All our web hosting packages have daily backups included totally free 30 days back in time. See our guide for this here on how to restore.
We always recommend that our customers set up backups on their installations as well. Below are some methods and plugins that can run a manual or scheduled automatic backup of your WordPress installation.
Why Backup WordPress?
Many people often think on backup, but rarely do anything about this and have to learn it on the hard way. Therefore, it can be smart to always have the habit of setting up backup from the start of each website.
There are many threats on the internet that will continue to attack and try to find holes in your WP installation. Often it’s one of the reasons below that makes it important to make backup:
An update of the plugin or template fails and crashes the site
Fault from the user(s) due to negligence
Virus and malware inserted by hackers
How often should one backup?
It depends entirely on whether the website is updated regularly with content or not. If a website is updated daily, backup should also be performed daily. If content is updated a couple of times a year, monthly backup will suffice.
For major updates of plugins and templates, we always recommend taking a manual backup before the updates are performed.
Which backup solution should I choose?
There are many good solutions and which one fits you and your WordPress installation will vary. So it might be good to test some to see which ones work well and is not suited to your WordPress website.
This is the most known and most commonly used backup plugin for WordPress. It is used by more than 2 million installations.
We tested UpdraftsPlus and set up monthly backups for Google Drive. The WordPress installation is 85MB in size on the server. After backup to Google Drive, it uses about 13MB as backup files. Recovery also worked fine without any error messages and went smoothly.
It is quite possible to upgrade to the Pro version of UpdraftPlus for more features and capabilities, but most of our customers will do well with the free version. Overview of the free version and the Pro version can be found here.
Slightly less known plugin for backup, but we have tested it and many of our customers are using it.
After a local backup, the installation of 85MB was compressed to 6.13MB in one backup file. We tested recovery and it was fast and without error messages. In addition, it is simple and intuitive so it is easy to understand for most people.
The free version only gives access to external storage to Dropbox. If you want Google Drive, OneDrive and the like, you need to upgrade to the Platinum version.
Softaculous in cPanel
In cPanel we have an auto installation of scripts such as WordPress etc. Softaculous has developed several tools that make it easier for our users. Some worth mentioning are automatic updates of plugins, templates and WP itself. In addition, there are functions such as cloning, staging and backup.
We have created a guide on how to backup WordPress inside Softaculous here. It is possible to select the destination on the backup to: local (webserver), Google Drive, Dropbox, FTP, FTPS and SFTP.
The advantage of this solution is that it is a free solution for all our customers. In addition, some of our consultants will have better experience and can help if problems arise.
LiteSpeed webserver (LSWS) is a webserver with extremely good performance compared to other webservers. LiteSpeed can replace Apache without one having to do any changes to the configuration file for the installation.
LiteSpeed cache plugin
If your installation is located on a server that is running LiteSpeed, you can use powerful plugins from LiteSpeed that will ensure full optimization and caching of your website. There are modules created for WordPress, Joomla, OpenCart, Drupal 8 and several of the popular CMS systems. At PRO ISP LiteSpeed is free to use if you have Pro Medium, Pro Premium or Enterprise web hosting.
LiteSpeed cache for WordPress is one of those powerful plugins available when on LiteSpeed server. The plugin offers optimization of your website, with cache, optimization of scripts and pictures. One of the best benefits of using LiteSpeed Cache plugin is that you can optimize your website with just a few clicks.
When you have installed and activated the plugin, standard configuration will be active, and you will be able to see the four first options under “Settings”. Normally you will not need to change any of these.
Tab #5 – WooCommerce will only be visible if you already have WooCommerce active.
As soon as you active the plugin, the optimization will begin, and standard cache will be activated. To see other settings, select “Show advanced options”. A selection of 12 tabs will appear (thirteen if you have WooCommerce installed).
Optimize (tab #5)
Optimize contains Minify, combining and HTTP/2-push of scripts and is important when optimizing a website. In short terms it removes any unnecessary code, comments and combine CSS and JS files, resulting in fewer request for your visitors.
With the changes mentioned under this section, we had good results from GTMetrix.
This is the results before the Optimize function was activated (cache was already activated).
This is the results after the Optimize function was activated.
If you are not sure which settings to select, we recommend activating CSS Minify, CSS HTTP/2-push, JS Minify, JS HTTP/2-push. Activating CSS Combine, JS Combine can result in scripts and CSS failing.
After you have activated any options or made any changes in the plugin, you should check that your website is working as normal. If you are experiencing problems with the Combine function, but still want to activate this one, you should check out “How to fix problems caused by CSS/JS optimization“.
When activating HTML Minify the source code will not be easy to read should you need to later. All code will be “pressed together” to save resources. It is still recommended to activate this one. Under the same function you will see Inline CSS Minify and Inline JS Minify. These will remove any spacing, sections and comments in all CSS- and/or JS-files.
Load CSS Asynchronously is a function that will make sure CSS and HTML are loaded simultaneously. As a standard CSS is always loaded first so the website will be displayed correctly as soon as it loads. By activating Load CSS Asynchronously, the website will load faster but could give your visitors a bad impression since they will be able to see your website without images and CSS for a second. We therefore recommend you also activate Generate Critical CSS. This will connect to LiteSpeed’s Critical CSS server which will insert the necessary CSS, so your visitors will not see a lesser version of your website. We also recommend to activate Generate Critical CSS in the Background which makes sure the website is loaded automatically in the background and caches ready for when a visitor will want to see the website as fast as possible, without errors.
Load JS Deferred will make sure all scripts are loaded according the HTML-code. Activate this and test your website. If you are experiencing any errors, you should activate Exclude JQuery and try again.
The final option in Optimize is “Remove Comments” meaning comments or scripts typically deactivated by */ or //. These will automatically be removed in the cached version of the website and can in many cases contribute to faster load.
The settings in the Optimize tab can make a big difference to increase the speed for your website. When activated. this function will replace any other plugins (for example Autooptimize) within minify-options.
Tuning (tab #6)
Combined CSS Priority and Combined JS Priority only needs to be activated if you are experiencing problems with your design after activating the options from Optimize.
Remove Query String makes sure a website with different possible strings behind the URL is ignored and only the website shown is cached.
An example could be:
Without Remove Query Strings all these sites will be cached even though it’s the same site as the visitor is currently on. When activating Remove Query String, they are ignored, and resources are saved since only exampledomain.org/product/ball is cached. You can read more about this and see examples on LiteSpeed’s blog.
If you are using Google Fonts, you can load these quicker by connecting to Google servers before the actual load of the website starts. Use Load Google Fonts Asynchronously. Remove Google Font will remove any external fonts loaded from Google. If you are unsure if you need these options, you can check your website after activating and see if it works better.
We will not be looking into rules/excludes as this is highly advanced.
Remove WordPress Emoji will reduce the number of requests from your website. We recommend this since you can use standard emojis if needed.
Media (tab #7)
We will leave Lazy Load Images remain inactivated since this is a function you alone should consider if you need. Perhaps not everyone will need this, but it will save resources when it comes to loading the website, but remember you need to satisfy both visitors and search engines.
Optimize Automatically we recommend activating as this will activate optimization of your images. We also recommend activating Optimization Cron, Optimize Original Images, Optimize WebP Versions, Optimize Losslessly and Image WebP Replacement.
After activating these, you can click “Image optimization” under the options for LiteSpeed. You will have an overview of how much space you have saved and a que of how many images being optimized.
As an example, we have uploaded an image of 1,4MB which was already optimized by a third party, after a few minutes of processing in the background, I got an 8% less image file size. With standard settings you will not see any noticeable changes to the image.
CDN (tab #8)
In this tab we will insert CloudFlare’s API at the bottom of the page, since the website is using CloudFlare nameservers. If you are not using CloudFlare (or any other CDN) you can ignore this. You do not necessarily need CDN if your target group is in Norway and you are located on a Norwegian server. CloudFlare has many other interesting functions included in our web hosting. If you are expecting a lot of tragic from abroad, you should use this.
