WordPress website maintenance packages by a WordPress developer based in Perth providing WordPress help & support in Australia.

We start with your web hosting control panel first because it is the easiest way to make a backup of your website before making any changes to your WordPress website.

Your website lives on a web server controlled by a web hosting company.

Your web hosting company will have an account for your website.

This web hosting account might be 

• controlled by the web designer who built your website for you, 
• your web designer may have handed you your web hosting account details to you, 
• or you may not know who owns your web hosting account, which is a serious concern, and you should start investigating the trail back to when your website was built.

1. If you do have your web hosting account details you’re sweet.
2. If you don’t have them, and you want to take control of your website maintenance to save paying money to your web designer/developer, ask them for the account details.
3. If you can’t track down the web hosting account details, see if you can follow the invoice trail.
4. If you can’t get hold of your web hosting account details at all, skip to Chapter 3.

Your web hosting control panel will usually be running one of the following control panel software:

• cPanel (running on a Linux web server)
• Plesk (running on a Windows webserver)

To find out if your website is running cPanel, go to your website’s address bar, and then edit the address to add /cpanel on the end, e.g. www.example.com/cpanel where www.example.com is your website home page.

If this address loads a login page, sweet, you know your website control panel is cPanel.

To find out if your website is running Plesk, go to https://www.example.com:8443 where www.example.com is your website’s home page. If that loads a login page, you know your website control panel is Plesk.

Once you know your website hosting control panel, login to it.

To create a full backup of your web site by using cPanel, follow these steps:

1. In the FILES section of the cPanel home screen, click Backup:
2. Under Full Backup, click Download a Full Account Backup.
3. Under Generate a Full Backup, in the Backup Destination list box, select where you want to save the backup file.
4. You can save the backup file in your home directory, or you can transfer the backup file to another site by using FTP or SCP. If you use FTP or SCP, you must type the remote server, remote username, and remote password.
5. If you do not want to receive an e-mail message when the backup is complete, click Do not send email notification of backup completion.
6. Click Generate Backup. cPanel creates the backup.
7. If you have created a full backup of your web site, you can download the backup file.
8. In the FILES section of the cPanel home screen, click Backup:
9. In the Files section of the cPanel home screen, click Backups.
10. Under Full Backup, click Download a Full Account Backup.
11. Under Backups Available for Download, click the file that you want to download.

To create a full backup of your web site by using Plesk, follow these steps:

1. In the left sidebar, click Websites & Domains:
2. In the right sidebar, click Backup Manager.
3. On the Backup Manager page, click Back Up.
4. Under Backup content, in the Backup section, select what you want to include in the backup.
5. In the Type section, select whether you want a full backup or incremental backup.
6. If you’ve never backed up before, click Full Backup.
7. Under Backup settings, customize the backup settings 
8. Click OK. Plesk starts the backup immediately.

Plesk scheduled backups.

The previous procedure demonstrates how to run an immediate backup. You can also schedule backups to run at predefined intervals in the future. To do this, follow these steps:

1. Log in to Plesk.
2. In the left sidebar, click Websites & Domains:
3. Plesk – Sidebar – Websites and Domains
4. In the right sidebar, click Backup Manager.
5. On the Backup Manager page, click Schedule.
6. On the Scheduled Backup Settings page, under Schedule, select when you want the backup to run.
7. Select the type of backup, and for how long you want to keep the backup files.
8. Under Backup settings, customize the backup settings that you want to use.
9. Click OK. Plesk configures the scheduled backup.

We mention website security first before performing any website maintenance because it ensures there are no bugs or viruses in your website, and the security plugin I’m about to mention will remind you when there are WordPress updates to make, and also warn you if any action is required to further improve your website security, which is very handy.

Without protection, your WordPress website can become vulnerable to being hacked by malicious users. Vulnerabilities exist because WordPress themes or plugins are not well-maintained, and hackers will attempt to login to your dashboard using software which tries all combinations of passwords and usernames.

The solution is to install a well-rounded WordPress plugin called Wordfence.

Wordfence includes a firewall and virus scanner for your website, and prompts you with easy actions to make your website more secure.

To install Wordfence, go to your WordPress dashboard (www.example.com/wp-admin/) where www.example.com is your own domain name, login, and then go to Plugins (in the left hand sidebar) > Add New.

