edits

Widgets are content containers that appear in the same place on each page, for example in the footer, right-hand margin and other areas on the page. Widget content may need to be edited as text, short-codes or even script.

Menu edits

WordPress Menus appear in a separate area in the back-end. To make changes you’ll need an understanding of how the menu system works. Like widget edits, it is relatively easy to edit menus, if you know how.  

Website Care Packages

As every business’ needs are different, so we offer a range of website support packages. Select the package that offers the services that your business needs. You can upscale your services as you require each month.