So, you’ve created your first server and fired up your first site. But, as with any other profession, there are certain “best practices” – things you can do to make sure that your site is running optimally. So, here are some things you should do as soon as practically possible:
1. Get Some Protection
Place CLOUDFLARE in front of your site. The basic plan is free and gives you basic DDOS protection and blocks common web attacks including WordPress specific attacks.
We would hope that, in this day and age, it goes without saying that you should enable SSL on your site. We make it easy to do that.
However, before you can enable SSL, you should make sure that your DNS is pointed to your site. Otherwise SSL generation will fail.
To turn on SSL for a site, just go to the SSL tab and toggle the switch.
3. Turn On Backups
As soon as your server or site is installed, you should turn on backups. Connect your WPCloudDeploy dashboard to Amazon S3 – you can do this in the settings screen. Then, turn on the daily scheduled backup on the Backup tab in the server screen or the Backup & Restore tab on the site screen.
When using our backups, make sure that you set a reasonable retention level to avoid running out of diskspace. And consider turning on the LOCAL SERVER CONFIGURATION BACKUPS option in the Backup tab in the server screen.
We also recommend that you implement a 2nd tier of backup by using a backup plugin. You can never have enough backups.
Our favorite backup plugin is Updraft Plus. But there are many out there and if you’re using this product, chances are you already have one you prefer. (We do recommend that you avoid WPTimeCapsule or any other plugin that pollutes the database with triggers and enforced relationships between tables – many plugins do not expect these items to be in there.)
4. Setup An Email Relay
Most cloud server services will prevent servers from being used to send emails. This is a security precaution to make sure that servers aren’t used as spam relays.
But, this means that standard WordPress emails will not be sent out until you set up an email relay for the site.
We recommend that you do not use your regular email server for sending email if you’re going to send a lot of emails. Instead, use MAILGUN or SENDGRID. This increases your deliverability rate and reduces the amount of your emails and ends up in spam boxes.
SENDGRID offers 100 free emails per month but jumps to flat monthly price for anything higher.
MAILGUN charges a fraction of a penny for each email with no free allotment. But they will not invoice you for any usage under $1.00 – effectively giving you about 1000 emails for free each month anyway.
Pick either Sendgrid or Mailgun based on how many emails you think the site will send every month. Some sites are better off with SENDGRID because they rarely go over 100 emails a month. Others might be better off with MAILGUN because they send more than 100 and less than 1000 a month.
If you go over 1000 emails a month, we personally prefer Mailgun over Sendgrid but either one will do the job.
To connect Mailgun or SendGrid to your site, you can use their respective WordPress plugins from WordPress.org. Or you can use a general SMTP plugin such as POSTSMTP. Though, these days our favorite is FluentSMTP.
5. Page Caching
When you’re getting close to deploying your site to production, you should turn on NGINX Page Caching. You can do this from the CACHE tab inside your site’s dashboard.
We recommend that you turn this on at the tail-end of your site development cycle. This way you can learn how to use it and see how it affects your site BEFORE you place the site into production.
6. Place e-Commerce Sites on Their Own Servers
If the site your are building out uses a heavy-duty plugin such as WooCommerce, Easy Digital Downloads, a Learning Management System (such as Lifter or LearnDash) or similar, we strongly recommend that you put it on its own server. Even if it’s a low-volume site, having a semi-dedicated cpu is going to be much better and prevents negative impact to other low-volume sites.
Even a low-end $5.00 server from DigitalOcean or Linode is usually better than sharing a server with a bunch of other sites.
And, if the site does unexpectedly grow its volume, you can gracefully scale the server up and tune it without having an impact on other sites.
7. Make CloudFlare your Registrar
If using CloudFlare, consider making them your registrar. The cost is far less than just about any other registrar. They literally give you wholesale pricing on your domain – which can work out to a 50% or more reduction in price!
8. Move Support & Documentation To Its Own Site
If you use a support plugin, you might not need tight integration with your customer list – especially if you’re not running an e-commerce store. In this case, it’s best to add it to a second site with a domain such as support.yourdomain.com.
Good support plugins are ‘heavy’ and you don’t need all their overhead just to serve up your main website’s home page!
You should do the same thing for your documentation plugin as well – in most cases you can have the Support and Documentation plugins share the same site and leave everything else on your main site.
This tip doesn’t apply if you use SAAS services for your support and/or documentation.
9. Bonus #1: Consider Tweaks
In the WPCD site screens, there is a tab called TWEAKS. Take a brief look there and see if any items might apply to your site.
10: Bonus #2: Verify that Fail2Ban and Malware Scanning Are Enabled On The Server
Take a look at the server that the site is installed upon. If Fail2Ban and Malware Scanning are not enabled, consider turning those on. And make sure the server callbacks are enabled as well.
Malware Scanning does require a server with 2GB of RAM so keep that in mind before attempting to enable it.
Many of these best practice suggestions will likely take you just a few minutes to implement, especially if you already have Cloudflare and Mailgun / SendGrid accounts. And they’ll go a long way towards making your site hardened and production ready!
Last Updated: 10-2-2021
Originally written: 05-25-2020
Automatic Notification Of New Articles
Sign up to get automatic notifications of new articles. This is a different list than our standard list - you only get new articles once a week (usually on Mondays). No other emails will be sent unless you sign up for our general list as well.
Follow us on Twitter! We post a lot of cool things there first. To keep up, click the "X" below!