Regarding Load JQuery Remotely you should only activate this is your visitors are from other countries than Norway since both Google and Cdjns can retrieve this from foreign servers. Analytics sites will also consider this as external requests.
In short terms this is a function within cache, displaying different cached websites for different roles (guest, admin). We recommend activating this in addition to Cache Admin Bar and Cache Comment Form.
Vary Group settings do not need to be altered, unless you have a web shop with different prices displayed according to role (for example retailers seeing different prices than private parties).
Advanced (tab #10)
The only option we are going to activate is Browser Cache with a TTL of 1296000. You can also leave the standard values as is. Browser Cache stores logo, images and fonts locally on visitor’s units so they will not need to load this every time they visit the website or any other of your links. Most static files that is rarely altered will be stored. TTL do not need too be to high as you will sometimes change the content. Anything from one day in seconds to one month is fine.
We will not be looking into Object Cache as this is highly advanced.
Debug (tab #11)
If you suspect any errors on your website is caused by LiteSpeed, you can activate “Disable All Features”, store and then check your website (remember to deactivate after).
In this tab you can also alter how much information is logged. You can deactivate ADMIN-AJAX by deactivating “Heartbeat”. You should not do this unless you have a valid reason.
Crawler (tab #12)
Currently only Enterprise servers have this function available, so we will leave this out of the article. If you are interested, please contact us and we will help you select the best web hosting.
In this tab we have activated all options and left Product Update Interval remain on “Purge Product on changes to the quantity or stock status. Purge categories only when stock status changes.”
* You will only see this if you have the web shop module WooCommerce installed and activated.
If you wish to be located to a LiteSpeed webserver please follow instructions in “Change web hosting server”. If you wish to upgrade in order to move to a LiteSpeed webserver please follow instructions in “Upgrade services”.
The importance of maintaining security online is nothing new. Many people tend to only think about security when visiting a website, but as an owner of a website, no matter what the type of website it, you need to think about security. Informational websites, blogs, online newspaper, web shop or any other.
Security is important for you as an owner of the website, and for those visiting and using the website. In this article we will take a closer look at how to maintain basic security and what needs to be done if an incident occurs.
Security on your website involves:
It should be safe for everyone to visit the website
The website should not be infected with malicious code that may infect visitors
The website should not forward visitors to any websites with malicious code
Information exchanged between visitors and website/server should not be accessible to anyone unauthorized
The topic is comprehensive and one article cannot cover it all, but we will focus on the most important; It should be safe to visit your website!
Make sure the website is not/cannot be infected
When a website is available online it poses a potential target for hackers. A hacker is not necessarily a man in a black hood in a dark basement. In most cases a hacker is an automated “Bot” (robot). These “bots” are constantly scanning known and unknown websites for vulnerabilities to exploit. Vulnerabilities exist in the code running, directly or in add-ons such as plugins.
A classic example is a website created in WordPress, with a theme and a few plugins installed. Since WordPress is quite popular it is also popular to search for vulnerabilities in this type of installation. If a hacker can successfully infect 1 website, they can potentially do the same to thousands of websites.
The motive behind infecting a website may include; a hacker might want to spread their message, send spam from your account, collect sensitive information from visitors, forward visitors to other insidious websites, use the resources of the account for other attacks and so on. All of the mentioned is of course something you want to avoid. In general, it is rarely you directly, they are targeting.
Checklist to avoid having your website infected
Everything must be updated, always Since WordPress (and other similar systems) is popular, when vulnerabilities are found, improvements are made and updates released. It is important to update when new ones are released. As soon as a vulnerability is detected and known, it is only a matter of time before the websites not updated will be attacked. The same goes for anything installed on the system. As we mentioned in our example, we have a theme and plugins running. These can also contain vulnerabilities and developers release updates correcting this. It’s therefore important to keep both theme and plugins updated as well as the installation itself.
