CHAPTER 13
Maintaining Your WordPress Site
Understand WordPress Backups
The need for backups is not unique to WordPress sites. Backups are the insurance policy every website owner should have, and far too many do not. However, there are some unique aspects to backing up WordPress.
Database and Files
These are the two elements that every WordPress.org backup routine needs to take into account. The database is where your text and settings are stored, whereas the files consist of WordPress, plugins, themes, and your media files. If you do not have both backed up, you will not have a website should some disaster befall.
Automatic or Manual Backups?
For the vast majority of site owners, there is no debate on this. You need an automatic backup in place for the simple reason that it will not get done otherwise. Still, manual backups are necessary before doing updates, and for WordPress.com users who want to do a supplementary backup, the only option is a manual one.
Backup Frequency
The short answer is: as often as your site requires. Everyone produces new content at different rates and backups should match that rate. As a rule of thumb, though, a backup once a week would keep current with content as well as any updates to WordPress and its themes and plugins.
Storage Options Online
Storing backups online is an excellent idea, but not on your hosting account. If your server crashes, you are left without any backup at precisely the moment you need one. This does not mean you cannot use a backup service from your hosting company, simply that the backups need to be stored elsewhere. Cloud storage, of course, is the ideal given its redundancies and ease of access.
Storage Options Offline
All backups should be stored in two different locations, ideally one online and one off. The simplest offline backup is a portable hard drive. You do not want the backup on your computer just in case your machine goes down. A portable drive is inexpensive and flexible, and it is easy to store or to take with you on the road.
Standard Server Backups
Many people rely on the general backups that all hosting companies make, but this is misguided. Those backups are meant for restoring entire servers, and to restore a single site requires time and money. Also those backups tend to be less frequent than is ideal. Some hosting companies provide daily backups of individual sites, either as a part of their package or as an add-on service, but this needs to be clearly stated in writing. Do not assume it is being provided.
Backups and Updates
Even if you have a regular, automated backup of your WordPress site, it is still important to do a backup immediately before doing any updating, either of WordPress itself or of even a single plugin. You want a snapshot of your site immediately before the backup so that if you should need to do a restore, you do not have to spend time and money second-guessing what happened between now and the last scheduled backup.
Back Up at WordPress.com
Although WordPress.com continually backs up all sites, you may want to keep your own copy of the content. You cannot do a database backup, but WordPress provides an Export function which produces a file that you could use to import your site into a self-hosted WordPress installation.
Back Up at WordPress.com
Back Up at WordPress.com
Click Export under Tools on the left admin menu.
Click All content under the Choose What to Export section (
changes to 
).
If you want to back up only certain kinds of content, you can choose from Posts, Pages, or Feedback ( changes to ).
Click Download Export File and save it.
Download Media Files
Note: Export does not include media files. Because you uploaded them to WordPress, they should be on your hard drive; but if needed, you can download the originals from WordPress.com.
Click Library under the Media section of the left admin menu.
Switch to Grid view.
Click the file you want. The Attachment Details window opens.
Highlight the URL for the image and copy it.
Paste the URL into a new browser tab.
Right-click the image and save it to your hard drive.
To download more media files, scroll through them using the navigation arrows.
Use Server Backup Tools
Even if you should not store backups on your server, you can still use its tools to do a manual backup on WordPress.org sites. This example uses the cPanel hosting control panel. Your host’s version of this or another control panel may have an option to schedule backups. Contact your host if you cannot locate a backup tool.
Use Server Backup Tools
From the home page of cPanel, click Backup Wizard.
The first step is to choose between backing up or restoring a backup.
Click Backup.
Do not click Full Backup. This is used only for moving the entire hosting account to a new host or new server. You would not be able to access it anyway.
Click MySQL Databases and download the file to the portable hard drive where you keep backups.
Alternatively, you can click Home Directory to back up all your WordPress files. Download the file to your portable hard drive.
Note: You are backing up entire sections of your hosting account, including non-WordPress items. If you need to restore, everything is restored, not just WordPress.
Use a Backup Plugin
Numerous backup plugins are available for WordPress.org sites, both free and paid, and they all work in roughly the same way, allowing both automated and manual backups. In this example, you walk through the use of UpdraftPlus.
Use a Backup Plugin
Set Backup Parameters
Install and activate UpdraftPlus from the Add Plugins screen.
Note: See Chapter 10 for more about plugins.
Click UpdraftPlus Backups under Settings on the left admin menu.
Click the Settings tab.
Set the parameters for file backups.
Set the parameters for database backups.
By default, neither type of backup is scheduled. Possible intervals range from 4 hours to Monthly.
The default backups to be stored is 2.
All files are included by default in the files backup, but you can change that by clicking an option (
changes to 
).
Scroll down to the Copying Your Backup to Remote Storage section.
Click 
and choose your location for storing files remotely. The free version allows only one choice.
Depending on the remote storage service you choose, you are asked for its particular credentials.
Scroll down and click Save Changes.
Do a Manual Backup
Click the Current Status tab.
The next scheduled backup is listed.
The last backup is listed.
Click Backup Now to do a manual backup, such as before you do any updates.
A window appears. By default, a manual backup includes the database, all files, and sends to any remote storage you have set. But you can override any of these options.
Click Backup Now.
A progress bar appears, followed by a success message.
Click the Existing Backups tab to see what backups have been done.
For each backup, you see the date, available data and its location, and Restore, Delete, or View Log buttons.
Note: If you saved to your server, UpdraftPlus displays buttons for downloading each part of the backup.
Understand Updates
To keep your WordPress.org site safe and able to use new features, updating is crucial. And not only WordPress itself, but plugins and themes need updating too. If you have a WordPress.com site, all updates are handled for you.
Why Are Updates Needed?
Software of any kind requires updating for three reasons: hardened security, fixes, and new features. And although we sometimes bemoan the constant updating of our software, there are good reasons for the changes. Hackers are always coming up with new attacks and the marketplace is always demanding new features or changes. Another way to think of it is this: If your software has no updates, then no one is supporting it, and that is a bad thing.
Major versus Minor WordPress Updates
WordPress updates fall into two groups: twice yearly major updates and maintenance release updates as needed. A major update would be from 4.1 to 4.2, whereas 4.2.1 would be a minor update of 4.2. All updates have security and other fixes, but new features tend to be reserved for major updates.
Automatic versus Manual WordPress Updates
An automatic update happens without any action on your part, and administrators are simply notified that the update has occurred. All minor WordPress updates are handled automatically because these maintenance releases typically do not require changes to plugins or themes. Major updates, on the other hand, can involve changes that may affect current site setups, which is why they are left to site owners to do manually. Some server configurations prevent automatic updates, in which case owners simply need to do a manual update.
Plugin Updates
Plugins are each updated according to their own schedules. Some you may never need to update, whereas others seem to have a new version out every month. A major update of WordPress does not necessarily mean a plugin needs to be updated. It all depends on whether some change in WordPress affects the plugin. Plugin authors are given plenty of notice about changes to WordPress so they can do their own updating in a timely manner.
Manual Plugin Updates
While the vast majority of plugins update as easily as they are installed — with a click of a button — sometimes you will need to follow instructions for a manual install. Cases like this typically happen with paid plugins, but the vendor should give you clear details and notification.
Theme Updates
Updates to themes are much less frequent and tend to be tied either to developments in HTML or CSS, or to major changes in WordPress. Although you may not think of security as an issue for themes, it can be. That is why updating themes is just as important as updating WordPress or plugins. They all interact with one another, so you do not want any weak links in the chain.
What If I Do Not Update?
Failing to do an update does not mean your WordPress site will stop working. It means that you are vulnerable to whatever security issues were fixed, and of course that you do not have any new functionality. The longer you skip updates, the more vulnerabilities. The only time you might not do an update is while you wait for a fix to a plugin that is not working with the latest version of WordPress.
Update WordPress Manually
For major updates or when automated maintenance release updates do not work on your server, you need to manually update WordPress. Luckily, it is as easy as pressing a button. The only work involved is making a backup just before doing the update.
Update WordPress Manually
A notice appears at the top of all admin screens when a WordPress update needs to be done manually. Clicking the Please update now link takes you to the Updates screen.
On the Dashboard, a button appears when a manual update is required. Clicking it also leads to the Updates screen.
You can also access the Updates screen by clicking the Updates link under Dashboard on the left admin menu.
A warning message reminds you to back up your database and files before doing the update.
After you have done the backup, click Update Now.
WordPress displays the progress of the update and when it is completed successfully, a welcome screen appears.
The welcome screen lists the highlights of changes in the new version of WordPress.
Update Themes
Like with WordPress, updating a theme is easy as pressing a button after making sure you have a current backup of your site. The toughest part is paying attention to the update notices and acting on them.
Update Themes
Update a Single Theme
There is no indication in the sidebar that themes need updating.
Click the Update Available bar on a theme.
A window opens with the theme’s details.
An Update Available box appears in the details window.
Click the update now link.
A screen displays the progress of the update.
Update Multiple Themes
Click Updates under Dashboard on the left admin menu.
Note: The numbered circle beside Updates indicates the total updates, whether plugins, themes, or both.
A list appears showing all the themes that have available updates. A thumbnail, current version, and update version are displayed.
Click Select All to select every theme ( changes to ).
Click Update Themes.
The progress of each update appears.
Update Plugins
Backing up your site and pressing a button is all that is involved in updating one or several plugins. However, some paid plugins require manual updating after downloading the new version from the vendor’s site.
Update Plugins
Update a Plugin from the Plugins Screen
Click Installed Plugins under Plugins on the left admin menu.
Click the Update Available link.
Active plugins have a colored background, plus an update icon and info bar at the bottom. Inactive plugins just have the update icon and info bar.
To update a plugin, click its update now link.
Update Multiple Plugins
Click the box next to each plugin to update, or click the box in the header to select all ( changes to ).
Click and select Update.
Click Apply.
A screen listing all the plugins and their update progress appears.
Update a Plugin from the Updates Screen
Click Updates under Dashboard on the left admin menu.
A list of all plugins waiting for updates appears.
Click the box next to one or more plugins you want to update. Click Select All to check them all ( changes to ).
Click Update Plugins.
The Update Plugins screen opens.
WordPress displays a success message as each plugin updates.
When all the plugins have been updated, you see two links: one to the Plugins screen and one to the Updates screen.
Update a Plugin Manually
Some paid plugins may require you to download an update from their site and manually install it.
Usually a manual install requires you to deactivate and delete the old version, and install and activate the new.
The delete and install processes can be handled via FTP.
On your hard drive, you need to unzip or unarchive the Zip file you downloaded from the vendor.
Delete the folder of the old version that you deactivated.
Drag the folder — not the Zip file — to the server side of the screen.
Activate the plugin from the Plugins screen.
Note: See Chapter 10 for more about plugins.
Check for Broken Links
Broken links are a nuisance for visitors and are frowned on by search engines. But with a growing website, it becomes increasingly difficult to keep track of all your links, let alone test if they are still working. That is why broken link checkers are so valuable. Here is an example of an online checker and a plugin for WordPress.org sites.
Check for Broken Links
Check for Broken Links Using an Online Checker
In your browser address bar, navigate to www.drlinkcheck.com.
Type the URL of your site.
Click Start.
The program follows the links on your site and tests to see if they are working.
Note: Online checkers typically have a maximum number of links they crawl — in this case 1,000 — so if you have a very large site, you may need to use a program or the plugin described later in this section.
Links are listed showing which pages contain the link.
Problem links are indicated by 
.
If the link is external or outbound, an External label appears.
When you mouse over a Broken label, you see the reason — in this case, “the host name could not be resolved.”
Note: Search for “broken link checker” to find an online checker or software to run on your device. Google Webmaster Tools does link checking, if you use it.
Use a Plugin for WordPress.org Sites
Install and activate Broken Link Checker from the Plugin Directory.
Note: See Chapter 10 for more about plugins.
Click Broken Links under Tools in the left admin menu.
Filter problem links.
Status shows the reason for the problem.
Link Text displays the anchor text of the link.
Source shows the page where the link was found. Mouse over to Edit, Trash, or View it.
Mouse over the link to view a menu.
Bulk Actions also includes: Fix Redirects and Move Sources to Trash.
Use Broken Link Checker Options
Click Link Checker under Settings on the left admin menu.
Current status.
How often to check existing links. New links are checked when written.
Whether to send an email when new broken links are found. You can notify authors of their links.
Where to look for broken links.
Advanced options to control resource usage.
Keep WordPress Secure
As the world’s most popular content management system, WordPress is also a popular target for hackers. All the more reason for securing your site in several ways. Some of these steps require plugins, whereas others are a matter of getting into good habits.
Stay Updated
Keeping WordPress, plugins, and themes updated is the number one way to protect your site. Unfixed security issues is one of the main ways hackers break into WordPress installations.
Use Strong Passwords
Weak passwords is another common way that hackers gain entry to WordPress sites. This is particularly a problem on WordPress.org sites, because if they can gain administrative access to your site, hackers have access to files where they can plant malware. When you are installing WordPress or adding new users, a strong-password indicator appears. Follow it.
Two-Factor Authentication
A recent option for going beyond strong passwords is two-factor authentication. Your bank card and pin number is a classic example of two-factor authentication — a person needs both to access your account. This is now available on WordPress.com, using Google Authenticator, which sends a one-time unique code to your mobile phone when you log in. Plugins that use various services, including Google Authenticator, are available for WordPress.org sites.
Use Plugins and Themes from Reputable Sources
For WordPress.org sites, a danger exists that themes or plugins have malware embedded in them. That is why it is crucial get them from reputable sources. For example, never download free items except from the WordPress.org directories. One exception would be commercial sites offering free examples. Even in the case of paid plugins and themes, it makes sense to buy from names you have heard of.
Block Repeated Login Attempts
Whether hackers are trying to get into your site or they just want to overload your server, repeated failed login attempts is a sign of trouble. Plugins are available which block someone who tries more than a certain number of times to get in. In fact, more and more servers are taking it upon themselves to do this as a way of preventing server overload. But do not rely on that — set up your own blocking system.
Use SSL for Your Entire Site
Even if you have no e-commerce on your site, getting an SSL certificate and using HTTPS for all your pages, in particular your administrative pages, is a good idea. In fact, Google has been advocating secure sites for some time and many believe Google gives a bit of ranking credit to sites that use HTTPS.
Be Vigilant
One sign that you have been hacked is the appearance of an administrative user you have never seen before. Keeping any eye open for that, or for files you have never seen before while FTP’ing into your site, are just a couple of examples of being vigilant. Not logging into WordPress on public networks or at the very least remembering to log out is another example.
Force Strong Passwords
Although WordPress provides a handy strength indicator when creating passwords, too few people actually follow it. And if you have other administrators and editors on the system, will they follow it? For WordPress.org sites, the solution is to use a plugin that does not allow weak passwords. Most security plugins have this feature, but in this case, the example is for a plugin which does nothing else, called Force Strong Passwords.
Force Strong Passwords
Install and activate Force Strong Passwords from the Plugins Directory.
Note: See Chapter 10 for more about plugins.
There are no settings for this plugin — it simply enforces WordPress’s password strength rules.
Users are notified that their attempt to reset their password does not meet the strength criteria.
Other plugins, such as Login Security Solution, offer options regarding passwords.
How long must passwords be.
Length a password must be to gain exemption from complexity rules. Default is 20 characters.
It is possible, though not recommended, to set the number of days until a password expires.
If passwords expire, how many minutes a user has to change it.
You can have the plugin remember passwords to prevent people from reusing old ones.
Limit Login Attempts
One of the ways hackers break into WordPress sites is to repeatedly try different passwords. If they do this hundreds or thousands of times in a short period, it can tax the resources of the server and potentially get you shut down. By limiting the number of failed attempts, you can prevent this problem. Most security plugins have this feature, but this example is for a dedicated plugin called Limit Login Attempts.
Limit Login Attempts
Install and activate Limit Login Attempts from the Plugins Directory.
Note: See Chapter 10 for more about plugins.
Click Limit Login Attempts under Settings on the left admin menu.
Total lockouts appear here. The list of lockouts with the username that attempted to login appears at the bottom of the page.
You can change the default lockout settings, such as how many retries are allowed, how long the lockout lasts, and more.
Click the email option if you want to be notified when someone has been locked out more than the given number of times ( changes to ).
Click Change Options.
This composite screenshot shows two states of failed logins.
You are notified how many more login attempts you have before being locked out.
Once you have reached the login limit, you are told how much time you have before you can try logging in again.
Troubleshoot WordPress
Although it does not happen often, things can go wrong and sites can even crash. On WordPress.org sites, this can be caused by adding a new plugin or from updating WordPress, themes, or existing plugins. Other times problems can be caused by your host’s software or issues with other sites on your server. Because you cannot get into the code at WordPress.com, the host must resolve crashes there, but see the table for some issues common to both WordPress versions.
Remain Calm and Take Notes
Take a deep breath and write down exactly what happened. Note any error message you saw or see, and when possible take screenshots. Try to recall what you did just before everything went wrong.
Turn Off Named Culprits
If an error message indicates a particular plugin or theme, try deactivating it and see if your site starts working properly. In the case of themes, you deactivate your current one by activating one of the default WordPress themes — do not use any other themes. If your site starts working, then you know where to start researching solutions.
Turn Off All Plugins
If there is no clear error or no error messages appear at all, try deactivating all plugins. If your site is working, you have a plugin conflict of some sort. Turn on one plugin and check your site. Repeat with the next plugin and so on until the crash recurs. Then, deactivate that last plugin and look into solutions for it.
Activate a Default Theme
If turning off all plugins did not resolve the issue, make sure your current theme is up to date. If updating does not resolve the problem, then activate one of the default WordPress themes. Do not worry, all the settings for your current theme are kept. If the problem goes away, then you need to research solutions for fixing your theme.
Reinstall the Plugin or Theme
Sometimes the code for the problem plugin or theme becomes corrupted. Using your FTP program — because you cannot access your admin screens — delete the plugin folder from the Plugins directory on your server, or the theme folder from the Themes directory. Then, upload the folder for the plugin or theme, not the Zip file.
Support Forums
If your problem is a plugin or theme from the WordPress directories, check the forums for possible solutions. For paid plugins or themes, you need to check your vendor forums or submit a trouble ticket. In all cases it is important to include as much information as possible, in particular the version numbers for everything, including what PHP version your server is running.
If All Else Fails
You may need to restore your site from a backup. Hopefully you chose a backup plugin which includes a restore function; you can also find instructions at http://codex.wordpress.org/Restoring_Your_Database_From_Backup. You may need to restore all the files or only the database, depending on the situation or the plugin.
Troubleshoot Common WordPress Problems
These are some common issues you may encounter and some actions you can take.
Problem |
Possible Explanation |
What to Do |
Incorrect username or password |
Brain freeze |
Use the lost password function on the WordPress login page. You still need to know the email address from your profile. A password will be emailed to you. |
Domain parked screen |
Expired domain name |
Log in to your domain registrar and re-register. |
Browser message says “Page not found” |
Server down or interrupted web connection |
If you cannot see other sites, call your Internet provider. If you can see other websites, go to |
Browser says “Error connecting to database” |
Server or WordPress site database issues |
If you can get to your login page, but not the front of your site, then it is a problem with your database. If you cannot access either the front or back end, contact your web host to alert it to the problem. If it is not having general database issues, ask your host to check that your particular database is working. If it is, check that your wp-config.php file has the right database credentials, and if so, ask the server people to check file ownership issues. |
Site displays poorly on mobile devices |
Unresponsive theme or a default mobile theme |
Switch to a responsive theme. If you want to keep your current theme: on |
Theme does not display saved changes |
Site cached in browser (meaning a previous version is showing up) |
You need to refresh your browser. How you do this varies by browser and operating system, but as a general rule, try holding down |
Scheduled posts do not appear |
Failure to click Schedule |
After you save a draft to be published at a future date, you not only need to save the draft and okay the time for publication, but you also need to click Schedule to make it happen. When you do, the Status will read Scheduled. |
while clicking the Refresh icon of your browser. For browser specifics, go to Find Support at WordPress.org
One of the benefits of a large WordPress community is having a lot of people asking and answering questions. The forums at WordPress.org have been around for many years and contain a wealth of information. And the documentation, called The Codex, has grown substantially in the last few years.
Find Support at WordPress.org
Use the Support Forums
Navigate to https://wordpress.org.
Mouse over Support and click Forums.
Log in.
Note: You can browse without registering, but you cannot post. A Register button appears next to the Log In button.
Navigate to the forum section you want or use the search function on the opening page.
Highlighted threads at the top of sections contain important and up-to-date notices.
Click Add New to start a new discussion.
Note: Be as detailed as possible, and include the version numbers of WordPress and plugins, along with your server’s version of PHP.
Use the Codex
Mouse over Support on the WordPress.org menu and click Documentation.
Scroll through the main index page to find what you need. The Codex is a mix of tutorials and technical explanations of WordPress functions.
Find Support at WordPress.com
The huge community of millions of WordPress.com users means not only that the staff has an incentive to document the functions well, but that there are a lot of people willing to help in the forums.
Find Support at WordPress.com
Use the Support Knowledgebase
You can get to the knowledgebase by clicking the Help button (
) at the top right of any WordPress.com admin screen.
Use the search function to search all the support area, not just the knowledgebase.
The main topic sections appear on the right.
On a Topic page, you see a list of individual articles on that topic.
Use the Support Forums
Make sure you are logged into WordPress.com so you can post.
Search the forums.
A list of the main forum sections appears on the left.
Important notices appear at the top of forum sections with a distinct background.
You can click Add new topic to begin a new discussion.
Note: If you figure out the answer to your own question, be sure to post it and do not just say “I have solved it” and close the thread.
Discover More Support Options
If you still do not find answers at the support forums for WordPress.org or WordPress.com, it is time to look further afield. If you just want to learn more about using WordPress, there are literally tens of thousands of ways to do so.
Search the Web
Searching the web for a specific issue will turn up possible answers in other forums, on individual websites, or in the contents of documents or books, so that is your best starting point. But make sure you use detailed keywords or quotes around key phrases or error messages so that you get results specific to your issue.
Search Sites about WordPress
You could also do a search for WordPress help sites, and on those sites do a search for your issue, just in case the sites did not turn up in your initial search. You can end up finding your answer by browsing these sites. These sites also offer tips for using WordPress, so they can be a great place to learn more.
Online Tutorials
Online tutorials — video or text — have become a popular way to learn WordPress, and there are many free ones available. For a monthly fee or a single course fee, there are also plenty of paid tutorials online. Just on YouTube alone you will find plenty of help. For WordPress.com go to https://learn.wordpress.com.
WordPress.tv
This is an excellent collection of videos on all levels of WordPress issues. Although a lot of the videos focus on WordPress.com, the information quite often applies to WordPress.org sites as well.
Read Books
Just like the one you are reading now, you can learn how to use WordPress or improve your skills by reading print and e-books. A lot of WordPress books are out there now and the quality varies widely. Pay close attention to reviews, but only ones which provide useful information instead of simply saying “It is great.”
Premium Support at WordPress.com
When you upgrade your WordPress.com account, you can get different levels of personal support. The Premium plan offers support by email, whereas the Business level has chat.
Premium Support for WordPress.org Sites
When you buy a theme or a plugin, the vendor should provide some level of support. This is usually for one year, after which you would need to pay for continued support. There is no paid support from WordPress.org, but there are many commercial services available offering WordPress support by email, chat, or phone, typically for a monthly fee.