What do you do when you need to fix your WordPress website and there's no developer around to help? Here are the tools you need, the steps to take, and how to call in the cavalry.

1. Emergency
WordPress
Troubleshooting
WordPress DC Meetup
November 20, 2018
1
Tiffany Bridge
Automattic

2. Who am I?

3. Who Are You?

4. Session Goals
• Understand the use of basic technical tools for
troubleshooting
• Understand the basic components of WordPress
• Identify emergency troubleshooting techniques
• Identify basic preventative maintenance items
• Anticipate current WordPress issues

5. Your Emergency
Toolkit

6. Browser Developer Tools

7. Text Editor

8. FTP Client

9. PHP MyAdmin

10. And finally, your friend
and mine…

11. WordPress 101

12. The Best Thing About
WordPress…

13. The Worst Thing About
WordPress…

14. WordPress.com
WordPress.org

15. WordPress.com
WordPress.org

16. Anatomy of a WordPress
Site
Core
WordPress
Theme
(CSS/HTML/
PHP/JS)
Database
(Usually MySQL)

17. Plugins

18. Key WordPress Files

20. wp-config.php

21. Common WordPress
Emergencies

22. Oh $#&^, I’ve Been
Hacked!

23. “But what would a hacker
want with my site?”
Photo Credits:
Bitcoin Image courtesy Andre Francois via unsplash.com
Bot image courtesy Alex Knight vis unsplash.com
Spam Wall via Flickr user freezelight, via Creative Commons License

24. And now… statistics!
Small business websites are attacked
on average 58 times per day
Source: SiteLock Security
70% of WordPress sites have an exploitable vulnerability
Source: Sucuri

25. How do I know I’ve been
hacked?

26. Cleaning Up a Hack

27. Scan for Malware

28. Clean Infected Files
By Hand

29. …or Restore From Backup
You do have backups, don’t you?

30. Then Lock ‘em Out!
Remember our old friend, wp-config.php?

31. (We call this the White Screen of Death.)

32. Causes of the WSOD
• PHP has run out of memory
• Failed core/plugins update has caused instability
• Database errors
• Theme problems

33. First Things First

34. Is WordPress able to load?
yourdomain.com/wp-admin/

35. What were you doing
when the WSOD started?

36. Try the easy stuff first.
• Migrating the site? Check the database for
references to the development URL. (phpMyAdmin
or a DB search-and-replace plugin)
• Updating plugins/themes? Disable the ones you just
updated.
• Editing a file? Check your syntax, or undo your
change.
• Caching plugin? Try dumping cache.

37. If your /wp-admin/ looks
like this:

39. Enable Debug Mode
Find/set in your wp-config.php
and see ALL THE ERROR MESSAGES

40. What do we do with error
messages?

41. On-Page Errors

42. Try the easy stuff first.
• Migrating the site? Check the database for
references to the development URL. (phpMyAdmin
or a DB search-and-replace plugin)
• Updating plugins/themes? Disable the ones you just
updated.
• Editing a file? Check your syntax, or undo your
change.
• Caching plugin? Try dumping cache.

43. Developer Tools

44. Other Things to Check
• Are your plugins still being supported/updated?
(Especially the free ones)
• Check PHP version compatibility

45. Preventative
Maintenance
An ounce of prevention is worth hours of Googling error messages.
- Ancient WordPress Proverb

46. Above all else…

47. WordPress Backups

48. And then…
• Security/malware scanning plugin
• Caching plugin
• Regular update schedule
• WordPress hardening techniques
• 2-Factor Authentication

49. Security Plugins

50. Caching Plugins

51. A Word About
Plugin Hygiene
• Is it regularly updated/
tested?
• How does the plugin
creator make money?
(Free is often expensive)

52. Update on a Schedule

53. Hardening WordPress
• Move wp-config.php to one level above web root
and CHMOD 600
• Use .htaccess to deny access to files in install
directory, /wp-includes/, and /wp-content/
directories
• Use a plugin to move the location of the login and
wp-admin pages
• Make sure all users have nicknames set and no
actual usernames are displayed on the site

54. Two-Factor
Authentication
1. Decide on your second factor: Google, Yubikey,
Authy, SMS, phone call, or user’s choice?
2. Pick the 2FA plugin that supports it
3. Install it

55. Choosing a Host
Friends don’t let friends use cheap shared
hosting

56. Key Features
• Regular, automatic backups (you should still do your
own)
• One-click staging sites
• Automatic WordPress core updates
• Let’s Encrypt SSL support included
• BONUS: Automated migration tools

57. This Year’s
Emergencies
All the (foreseeable) ways your site can break in
2018

58. NEXT WEEK:
WordPress 5.0 & Gutenberg

59. Current/“Classic” Editor

60. WordPress 2.1, 2007

61. Blocks Editor - “Gutenberg”

62. Solution:
Start Testing Now
• Install Gutenberg plugin on a staging site and start
checking posts and pages
• Pay particular attention to any plugins that augment
the native editor- they may break
• Install the Classic Editor plugin to be sure you’re
covered while you work on a migration plan

63. December 2018: PHP 5
Support Ends

64. Solution: Start Testing on
PHP 7
• Plugin: PHP Compatibility Checker
• Update your staging site’s PHP version, if possible
• Or, set up a local staging environment to test

65. Have the Cavalry on
Speed-Dial

66. Know Who To Call
• Specialist hosts (Pressable, WP Engine, SiteGround)
• Maintenance companies (WP Buffs, GoWP)
• WordPress Consultants

67. Questions?

68. Where to find me
• Twitter: @tiffany
• Email: tiffany@baxbridge.com
• Blog: tiff.is
• LinkedIn: https://www.linkedin.com/in/tbaxbridge/
• WordPress Slack: @baxbridge