Disaster Planning

What to do when your website crashes or gets hacked? This guide will help you get ready so you can handle these issues.

Hosting

You host is the first port of call for any emergency, so make sure you have one that you trust.

  1. Ensure you have all the contact details for your hosting and their support. Understand how to contact them if something goes wrong.
  2. Ensure your hosting plan includes the support you require. Will they be available 24hours? If your host does not supply the level of support you require, we recommend changing hosts.
  3. Ensure they have the ability to roll back to a previous backup (and that they have adequate backup systems)
  4. Understand all the costs that they may charge to provide this service

Backups

Sometimes things go wrong. Sometimes they go seriously wrong. If you need to restore your site, you will need recent backups. Make sure you have multiple and recent backups in multiple places that you can easily access.

The more backups, the better. If you do not have good backups in an emergency, you may LOSE EVERYTHING and nobody will be able to help you. This is not back luck, rather bad planning on your part.

  1. Ensure you have you own independent backups from your host. Your host’s backups will be useless if your host gets hacked and your backups are deleted along with your site.
  2. Within WordPress, we use BackupBuddy to allow us to download backups and send backups to AWS.
  3. Our host provides regular snapshots of our hosting via our cpanel. This allows us to rollback to various backups without contacting the host

Maintenance

WordPress needs to be regularly updated to keep It secure. This is the most important task in preventing your site being hacked

  1. Firstly backup in case something goes wrong
  2. Update WordPress by going to your WordPress dashboard and clicking on “updates”
  3. Update WordPress core and plugins. If you have a customised theme speak to us before upgrading it. Otherwise keep themes upgraded too.
  4. Update regularly. Weekly if possible. Don’t leave it longer than a month (you will get hacked)
  5. Update during an offpeak time (and not the morning before a big media push) in case anything goes wrong

If you cannot be trusted to do these updates, pay me to do it or use a host that does WordPress maintenance for you such as wpengine.

Basic Security

Don’t invite the hackers in with an open door.

  1. Use strong passwords. Force everyone with access to your site to also use strong passwords
  2. Better still, use a password manager and use extra strong passwords
  3. Install one of the many WordPress security plugins

Emergency

If your website is down, broken  or hacked:

  1. Don’t freak out
  2. Contact your host and ask if there are issues with the hosting environment
  3. If the site has been hacked, ask them to roll back (a backup) to a version before the hack. If they dont have appropriate backups, send them your independent backup
  4. Login and upgrade WordPress, plugins and themes
  5. Change all the WordPress user passwords
  6. Send us the updated password
  7. If problems persist contact Dvize. Please note we do not offer emergency support and need to schedule work no matter how urgent. Of course we will prioritise your situation and help you out when we are available. It is possible that when you need help, we may be out in the bush somewhere and unable to help quickly.  If you think you may require emergency WordPress support in the future, we recommend finding a WordPress supplier that is setup to provide this service.
  8. If we establish that rollbacks have been unsuccessful in clearing the hack, you may request that we clean it up and resecure your site or you may consider using  Securi to clean your site

Monitoring

You may also want to setup up third party monitoring service to check up on your hosting. These services check your website and email or sms you if it goes down. A lot of hosts will not advise you if your site goes down for a short time so it is a good idea to keep an eye on their reliability.

Top 5 Website Uptime Monitoring Tools

Extras

  • Google webmaster tools can advise you if you have a hack and is required if google blacklists your site if you are infected. Also has a few SEO features
  • There are many steps you can take to further secure your WordPress. Google will help find them

Share the love

This summary represents a lot of our commercial process and IP. Please donate if you are using this in a commercial context. Proceeds go to supporting our community training and resources via Actionskills.

Licence

Creative Commons License

This page is licensed: Creative Commons Attribution 3.0 Unported.

Use and remix as you want but please credit the work to Dvize Creative and link back to this page: dvize.com/free