Choosing the right colours for your website is important – the right colour scheme can instantly communicate what the website is about – and getting it wrong can leave a negative experience for the users.
But with so many choices and complexity – actually choosing the colours can be painstaking and tedious.
Fortunately there are websites deciated to helping you select colours – from individual colours to complicated pallets.
Backups are without a doubt an important way to safeguard a website from damage.
Websites are increasingly becoming a critical part of running a business – they often serve as the first point of contact with a customer – proving details of goods and services as well as contact details. For e-commerce businesses they can be entirely ran from the website.
With this increased reliance on websites the importance of a good working and reliable backup increases.
Which leads to the question – how often should you backup a WordPress website?
There’s two parts to this –
how much can you afford to lose (should damage happen)
how often is the website updated – e.g. posts, comments, sales data
For an active website this would mean daily backups with a thirty day retention. As well as periodic backups before updates are installed.
Daily backups strike a balance between minimising data loss and not consuming too many resources.
Ultimately the answer depends on your website and how much data loss you can afford, compared to how much resources for backups you can afford. An active e-commerce website may need real-time instant backups or a one-page business website may not need regular backups. However – at very least I would recommend weekly backups with a monthly retention.
Having up-to-date reliable backups of your WordPress site is one of the best steps to protecting it from disaster.
Web hosts often provide a backup service. They’re typically automatic and managed by your host – which makes them an attractive option – but can you trust it?
Let’s explore some of the reasons why you shouldn’t trust your web host backups.
1. Additional fees
More often than not a web host will charge additional fees associated with the backup service.
Whether it be requiring you to be on a “premium” plan, it being a “add on” or charging to access and restore backups. And if they don’t – chances are they’re a “premium” host, with the added cost already factored in.
At the end of the day – it’s a service provided to you and you will pay for it.
2. Can’t control frequency
When designing a disaster plan – the frequency of backups is one of the first questions to ask.
How often backups are made depends on the website itself – how often is content updated, is it business critical etc.
But backup services provided by web hosts are typically daily – so if you have an online store you could loose up to a days worth of sales data if disaster struck.
3. Can’t do once off backups
Have you ever installed new plugins or updated WordPress, plugins or themes?
The first thing you should do is backup! – This serves as a way to undo the changes if something go wrong.
But chances are your web host doesn’t support backups on demand.
Being able to backup before installing updates is important and shouldn’t be ignored.
4. Backup coverage
Having someone else manage your backups is convenient – but also very risky.
You put faith in them to backup all the necessary files – when changes are they know very little about your website, where important files are, which databases it uses.
Perhaps your website stores images in a different directory or uses a separate database for sales or CRM data – will your host back these up as well?
5. Access to backups
Constant 24/7 access to backups should be part of any disaster plan.
However web host backups are not always accessible. Often the host will treat the service as “managed backups” – meaning you need to go to them to access the backup and have restorations done.
6. Partial restores
What if you installed a plugin update which corrupted part of your database – the website continues working as normal until you release only part of it is corrupted.
Will your host be able to do a partial restore – or is it a all or nothing restore?
Many websites are constantly changing so the ability to merge a backup into a live website is important.
7. Independent “off site” backups
Having your backups with your website is like putting all your eggs into one basket.
Web hosts can get hacked, have hardware failures, loose Internet connectivity and even go out of business!
A good backup will be stored and accessible independently from the host.
8. Not tested
There’s little point in having a backup if it’s not tested periodically.
But when it’s managed by your host you never see the backup logs to confirm the backup ran successful or have the ability to test the restore process.
Ideally, backups should be periodically tested by restoring to a separate local development site. This ensures the backup is complete and confirms the process to do a restoration.
So how should you handle backups?
If your web host does backups, that’s fine – but consider it your “plan b”.
Your “plan a” should:
be configured to run and be retained as required by your website
support on demand backups
be off-site – e.g. to a Google Drive
I use UpdraftPlus to manage my updates, backing up to cloud storage.
Now the visitor knows something has gone wrong, you need to give them options for what to do next.
Ideally you should be trying to help them find the page that they were trying to access.
A simple but effective way to do this is to provide a link to the home page and a search box – this caters for both people that aren’t sure and want to click and those that know what they’re looking for.
You may also want to provide a list of popular content – perhaps you don’t have what they’re looking for but you can provide other great content.
4 – Consistent with design
Make sure your 404 page uses the same look and feel as the rest of your site.
This will help establish the visitors confidence in the website.
And remember – don’t make users scroll. This is a one-screen design.
5 – Contact and feedback
Provide a way for a visitor to contact you – for example an email address or a contact form.
This allows them to report a broken link – giving you the opportunity to fix it and retain the visitor.
What does this look like?
Here’s how I handle the 404 “page not found” page for this website.
WordPress administrators will be familiar with this screen – updates available for WordPress core, themes and plugins – but what order should they be installed in?
When faced with multiple updates I follow this order:
Why this order?
This order is based on the risk of something breaking, changing or being lost.
While all updates present a level of risk – but each is slightly different.
Themes are relatively low risk – as long as customisations haven’t been made directly to the theme’s files (e.g. functions.php or styles.css).
Plugins are a bit of a wildcard. The code quality varies greatly – but plugin developers do get the opportunity to test WordPress updates before they’re released and sometimes release updates specifically to address compatibility with future versions of WordPress core.
Finally, WordPress core updates are installed – hopefully with themes and plugins that are fully compatible with the update.
Just remember – before installing updates make sure to backup.
When engaging a WordPress developer there’s one very simple but important question you must ask – do they develop or implement.
With hundreds of thousands of free plugins and many more premium plugins there’s an alarming trend of people claiming to be ‘WordPress developers’ but when it comes to the development they rely on these third-party plugins, earning themselves the title of ‘WordPress implementer’ and putting your project in a very dangerous territory.
What’s the difference?
A decent developer or implementer will listen to your requirements and work through them with you – but when it comes to the actual development,
the developer will build a solution to your exact requirements and
the implementer will start looking for solutions to each of your requirements, usually patching together several third-party solutions.
Why does it matter?
A developer or implement may be able to get the same results for your project, but what matters is how they achieve the results – as it affects the quality of the product, security, licencing and the ongoing maintenance.
Plugin bloat is a well known fact in the WordPress community – the more plugins installed, the slower the site runs.
This is exactly what the implementer is doing to your site. They’re more than likely going to install multiple plugins with little regard to how the plugin affects your sites performance. Furthermore since the plugin is developed by a third-party developer for a the WordPress community it’s likely to be feature rich – features you most likely don’t need but contribute to the bloat.
On the other side the developer will use their expertise to code to your requirements – they will know 100% what code is running and when with no bloat.
It’s highly unlikely the implementer is going to read through the plugins code, if they even could understand the code they would be much more likely to develop.
The third-party plugin is a point of weakness in your websites security – without knowing exactly what the code does your website could be open to any number of vulnerabilities.
Engaging a developer involves trust – if you’ve ended up with an implementer you need ask yourself – do I trust all these third-party plugin developers with my website?
Licencing is something that’s easy to overlook, especially when you’re employing someone else to build the website.
With the developer you can simply stipulate no licence on the development, however when an implementer installs all those third-party plugins what they’re doing is making your agree to the terms of the third-party plugins. They may even be locking you into ongoing licence fees to the third-party plugin developer.
When you patch together several solutions you create a delicate balance that keeps things working.
When one plugin updates, that balance may break leaving your website broken.
When it comes to support instead of having the one developer that knows your code, you have several developers that may or may not be interested in supporting you.
I’m not advocating bespoke solutions for every project, I’m saying that people need to be aware of how their project will be achieved and what the implications are.
You need to ask – do I want a developed solution or an implemented Frankenstein patch work solution?
If you’re comfortable with an implemented solution, for each plugin you need to ask:
Who developed it? Are they well established and trustworthy.
When was it last updated? Is the plugin being maintained, does it work on the latest version of WordPress.
Is it well supported? Is the third-party developer providing ongoing support.
And finally, remember that your site is only as secure and efficient as the code runs it.
When WordPress plugins and themes are released they’re typically licensed under the GPL (General Public License) – this spells out the rights and limitations to using the software.
Whilst licensing under the GPL isn’t a requirement, it is the preferred license as it used for software in the WordPress plugin and theme directories.
The GPL is all about making sure software is free to run, study, share and modify. This makes the software is free to distribute (and modify) as long as you acknowledge the author.
GPL and premium software
Whilst the GPL is about free access to open source software it doesn’t out rule charging a fee for the distribution (access to and download) of the software (and updates).
When you purchase a “premium” plugin or theme that is licensed under the GPL you’re really paying for distribution and access to support.
Enter the grey market
Nothing in the GPL forbids you from taking someone’s software and redistributing it (as long as you acknowledge the author) – in fact it encourages it because it’s what makes open source software grow so quickly.
Some people take advantage of this by simply taking the software and adding their own price to access it, normally without support or updates.
What I find interesting is there are markets dedicated to this activity – where you pay a few dollars instead of the full price to download the software – most don’t even hide that they’re a third-party.
Whilst this is perfectly legal, it undermines the value of the GPL and the business model that supports the development of the software. Without the income developers will be forced to focus on other activities or release under a more restrictive license.
Ultimately purchasing the software from the developer provides you with updates and support and funds future development that is in everyone’s interest.
For more information on GPL licensing and fees see: