• Skip to primary navigation
  • Skip to main content

Managed WordPress Security for Pennies a Day

Managed WordPress Security with Heart

MENUMENU
  • Why HackGuard.com? Why Choose HackGuard.com?
  • HackGuard.com WordPress Managed Services Rates WordPress Managed Services Rates
  • HackGuard.com Articles HackGuard Articles Library
    • Hack Guard Customer Testimonials
    • Why Should I Maintain My Own WordPress Website’s Backups?
    • About that “Weekly jQuery Migrate Status Update” email
    • How to Change a WordPress User from Subscriber to Administrator Role
    • WordPress 4.9.3 – Going into the tunnel and never coming out…
    • How Do I Migrate WordPress to a Different Domain Name?
    • Community Blogging: A Short Guide
    • WordPress Troubleshooting and How to Fix WordPress Errors
    • Is My Web Host Secure? Maybe not…
    • How to remove the subdirectory name from your WordPress website address
    • How can I improve the performance of my WordPress website?
    • How can I improve the performance of my WordPress blog (Part 2)
    • Protecting WordPress Against Brute Force Attacks
    • How do I reset my WordPress password?
    • How To Clear Cron Jobs in WordPress
    • xmlrpc.php and Pingbacks and Denial of Service Attacks, Oh My!
    • Free Website Monitoring Services, well, mostly free...
    • How to choose a secure web hosting company for a WordPress website
    • WordPress 404 Page Setup - Do You Have Five Minutes?
    • Can mod_pagespeed Improve Page Load Speed (external link)?
    • Yoast WordPress SEO Settings and Recommendations
    • Is Your Mom Missing Her BUMM?

Call (619) 479-6637

Why Should I Maintain My Own WordPress Website’s Backups?

WordPress Backup Locally or to the Cloud

Why Should I Maintain My Own WordPress Website’s Backups?

Thank you for asking. My name is Jim Walker. I’ve been managing website hosting and security for thousands of our businesses here at TVC.Net since 1997.

Some years back, I launched our HackRepair.com service, a reactive website security service for WordPress. I quickly found that nearly all of our new customers either did not have a web designer to help with ongoing security and maintenance or simply never considered the ongoing security requirements of WordPress. So HackGuard.com, our proactive security service, was born.

Through our HackGuard.com service, I learned some truths about hosting companies and their backup systems, especially in how backups are limited at various hosting companies.

I would go so far as to say that of nearly all of the websites I’ve worked on over the past decade, only a small fraction provided reliable backup options. In fact, most of the well-known web hosting companies do not back up their client’s accounts (at all), even though their hosting plans clearly state that “backups are included.”

The truth is that many web hosts deactivate backups entirely once a certain number of files have been created within the hosting account. This is often referred to as “inodes.” And once the customer exceeds the host’s inode limits, backups are suspended. Many web hosts skirt the ethics of this “promise” by offering paid backup options—which they often promote within the client’s hosting control panel. Sadly, because most clients rarely log in to their control panel, they never see that backups have been suspended due to exceeding the hosts’ inode limit. For this reason, many businesses are left with the mistaken belief that their accounts are being regularly backed up when in actuality, they are not.

This was one of the reasons I developed our HackGuard.com service. So many clients whose websites had been hacked were missing someone with expertise in maintaining WordPress websites as well as a working backup system. So developing a reliable service that covered maintenance, backups, and website security was a no-brainer.

When I started my HackGuard.com service, I tried a variety of backup options. Of the dozens of WordPress plugins tried over the course of a few years, I found only two met my service requirements, UpdraftPlus and WP Time Capsule. At the time, my service requirements included: displayed minimal self-advertising and promotion, provided responsive customer service, supported a variety of cloud backup options, and provided a high level of reliability.

Updraft Plus and WP Time Capsule

Having managed websites for over twenty years, I can say without a doubt that the biggest lesson I’ve learned in my time managing websites is a simple one: backup redundancy and security go hand in hand.

It’s for this reason that I believe every website should have at least two backup solutions in place: one system saving daily, weekly, and monthly backups offsite, and at least one yearly backup saved either offsite or on the client’s personal computer.

I could get into discussing the pros and cons of my most used backup plugins, but the details are beside the point. You can learn more about the pros and cons of each with a quick Google search. In short, it doesn’t matter which backup system you have in place. Having multiple backup systems regularly backing your website up to an offsite “cloud” backup service is key #1.

