Things change rapidly in the WordPress world. The content in this post is more than a year old and may no longer represent best practices.
We had a lively Q & A session and some slightly off-topic inquiries during our February 2018 meetup. Here are the links for the various things we talked about, in the order that I managed to remember them.
Keeping Track of Changes to Your Site Content
WordPress automatically creates and saves revisions of your posts and pages. You can also enable revisions on your custom post types using
add_post_type_support(). Too many revisions will bloat your database, so you’ll want to either limit revisions or clean them up periodically.
If you need to know not only what’s been changed but who changed it, WP Security Audit Log seems to be the plugin of choice. There is a free version available in the WordPress plugin repo.
It’s not a good idea to keep the database of a production site under version control with Git, because your .sql file will grow too huge to migrate. The Mergebot service from Delicious Brains (makers of WP Migrate DB Pro) works like version control for your database, and enables you to keep development and production databases in sync. It’s expensive, but if you’re building out a new version of a site that gets content added continually, it can be worth it.
It’s also important to back up your database frequently. (See the next section.)
Backups & Site Migration
Yes, good hosting companies (particularly the managed hosting companies) back up your site daily. But you still need your own offsite backups, just in case. Amazon S3 is an inexpensive place to store website backups. (It costs Sallie less than $1/month to store backups of dozens of sites.) It integrates with BackupBuddy, Updraft Plus, and many more plugins.
- UpdraftPlus (the pro is worth it if you do client work)
- BackupBuddy is great when it works, especially for migration, but it’s a resource hog. I’ve switched almost all my sites to UpdraftPlus
- BackWPUp is what Sonja uses.
- BlogVault is the service that WP Engine and some other managed hosting companies use to do their automated migrations. It does continuous backups.
- VaultPress also does continuous backups. It’s owned by Automattic and available through paid JetPack plans. You may see nags from JetPack to install it even if you are using another backup plugin or service, which is really annoying.
- ManageWP includes monthly backups in its free plan and a more flexible premium plan at $2/month/site.
Managing Multiple Websites
If you need to maintain and manage multiple websites (updates, security scans, etc), there are a number of services and also some plugins. The services are easier to use. I like ManageWP but have also used iThemes Sync. You get unlimited free sites on ManageWP, with optional paid add-ons like scheduled security scans and “safe updates.”
Sonja uses InfiniteWP, a solution that you install yourself on your own server. This is more work to set up than a hosted service, but it’s completely under your control. The plugin is free, but there are premium add-ons and an enterprise version for teams.
When you have multiple people publishing on a site, you need to establish an editorial workflow. Here’s a simple example: Person A writes a post. The workflow tool notifies Person B, who reviews the post and approves it for publication. Features of editorial workflow tools include content calendars, notification workflows, custom post statuses, and editorial comments.
Editorial Workflow Plugins
- For a long time, the major player in this market was Edit Flow, but development of that has been a bit sporadic. There are several more options.
- Oasis Workflow (fremium) was developed by someone who used to come to our meetup. Lisa LaMagna has used it. It can send reminders as well as notifications. The free version only allows you to create one workflow.
- PublishPress offers a suite of tools, including the EmbedPress plugin used on this site to display Google Slides. There’s a free version and several add-ons bundled into a package.
- Nelio Content combines social sharing automation with the editorial calendar. There’s a free version in the WordPress plugin repo. Pricing is significantly higher than either Oasis Workflow or PublishPress.
Someone asked about keeping up-to-date with current plugin vulnerabilities, and that led to a wider discussion about security.
For updates about vulnerabilities throughout the WordPress ecosystem, subscribe to the WPScan Vulnerability Database. You can also read the Wordfence blog, even if they do push their own product a lot.
Security is substantially your hosting company’s responsibility. There are a lot of possible avenues for attack that have nothing to do with WordPress. Good hosting companies offer good security. Before you choose a WordPress host, find out what they offer in the way of security–and what kind of reputation they have.
