Before You Go Live: Why Website Staging Matters
Going live with a website is like a new show opening at the theatre: you’ll want a dress rehearsal before making the grand debut. Luckily, staging offers a kind of backstage area where you can test out what works and what doesn’t, experiment with new ideas, and iron out any problems. That way, you can be sure of polished performance when stepping out in front of that audience. Imagine that you’re a travel writer with your own website and blog. You published the latest update to your homepage a few hours ago but, alas — you’ve only just noticed the embarrassing spelling mistake sat within the main banner. And oh no, what’s this? To make matters worse, the subscribe button for your mailing list seems to have stopped working entirely! Hiccups like this can put a dent in one’s online image, but they’re an easy fix. Most visitors are happy to let it slide. In their eyes, you may remain the chief authority on backpacking in East Asia (even if you can’t spell Angkor Wat correctly). A few visitors might leave playful remarks in the comments section. Worst comes to worst, a certain number will bounce. Let’s scale this up. You’re a local business owner. Each month, you shift a respectable volume of goods to customers all across the UK. Your latest update goes live on a Tuesday morning, but… there’s a glitch. Customers are no longer able to complete their purchases. No sales go through for an agonising 48 hours until the fix is found. This kind of error has the potential to damage customer loyalty and confidence long after it’s been put to bed. At the level of major companies and organisations, a website glitch can have catostrophic consequences. Going live with a broken webpage might pull the plug on a service that thousands (or millions) of users depend on. More than an operational nightmare, this is a potential PR disaster, with possible legal implications. And all of this from one innocent click. Fortunately, there’s a tried and tested way to stop this all from happening. What is Website Staging? A staging site is a behind-the-scenes copy of a website. It’s a private space where you can get updates ready, or try out new things, away from public view. Also known as a test environment, a development site, a sandbox, or simply a test site, the basic principle is the same across pretty much all content management systems (CMS). Most website owners will want to have one. There are times when even the most simple of updates may cause puzzling and unexpected issues. Remember also that your live site is always receiving traffic from visitors; if you make changes while they’re browsing, this can affect their experience. Website staging acts like a secret lab where you can tinker with your site’s design, add new features, or fix bugs without the risk of breaking your live site. You’re free to polish your content and make sure everything is up and running before clicking the update button. How Does Website Staging Work? A staging site is typically created as a subdomain of your website’s main domain, like “staging.yoursite.com”. This subdomain houses a clone of your primary website, along with all its essential components — including files, databases, and configurations. This replication is achieved through various services or plugins, depending on your platform, such as WordPress. Within this staging environment, you have the freedom to experiment with new themes, plugins, and core updates, all without affecting the live site that your visitors interact with. This subdomain is basically your dedicated testing ground, ensuring that any changes made can be thoroughly assessed before going live. The staging process follows a clear sequence: You start by duplicating your live website to create the staging environment. Then, you can make your alterations, update themes, plugins, and test new features without disrupting your live site’s operation. After testing testing to make sure everything works fine within the staging area, it’s then time to deploy the changes to your live site. The process is just a few clicks away and it’s easy to keep everything updated without the stress. Visitors will see the finished product, not a work in progress — so important for making a good impression and keeping visitors coming back. The “Push” for Perfection Pushing is the techie term to describe moving changes from the staging environment to the actual pages the audience sees. Technically speaking, there are two levels: ✓ Simple Push is used for minor tweaks, such as fixing typos or swapping photos—these are quick fixes and don’t typically risk your site’s stability. Casual users would likely refer to this more simply as “publishing” or “posting”. ✓ Advanced Push is for the bigger things, such as new features or changes in theme, that overhaul the look of a site. For example, an online shop might use advanced push to introduce a new checkout interface to users currently shopping, or to switch the entire colour scheme and layout to match a seasonal promotion without disrupting the shopping experience. Stages of Development When teams of developers work together, they tend to stick to quite a structured process. The first phase is called the Local Environment, in which devs work individually to experiment with ideas and start to form a website in a private space. As the website starts to come together, the next step is the Development Environment, which can be hosted online for collaborative work by the team. The Staging Environment, then, is the second-to-last stop for final checks. The staged site can then move to its Live or Production Stage for public viewing. Of course, not all of us are working in a team. With a user-friendly Website Builder or WordPress, it’s never been easier to create great websites fast. Solo users and small businesses can skip the “Local” and “Development” stages and jump right to staging — the key thing is to stage before going
Bulletproof WordPress: Surefire Tips to Secure Your Site