Of the cloud services I’ve tried for website backups over the years, both Amazon S3 and Google Drive have been very reliable. The biggest downside of Amazon S3 is cost. Once backups on Amazon S3 reach a terabyte, service fees may begin to exceed $100 a month, especially if you are doing frequent recovery of files. Alternate lower-cost cloud service options, like Wasabi, are available as well, which according to their website, is 80% less costly than AWS. As of this writing, I haven’t tested Wasabi enough to give a review on their service.

Amazon S3, Google Drive, Wasabi

Now, having covered the importance of backups, I would be remiss if I didn’t mention how backups may affect the performance of your website. On an overloaded or poorly tuned web server, backups may impact how a website loads during the moving of data from the web server to the cloud service. On the other hand, having maintained the backups of hundreds of websites on dozens of different web hosting companies’ servers over the past several years, I’ve found that the more experienced web hosts with well-tuned web servers have zero issues with clients running multiple backup systems simultaneously.

Sadly, many well-known hosting companies throttle their shared servers by severely limiting CPU cycles, number of processes allowed, and/or, memory. If you’ve worked on a website and seen a 503 error page appear, then you’ve likely experienced this first hand.

503 error page
This may have the undesirable effect of backups taking exceedingly longer to complete, which may then perceptively slow web page loading, as well as increase the likelihood of backup failure.

This often-reported backup plugin “problem” is nearly always related to how well a given hosting service has tuned its web servers. I know I’m repeating myself here, but I would like to reiterate once again that an overly restrictive hosting service may limit the ability of your backups to fully complete in a timely manner, resulting in backups failing unexpectedly. If a hosting company recommends against using backup plugins like UpdraftPlus, there is a high likelihood that you are using one of “those” overly restrictive hosting companies. Is this a red flag when choosing a quality hosting service company for your business? I think so.

Which leads me to a discussion on the next uber-important aspect of backup management: backup recovery. Once you’ve established a working offsite backup systems, repeatedly and periodically testing the recovery process is key #2.

With UpdraftPlus, a files-based backup solution, recovery is as simple as deciding what you wish to recover—be it a plugin, theme, or the entire account—and then clicking the “Next” button a few times until the process is completed. With WP Time Capsule, an incremental backup solution, you have the benefit of choosing restore points, and within those restore points, the specific files or database dates to restore. Irrespective of how the backup plugins work, periodically testing and becoming comfortable with the recovery process is as important a step as establishing the backup options for your website in the first place.

That said, website hosting or backup failures are inevitable. That’s why it’s imperative to have multiple backup options saving off-server. The cost to archive your website to a cloud service is minuscule compared to the physical and emotional cost of having to rebuild a website from an Internet archive or multi-year-old backup. Been there, done that, and it’s no fun at all!

In the worst case, when the web host’s server literally crashes and the data is lost, your cloud backup service decision may spell the difference between the same day recovery of your website’s files and database and a total and irretrievable loss of your content. Backing up your website to a cloud service is just smart business.

And while most of this discussion has been about the value of establishing an offsite backup system, you may ask, “What about my web host’s backups?” Great question, and not meaning to be flippant here, but as that guy in that movie, Donnie Brasco, said, “Forget about it.” Sure, your hosting company may offer backups as part of their service, though I would argue that for the fifteen or so minutes it takes to set up a backup system for your website to “the cloud,” why take the chance? Whether your web host has a backup available when you really need it is also beside the point. Take control of your destiny. Just make a backup.

 


Disclaimer:
This post was written by Jim Walker for informational purposes only, was not solicited, nor paid for respectively.

 

Filed Under: Call (619) 479-6637 Tagged With: cloud backups, local backups, off-site backups, updraftplus, website backups, WordPress backup, wp time capsule

Your Site is Experiencing a Technical Issue – Or Maybe Not…

Weekly jQuery Migrate Status Update
[ Click to View ]

One of the most common support requests I receive on a weekly basis have the subject “Your Site is Experiencing a Technical Issue”.

These not so helpful email messages were introduced in the release of WordPress 5.2.

While I’m sure the WordPress developers who added this feature thought it would be a great way to alert folks of downtime due to plugin or theme incompatibilitWhile a great step in alerting WordPress users of potential errors within their websiteI’m

The plugin, Enable jQuery Migrate Helper, was installed as a temporary solution, enabling the migration script for your site to give your plugin and theme authors some more time to update, and test their code.

Recently, this plugin has been sending “deprecated” email alerts to administrators as well.

The word “deprecated” simply means that some function within a plugin or theme no longer meets the latest WordPress coding standards.

Should you be concerned?
Answer: No, but maybe…

WordPress is evolving and in doing so, some older coding standards will be left behind, to be replaced by newer faster, more secure standards. If you have received a deprecated message, like the one below, the message is simply a reminder that older code may stop functioning someday in the future.

Since maintaining the latest updates is just smart business where WordPress is concerned, be sure to check what is described as deprecated within the email alert and update that if possible.

In the example notice above, you’ll see that the alert relates to the “Dandelion” theme. Once the client updated his theme the error reports ended—the Enable jQuery Migrate Helper plugin was no longer required and then deleted.

If you wish to stop your website from sending these messages you could try deleting the Enable jQuery Migrate Helper plugin. If your website functions without the plugin, you should be fine for a while.

If your website appears broken after disabling the plugin, just add the Enable jQuery Migrate Helper plugin back to fix the issue.

Enjoy!

Filed Under: Call (619) 479-6637 Tagged With: Enable jQuery Migrate Helper, jquery-migrate, wordpress updates

About that “Weekly jQuery Migrate Status Update” email

Weekly jQuery Migrate Status Update
[ Click to View ]

We’ve received a good number of support requests about the “Weekly jQuery Migrate Status Update” emails from WordPress this past year.

These mailers are a new feature of the “Enable jQuery Migrate Helper” plugin.

With the update to WordPress 5.5, a migration tool known as jquery-migrate was disabled by default. This disabling of that function may lead to lacking functionality or unexpected behavior in some themes or plugins that run older code.

The plugin, Enable jQuery Migrate Helper, was installed as a temporary solution, enabling the migration script for your site to give your plugin and theme authors some more time to update, and test their code.

Recently, this plugin has been sending “deprecated” email alerts to administrators as well.

The word “deprecated” simply means that some function within a plugin or theme no longer meets the latest WordPress coding standards.

Should you be concerned?
Answer: No, but maybe…

WordPress is evolving and in doing so, some older coding standards will be left behind, to be replaced by newer faster, more secure standards. If you have received a deprecated message, like the one below, the message is simply a reminder that older code may stop functioning someday in the future.

Since maintaining the latest updates is just smart business where WordPress is concerned, be sure to check what is described as deprecated within the email alert and update that if possible.

In the example notice above, you’ll see that the alert relates to the “Dandelion” theme. Once the client updated his theme the error reports ended—the Enable jQuery Migrate Helper plugin was no longer required and then deleted.

If you wish to stop your website from sending these messages you could try deleting the Enable jQuery Migrate Helper plugin. If your website functions without the plugin, you should be fine for a while.

If your website appears broken after disabling the plugin, just add the Enable jQuery Migrate Helper plugin back to fix the issue.

Enjoy!

Filed Under: Call (619) 479-6637 Tagged With: Enable jQuery Migrate Helper, jquery-migrate, wordpress updates

How to Change a WordPress User from Subscriber to Administrator Role

A rare situation, but in those rare instances when your website has been hacked and your WordPress user account has been changed from the role of Administrator to something else entirely, it may be easiest to simply change your WordPress user account back to Administrator using phpMyAdmin.

To change your WordPress user account from Subscriber to Administrator, first log into your cPanel. Then click the “phpMyAdmin” button.

cPanel phpMyadmin

 

You’ll see your list of installed databases at left.

phpMyAdmin List of Databases

 

If you are not sure which database your WordPress installation is using, then use your cPanel -> “File Manger” to “Edit” the contents of your WordPress configuration file, wp-config.php file.

WordPress wp-config.php Databae Name (DB_NAME)

 

Back to phpMyAdmin. Click your database and scroll down until you find the ‘usermeta‘ table.

WordPress Database Usermeta Table

 

My goal here is to change the user lmadmin1 from Subscriber to Administrator.

Wordpress Users List Subscriber example

 

Doing so is fairly easy.
After clicking the ‘usermeta‘ table, all I need to do is scroll down within the table until lmadmin1 appears in the list.

 

Ten or so lines below the user lmadmin1, is the line ‘user_level‘

WordPress Database User Level and Capabilities

 

To switch my lmadmin1 user from the role of Subscriber to Administrator, I have to do two things:

  1. Change the value from 0 to 10 on the ‘user_level‘ line
  2. Replace the ‘capabilities‘ meta_key value text with ‘a:1:{s:13:"administrator";s:1:"1";}‘

 

The moment I type or paste in the text and hit the enter key I should be able to jump back into WordPress and log in with full Administrator privileges.

Changing WordPress Subscriber to Administrator within the database using phpMyadmin

 

It’s really that easy!

Wordpress Users List Administrator example

 

 

 

 

Filed Under: Call (619) 479-6637 Tagged With: cPanel, phpMyAdmin, WordPress change user role, WordPress security, WordPress user role

About the HackGuard.com WordPress Updates and Security Service

What Can A Fella Do For $5ish a Month?” (or $12.95 without a bulk discount)

I’m asked this question often enough that I feel the need to write a post I could link back to on the topic of, “What can you do for $5ish a month?”

Well, quite a lot actually:

– Prevent hackers from hacking your website (or fix it quickly if they do).
– Monitor your website and help fix basic errors fast (often within an hour if they occur).
– Update your plugins for you and keep your WordPress installation up to date (checked many times a week).
– Manage daily backups of your website either locally or to a 3rd party service.
– Answer your questions by phone or email pretty much 24/7/365.
– And a great deal more, all for the price of a few cups of coffee per month—seriously!

So what’s the catch?

Well, there is no catch. You may cancel at any time, and we’ll do our best to meet all of your update needs with a smile.

What HackGuard.com does not do?

Well, at 15 to 40ish cents a day we have a few reasonable limits.

We can’t do web design for you at 15 to 40ish cents a day. And for this reason, we will not be able to update your WordPress themes, WooCommerce plugins, other eCommerce-related plugins, or premium plugins like WPBakery Visual Composer, Revolution Slider, or other “paid” plugins (unless you have set up an auto-update option respectively).

Suffice it to say, if there’s a chance we could destroy your website’s appearance or layout–we won’t. Those design level tasks are best managed by an experienced web designer.

Why can’t HackGuard.com update my premium plugins?

Most premium plugins are pay-to-play plugins, meaning that updates often require login access to the plugin developer’s website, and some require payment to update.

That said, we are considering a 2nd tier of service to support premium plugins. For now, we’ll need your help in updating your commercial or premium type plugins as updates become available.

If you have any further questions, please feel free to call anytime, (619) 479-6637

Filed Under: Call (619) 479-6637 Tagged With: hackguard service, WordPress security, wordpress updates

WordPress 4.9.3 – Going into the tunnel and never coming out…

Going into the WordPress 4.9.3 version tunnel

In case you hadn’t heard, in early February 2018, WordPress did a double release of versions, from version 4.9.2 to 4.9.3, then 4.9.4 in a matter of two days.

For some WordPress websites, this led to a collision of versions, the end result being it broke the auto-update mechanism, leaving potentially millions of websites stuck on WordPress version 4.9.3; unable to auto-update to version 4.9.4.

WordPress auto-updates is an important built-in security feature.

Automated auto-updates help to protect your website against known vulnerabilities. Without a functioning auto-updates mechanism in place, a periodic visual review and update of your WordPress installations become even more important.

Below is a real-world example of the WordPress auto-update process failing on a client’s account.

As of February 9th, 2018, I found that 75% of a single client’s 150ish WordPress installations were apparently stranded on the WordPress version 4.9.3 train, with apparently no sign of ever coming out the other side (as 4.9.4).

The solution for this WordPress auto-updates problem?

Review and update your version of WordPress to 4.9.4 as soon as you are able.

 

How do I update WordPress?

Log into your WordPress, hover over the top left menu item, “Dashboard, click “Updates“, then “Update now.”

Alternately, for a small fee, I can help you update your version of WordPress safely.

I likewise provide a human managed WordPress service plan in case you are in need of ongoing WordPress updates and security management.

 

Happy Updating!

Jim

Filed Under: Call (619) 479-6637 Tagged With: auto-update, managed wordpress, wordpress 4.9.3, wordpress updates

  • Go to page 1
  • Go to page 2
  • Go to page 3
  • Go to page 4
  • Go to Next Page »
Proactive WordPress Security Management for Pennies a Day™

© Copyright 2019 HackGuard.com™, HackRepair.com™,
The Hack Repair Guy™, Hack Repair Guy™
Copyright and Trademark Statement | Privacy Policy

Call HackRepair.com for website security help, (619) 479-6637.
Content Approved By Jim Walker, The Hack Repair Guy