Don’t overlook the basics when seeking to make your WordPress site secure. Read “Hardening WordPress” in the Codex.
Services like Sucuri and SiteLock not only scan your site for malware, they’ll clean up any infections. Some managed hosting companies include Sucuri with their hosting accounts, or provide other security scanning. They’re now owned by GoDaddy, but it doesn’t seem to have hurt them or interfered with partnerships with other hosting companies.
Plugins like Wordfence (free and premium) and iThemes Security (free and pro) can be helpful in blocking brute force attacks and helping you to make sure you’ve done all the “Hardening WordPress” things.
If your admin email has been compromised, your site is vulnerable. Go to Have I Been Pwned? to find out. Then update your email passwords. (If you haven’t done that for a while, you might want to do it anyway.)
Use good passwords. With password apps like Dashlane and LastPass available, there’s just no excuse for using your pet’s name or your birthdate for your password.
Genesis Theme Framework
Bobby Ray asked what this Genesis thing was anyway. Genesis is a parent theme that’s also a theme framework: it contains additional functions, hooks, and filters to make child theme creation easy–once you learn how it works. Because you create child themes, you can safely update the parent theme/framework, and leave a lot of the heavy lifting to the StudioPress team.
Genesis is popular with developers because neither the framework nor the child themes bundle in bloated features. There’s a large and helpful community of developers, with lots of published tutorials. Also, when you buy a theme or a package (the developer package is a fantastic deal), you get it forever and don’t have to renew the license.
If you are already happy using another framework or starter theme, you should stick with that. But if you’re not happy, or you’re just starting to think about building custom themes, you should definitely check it out.
To learn more about the Genesis theme framework, read Genesis Explained by Nick Croft or take Carrie Dils’ Learning Genesis for WordPress course on Lynda.com.
Anca made a reference to the Underpants Gnomes and their 3-step profit plan in her presentation. The Underpants Gnomes originated on South Park, but their profit plan has become widely known, because it describes the way a lot of start-ups work.
Getting People to Tell Their Friends about WordPress
There are many social sharing plugins that you can use to encourage people to share your blog posts, products, etc. about your site. I like Scriptless Social Sharing because it’s lightweight and performant, but if you need something less basic, try Social Warfare (pro version $29/year) or MashShare, which has some nice add-ons and special displays for mobile devices.
There are also plugins that will automatically share your posts to your social networks. Jetpack’s Publicize module does this. If you don’t want to use Jetpack, try Social Networks Auto-Poster (SNAP).
All email newsletter services (like MailChimp) include a “forward to a friend” link with your newsletter.
If you want to encourage others to share your posts, and pre-schedule tweets and updates for them, take a look at GaggleAmp. It’s worked well for the For Immediate Release podcast, to increase their subscribers. (I’m part of that Gaggle, so you will see some of those posts in my Twitter and LinkedIn feeds.)
InviteBox lets you create contests where each share gets you an entry. So does Rafflecopter. These are meant to be specific campaigns, and of course you need something to give away.
If what you want to do is set up an affilate program so other people can sell your product, try AffilateWP. But be careful about how much you offer in affiliate bonuses: you could end up paying out more than you bring in if you aren’t careful.
“Membership” is a word with many meanings. Most WordPress plugins that call themselves “membership plugins” are really content restriction plugins. We’re going to have a meetup on memberships as soon as I can get a panel together.
Chris Lema has a whole collection of posts about membership plugins. You should read them. Chris has reviewed dozens of membership plugins over the years.
The two most popular membership plugins in the Genesis Slack Community are MemberPress and WooCommerce Memberships.
Pippin Williamson has put a lot of work into Restrict Content Pro lately.
If I’ve forgotten anything, let me know in the comments.
Judith Allen says
Thank you Sallie for the review. So specific, information-rich and helpful. Illness has prevented me from coming to the meet-up sessions; looking forward to returning now.
Sallie Goetsch says
I’m sadly familiar with the phenomenon of “illness prevents.” Hope to see you at a meetup soon.