Archives for September 2013

3 compelling reasons to update and secure your WordPress website

Wordpress Website Hacked Stamp

Your WordPress website needs regular maintenance to perform optimally. The WordPress core application is constantly being updated, and along with it are WordPress themes and plugins. Keeping your installation up-to-date is extremely important – especially since so many updates contain security fixes and patches that will prevent potential exploits of the vulnerabilities of your WordPress website or blog.

Due to its widespread popularity, WordPress-based sites are a constant target of hackers and spammers. The WordPress developers continually monitor this and create patches to fix any potential security holes, leading to regular updates that will keep your WordPress installation clean and safe. If you do not keep your WordPress installation current, you risk becoming a victim to malicious attacks that would otherwise be easily prevented.

Additionally, WordPress is known to be something of a “memory hog” and frequent posts and visitor discussions can quickly take up space and increase bandwidth.

Maintaining WordPress is more than simply updating the core, themes and plugins. There are numerous WordPress maintenance tasks that should be performed regularly in order to keep your site running optimally and securely. You should also conduct a security audit to make sure you are following the latest protocols.

The following examples outline three real life examples of WordPress maintenance-related issues. Each highlights the importance of keeping your WordPress installation updated, maintained and backed up.

1. Outdated WordPress site hacked; infects entire server

We used to host client sites on our server. We ran into one instance where one of these clients neglected to update their WordPress installation for quite some time. Needless to say, they got hacked, falling victim to a widespread hack attack on WordPress sites across the globe. Once these hackers got in, they were able to navigate through and infect every single site on our server. Our personal site went down, along with several development sites and a few live client sites. Thankfully we had recent backups of everything, but it was still quite a mess to untangle. Lesson learned.

This wasn’t the first time we’ve seen WordPress sites get hacked, and it certainly won’t be the last. As of the time of this posting, we had another client contact us just yesterday explaining that his site was hacked and flagged as “unsafe” by Google. It was, however, the first (and only) time our own WordPress install was hacked. Although our site itself was secure, we were hacked by another insecure site on our server. This just serves to show that even though you may think your site is secure, there may still be vulnerabilities elsewhere that still pose a risk. Make sure you not only secure your site, but that you also know your hosting environment and, just as importantly, have a backup. If you’re not 100% sure you can handle all of this, our maintenance plans will handle the burden for you.

2. Outdated plugin crashes WordPress site

One client of ours initially refused the maintenance package, intending to update his website on his own. After all, WordPress provides simple “update” buttons that enable users to easily update the application, most plugins and many WordPress themes at the click of a button. One time, however, this client called us in a panic. He updated his WordPress site and it crashed. His site was nothing but an error page and he had no idea what to do. He also had not backed up his site in some time and was concerned he would lose data.

We tracked the error to a WordPress plugin that was incompatible with WordPress 3.0, a major release of the platform that included several new enhancements and features. The issue was that the plugin relied on WordPress code that was depreciated and no longer supported by the platform. So when the client updated WordPress, the plugin generated a major error: as in nothing else would work. Lucky for the client, we were able to roll back WordPress to an earlier version and then replace the outdated plugin. Not all plugin developers maintain their code, so even though a plugin is “free” – it may end up costing you more than you think! This client has since subscribed to our maintenance plan, which provides “insurance” against crashes like this.

3. Spikes in server load due to bot attack causes bandwidth crash

One of the common methods hackers use to attack WordPress websites are brute force attacks on the login page, trying to guess the admin password.  These automated scripts cause huge spikes in server load and the increased bandwidth can be enough to take your site offline. This has happened to a few sites that we manage, resulting in phone calls from clients in a frenzy. Fixing this usually involves working with your website hosting company’s support team, asking the “right” questions and then implementing one or more fixes depending on the source of the problem.

Our experience in dealing with this type of issue helps get your site back online quickly and patches the source of the problem. Our maintenance plan includes tasks that help minimize this risk as well as covers the repair.

WordPress Maintenance Plans

Because proper WordPress maintenance can be an arduous task, Agua Web Design has created a suite of WordPress maintenance plans. Our plans all focus on keeping your WordPress installation up to date, clean, secure and running optimally. They also include regular backups and restoration services. Each maintenance plan offers the same helpful features – the difference is the update frequency. Contact us today to find out which package is the best fit for your WordPress website.

7 WordPress maintenance tasks you should perform on a regular basis

Update WordPressWordPress is a simple, yet feature rich platform. Although it has a small learning curve (like any new application), it is pretty easy to get a site up and running. There are tons of free themes and plugins that make it easy for even a website novice to develop a fully functioning WordPress website or blog. But, like anything, it requires the occasional tuneup in order to continue running optimally. Even the fanciest luxury vehicle needs to go to the shop every once and a while.

The following seven tasks should be performed on a regular basis to ensure your WordPress website continues running smoothly and securely.

1. Update WordPress

Since it’s inception, WordPress has blossomed from a simple blogging application into a fully blown Content Management System (CMS). It’s used to power some of the most popular websites in the world, including Forbes, Best Buy and Jay Z. It seems that each new release brings new features and enhancements that make the application better and better. However, the growing popularity of WordPress websites is also the application’s biggest vulnerability, as it continues to be a target for hackers. Regularly updating your core WordPress application enables you to take advantage of all the latest features while also helping to maximize security.

[box]Helpful Tip: Take care to backup your site before every upgrade, to ensure you can roll back in the event you run into problems.[/box]

2. Update and audit your plugins

This includes not only updating plugins to the newest version on a regular basis, but also includes replacing out of date plugins with newer, more regularly maintained alternatives. There are tons of free plugins out there, but some still cost you in other ways, including increasing your risk of being hacked or crashing your site. In addition to updating them, make sure your plugins are regularly updated by their developers and that they are not causing conflicts with other plugins. If a plugin is not being updated, then at some point it is very likely to start causing problems.

Another important task is to regularly assess the value of your plugins. Although they add functionality and useful features, they also can weigh your site down and affect your site’s performance. Many simple features can be achieved by adding a very small amount of code to your functions.php file and don’t necessarily require the heavy load of a plugin. Review them regularly and ditch any you can live without.

[box]If you aren’t sure which WordPress plugins you can replace or get rid of, contact us to learn more about how to conduct a plugin audit and assessment.[/box]

3. Update or upgrade your WordPress theme

Many free and premium WordPress themes receive automatic updates, but definitely not all. If your theme does not receive automatic updates then you will want to check with the developer to see if they provide manual updates.

Manual updates require FTP access. Make sure you backup your site before updating your theme (unless you are using a child theme, in which case it is always safe to update the parent).  Many theme updates will overwrite any customizations you create to the theme files, including functions.php and the style sheet. The theme developer should lend any support in this area.

If your theme does not have any updates available, or is not regularly updated by the developer, then you may want to look at finding a new theme.

We highly recommend switching to a framework, if you have not already done so. We used to build our own themes from scratch to maximize customization. But the trade off was having to manually update and essentially redevelop the themes when they became outdated. Then we discovered – and fell in love with – WordPress parent/child frameworks. After initially working with the Thesis framework, we started developing child themes for the Genesis framework by Studiopress. Genesis is an excellent framework for many reasons, not least because it updates at the click of a button.

4. Purge unused assets

Unused images and other media files take up space and needlessly increase bandwidth usage. And old, inactive plugins and themes are also a huge security liability (with the sole exception of the default WordPress themes, which are critical for bug testing and should never be deleted).

Inactive plugins should be deleted from your server, including plugins you use on an occasional basis. As a general rule, if a plugin is not actively doing something on your website, delete it. You can easily add it back in to use when you need it. Hackers are familiar with which plugins have security holes, and can easily scan your site to see if any vulnerable plugins are installed (even if they’re “inactive”) and use them to break in.

Outdated themes pose a similar risk to plugins, though not as widespread. Any non-default themes should be removed when not in use. Default themes (the ones that come with WordPress) should not be deleted, but make sure you keep them updated. Depending on which version of WordPress you are running, the default themes for your version should include Twenty Twelve and/or Twenty Thirteen.

5. Fix broken links

Little is more annoying to a site visitor than clicking a link and getting an error page. When linking internally, keep in mind that a link to a post or page may change if you alter the post slug, category, parent, or site URL. If you change anything that could affect a post URL, then you should also update any links on your site that refer to that post or page. Using the “link to existing content” section of the link tool in the WordPress editing window, or the page/post link window on the menu dashboard, can help minimize internal linking issues as links will be updated automatically. But if you manually type or paste in your link URLs into a post, menu or widget then you may encounter linking issues when you move things around.

Further, even if none of your internal links are broken, you may be linking externally. As we learned above, websites occasionally change their permalink structure, and sometimes go offline altogether, rendering certain URLs obsolete.

It’s a good idea to use Google Webmaster Tools or a reliable broken link checking plugin to scan your site for broken links on the regular, and then update or remove them as needed.

[box]Helpful Tip: If you use a plugin to check for broken links, you should ideally deactivate and delete it when not in use (see #4 above).[/box]

6. Optimize and clean up your database

Your WordPress database gets junked, like a storage garage, and needs purging every so often.

  • WordPress by default stores every post and page revision, meaning every single time you hit the Publish button, WordPress saves a copy in your database. This makes it easy to roll back to a previous version at any time – especially helpful if you made a mistake – but it also starts to eat up space. You can limit the number of revisions in your config.php file, but it is not retroactive. The only way to delete already-saved revisions is to purge them directly from the database.
  • WordPress also collects comment spam, storing it in your database for a rainy day. And why would it do that? So you can recover a comment incorrectly marked as spam, or so you can review spam comments to identify and block repeat offenders. Unless you are running a script to delete your comment spam, it is probably clogging up your database.
  • When plugins are installed, most will create database entries in your wp-options table.

We recently cleaned out a client’s database, which was full of old post revisions, archived comment spam and options from deleted plugins. This single task cut the database size by more than half, reducing it from more than 50MB to less than 20MB. This not only freed up space on her server, it also sped up her site

7. Backups

Your site should be backed up according to the frequency in which you add new content, enabling you to quickly restore it to a working condition in the event of an attack or bug. If you aren’t regularly adding new content (although if you want to boost your SEO you should be), then you only need a backup when something is changed. If you are blogging or adding new content on the regular (and making the search engines, and your visitors, very happy) then you should update often. If you post daily, then you may want to schedule daily backups. Some hosts offer this for a nominal fee. If you are updating a handful of times each week, then weekly backups are probably fine.  If you update several times per month then make sure you backup once or twice a month.

WordPress essentially consists of three components: the core application, the database, and your content files. As of the time of this posting, the WordPress application is approximately 15MB. If you’re always updating to the latest version (as you should be), there is no need to backup these files. If you are running an older version for compatibility reasons then save a copy of the version you are using and you can then exclude it from your regular backups.
What you will want to back up are your database and your WordPress content files, including plugins, themes, and uploads (images, documents and other media files), which are all concentrated in a directory named wp-content.

WordPress Maintenance Plans

Agua Web Design offers a suite of prepackaged maintenance plans that covers all of the above – with varying levels of guarantee. Our packages are available with monthly, semi-weekly or weekly service. For sites that are updated infrequently, we can modify the plan to meet your needs, including quarterly, semi-annually or even once a year. Save yourself the stress and headache and contact us now to find a plan that meets your needs.

Why we really need to know your web design budget

Buying a Home - Budget

When we were shopping for our first home, one of the first things our realtor advised was to go to the bank to get pre-approved for a home loan. I remember her exact words: “Go talk to them to see what you can afford… or want to afford.” And so off to the bank we went and handed over paystubs, social security numbers, tax returns and bank account statements without thinking twice. We knew how much cash we had for a down payment and how much we could budget monthly. Once we got the stamp of approval from the bank, we handed over a letter with an amount on it to our realtor along with our home feature wish list, and off we went.

When you are buying a home, at least in most cases, you begin with an amount in mind and then figure out what you can get for it.  There are dozens of ways to compromise. You can back off on square footage and maximize the upgrades. You can compromise on the location in order to get a larger lot. You can get more house in exchange for fixing it up yourself. The list goes on.

Budgeting for a website should be similar to budgeting for a home. There is a common misconception, however, that withholding your website budget somehow gets you a better price. Or (perhaps more accurately) that a web designer will change the price based on what you tell them you can spend. While technically true, it’s not for the reason you think.

When we quote a website, we are trying to create a perfect blend of what you want and what you can afford. Or, as my realtor said, what you want to afford. Neither of us wants to waste our time looking at mansions in an elite neighborhood if it’s totally out of your price range. (Or, maybe you do want to look, but it will help if we know when you are just “window shopping”).  You also don’t want to end up in a crappy neighborhood if you can comfortably afford something better. Remember: you website should either directly or indirectly contribute to your bottom line. You don’t want to skimp, but you also don’t want to get too far out of your comfort zone.

As your “website” realtor, we will evaluate your wish list against your budget and tell you what fits. In some cases we may tell you that you don’t even need to spend that much to get everything you want. But, ultimately, it helps us guide you toward the right solutions.

When we ask for a budget, we are not setting a price tag. We just need to know what neighborhood to look in and what type of dwelling we are looking for: apartments in the city, houses in the suburbs or mansions on the hill? We excel at creating workable solutions regardless of the neighborhood or the type of building.

We really strive to work with clients long term and genuinely want to help you find the best fit. What’s good for you is good for us. Let us know how we can help you get started.