Last month, I gave a remote training session on WordPress as part of the Cathedral Quarter in Depth Webinar and it was moved online due to the Covid 19 situation. It was a three hour session and it generated a lot of questions. I answered as many as I could but made a commitment to answer any others using a blog post – so, here it is.
There is no definitive answer to that. My opinion would be to use the absolute minimum of plugins that you can. Throwing plugins at a problem is probably not the solution. Also, choose carefully when using a plugin – check reviews, check the number of installs, check how often it is being updated. Building your entire site around a plugin that has been running for a month, has very few installs and only a few reviews would not be recommended.
This could be a blog post on its own. However, short answer would be to get it done by a professional. Things to do in the interim, change all passwords and set up 2FA. However, it may need a completely new install of the site and it may be a slow, drawn out process.
There are so many ways that a site could have been attacked and so many steps to carry out, my recommendation would be to use a specialist to do the job.
This came up under a slide I was talking about WordPress security. One way, and I am aware that this is throwing a plugin at the problem, is to use a well known and trusted plugin. The example I mentioned was: WPS Hide Login. We don’t actually use this plugin, but it is highly recommended by others. We change the URL through our security profile that we apply to all sites. We find the best security plugin for WordPress is: Shield Security – the free version is good, the PRO version, I would highly recommend if you are taking WordPress security seriously.
Depending on your theme, you may be able to edit it without causing any issues – but be very careful and make sure you know what you are doing.
If you use a plugin from the official repo, it will appear in the sidebar of the plugin page. It will say “Last updated:”. Any plugins that have not been updated in two years, carry a warning nag across the top of the page to alert you to this. Generally, if a plugin hasn’t been updated in two years, I would stay clear.
There are a number of plugins that offer that functionality. But, I’ve never used any of them. Using the different filter, views and search options in the media library may make it easier to find the media you are looking for. You can use grid or list view to sort images easier, you can filter by date uploaded or use the search field. TIP: if you are using the grid view, increase the number of items per page in your screen view options to see more than the default 20.
My personal opinion on this is do not obsess with the green / red / amber traffic light system that Yoast provides for your site. Write your content for humans – make it informative, well written and rewarding to the user and don’t worry too much about the analysis given by Yoast. Your main concern should be about producing good content, do that right and people will read it.
In one way, you should be scared – if the updates go wrong and your site crashes, what is your contingency to restore it? Where are your backups? Do you know how to disable a plugin through FTP? If you can’t answer all these questions, then you should be scared.
If you know how to restore your site if there is an issue, or know how to disable a plugin if things go wrong, there is no need to be scared at all. We find that with 99% of updates there are no issues but we still have a well rehersed plan for restoring a WordPress site should issues arise.
Updates need to be run, this is a must, but try them out on a local version of your site or on a development version to ensure there are no issues prior to running the update on your WordPress core, theme and plugins.
Yes, in short. Updates are there for a reason, either for function or security. Our policy with updates is if there are security fixes, we update them straight away; if there are function or features, we tend to leave them for a while in case there are any issues or bugs. But, we always will update them.
Wibble have a well-practised process for managing WordPress core, theme and plugin updates. We call it the Golden Gate Bridge. We feel that keeping on top of updates is the only safe way to manage a WordPress site.
There are a number of options. In the past I have used: Wamp, Mamp, Xampp and a recent entry into the local development server is Flywheel. Adam wrote a blog post on Local development using Flywheel. Flywheel is very easy to set up and run. However, you may need some help moving a local site to a live environment.
Having backups of your WordPress site is crucial. If something goes wrong on your site, you need to know where they are, if they are working and how to get them back up and running, ASAP.
First place to check is your host, make sure there are backups being run regularly on your site. Make sure you know how to get to them, if needed.
I would recommend also using a third-party backup option, too. We have a managed WordPress hosting system that, every 24 hours, backs up your site and stores the backups in a different datacenter in a different continent, as a failsafe. There are a number of WordPress backup plugins available that will back your site up onto DropBox, AWS etc – I wouldn’t recommend having your backups on your own server as if the server goes down, you can’t access them.
Practice retreiving your backups regularly, making sure that you know how to roll your site back, the last thing you want to do is have to read blogs and guides on how to do it while your site is down and costing you sales.
The feedback from the webinar has been great, lots of questions is usually a good sign. I hope I answered all the questions above clearly and in-depth. If you have any more questions, get in touch with me on Twitter.
Wibble are well known as WordPress experts and we have documented this for a number of years through our WordPress blog. We have, lately, seen a large increase in requests for WordPress training to be provided and this is something that we are offering more and more. I wrote about providing WordPress training in Belfast for our client, Abacus Talent Group. If you want dedicated WordPress training customised to your requirements, get in touch with us.
Studio Location
Floor 2,Telephone
+44 (0)28 90 098 678
Get in touch with us today with the details below, or use the contact form to ask us a question and one of our Wibblers will get back to you.
"*" indicates required fields
