In which I look at some of the tools of the trade you may not have considered or known about…

The great glory of WordPress is that it’s so widespread and such a versatile platform.

The great downside of WordPress is that it’s so widespread and such a versatile platform.

Yes, it is a dichotomy. The problem I’ve seen having worked in both development, design, and hosting or WordPress sites is that WordPress allows people to do some amazing things without a lot of technical knowledge. Sadly, this does allow people with zero knowledge of security to build nice sites that are easily compromised or never get on the net in the first place.

Migrations:

So, first off, just what is a “migration”? Well, it involves many things. Plain and simple, it’s moving the contents of a site from one place to another. It can be moving a development site from a hidden subdomain to the main site or it could involve moving from one web host to another.

updraftplusWhile not perfect, for most circumstances I’ve been very impressed with UpDraftPlus. For just $30, you have a tool that with a few clicks you can back up and migrate or clone a site. It’s dead simple to use and very highly effective. There are some circumstances where you do not want to use it but for 99% of WordPress migrations, it works really well

One of the most annoying problems people face with manual migrations is having to change links inside of the site database. UpDraftPlus does a really great job of scanning your site files and databases and makes sure that you are able to change them to reflect the new site.

Example: I developed a site for XYZ.com on a domain ABC.com. When it was ready to launch, I simply backed the site on ABC.com up using the built in DropBox backup in UpDraftPlus, went to the empty site on XYZ.com, and in a matter of maybe 5 minutes had XYZ.com up and running. I’ve done this with probably half a dozen sites and it’s worked every time.

Dropbox-Mindpress

UpDraftPlus also has a lot of functionality that I’ll talk about further down below.

DNS Routing:

QUICK NOTE You can fill up volumes of books with the hows/whys of DNS. I’m not discussing that here, I’m just covering some free tools to help diagnose and fix DNS issues.LEAFDNS

One thing that confuses owners and developers/designers alike is DNS. DNS is viewed by some as a mysterious thing that only your webhost messes with. I would say a large number of the problems I find with sites come down to simple DNS issues.

To find out the current status of pretty much any site is the awesome site LeafDNS. I use LeafDNS as one of my first stops on trying to diagnose issues with a site.

Here’s the thing about DNS. When you have a domain at say NameCheap, you can point it to your hosting package at HostGator. However, it’s not always as easy as changing just the nameservers at your domain name registrar. Inside of your hosting package, whether it’s at HostGator, GoDaddy, or a WordPress boutique hosting company like Pressable, there are various DNS records and settings that you may need to change.

With just a slight update or change of a record at your host, you can easily direct your email to be handled by Google Business Apps, your main site at HostGator, and change how people access your site with www. Amazingly powerful but also easy to mess something up. LeafDNS is the go to tool for me when it comes to figuring out where everything is pointed.

DNS Propagation

The internet is fast and high tech, however it’s not automatic. Whenever you change a DNS setting, there is a slight delay before it takes effect. If you change your nameserver settings to point from GoDaddy over to  HostGator etc, it can take 24-48 hours before the whole of the internet realizes that is what you are doing.

logo

This means that sometimes you can have your site up and running but someone in Seattle can’t see it but someone in Mumbai can. Very odd, but it’s a fact of DNS. My go to tool for looking at propagation is What’s My DNS? It’s a free tool that let’s you see and understand just why is it someone isn’t seeing your site.

Site Building:

WordPress offers a very very very wide variety of themes and pagebuilders. Professionals will build from scratch using something like NetBeans and a SublimeText. However, for the majority of users, this isn’t helpful.

The bone stock editor built into WordPress is actually pretty darn good. I always explain to clients when turning a site over to them, that if you can do Microsoft Word, you can do WordPress. However, there are a lot of things that aren’t that easy to implement with the built in solution. For page building, I really do love WP Bakery’s Visual Composer. VC is an inexpensive and incredibly robust tool that may actually already be included with your theme.

Visual Composer

With Visual Composer, you can do some really wondrous things. There is a learning curve but it’s pretty easy to do some spectacular looking visual components, parallax, etc.

Security & Recovery

Easily the most common security frustration I see is when someone’s WordPress site gets compromised. Frequently, it’s malware based on someone’s computer that steals your credentials. Quite frequently, the issue that leads to a compromise is an inherent vulnerability in either a plugin or the theme file. The easy way to solve this problem for free is to frequently update your site.

wordfence

But Scott, how do we know when something needs an update? WordFence. WordFence is primarily an anti-brute force plugin but it does notify every time something inside of your WordPress site needs updating. This is a good thing. Warning. Ok, so WordFence is great in the free form but I’ve seen some issues arise on occasion where people get their servers bogged down by WordFence. That’s just me but if I’m running it, I use the free version since I don’t want to get a TOS violation from my host.

For WordPress, one of the very common things I see is brute force compromises. What this is, is when a hacker guesses your username and password enough times to finally get it right. Having looked at the logs on my various sites, most hack attempts try guessing your username using one of two ways.

Admin username hack. Sadly, way to many people use the name “admin” for their administrator username. This is easily the most guessed username on my sites. Since most sites all use the domain.com/wp-admin for their login page to their WordPress Dashboard, it’s easy to make a try.

This. Never Ever Do This!

If you choose “Admin” as your username, it’s only a matter of when, not if, someone guesses correctly. The second version of the brute force is using “domain” as the username for domain.com. Again, it’s really a very bad idea. Choose something you will remember but that isn’t obvious. However, if you do choose admin, make sure you have a ridiculously industrial/military grade password.

However, installing WordFence will solve most of these problems. WordFence automatically will block IP addresses of people that are trying to brute force their way into your site. You also have the ability to IP block entire countries which can potentially be very very handy. You will also receive alerts every time someone brute forces attempts on your site as well as every time someone successfully logs in as admin. Good rule of thumb is, if you receive an email that the admin has logged in, and that’s not you, something very bad is happening.

Lastly, if and when your site gets compromised, using a wonderful plugin like Updraft Plus is a real lifesaver. Not only can you back up to your WP site, you can also back up to the cloud. This way you can back up daily and still have plenty of space on your web hosts server. Plus, this also makes it harder for someone hacking your WordPress site to delete your backup files.

updraftplus

*If you haven’t been able to tell yet, I really do like UpdraftPlus.

OTHER METHODS OF BACKUPS

Just about any website out there can use services of two companies I really do like. CodeGuard and SiteLock.

codeguard

sitelock

I can’t talk highly enough about how useful it is to be able to roll back either an entire website or just one file when I mess something up, err, when something goes wrong beyond my control. I encourage you to check both services out. They are very much worth the money and in some cases, your webhost may throw them in for free.

Conclusion

So, I have left a bajillion of the tools I use on a regular basis. These are just some of the tools that I know most people don’t think about or worse yet, way overthink.

If I’ve missed something you love to use, please let me know and I’ll happily add it in.

%d bloggers like this: