How Often Should You Update Your WordPress Website?

/in /by

Updating a WordPress website is a multi-faceted task. Content isn’t the only update necessary to keep your site running; security updates are equally important.

How and when you update your site matters, so here’s a look at several WordPress updates, why the updates are necessary, and how often you should perform them.

Content updates

WordPress content should be updated frequently, but the specifics should be based on your needs and visitor expectations. For example, existing content should be updated when you find an error, want to expand on or clarify your ideas, or when you’re using LSI to gain ranking in the search engines.

New content should be published regularly, but not so frequently that you can’t maintain your pace long-term. Avoid setting your visitors up to receive new content each week and then fizzling out at the end of four months.

Even when you’ve got enough content to publish weekly, you may want to cut back to twice a month until you’re certain you can maintain a faster pace.

Consider that people’s inboxes are flooded with marketing messages and many will unsubscribe from a list when just one email loses their interest. If you send out an email with mediocre content just to stay on schedule, you’ll lose subscribers. When you lose subscribers, you lose website visitors.

When updating your WordPress website with fresh content, follow these guidelines put together by QuickSprout to ensure your content meets search engine requirements for quality. For example, the guide notes that blogs ranging from 4-6k words typically do better in the search engines. The idea that longer content performs better is backed by research published by SerpIQ and other research companies.

The best way to create longer content is to look for ways to include more information that other sites have left out.

Basic security updates including plugins and themes

Security updates to your WordPress website should be performed on a rigorous schedule. There are a multitude of maintenance tasks you should perform weekly, monthly, and sometimes yearly.

Here’s a good basic security update routine to develop:

On a weekly basis:

  • Check automatically suggested updates. When you log into WordPress, you’ll be prompted to update plugins, your theme, and the WordPress core if new updates are available. Make sure to follow these automated update prompts to keep your site secure. Plugins and themes that aren’t updated end up being backdoors for hackers to exploit your site.

On a monthly basis:

  • Optimize your database. Did you know that each time you make an edit to a page or post, WordPress saves a revision history in the database? If you update content often, even just to add punctuation, your database grows each time you hit save. An unnecessarily large database will slow down your website and make it difficult for users to interact. A database full of unnecessary revisions will counteract your efforts to optimize performance.
  • Fix all 404 errors. 404 errors are created by renaming page and post URLs that have already been indexed by search engines or bookmarked by visitors. WordPress makes it easy to change your URLs, but doesn’t automatically forward people to the new URL. A redirect plugin will help you manage these changes as you make them. If you haven’t begun managing your 404 errors yet, check your logs to identify the 404 errors you can fix. For example, sometimes users create 404 errors by typing in the wrong address. You can’t change those errors. However, you’ll recognize the 404 errors that came from a URL change. Once you’ve fixed existing errors, stay on top of them and create redirects immediately after changing any URL.
  • Review logs. If anyone has been trying to gain access to your site via brute force, you’ll usually be able to tell from the security logs on your server. If you see anything suspicious, change all user passwords immediately.

On a yearly basis:

  • Research your plugins thoroughly. When was the last time the developer released an update? Has the plugin been abandoned? Research your plugins by browsing developer forums to see if there are any newly discovered security holes. If there’s a more recently developed plugin that is currently supported by the developer, make the switch. An abandoned plugin is an invitation to get hacked.

Updating authentication keys (salts)

 Authentication keys, also known as salt keys, should be changed at least once every few months. There’s no need to change them more frequently, with one exception, which will be discussed below.

Why changing your authentication salts matters

A 128-bit WordPress authentication cookie (AUTH_COOKIE) is used to maintain your login sessions. Unless you change your authentication keys (salts) or password, this cookie will keep you logged in until it expires. That’s great for you, but if a hacker gets ahold of your authentication cookie, they can gain access to your site without needing your password. Until you change your password or salts, a hacker could have access to your site for years.

Nearly every component in your authentication cookie is predictable to hackers. Using brute force to get this information is effortless and can be accomplished in a couple of weeks. Changing your salts will force all sessions to log out, and the cookie will become invalid. You can change salts manually or with a plugin called “Salt Shaker.”

Update your salts immediately if you used a one-click install app

If you’ve installed WordPress with a one-click application, you might not have any salts defined. That’s bad news. In the past, one-click installation programs (like Fantastico) used the same salts for each new WordPress installation, which is equally bad news. Today, many one-click installation programs omit salts completely, leaving your WordPress website even more vulnerable.

Changing passwords and usernames

Passwords don’t need to be changed as often as you think. The trick is to create strong passwords so you can change them less frequently. Changing your password once every three to four months is more than sufficient. However, if you suspect or are given notice of a data breach, you should change all passwords immediately.

If your administrator username is ‘admin,’ you should change it immediately. That makes it easier for hackers to get in. Since WordPress allows you to create a ‘nice name,’ consider making your administrator username as complex as a password. For example, ‘H8-e3$_47a’ looks like a password, but it would also make a strong admin username. Of course, don’t use the example in this article – create your own.

Server updates that affect your WordPress site

Depending on your web host, you may be required to manually update the version of PHP used by your account just to get started. A web host that sets the default PHP version too low is often the reason many WordPress users can’t get certain plugins to work. Unfortunately, this cause goes undiscovered by most users. You may also need to select an updated version of SQL (the language that runs your WordPress database). It’s not fair to the customer, but some hosting companies don’t set the proper defaults.

A reliable web host will perform all necessary server updates automatically and start you off with the right default settings. They’ll also provide backup and restore points, firewalls, load balancing, and disaster recovery services. At Skylands, we provide all this and more.

If your WordPress site isn’t working the way it should, or if you’re ready to make the switch to a more secure environment, contact Skylands today to find out how we can help.

 

Top WordPress Membership Plugins for 2019

/in , /by

Membership websites are an effective way to provide premium content to paid users while still providing value to newcomers. They’re also popular for running meetup groups, social networking sites, private coaching groups, educational platforms, and marketplace pages.

Regardless of your site’s content, hosting a membership website on WordPress is not difficult, and it’s affordable if you get the right membership plugin. Here are some of the best membership plugins to consider this year.

#1 UserPro

The top-selling WordPress membership plugin on Code Canyon is UserPro. Created by Deluxe Themes, a Code Canyon “Elite Author,” this plugin has more than 18k sales, and its 1.6k reviews give it a 4.5-star rating.

UserPro offers an array of useful and convenient features:

  • Seamless integration with Paypal, WooCommerce, BuddyPress, SVG Avatars, and MyCred
  • Email marketing integration with Campaign Monitor, MailChimp, AWeber, feedblitz, and Mailster
  • GDPR-compliant
  • Allows for custom fields on forms
  • User account verification
  • Profile layouts are aesthetically pleasing
  • Options for assigning badges and achievements to users
  • Searchable member list
  • Custom content restrictions
  • Functions as a social network; displays a timeline of posts similar to Facebook
  • Supports multi-language translation
  • Add-ons are available to add more functionality, such as a payment gateway, private messaging, media galleries, and live chat

This plugin is perfect for any kind of membership website, especially if you’re an entrepreneur who sells monthly digital content like webinars, recorded coaching sessions, and marketing courses.

Test drive the UserPro demo on Code Canyon and experience it for yourself.

#2 Ultimate Membership Pro

Ultimate Membership Pro is Code Canyon’s second-best-selling membership plugin for WordPress, with nearly 14k sold and 468 reviews for an overall 4.5-star rating.

Like UserPro, Ultimate Membership Pro is GDPR-compliant, but this plugin supplies 35 add-ons in the purchase price. It’s perfect for coaches, affiliates, and e-commerce sites that offer members-only deals.

Key features include:

  • Paid memberships with multiple payment levels; also allows free memberships
  • Content restriction for pages, categories, sections, images, and even navigation menus
  • Allows unlimited members and subscriptions
  • Multiple payment options include PayPal, Stripe, 2CheckOut, BrainTree, Authorize.Net, and Payza
  • Accepts offline payments through bank transfer
  • Users can log in through popular social networks like Facebook and Twitter
  • Restricts certain menu items to specific user groups
  • Offers discounts for paid memberships
  • Free trial for new users; you set the trial period
  • Verified accounts through email confirmation
  • Custom fields for forms
  • Integrates with 9 email marketing platforms

The features don’t end there. Head over to Code Canyon, check out the additional features and get access to the Membership Pro live demo.

#3 Private Content

As another GDPR-compliant membership plugin, Private Content protects specified content by member group, including pages, menus, categories, widgets, and comments. There’s even a lockdown mode that hides your entire website with one click.

This membership plugin boasts a few unique features. For example, it tracks what logged-in users do so you can use that information for targeted marketing campaigns.

It also provides users with a truly private sector of the site where they can post personal content that nobody else can see. This might come in handy for membership-based learning platforms where students need to take notes.

With Private Content, if you want to allow users to pay for subscriptions, you’ll need the Premium Plan add-on, which entails a monthly fee. However, the fee may be recovered when you generate enough paid memberships.

As with other plugins, the developer of Private Content offers add-ons. Other plugins will offer add-ons to enhance standard user features, but certain Private Content add-ons are more technical in nature.

For example, the Secure Links add-on generates a compact, anonymous, secure link for shared files. The original link will never be visible to anyone, so only users in the designated category will have access.

Another example is the User Data add-on, which equips you to create unlimited fields to record as much information from your members as you want. This add-on is great for collecting information you can use to segment participants for more targeted email marketing.

Private Content also possesses an extensively documented API with dozens of actions and filters for customization.

Private Content features:

  • Multi-language support on the front end and back end
  • Front-end elements are already translated into 23 languages
  • Automatic plugin updates
  • Great support; tickets are generally answered in less than 12 hours, 7 days a week
  • New features are added continually
  • Frequent updates quickly address bugs
  • Unlimited user levels
  • Google Analytics integration
  • Direct WordPress users bulk import
  • Content restriction systems based on user categories or custom definitions through the API
  • 1-click website lockdown
  • User self-deletion box

To learn more and launch the Private Content demo, check out Private Content on Code Canyon.

#4 WP Ultimo

WP Ultimo is a basic membership plugin that has standard features such as unlimited plans and add-ons to expand functionality. It stands apart from other membership plugins by offering some user-centric features:

  • Create trial memberships and coupons easily
  • Refund payments with one click
  • Users can select a template on signup or you can assign a template to each user group

WP Ultimo does have limitations, however. For instance, payment gateways are limited to Stripe and PayPal, though the developers have announced plans to add more gateways in the future.

Although it’s basic, this is perfect when you desire simplicity above all. Meetup groups, for example, don’t need the complexities in other plugins.

Additional plugins to test drive

Other WordPress membership plugins you might find useful are MemberPress, LearnDash, Restrict Content Pro, and S2Member. WPBeginner compares these plugins to break down the pros and cons, usability, and cost.

These plugins entail more limitations than the ones above, but are still worth looking into. You might not need a wide array of features if your requirements are fairly simple.

Your membership site doesn’t have to be expensive

You don’t have to pay tens of thousands of dollars to build a custom membership site from scratch. WordPress furnishes a strong foundation for developers to create plugins that do the job.

While you’re figuring out which plugin will power your membership site, don’t forget to test each demo thoroughly from the front and back end. Request an admin demo if one isn’t offered.

If you can’t test the back end, but you’re excited about the plugin, make the purchase only if you can stand to lose the cash. Most membership plugins cost between $20 and $40, so if you buy the wrong one, you’ll recover.

Remember to choose your membership plugin based on what you need, not how much it costs. Don’t assume a higher price means you’ll get more features.

Make a list of the features you absolutely need, and others you’re willing to compromise on. Ideally, you should only have to build your membership site once, so make sure you’ve got the best plugin for your objectives before the launch.

How To Make Moving To A New Webhost A Stress-Free Experience

/in , , , /by

Moving to a new web host, also known as ‘migrating,’ can be stressful regardless of how big your site is. The potential for lost or corrupt files is ever present. The bigger your site is, the harder it is to thoroughly test it before letting go of your old hosting account. You can’t hang on to your old account forever.

If you’ve never moved a website before, it’s important to know that a smooth migration requires more than transferring files. Careful planning is necessary to ensure the preservation of databases, backups, email accounts, cron jobs, and directory structures.

If all you have is a single directory with a few files, a quick transfer is all you need. When you have a large number of pages and databases to move, planning is essential.

To handle the intricacies of moving to a new host, here are some tips to make the process stress-free.

Back up your website – twice

It seems unlikely, but what would you do if your website backup contained corrupt files and you couldn’t get the originals because you already canceled your account? What if your .zip files are corrupt? What if your account is deleted in a power surge overnight? It happens more often than you think. That’s why we offer our customers disaster recovery services, but not every host does.

Backing up your website is essential regardless of how you’re migrating your site. For instance, you should backup your website even when your web host is using the cPanel to cPanel transfer.

Create a step-by-step written plan

Having a written plan with tasks you can check off is essential for a smooth website migration. There’s always a chance you’ll forget something, but you’re better off with a written list.

Rather than relying on a random checklist from the internet, take the time to write down, on paper, every step you need to take to complete your transfer. Your list should be a customized checklist. Internet checklists are an excellent place to start, so use them to your advantage but don’t rely on them as your only list.

For example, you might want to change your directory structure on the new server. You might want to wait until you’ve uploaded everything, or you may decide to manually create a new structure and upload files as you go. This process should be part of your step-by-step plan.

Your plan should include everything, even the small tasks like designating a “catch-all” for unrouted email.

Document the details

In addition to having a well-documented plan, you need to document your account details. Make sure to write down everything you need to recreate on your new server. For example, you’ll need to recreate all email addresses, cron jobs, and upload all databases. Databases can be especially tricky – document them thoroughly.

When you download all of your databases, you don’t automatically get a list of installation URLs. If you used one-click installation software in the beginning, you wouldn’t be able to identify your databases by name because you didn’t name them. You have to create a list for reference.

For instance, did you create multiple installations of WordPress? Unless you manually installed WordPress and chose a custom prefix, your databases will have the same prefix (wp_) followed by a number. This makes installations hard to tell apart.

To identify your WordPress databases, go into phpMyAdmin. Click on each database name in the list and navigate to the ‘options’ table. You’ll find the installation URL listed there.

For other automatically installed applications, you probably aren’t aware of the database prefix, either. You can find this information by using phpMyAdmin.

If you have more than one SQL database, document what domain and application each database belongs to, as well as the database usernames and passwords.

Check for cron jobs

Depending on the software you’ve installed, you might have cron jobs running that you didn’t create. Some applications automatically set up cron jobs and if you don’t replicate them in your new hosting environment, your website functionality will suffer.

Don’t update your nameservers too early

Update your nameservers only after verifying all files have been successfully transferred and you’ve set up all email accounts. Changing nameservers may make your email stop working temporarily, which means you won’t be able to request lost passwords if needed.

Without updated nameservers, you’ll need to rely on your new hosting account’s IP address to view your site. If you’re running WordPress, you might need to temporarily change the URL in your database to the IP address to navigate the site to verify it’s working. WordPress now uses relative URLs, so unless you change the URL in the database to your IP address, you can only navigate so far. Alternately, you can edit your HOSTS file to force your computer to look to the new server for the website.

Know your way around FTP/SFTP

You can edit virtually any file through SFTP, which comes in handy when you’re editing data through an admin panel and get locked out when you save your changes.

Practice using phpMyAdmin

As long as you have access to phpMyAdmin or something similar provided by your web host, you can change database names, usernames, passwords, and email addresses. This gives you guaranteed access to your site even if you lock yourself out of your content management system’s admin panel, which might happen during a migration.

For instance, say you’re using WordPress, and you’ve migrated all files and databases successfully. When you try to access your wp-admin page, you get a 404. Chances are, you haven’t changed the URL in the WordPress installation to point to the new domain. This needs to be changed in two places in the ‘options’ table. Normally, you’d change this while logged into your WordPress backend, but without access, you need to change it through phpMyAdmin.

Practice MySQL dumps and imports

If you’ve never transferred a database before, you’re in for a learning curve. Before transferring your actual website, install test software that uses a database and practice moving that over first. To learn how it’s done, follow this guide for migrating a SQL database between two servers.

Ask your new web host to initiate the transfer for you

Professional web hosts know how to transfer files and databases quickly and efficiently. If the process of migration seems too complicated, or the value of your site is too great to risk downtime or corruption, give it up to the pros.

Make sure your new host will meet your needs

Does your new host meet all of your needs? Would they customize a plan just for you? When you’re ready to experience web hosting at its best, contact Skylands Networks today for boutique website hosting services tailored to your specific business needs.

How To Implement WordPress Performance Optimization Effectively

/in , /by

Everybody talks about optimizing your website, but what does that actually mean?

Optimization – it’s not just about SEO

When you read the word “optimization,” you probably think of Search Engine Optimization. The term has been almost branded by SEOs over the years, but optimization isn’t just about getting better rankings – it’s about giving visitors an optimal experience.

Regardless of the type of website you manage, optimization is as vital as air, water, and food. Your website can’t survive without it. Studies show that if a website takes more than a couple seconds to load, they’ll bounce.

There are two main categories of optimization – performance, and security.

