So your website designer has just handed over your new perfect WordPress site to you. You don’t want an ongoing maintenance package so you have decided to manage the website yourself.
So what do you need to know in order to keep your site running, secure and up to date? In this article I link to other posts I have written on some of the different areas as to not repeat myself.
In order to get into the dashboard area of your site you will need the following from who ever set up your WordPress install
- The URL of your login e.g. http://mywebsite.com/wp-admin
- Your username and password
Once you go to the login URL you will see a box like this one, put in the correct details and the you will go to the dashboard area of your site.
2 things to note about your login
- Your user name should never be admin or administrator for security reasons. They will be the most tried usernames when someone is trying to hack your site. If your site has these as usernames you need to change them (more info on that later)
- You should make the login process more secure by using 2 step authentication if this hasn’t been set up for you. I recommend using Duo. See here for instructions on installing it.
Once you are logged in you will see the WordPress Dashboard, here is where you navigate to all the backend functions of your website.
On the left are the list of functions and settings for different things. The options you will use the most are
Posts – If you blog on your site (it might be called news or updates) you will go here to write them
Pages – To edit pages on your site go here
WordPress explains that “Plugins are ways to extend and add to the functionality that already exists in WordPress. The core of WordPress is designed to be lean and lightweight, to maximize flexibility and minimize code bloat. Plugins then offer custom functions and features so that each user can tailor their site to their specific needs.”
So in more basic terms, your website has been designed for your needs today, but plugins allow you to easily add other functions to your site. From adding a shop functions, to more security, to different fonts, or ways to track who is viewing your site. The majority of plugins you will ever need are also free, only specialised ones are pay for.
There are 3 ways to search for plugins (for starters)
- Using the WordPress plugin directory
- In your WordPress website dashboard, click on Plugins on the left menu, then add new, and then into the search box
- Search on Google for what you want a plugin to do – this will show you results from individual plugins within the WordPress directory and from paid to buy sites like codecanyon.
If you download a plugin to your computer, you can click on Plugins on the left menu, then add new, then at the top upload plugin to add the zip files you have downloaded
Things to note about plugins
- Only use plugins that are safe….which leads onto, how do we know if they’re safe?
- Check the WPScan Vulnerability Database before using new plugins
- See if any plugins have had recent updates
- If it isn’t a well known or used plugins have a google search to see if others have had issues
- The more plugins you have the more possible issues you have with
- site speed (more plugins potentially mean slower site load
- conflicts between plugins
- making sure they are up to date
- It is not so much don’t add lots of plugins, but more only add plugins you need and will be using, delete any others.
And the most important thing about plugins? Keep them up to date. Info here about doing the updates.
I recommend 2 types of site stats
The easiest and quickest way is via the jetpack plugin, add it as above and you will then see the stats on your dashboard. ( Jetpack also has lots of other functions, and it is recommended you turn on and off what you want to use and not in the settings to save from all the options loading on your site.)
Some will argue that they are rather inflated page views, but it will give you a good iea of your traffic, where it has come from and search terms people are using.
When adding Google Analytics to a site I use the Google Analyticator plugin. It makes adding your google analytics account to your WordPress site really quick and easy. It also has the bonus of having a Google Analytics widget on your WordPress dashboard so you can see the stats there.
When you log into your dashboard you may will see the WordPress updates notification on the top black bar. The arrow circle with a number next to it.. And if there is a WordPress update you will also get a notification as below.
The number of notifications will be the total between WordPress / Plugins / Themes.
See here on why you need to keep your site up to date, and what to be aware of.
WordPress sites are vulnerable to getting hacked. So as a website owner you need to be aware of what you can do to try and prevent this. As once a site is hacked it is never a quick fix. I wrote about fixing hacked sites, and from experience this isn’t always possible, and sites can get to the point where they need to be rebuilt.
So if you can prevent it, all the better.
There are some basic steps to take that will improve the security of your site, do some or all of them. There are also some paid plugins and monitoring services like Sucuri (I haven’t used it)
So as the very basic I would recommend
- Using CLEF to log into your site only
- Adding the Wordfence Plugin and setting the following
- Add your email so it tells you when you need to update & if there are issues with the scan
- Add into settings to auto block ip’s if they try and log in with ‘admin’ or ‘administrator’ (in options)
- tick the ‘Immediately lock out invalid usernames’
- tick ‘Scan theme files against repository versions for changes’
- tick ‘Scan plugin files against repository versions for changes’
- Keeping your WordPress install, themes and plugins up to date (can’t say this enough)
- Making sure your local machine (laptop /computer/devices) are virus and malware free
And slightly more technical – if you don;t know how to check this, ask who designed your site and/or who hosts you site
- Passwords for any ftp accounts are secure passwords (or really not passwords but secure passcodes)
- That there are no other old WordPress or other website installs on the server where your site is
There are lots of options when it comes to backing up your website.
Depending who your site host is, many will do backups daily automatically, but it is important you check with your own host.
It is also good practice to do your own back ups, that are stored in a different place to your website (host /server.) For example one that goes to dropbox, or your computer.
I use UpdraftPlus on my site, here is information on setting it up
SEO (Search Engine Optimisation)
I wrote an article about basic SEO here, suggestions on making sure you have the basics covered.
Lots of people use the Yoast SEO plugin on their site. It allows the optimisation of pages, posts and the whole site for SEO.
It also has helpful options for setting images for Facebook sharing for pages and posts.