WordPress dominates as the world’s go-to content management system — and there are many great reasons for that. Yet, the platform’s popularity alone can make it an obvious target for online attacks. Fear not: there are just a few easy steps you can take to keep that beautiful WordPress site of yours safe. You’ll want to protect all the hard work that’s gone in, after all. Your visitors also need and expect security. So with that, let’s dig into our surefire tips for keeping WordPress under lock and key. Use strong, unique passwords It’s sad but true: 48% of small businsesses are targeted by cyberattacks each year. So, to start with the obvious: you really ought to use strong and unique passwords across all your WordPress accounts. Change your passwords often. This is true for your admin account, FTP and database access, and all other associated accounts. Reused passwords can be compromised. Try your best to make your password over 10 characters long and to include uppercase and lowercase letters, numbers, and special characters. One great tip is to take the first letters of a memorable sentence and put that into a clever password (or a “mnemonic”). For example: “this little piggy went to market” might become “tlpWENT2m”. Password manager tools are also available — both for generating and storing passwords for each account. Change your login URL By default, WordPress login URLs are easy to guess because they’re usually www.example.com/wp-admin or something similar. Hackers know this and will target your login page to attempt brute-force attacks. However, you can protect your website by using a plugin to change your login URL to something unique, making it harder for hackers to find. One of the most popular plugins for changing your login URL is WPS Hide Login, which allows you to change your login URL to anything you want. It’s also easy to use and comes with a simple user interface. Just make sure you keep a record of your new login URL so you don’t lose it and only share it with people who need access to your website. Use an SSL Certificate SSL Certificates are sort of like digital passports and they’re especially important when exchanging sensitive info. Have you ever noticed the padlock icon when shopping? SSL’s work to encrypt the data that transfers between a browser and a web server, making it practically impossible for hackers to intercept. This includes things like credit card details, login credentials, and other personal data. Fortunately, SSL certificates are easy to set up, and you can read more about them here. 123 Reg Managed WordPress actually comes with a free SSL certificate to help keep your website and your user’s data secure. There are all sorts of very good reasons to get an SSL Certificate. In fact, they’re a must-have for any sort of website that deals with transactions or sensitive information. If you’re not using 123 Reg Managed WordPress, you may need to purchase an SSL certificate separately and install it on your server. Once you’ve installed the SSL certificate, you need to configure your WordPress website to use HTTPS instead of HTTP. This is easy to do using a plugin like Really Simple SSL, which automatically redirects all HTTP traffic to HTTPS. Don’t use the default “Admin” username WordPress sets the default username as “Admin,” which is easy for hackers to guess. When creating your WordPress account, always use a unique username. If you’re already using the default “Admin” username, you can easily change it by creating a new user with administrator privileges and then deleting the “Admin” user. To do this, go to Users > Add New in your WordPress dashboard, create a new user with administrator privileges, and then log out. Log back in with the new user account and delete the “Admin” user. Keep WordPress core up to date WordPress regularly releases updates to improve performance, add new features, and patch security vulnerabilities. It’s essential to keep your WordPress core up to date by regularly checking for updates and installing them promptly. 123 Reg Managed WordPress automatically updates your WordPress core to help keep your website secure. If you’re using a WordPress hosting package that doesn’t offer automatic updates, you need to regularly check for updates and install them manually. To check for updates, go to Dashboard > Updates in your WordPress dashboard. If there are any updates available, click on the “Update Now” button to install them. Make sure you backup your website before installing any updates. Keep WordPress plugins and themes up to date, too The average WordPress website has over 23 plugins and themes installed — and over 99% of security vulnerabilites are related to plugins and themes. Just like WordPress core, plugins and themes can also have security vulnerabilities that need patching. In fact, plugins and themes are the sources of the majority of WordPress vulnerabilities. It’s essential to keep your plugins and themes up to date by regularly checking for updates and installing them promptly. Outdated plugins and themes can be a significant security risk, as they can be used to gain unauthorised access to your website. It’s a good idea to test the effect of updating plugins and themes in a staging environment. You can do this from your WordPress Dashboard and looking for the section named (you guessed it) “Updates”. If there are updates available, click on the “Update Now” button to install. It’s also good practice to remove any unused plugins and themes as they can pose a security risk. Back up your website — and do it often Backups are essential to recover your website if it gets hacked, corrupted, or accidentally deleted. It’s essential to have a recent backup of your website stored securely, so you can restore it quickly if something goes wrong. 123 Reg Managed WordPress automatically creates daily backups of your website, so you can easily restore your website to a previous version if necessary. If you’re using a self-hosted WordPress