ohryan.ca

A Web Developer in Winnipeg

  • How to Keep Your New WordPress Site Running Smoothly

    in , ,

    So you just launched a WordPress site for your business, everything is up and running. Pages load quickly, SEO is better than ever, you paid your development team. Now you’re all set for the next few year, right?

    In an ideal world, this would be true. Unfortunately, the Internet is a dangerous place and software is not perfect. With WordPress presently powering 1/4 of the Internet, it is a huge target for hackers and internet miscreants. Left untouched, your site is almost guaranteed to become infected by malware at some point in the future.

    Click “Update!”

    Clicking that “update” button in the WordPress admin is the single most important thing any WordPress site owner can do. In Windows or macOS these types of security updates can seem like a pain, annoying nag messages that you always dismiss immediately. While these updates are important for desktop computers, in reality, your desktop machine is typically removed from outside attackers by 1 or 2 levels of routers. Your website on the other hand has to be accessible to the broader internet in order for the public to have access to it.

    One fact that might be overlooked if you’re unfamiliar with software development is that the vast majority of security patches are in response to a reported issue. What this means is that, potential attackers already have the information to create mass exploitation tools by the time you see the update notification in WordPress.

    To put it another way: In my time working with WordPress, I’ve never see a compromised WordPress site that is totally up to date with all updates.

    Is It Safe?

    One concern that causes many computer users to put off software updates is the fear that something will break. While this fear is not totally unfounded, most software updates are safe, most of the time. When dealing with WordPress updates, you’re looking at new code from different sources. Core updates come from the WordPress open source project, these updates are all vetted by professional developers. Plugin updates are submitted by the plugin author. The experience level of these authors varies widely, they could be hobbyists working on the weekend or large teams of professional developers.

    So is it safe?

    Minor WordPress Core updates are safe. The minor updates are the updates where the main version number (ie. 4) does not change. The WordPress team takes great care to ensure that updates do not break anything.

    Major WordPress updates are probably safe. Again, the WordPress team has a great track record of building in backwards compatibility. So, your site probably won’t break. However there are two caveats. 1) Major features in the WordPress admin will likely look and/or act differently; 2) Some plugins may stop working.

    Plugin updates should be safe, but it depends. With a few notable exceptions, most well written plugins will update without issue.The same rule of thumb about major and minor updates apply to plugin updates, a major version update is more likely to break something. A good WordPress site developer will only install plugins that they’ve individually vetted, I never install plugins for my clients that I do not trust.

    Be Proactive

    A number of plugins and security solutions have started to become available for WordPress over the past few years. They are essentially virus scanners and firewalls for WordPress. By setting these up, you should be able to fend off additional threats or at the very least disable malware if it happens to make it onto your site. A Google search will reveal many good options. My current go to plugin is Wordfence security, I install it on all new sites. I like it because it works well out of the box and it typically does a better job finding malware than the other plugins I’ve tried.

    Conclusions

    As developers, I think we often do a bad job communicating the importance of ongoing maintenance and security. After all, it’s a little embarrassing to have to concede that this great product you just spent weeks of time and a good chunk of money on, is a giant bullseye for internet miscreants. It can seem like a slimy up-sell to suggest a maintenance contract.

    In reality, if you’re comfortable reading and digesting release notes, you should be able to handle keeping WordPress up to date. If you’re less of a tech-DIY person, you may want to get in touch with a developer.

    One more thing: Backups

    Backups are always a good last resort. I didn’t mention them in this post because backups are typically a poor malware recovery solution. Two main reasons: 1) The type of malware that affects WordPress rarely corrupts content; 2) it can be difficult to pinpoint when a malware infection started, so you won’t know which backup to restore to.

  • Want to do Lunch?

    Want to do Lunch?

    in

    Working in a real physical office, with real physical humans has many terrible aspects. I mean, this premise is the entire concept of The Office.

    However, one of the things I do miss is going out for lunch. I miss the excuse to spend money on good food, I miss the escape from everything else and I miss the face-to-face interaction. As a freelance web-work with a good chunk of my clients in other timezones; client lunch meetings are few and far between and leaving my desk in the middle of a busy day to take myself out for lunch seems like a chore.

    I’d like to propose some kind of a regular freelancer/web-worker lunch situation. I’m not too sure how to get the ball rolling exactly. When I’ve mentioned this to local freelancers in the I’ve been met with disinterest. So maybe it’s a bad idea or maybe I just failed my charisma check that day. I can’t possibly be the only person in this boat, can I?

    In any case, if you’re in the Winnipeg area and you like the sound of this idea, hit me up on twitter or leave a comment on this post.

    Photo Credit: Visitor7

  • I’m Looking for Work

    in

    Sorta.

    It’s been a while since I’ve updated my employment status in a public forum. So for the record, I’m open to take on freelance projects. Being a freelancer is kind of like the Schrödinger’s cat of employment. You can’t tell if you’re really employed or not until you open the box… maybe that doesn’t quite work.

    So, at the this very moment I am comfortably busy, but not too busy to take a break and write a blog post. Next week, I can’t be certain that I’ll be just as busy, even though all signs point to yes.

    If you know of any interesting projects, please drop me a line or hit me up on twitter.

    In an ideal world, I’d prefer to work on medium scale projects, with a team of my choosing. But is this state of quantum employment flux, all comers welcome.