Select Page

Hire your own WordPress Engineer to manage your WordPress website

Updates, security, page speed, adjustments, edits

Steve looks after all my website maintenance, updates and answers all the many questions I have!

He is extremely efficient, easy to deal with and nothing is too much trouble. He keeps me in the loop when he has to investigate an issue or problem I may be having.

I would recommend Steve to anyone who needs assistance with their website.

Emma Galloway
Founder, Food2Nourish

Get a Quote

How to maintain and safely apply software updates for your WordPress website.

This is the most comprehensive guide to maintaining your WordPress website online.

In this new guide, you’ll learn how to keep your WordPress core, themes, and plugins up to date without breaking your site.

Chapter 1: your website’s web hosting control panel

We start with your web hosting control panel first because it is the easiest way to make a backup of your website before making any changes to your WordPress website.

Your website lives on a web server controlled by a web hosting company.

Your web hosting company will have an account for your website.

This web hosting account might be 

  • controlled by the web designer who built your website for you, 
  • your web designer may have handed you your web hosting account details to you, 
  • or you may not know who owns your web hosting account, which is a serious concern, and you should start investigating the trail back to when your website was built.
  1. If you do have your web hosting account details you’re sweet.
  2. If you don’t have them, and you want to take control of your website maintenance to save paying money to your web designer/developer, ask them for the account details.
  3. If you can’t track down the web hosting account details, see if you can follow the invoice trail.
  4. If you can’t get hold of your web hosting account details at all, skip to Chapter 3.

Your web hosting control panel will usually be running one of the following control panel software:

  • cPanel (running on a Linux web server)
  • Plesk (running on a Windows webserver)

To find out if your website is running cPanel, go to your website’s address bar, and then edit the address to add /cpanel on the end, e.g. www.example.com/cpanel where www.example.com is your website home page.

If this address loads a login page, sweet, you know your website control panel is cPanel.

To find out if your website is running Plesk, go to https://www.example.com:8443 where www.example.com is your website’s home page. If that loads a login page, you know your website control panel is Plesk.

Chapter 2: making a backup

Once you know your website hosting control panel, login to it.

To create a full backup of your web site by using cPanel, follow these steps:

  1. In the FILES section of the cPanel home screen, click Backup:
  2. Under Full Backup, click Download a Full Account Backup.
  3. Under Generate a Full Backup, in the Backup Destination list box, select where you want to save the backup file.
  4. You can save the backup file in your home directory, or you can transfer the backup file to another site by using FTP or SCP. If you use FTP or SCP, you must type the remote server, remote username, and remote password.
  5. If you do not want to receive an e-mail message when the backup is complete, click Do not send email notification of backup completion.
  6. Click Generate Backup. cPanel creates the backup.
  7. If you have created a full backup of your web site, you can download the backup file.
  8. In the FILES section of the cPanel home screen, click Backup:
  9. In the Files section of the cPanel home screen, click Backups.
  10. Under Full Backup, click Download a Full Account Backup.
  11. Under Backups Available for Download, click the file that you want to download.

To create a full backup of your web site by using Plesk, follow these steps:

  1. In the left sidebar, click Websites & Domains:
  2. In the right sidebar, click Backup Manager.
  3. On the Backup Manager page, click Back Up.
  4. Under Backup content, in the Backup section, select what you want to include in the backup.
  5. In the Type section, select whether you want a full backup or incremental backup.
  6. If you’ve never backed up before, click Full Backup.
  7. Under Backup settings, customize the backup settings 
  8. Click OK. Plesk starts the backup immediately.

 

Plesk scheduled backups.

The previous procedure demonstrates how to run an immediate backup. You can also schedule backups to run at predefined intervals in the future. To do this, follow these steps:

  1. Log in to Plesk.
  2. In the left sidebar, click Websites & Domains:
  3. Plesk – Sidebar – Websites and Domains
  4. In the right sidebar, click Backup Manager.
  5. On the Backup Manager page, click Schedule.
  6. On the Scheduled Backup Settings page, under Schedule, select when you want the backup to run.
  7. Select the type of backup, and for how long you want to keep the backup files.
  8. Under Backup settings, customize the backup settings that you want to use.
  9. Click OK. Plesk configures the scheduled backup.
Chapter 3: website security using Wordfence

We mention website security first before performing any website maintenance because it ensures there are no bugs or viruses in your website, and the security plugin I’m about to mention will remind you when there are WordPress updates to make, and also warn you if any action is required to further improve your website security, which is very handy.

Without protection, your WordPress website can become vulnerable to being hacked by malicious users. Vulnerabilities exist because WordPress themes or plugins are not well-maintained, and hackers will attempt to login to your dashboard using software which tries all combinations of passwords and usernames.

The solution is to install a well-rounded WordPress plugin called Wordfence.

Wordfence includes a firewall and virus scanner for your website, and prompts you with easy actions to make your website more secure.

To install Wordfence, go to your WordPress dashboard (www.example.com/wp-admin) where www.example.com is your own domain name, login, and then go to Plugins (in the left hand sidebar) > Add New.

If you don’t see Plugins in the left-hand sidebar, it’s because your user account does not have administration rights. If this is the case, you’ll need to contact the web designer who built your website and ask them for administrator rights.

Once you’ve installed Wordfence;

  1. Enter your email address where it says “Please tell us where Wordfence should send you security alerts for your website:”
  2. Decide if you’d like to receive the Wordfence email newsletter, which I recommend.
  3. Check the terms and conditions checkbox.
  4. Where it asks to “Enter Premium License Key”, select “No Thanks” to select the Free plan
  5. Click on Dashboard @ top left of the screen.
  6. Where it says “Do you want Wordfence to stay up-to-date automatically?”, select “Yes, enable auto-update.”
  7. Where it says “To make your site as secure as possible, take a moment to optimize the Wordfence Web Application Firewall:”, select “Click here to configure”.
  8. There should be a button that says “Download .htaccess”. Click this to download the .htaccess file. You’ll need to upload this file through your web hosting control panel if the site breaks during this configuration process. [insert link to how to post]
  9. Click Continue.
  10. Hopefully you will see a message that says “Nice work! The firewall is now optimized.”
  11. If you see a another message follow the prompts. If you have problems, see https://www.wordfence.com/help/firewall/optimizing-the-firewall/

We’ll now need to configure the Firewall to stop thugs from entering our website:

  1. In the WordPress dashboard, select Wordfence > All Options
  2. Under Firewall Options > Advanced Firewall Options > Whitelisted IP addresses that bypass all rule, enter your IP address, which you can obtain from http://www.whatismyip.com 
  3. Under Firewall Options > Advanced Firewall Options > Brute Force Protection, the default values are quite gentle to hackers. Better to set them to the following values:
    1. Lock out after how many login failures: 3
    2. Lock out after how many forgot password attempts: 3
    3. Count failures over what time period: 5 minutes
    4. Amount of time a user is locked out: 2 months
    5. Check “Immediately lock out invalid usernames”
    6. Choose Save Changes @ top right

You’re now ready to enjoy the protection of a firewall and virus scanner.

Let’s use the Wordfence Scan for the first time:

  1. Go to WordPress Dashboard > Wordfence > Scan
  2. Choose Start New Scan
  3. Wait 24 hours and return to this page to find the recommended actions.
Chapter 4: responding to WordPress updates
How do I know updates are available?

Login to your WordPress admin section, and look for a number at the top of the screen, highlighted in green below:

Click either button, to be taken to the WordPress Updates page

In the case above, there is an update to the plugin “Gravity Forms”.

I select the box to the left of Gravity Forms, and click Update Plugins.

The following screen will load:

If there is still an indication that further updates are available, click “Return to WordPress Updates page”, and follow the prompts to update any further themes, plugins, or updates to the WordPress core software.

 

Chapter 5: what to do when something goes wrong

If you find that during or after an update, you can’t can’t regain access to the WordPress dashboard, normally you’ll receive a 500 internal server error message.

If this is the case;

  1. open a new tab in your web browser (Windows: CTRL + T, Mac: CMD + T), and open and login to your web hosting control panel.
  2. Inside your control panel, find the File Manager.
  3. Inside File Manager, find /public_html/ (for cPanel) or httpdocs/ (for Plesk).
  4. Inside this file, find wp-config.php, and right-click > Edit (for cPanel), or click it (Plesk) to edit the file.
  5. Find the line:
    define(‘WP_DEBUG’, false);
    and replace it with
    define(‘WP_DEBUG’, true);
    define(‘WP_DEBUG_LOG’, true);
    define(‘WP_DEBUG_DISPLAY’, true);
  6. Now save the file.
  7. Now reload your WordPress dashboard or home page – whichever one produced the 500 internal server error. There should be a detailed error message displayed now.
  8. Copy this error message and paste it into Google and search.
  9. The search results will hopefully describe the solution you can follow.
Chapter 6: disaster recovery

If you find you cannot fix the error yourself, you have some options:

  1. Post a question to the WordPress support forums: https://wordpress.org/support/forums/
  2. Send a support request to your web hosting provider.
  3. If your web hosting provider cannot help, your last bet is to upload your backup to your web hosting space, and ask your web hosting provider to restore the backup for you.
  4. When you upload the backup, don’t upload it to /public_html/ or /httpdocs/, upload it to a folder outside of those folders, like Backup, below:

If you’d prefer not to worry about the work required to maintain your website, I have some good news:

I’d love to maintain your WordPress website for you.

N

Web Development Services

We specialise in custom WordPress and WooCommerce development and have been working with these products for over 15 years. Our developers are highly trained in the art of WordPress and WooCommerce.
N

Australian WordPress Hosting

WordPressEngineer provides the fastest and most reliable web hosting in Australia. We optimise our servers to provide lightning fast speeds. We guarantee that we will never overload our servers.
N

WordPress Support Services

Our WordPress support and maintenance plans ensure that your website is up to date, secure and optimised for performance. Our packages include updates, backups, security and developer support.
N

Search Engine Optimisation

WordPressEngineer is one of Australia’s leading and most trusted SEO companies. We provide results driven SEO services, SEM, as well as Social Media Marketing. Get your website noticed. Our results speak for themselves.

We provide Business Grade Web hosting, Web Development, WordPress Support and Maintenance services and Search Engine Optimisation (SEO) to customers from all over Australia. No business is too large or too small, we take the time to understand your business requirements and can tailor a solution to fit.

By allowing us to manage your website from end to end, you get a seamless experience.

Request a Quote / WordPress Contact

Fill out the following form to receive a quote within 24 hours: