Whether your website is powered by WordPress or rocking it old school with html and css, it is a valuable business asset and it needs to be available 24/7 in order to be making you money.
Bad stuff happens
I used to design some of the hardware that powers the internet. Ask anyone who works on computers, it’s not a matter of if they fail, but when. And the computers that are hosting your website are not immune to problems. Yes, your host likely makes a ‘backup’ of your site. But what if that backup is damaged or lost?
What would you do if the computer your website lives on died? How quickly could you restore that website?
Would you have to recreate it from scratch?
You might be surprised at the number of people who lose their entire website in a matter of minutes. Hardware failures. Hackers. Disgruntled employees. Hosting companies going out of business.
There are any number of ways to lose your website. There is one sure fire way to minimize the damage.
BACK IT UP!
That’s so very important, I’m going to say it again.
BACK IT UP!
But how? Well, it depends on your website.
Old school html/css sites can be backed up manually. Simply log in to your hosting control panel, or use an ftp program like filezilla, and make a copy of every file, including all of the subfolders where your pictures and scripts are stored.
Zip this up into a file and include the date in the file name. Store a copy on Dropbox or a secure computer that is not your web hosting computer. Do this after every edit or at least once a month. If you ever get hacked, go back to a known clean version of your website and restore all of the files.
WordPress backups
WordPress sites (and Joomla, Drupal, or any Content Management System), are a little more complicated. Yes, you could copy all of the files, but none of the data (content and settings) for your website are stored in those files. They are stored in a database and that database needs to be archived, too. This can be done manually, but it can be kind of complicated and time consuming.
Fortunately, there are plugins that will make this easy to do and a couple of them are free.
Backup Buddy – this is a premium plugin, meaning you’ll have to pay an annual fee, but it’s my favorite. You can do a full backup and restore or move your website using this backup. You can also do database only backups. It also has scheduling options and will send the backup files to a remote location, like Dropbox or your email, for safekeeping.
WP-DB-BACKUP – this is a free plugin and it works great at backing up your database. You’ll have to manually archive all of the other files, though, so it’s not as easy to use. You can schedule your backups.
DUPLICATOR – this is also a free plugin and will copy or clone a site from one location to another. It can be used as a simple backup utility but it isn’t as fully featured as Backup Buddy (what do you expect for a free plugin?).
Schedule the backups to happen automatically and keep about 6 months of archives stored in case you get hacked. You can roll back your site to a known clean version.
Keeping your website safe
As I’m writing this, a lot of website developers are reporting that their, and their clients’, sites are under attack by a bot (automated software). It’s not just WordPress that is vulnerable to attack. I’ve seen all kinds of sites infected with malware, including static sites. That’s why having backups is so important. But what else can you do?
Strong Passwords
The most common password used? ‘Password’. Seriously, I couldn’t make this up. There is a reason why so many companies want you to use different characters and numbers in your passwords; it makes them harder for a computer hacker to break them.
Store that password somewhere safe. I use a password program on my computer to store all of my passwords and the password for that is 32 characters long. I’m sure the NSA could break it, but the criminal in the local coffee shop? Not a chance.
Strong user names
If your user name is “admin”, you need to change it. The user name is half of your security and ‘admin’ is the most common user name. Make it harder for the bots to hack your site by using a strong username.
For more detail on passwords and user names, you can read this blog post.
If you are using WordPress, like my clients are, there is a plugin that will limit the number of times a hacker can attempt to break into your admin area. There are a couple of plugins that will do this automatically. I use Limit Logins on my sites.
Blacklist IPs
This is pretty hardcore and you can end up messing things up, but if you have one IP address that is launching an attack on your site, denying them access to the site is a sure fire way to stop them in their tracks. By blacklisting IPs, anyone trying to view or hack your site from that IP will get an error message or sent to a non-existent website. They cannot even view your site, let alone try to attack it. You need to be careful doing this as many of the bots scanning your site are actually the search engines indexing your site. If you block them, you’ll disappear from search results.
Blacklisting IPs is normally done in your webhost’s control panel or via the htaccess file. There are some plugins that will help do this, but I won’t list them here because doing this is delicate work and you can end up locking yourself out of your site.
There are services that will secure your site, such as Sucuri. That will keep things safe and sound from the hackers of the world.
Keep your website safe and secure
Your website is a part of your business. Without it, you’ll lose customers and sales. So make sure you can restore it!
BACK IT UP!
If you’ve got a WordPress website that you want maintained and secured, contact me now. We can discuss your site, your needs, and how one of my maintenance plans can help keep your site running smoothly and making you money.
Did you arrive here by accident? Why not sign up for the free eBook Your Website Is Ugly and get the entire series of bonus articles, too.