First, a Reality Check
Sucuri recently released their report on Website Hack Trends of 2018. You can read this article from ZDNet entitled WordPress accounted for 90 percent of all hacked CMS sites in 2018 and this article by SC Media entitled CMS hackers focus on WordPress. Now, WordPress (WP) powers a huge portion of sites on the web so in a way this makes a lot of sense. the more sites out there, the greater the target. Yet you do have to ask yourself why you want to potentially involve yourself in such things. And if you must, how do you secure yourself so that you don't have to deal with being hacked?
As brought out in the articles, WP core and third-party plugins need to be kept up to date. See WordPress Maintenance & Updates below.
Wow, WordPress is popular isn't it?! Everywhere you look people are saying that this is THE platform you have to have, the one the only, the best of the best. It might be true if we take a look at your needs and determine that's the fact. Or it might not be. That said, if we decide that yes, WordPress is the platform for you, then we'll build you up an excellent WordPress site. I will have to insist that we put it behind a firewall. Please know that a WordPress site needs to be maintained (see below). All the third-party plugins and WP core need to be kept up to date so that we do the best we can to prevent security vulnerabilities.
If I'm unable to help you, I can send you in a direction that can.
So your [insert friend, cousin, director’s husband, sister, brother, etc.] built you a website on the WordPress platform but didn’t teach you how to use it and now they won’t talk to you. I wish I had a few bucks for every time I’ve heard that. And I want to apologise on their behalf. Not everyone is like that. There are those of us that want you and your website/business/organization to succeed. WordPress training is a part of that success.
I will teach you (virtually or in person if we’re close) how to use your WordPress site. You’ll learn what you need to know instead of what you don’t need to learn. Personalised training is great for that. For the things you don’t want to learn, or maybe they’re too hard, I can do them for you. Our relationship can be ongoing, or not. Your choice.
We can go as easy or in-depth as you’d like. If you want to learn how to do updates, I’ll teach you how to safely do that (and how to take a backup and restore it).
WordPress, like any Content Management System (CMS) needs to be kept up to date with the latest version and life cycle in order to be the most secure. Same deal with third-party plugins.
The top two reasons sites get hacked are:
- The server environment (your host).
- Scripts that aren’t kept up to date (WordPress itself and all third-party plugins are scripts).
Here’s the thing, sometimes when you update WordPress or third-party plugins, things break. It’s just part of life. Thus, it’s important that precautions are taken to avoid breakage, potential downtime, and loss of what’s important to you.
Before updating WordPress or plugins, do the following:
- Read: read WordPress forums and plugin developer forums before doing the update. If it’s a security update, weigh the risks of doing or not doing the update with potential issues. If it’s a bug fix release, wait and keep reading to determine when it’s best to do the update.
- Take a backup: it’s important to have a backup of your site before doing updates. Best practice is test said backup to make sure it restores. It’s no good having a backup if it doesn’t restore properly. Do not depend on your host to have a backup for you. Make sure that you have copies of your backups stored somewhere other than your server (which is insecure anyways). If something is wrong with your server, having your backup stored there will be sad.
- Dev site: It is recommended to have a dev site that is a replica of your live (production) site to do updates on first. This way you can adequately test the dev site after an update to make sure it’s working fine. That said, it means you also have to keep the dev site up to date or it too can become a security vulnerability.
Most sites can be properly maintained in less than an hour a month. Some clients can do so in 15 minutes per month. The amount of time depends on how many third-party plugins are running on the site and how complex they are, as well as how often the developer releases an update.
Many of my clients do not enjoy the process of keeping their sites up to date. They have businesses to run. They may be perfectly fine adding and editing content, but updates scare them. They don’t want to do the heavy lifting that may come with doing an update and doing maintenance.
Thus, I offer a service to do WordPress Maintenance for clients.
Here’s what’s included:
- Update WordPress whenever they release an update (sometimes it’s more than once a month, other months there are no updates)
- Update third-party plugins at least once per month
- Take at least one backup per month
- I’ll add a monitor on each site so we know if the site is going down or up often for long periods of time so that something can be done about it
- Priority over those clients/sites not on the monthly update plan
The following is not included:
- Migrations from one life cycle to another (currently WP doesn't do migrations, but you never know when maybe they'll have to)
- Major life cycle version changes on third-party plugins if applicable
- Time it takes to fix problems that an update to an plugin or WordPress might have created
- Time it takes to resolve issues as a result of the monitor that might say something is wrong and needs to be addressed
- Server maintenance (like changing PHP versions or updating .htaccess files, etc.
- Costs for commercial/paid third-party plugins
If your site is running only basic normal plugins (editor, backup, template) it can be maintained in about 15 minutes per month. If more than that, it will be 30 minutes or more depending on the type and number of third-party plugins. The cost is whatever my hourly rate is by the number of quarter hours. Please contact to discuss.
If I did not build your site, an initial set up fee may be required depending on how much needs updating and how old the version of WordPress is that you’re running.
How do I get started?
- Get in touch
- We’ll set up a virtual meeting so I can see the backend of your site and evaluate extensions
- I’ll come up with a price and determine if an initial set up fee is required
- I’ll communicate this with you and you’ll choose
WordPress Maintenance is important. It’s a commitment you make when you build a website. It’s not “build it and forget it.” It’s a living thing (I know that sounds weird) that needs committed attention to keep it alive and happy. Commit to your website and get started on the WordPress Maintenance Monthly update plan today.