Performance optimization

The following optimizations are necessary for top performance:

1. Cache your dynamic content

WordPress serves content dynamically. To construct each page, there must be an interaction with the database to piece it all together. This slows down a website’s performance. However, you can use a plugin to cache dynamic content so that it’s delivered to visitors as static content. To learn more about caching and how to implement it, read The Ultimate Guide to WordPress Caching from wpmudev.com. At Skylands Networks, we employ the LiteSpeed cache which is specially optimized to work with the LiteSpeed webserver. This gives our users the fastest caching option available.

2. Use load balancing

When your site gets popular or receives an unexpected surge in traffic, load balancing ensures your site doesn’t crash. A load balancer uses an algorithm to distribute incoming traffic as evenly as possible to a pool of servers, ensuring that one resource isn’t overworked.

3. Keep all plugins updated

Plugins should be updated frequently. You’ll receive a notification in your admin panel when updates are available. However, you’ll want to be aware of plugins that have been abandoned. Abandoned plugins are a security vulnerability. If you don’t remember updating a plugin recently, check to see when the last update was issued. If it’s been more than a year, you may want to find another plugin.

In addition to keeping your plugins updated, it’s equally important to avoid using plugins unless absolutely necessary. Too many plugins will slow down your site.

4. Don’t host videos on your own server

While you can upload video files through the media interface, any video you host on your own server will slow down your website. Hosted solutions like YouTube and Vimeo automatically compress videos as they’re uploaded, and provide a stable user experience.

If you don’t like the way hosted video players look, paid solutions like Wistia allow you to customize your player for a nominal fee.

5. Optimize your database and delete older post versions

Each time you update and save a page or post, WordPress stores a new copy of your page or post in the database. If you constantly save your content after minor updates, you’re accumulating extra content in the database, which will slow down your site over time.

Optimize Database after Deleting Revisions is a plugin that automatically deletes old revisions either on a set schedule or with a single click. You can also define how many post revisions you’d like to keep, and it will delete the rest. This plugin has been around for many years and is regularly updated.

Optimizing security measures

WordPress has an unjust reputation as being insecure. WordPress as a platform is secure, provided website owners manage it properly. The problem is, many website owners aren’t professional developers and therefore don’t fully understand security. They make innocent mistakes out of ignorance, and end up paying the price.

One-click installation tools don’t create a secure installation

If you build your WordPress website with a one-click installation tool, your site is at serious risk of being hacked and infected with malware that runs SQL injection scripts that are used in phishing scams. This is a serious problem because even the best password can’t protect you – hackers don’t always need your password.

Hackers can exploit weaknesses in the installation itself, or through plugins that are either insecure or haven’t been updated in a long time. Additionally, WordPress passwords are simply salted MD5 hashes, which is incredibly easy to hack with certain programs. Someone doesn’t even need to be a hacker to use these programs.

Change your authentication keys and salts

If you used a one-click installation tool inside of cPanel to install WordPress, chances are, your installation doesn’t have any authentication keys or salts. Years ago, the one-click installation program called Fantastico defined these cryptographic elements in every new WordPress installation. They weren’t unique, but at least they existed.

Today, the standard one-click installation tool in cPanel leaves your installation without any authentication keys, and you don’t get a notice about it, either. These installation tools provide the instant gratification of having a functioning website in minutes at the expense of your site’s security.

While it’s best to have your WordPress website professionally installed, if you’re willing to do a little bit of work, you don’t need to. However, you do need to have a basic understanding of how to use FTP or access your files within your file manager. If you’re not used to editing code, it’s best to use the file manager so you don’t accidentally open it in a word processor.

To set your authentication keys, navigate to the directory where you installed WordPress. Find the file named “wp-config.php” and open it in your file manager, preferably using the “code” view. Scroll down a little and see if the file contains the 8 lines of code shown in the first screenshot of this CodeSeekah article. The first line defines “AUTH_KEY” and the last defines “NONCE_SALT.”

If these 8 lines of code are absent, you’ll need to generate this code from WordPress directly. Each time you refresh the page, new keys will be generated. Copy and paste the generated code into the wp-config.php file exactly in the place it appears in the screenshot on CodeSeekah and save your file. If your config file already has these lines of code, replace them with the new code.

Optimizing your WordPress website requires patience

Website optimization isn’t just about speed, it’s about user experience. Setting a foundation of security and speed is only the first step. Building a solid foundation makes it easier to deliver the intended experience to your visitors. Everyone experiences breakdowns, but with an optimized foundation, you won’t be constantly running around putting out fires that could have been prevented.