8 Best-Practices For Sites Built On WPCloudDeploy Servers

So, you’ve created your first server and fired up your first site. But, as with any other profession, there are certain “best practices” – things you can do to make sure that your site is running optimally. So, here are some things you should do as soon as practically possible:

1. Get Some Protection

Place CLOUDFLARE in front of your site. The basic plan is free and gives you basic DDOS protection and blocks common web attacks including WordPress specific attacks.

2. SSL

We would hope that, in this day and age, it goes without saying that you should enable SSL on your site. We make it easy to do that.

However, before you can enable SSL, you should make sure that your DNS is pointed to your site. Otherwise SSL generation will fail.

To turn on SSL for a site, just go to the SSL tab and toggle the switch.

3. Turn On Backups

As soon as your server or site is installed, you should turn on backups. Connect your WPCloudDeploy dashboard to Amazon S3 – you can do this in the settings screen. Then, turn on the daily scheduled backup on the Backup tab in the server screen or the Backup & Restore tab on the site screen.

When using our backups, make sure that you set a reasonable retention level to avoid running out of diskspace. And consider turning on the LOCAL SERVER CONFIGURATION BACKUPS option in the Backup tab in the server screen.

We also recommend that you implement a 2nd tier of backup by using a backup plugin. You can never have enough backups.

Our favorite backup plugin is Updraft Plus. But there are many out there and if you’re using this product, chances are you already have one you prefer. (We do recommend that you avoid WPTimeCapsule or any other plugin that pollutes the database with triggers and enforced relationships between tables – many plugins do not expect these items to be in there.)

4. Setup An Email Relay

Most cloud server services will prevent servers from being used to send emails. This is a security precaution to make sure that servers aren’t used as spam relays.

But, this means that standard WordPress emails will not be sent out until you set up an email relay for the site.

We recommend that you do not use your regular email server for sending email if you’re going to send a lot of emails. Instead, use MAILGUN or SENDGRID. This increases your deliverability rate and reduces the amount of your emails and ends up in spam boxes.

To connect Mailgun or SendGrid to your site, you can use their respective WordPress plugins from WordPress.org. Or you can use a general SMTP plugin such as POSTSMTP. Though, these days our favorite is FluentSMTP.

5. Page Caching

When you’re getting close to deploying your site to production, you should verify that our Page Cache is turned on. You can do this from the CACHE tab inside your site’s dashboard.

New sites have this turned on by default. But, if you do something such as import an existing site, the plugins responsible for caching might be deleted so you’ll need to turn on caching again.

If you’re doing development on the site, we recommend that you turn off caching. Then, turn it on at the tail-end of your site development cycle. This way you can learn how to use it and see how it affects your site BEFORE you place the site into production.

6. Place e-Commerce Sites on Their Own Servers

If the site your are building out uses a heavy-duty plugin such as WooCommerce, Easy Digital Downloads, a Learning Management System (such as Lifter or LearnDash) or similar, we strongly recommend that you put it on its own server. Even if it’s a low-volume site, having a semi-dedicated CPU is going to be much better and prevents negative impact to other low-volume sites.

Even a low-end $6.00 server from DigitalOcean or Linode is usually better than sharing a server with a bunch of other sites.

And, if the site does unexpectedly grow its volume, you can gracefully scale the server up and tune it without having an impact on other sites.

7. Make CloudFlare your Registrar

If using CloudFlare, consider making them your registrar. The cost is far less than just about any other registrar. They literally give you wholesale pricing on your domain – which can work out to a 50% or more reduction in price!

8. Move Support & Documentation To Its Own Site

If you use a support plugin, you might not need tight integration with your customer list – especially if you’re not running an e-commerce store. In this case, it’s best to add it to a second site with a domain such as support.yourdomain.com.

Good support plugins are ‘heavy’ and you don’t need all their overhead just to serve up your main website’s home page!

You should do the same thing for your documentation plugin as well – in most cases you can have the Support and Documentation plugins share the same site and leave everything else on your main site.

This tip doesn’t apply if you use SAAS services for your support and/or documentation.

9. Bonus #1: Consider Tweaks

In the WPCD site screens, there is a tab called TWEAKS. Take a brief look there and see if any items might apply to your site.

10: Bonus #2: Verify that Fail2Ban and Malware Scanning Are Enabled On The Server

Take a look at the server that the site is installed upon. If Fail2Ban and Malware Scanning are not enabled, consider turning those on. And make sure the server callbacks are enabled as well.

Malware Scanning does require a server with 2GB of RAM so keep that in mind before attempting to enable it.

Wrapup

Many of these best practice suggestions will likely take you just a few minutes to implement, especially if you already have Cloudflare and Mailgun / SendGrid accounts. And they’ll go a long way towards making your site hardened and production ready!

---

Last Updated: 10-2-2021

Originally written: 05-25-2020