If you don’t see Plugins in the left-hand sidebar, it’s because your user account does not have administration rights. If this is the case, you’ll need to contact the web designer who built your website and ask them for administrator rights.

Once you’ve installed Wordfence;

1. Enter your email address where it says “Please tell us where Wordfence should send you security alerts for your website:”
2. Decide if you’d like to receive the Wordfence email newsletter, which I recommend.
3. Check the terms and conditions checkbox.
4. Where it asks to “Enter Premium License Key”, select “No Thanks” to select the Free plan
5. Click on Dashboard @ top left of the screen.
6. Where it says “Do you want Wordfence to stay up-to-date automatically?”, select “Yes, enable auto-update.”
7. Where it says “To make your site as secure as possible, take a moment to optimize the Wordfence Web Application Firewall:”, select “Click here to configure”.
8. There should be a button that says “Download .htaccess”. Click this to download the .htaccess file. You’ll need to upload this file through your web hosting control panel if the site breaks during this configuration process. [insert link to how to post]
9. Click Continue.
10. Hopefully you will see a message that says “Nice work! The firewall is now optimized.”
11. If you see a another message follow the prompts. If you have problems, see https://www.wordfence.com/help/firewall/optimizing-the-firewall/

We’ll now need to configure the Firewall to stop thugs from entering our website:

1. In the WordPress dashboard, select Wordfence > All Options
2. Under Firewall Options > Advanced Firewall Options > Whitelisted IP addresses that bypass all rule, enter your IP address, which you can obtain from http://www.whatismyip.com 
3. Under Firewall Options > Advanced Firewall Options > Brute Force Protection, the default values are quite gentle to hackers. Better to set them to the following values:
   1. Lock out after how many login failures: 3
   2. Lock out after how many forgot password attempts: 3
   3. Count failures over what time period: 5 minutes
   4. Amount of time a user is locked out: 2 months
   5. Check “Immediately lock out invalid usernames”
   6. Choose Save Changes @ top right

You’re now ready to enjoy the protection of a firewall and virus scanner.

Let’s use the Wordfence Scan for the first time:

1. Go to WordPress Dashboard > Wordfence > Scan
2. Choose Start New Scan
3. Wait 24 hours and return to this page to find the recommended actions.

How do I know updates are available?

Login to your WordPress admin section, and look for a number at the top of the screen, highlighted in green below:

Click either button, to be taken to the WordPress Updates page

In the case above, there is an update to the plugin “Gravity Forms”.

I select the box to the left of Gravity Forms, and click Update Plugins.

The following screen will load:

If there is still an indication that further updates are available, click “Return to WordPress Updates page”, and follow the prompts to update any further themes, plugins, or updates to the WordPress core software.

If you find that during or after an update, you can’t can’t regain access to the WordPress dashboard, normally you’ll receive a 500 internal server error message.

If this is the case;

1. open a new tab in your web browser (Windows: CTRL + T, Mac: CMD + T), and open and login to your web hosting control panel.
2. Inside your control panel, find the File Manager.
3. Inside File Manager, find /public_html/ (for cPanel) or httpdocs/ (for Plesk).
4. Inside this file, find wp-config.php, and right-click > Edit (for cPanel), or click it (Plesk) to edit the file.
5. Find the line:
   define(‘WP_DEBUG’, false);
   and replace it with
   define(‘WP_DEBUG’, true);
   define(‘WP_DEBUG_LOG’, true);
   define(‘WP_DEBUG_DISPLAY’, true);
6. Now save the file.
7. Now reload your WordPress dashboard or home page – whichever one produced the 500 internal server error. There should be a detailed error message displayed now.
8. Copy this error message and paste it into Google and search.
9. The search results will hopefully describe the solution you can follow.

If you find you cannot fix the error yourself, you have some options:

1. Post a question to the WordPress support forums: https://wordpress.org/support/forums/
2. Send a support request to your web hosting provider.
3. If your web hosting provider cannot help, your last bet is to upload your backup to your web hosting space, and ask your web hosting provider to restore the backup for you.
4. When you upload the backup, don’t upload it to /public_html/ or /httpdocs/, upload it to a folder outside of those folders, like Backup, below: