How To Prevent Your WordPress Site From Crashing
Everyone who uses self-hosted WordPress has experienced a crash at one time or another.
Disclaimer: I do not endorse cowboy/cowgirl coding, as all updates/changes should be made by a professional Web Developer, on a local website copy before deploying to the production server. This is the only way to ensure there are no conflicts. That being said, we are all guilty of making changes on the live site, so if you are about that life, consider the points I’ve outlined below to minimize risk.
It’s a sunny beautiful Tuesday morning, you login to your WP dashboard, and see that there are a few plugins to be updated (or even a shiny new version of WordPress itself). You take the first few sips of your Folgers, and confidently click the “update now” link. If you’re anything like me, there’s an instant gratification that comes along with seeing that everything is up-to-date and all of those pesky red backgrounds behind the plugin descriptions are gone. You breathe a sigh of relief, all is right with the world.
You’ve now navigated to the home page of your site, only to discover that nothing is there. Oh shit. We spoke too soon.
You see grey clouds come rolling in on the horizon, and thunder in the distance. The air is thick. Panic starts to set in. You have the dreaded WSOD (White Screen Of Death).
Sound familiar? Well, there’s no way to prevent accidents from happening altogether, but you can definitely reduce their chances of happening.
Here’s a few ways that can help prevent a WordPress catastrophe
This is where WordPress site owners often go rogue. You’ve found a plugin that “says” it does exactly what you need, and you trust the source because, if it’s in the WordPress repo, it must be good right? Not necessarily. At the time this article was written there was 46,379 plugins in the repo. That’s too many to monitor everyday for quality assurance, and adherence to the required standards. There’s never a fool proof way to know that a plugin will integrate seamlessly with your site, especially if you are using a commercial theme (as they often contain more potentially disruptive scripts than their leaner custom counterparts). However, there a few things to keep in mind when taking the chance on a new plugin. For this example, I’m going to use Contact Form 7 as the example, because it’s probably one of the most ubiquitous plugins out there.
- Before updating/downloading, go to the plugin page and check the Ratings. This is not the defining measure of whether a plugin is good or not (spoiler alert: there isn’t one, but rather a combination of many), however, it is a good place to start. You’re looking for rating patterns rather than absolute numbers. It’s okay that there are a few “1 star” reviews, but you are looking for a “top heavy” pattern of reviews. What I mean is, lots of 4’s and 5’s, very little 2’s and 3’s, and 1’s that are in a very small number in proportion to 4’s and 5's. While you’re here, check out the reviews to find some known issues. Keep in mind, any popular plugin will have bad reviews. Ignore the useless ones, but keep an eye open for know issues with other plugins, and with your current version of WordPress.
- Check compatibility with current versions of WordPress. This is useful both in the circumstances of downloading a new plugin, or updating a current one. Check your working version of WordPress, and cross-reference it here. You are also looking for the plugin to have been updated within a reasonable amount of time (this will give clues as to whether it has been abandoned, or is still being supported), ideally within the last couple months. If a plugin hasn’t been touched in over 2 years, run.
- Still unsure of compatibility? There’s a handy plugin/WP version matcher on the right column of the plugin page if you scroll down. Select the WP Version, and the Plugin Version, and you’ll get your answer there. This isn’t fool proof, but is the best current indication of potential conflicts.
- Finally, if there’s a bug in the Plugin, report it to the Developer! Developers in the open-source community are happy to hear feedback on their product, and chances are, if there’s a conflict for you, there’s a conflict for someone else also.
As users of this open source (aka FREE) software, we have an obligation to pay it forward, and optimize the experience for those who follow us.
Updating WordPress on x.x.1 cycles
The curse of the early-adopter is getting the first version of everything. The great news is, they are usually cutting edge and ahead of the curve. The downfall is that this is often the version that is used to work out any bugs in production. For this reason, I would personally recommend updating on x.x.1 releases, instead of x.0 or x.x releases. Although, before updating WordPress at all, be sure to check the changelog to see what the update directly affects. This will be the biggest indication of compatibility, and possible errors. If you want to dive deeper into how versions are mapped out and numbered, you can check out the Semantic Versioning article on Sitepoint. Note: Security updates should be done immediately.
Precautions against malicious attacks
Note: Security is a HUGE topic all on it’s own, so I’ll touch on some basics, but this list is in no way comprehensive to a complete security protocol.
There is no real way to avoid hacking altogether, but there are effective simple measures you can take to prevent hacking
- Choose a secure password, and don’t let any other users on the site have a weak password either. WordPress has recently built in this feature to boost security. This is the first line of defence against hacking. There are great password managers now available for creating and holding complex passwords for your site. LastPass and 1Password are the front runners in this space.
- Have an SSL Certificate on the site. In an effort to make the entire web a more secure place to be, Let’s Encrypt has started a campaign for free SSL certificates. Your host likely sells them as well. This is something you will definitely need a developer for, although some hosts install it for free depending on your plan.
- Theme Selection: As far as themes go, it’s a jungle out there, or rather… a forest. Searching for themes to use on your site can be exciting, and overwhelming at the same time. However, it is important to consider the source of the theme. Are you buying a theme that is no longer supported (ie: over 2 years old with no updates)? What is the track record of the theme’s author? The tricky thing about purchasing themes (as opposed to having them custom made), is that you have very little information until you actually purchase the theme itself. Themes are built for the masses, so there are often many additional scripts then what you need to run your site, and it would be nearly impossible to know if any of those scripts have conflicts with certain plugins, until they do. As far as themes go, I prefer custom, but if you’re going to shop around, don’t be afraid to email the theme developer directly and ask about specific plugins, and known interactions. If anyone will know, they will.
Bonus: Security Resources
If your site has been hacked, Securi can help you out with that.
If something does go terribly wrong on your site, you’re going to want a host who has your back. For this reason, I would suggest managed WordPress hosting with full access to C-Panel (or similar), and database access (PHPMyAdmin). A good host will also offer built in backups, and staging servers (basically a test version of your site that lives on the same server, but on a private URL) to make changes on, before deploying to the live site.
There are a lot of host companies out there, and every developer is very opinionated about their likes and dislikes regarding hosting. A couple of my faves are Siteground, and WP Engine. They have a high rate of uptime (sites on them rarely go down), great customer service, and backups/caching included.
BACK UP YOUR SITE! I can’t drive this point home enough.
The price points are reasonable, and it will save you so many headaches if your site has crashed beyond repair. Many hosts (including the ones I listed above) have backup plans built in, but if your host doesn’t there are some great plugins out there. BackupBuddy and VaultPress are two of the most popular ones. I personally prefer VaultPress because it’s made by the makers of WordPress.
Bonus Points: Get a reliable developer.
Whether you’re stuck on the WSOD, or tempted to install the newest SEO plugin that ensures you’ll rank #1 in Google (PS: That’s not a thing), it will cost you less money to get it done right the first time, than an emergency repair session once everything falls apart.
This is worth repeating…
Paying a developer to maintain your site will cost you much less than getting them to fix your errors in an emergency situation.
In reference to opening disclaimer, there’s a gold standard on how to approach errors and potential conflicts in WordPress. That being said, sometimes you want to go rogue on your WordPress site. If so, consider these strategies to minimize risk, and ALWAYS backup your data.