WordCamp Montreal 2016 - Disaster-Proof Your Website

Editor's Notes

1. WP Crowd – group of designers and developers - podcast and blog - note that slides and presentation are in English, but downloadable action plan (link in last slide) will be available in both French and English.
2. It was a long holiday weekend. I was in the mountains for a short getaway when my phone rang. A client. I knew it was an emergency because she never calls outside of business hours. “Kate! I’m at my wits’ end. My site’s been down since Thursday and tech support says they don’t know when they can have it back up. We’re in the middle of a program launch and we’re losing money every day. What do I do?” He forwarded an email from his webhosting company. “We’re sorry to inform you that the server which housed your site suffered catastrophic hardware failure last night. We have moved your account to another server, but unfortunately, all data was lost and is unrecoverable. Please contact tech support if you need assistance in restoring from your local backup.” The rest of his email to me was filled with frustration and f-bombs. “I don’t have a f-ing local backup! They advertise that they do all the backups and now the backups are just f-ing gone! What the f do I do now?” If your website is important to you, then anything like this can mean...
3. If you’re in business and your site is important, you need to have a plan — just in case the zombies do head your way. It takes some planning and foresight, but none of it will cost an arm or a leg. Or brains.
4. What does that look like? How can you tell?
5. You may see a screen that looks similar to this, or it may say “500 Server Error.” Either means that WordPress can’t connect to the database.
6. What does that look like?
7. The infamous “white screen of death.” You see nothing and you probably won’t be able to log into the dashboard, either.
8. Conflict: - host has domain name registered and holds hostage - conflict with host (money issues, usually)
9. You might be tempted to ask “why did they hack my site? It’s just a small blog for lawyers (or whatever).”“Why” isn’t the right question. Ask “how did they hack my site, and how could I prevent it.”
10. - Don’t use the cheapest host or one with “unlimited” storage or bandwidth. - look for responsive and helpful tech support - look for support in a format you are comfortable with – phone, email, live chat - host that takes security seriously – to help prevent database crashes, look for host with –sufficient memory limit – database on localhost, not remote server (GoDaddy, Bluehost use remote) – cacheing plugin (WP Rocket) and/or server cacheing
11. (Tell the story about 1 & 1 stealing the artist’s domain name.) Register your domain name yourself through a separate company. Or at the very least, make sure your name, phone number, and email address are listed as the Registrant, not the webhost. Make sure you have access to the move the domain name or change DNS if necessary.
12. Basics: - don’t use “admin” username - use strong passwords - fewest admin accounts possible - themes and plugins from reputable source(s) - keep everything updated More in-depth: - disable theme/plugin editor in the dashboard - disable xmlrpc.php - don’t use a database or file manager plugin - don’t access via public wi-fi – use VPN ad SFTP - turn on two-factor identification
13. Your webhost may offer site backups (but check to see how often, where they are stored, and if you can access them). Keep an up-to-date copy of the wp-content folder and the database on your own computer at all times. Set up a backup solution that will allow you to store a copy of your website in a remote location. Database – daily wp-content – weekly - Plugin + remote: Updraft Plus, Backup Buddy, BackWPUp >> Dropbox, Google Drive, or SW3 - Service: VaultPress, CodeGuard Make sure you can restore the site AND download a full copy.
14. At the end of the talk, you’ll get a URL to download this information checklist in both English and French.