Anything not being used on the hosting should be removed
Any theme or plugins not being used should be deleted/removed. Even if you deactivate a plugin or a theme everything is not actually gone. Files are often left and can potentially be abused. This means; only what is necessary to keep the website running optimal should be openly accessible. Anything else must be deleted or moved to an unreachable area.
Use captcha for forms
Forms; contact forms, order forms and similar must be secure so they cannot be completed automatically. The “bots” we mentioned before can also be used to abuse forms, when available and send spam from website/account. This will affect the visitors in two ways:
1. Resources for the hosting can be used for this, preventing visitors from loading the website.
2. Causing abuse of such a magnitude that the account will be suspended to avoid further issues. Suspension means the website will be offline and not available for visitors. All forms where visitors can fill in information, should have an extra check. Captcha is the most common (and recommended) check for this.
Password must be secure
A secure password is long and composed by numbers, small and uppercase letters and other characters. Long password can also be sentences or phrases with random numbers/letters more easy to remember. Password is used on our client portal, hosting, email and the website/installation. The password used the most is also the most vulnerable. You should change password at least a few times each year. You should never use the same password several places.
Implement extra security wherever its possible
For many CMS (WordPress/Joomla/Drupal) special plugins are developed focus solely on security. Check what needs you have and install what you think is best for your website and needs. There are several decent free options, but if you have a larger website with heavy traffic it can be worth paying for the extra security. Sucuri (sucuri.net) provides a free plugin as well as a paid version and is known for value for money.
Make sure to always have a backup of your content
You should always make sure to have a backup of your content. All of our clients have access to the best solution in the market for backup. At PRO ISP you have access directly to your backup via the control panel (cPanel). Backup is performed once each day of all the content and is kept for 30 days. In addition to the backup solution with PRO ISP we recommend always having an external backup. Once each month or once each quarter, depending on how critical it is and how many changes you are willing to lose.
Website has been infected, what to do?
What if the damage has already been done? What if your account has been suspended by PRO ISP? This can happen to anyone and most people experience it as unfair.
All hosting companies operate the same way when it comes to hosting; several hosting share resources on the same server. To illustrate, imagine the server as a hotel and the clients account as hotel rooms in the hotel.
When a hosting company detects resources being abused, this must be stopped to avoid it affecting the other clients in the same hotel. Imagine a hotel room with so many visitors that no other guest can get in or out of their room. The room creating the problem will have to be closed to avoid this. Its not always an account will be shut down, but if signs of hacking/abuse is noticed we can notify directly.
The most important in such cases is; follow the instructions given and ask for tips/advice/guidance if you are unsure.
If we detect hacking/abuse, and either give notice or suspend the account, we always give instructions on what needs to be done.
In most cases the hacking is so recent you can use a backup included in the hosting. The procedure is easy:
Delete content on hosting related to the website.
Restore content from a date before hacking/abuse occurred (if you are unsure, use the oldest backup available)
Review all the mentioned measures above to prevent further hacking/abuse. Update everything, secure all forms, change all passwords and implement extra security
If you do what is recommended and follow this you are as secure as possible. Both you as the owner of the website, the visitors, and we who serve the website form our servers will be happy.
Secure information between visitors and server (SSL certificate)
Security certificate is becoming more and more relevant to discuss, and highly useful when it comes to security for websites. We have previously had articles about “SSL certificate- How to chose the right one” and how larger suppliers are planning to force more and better use of this to maintain security online (“Google warns: Secure your website”). Now it is about to get a little technical but we will need to explain some technical stuff:
SSL* is an encryption protocol, or a set of rules telling a server/client (website and visitors) how encryption of the data will be executed. The encryption is the process of making something unreadable or incomprehensible to others.
* In reality TLS is used, but SSL and SSL certificates are used in everyday speech so therefore also in this article.
The end goal for SSL is to make sure the visitor, and the server/website, will be able to read the data sent between these two parties. It is therefore essential when personal and sensitive data is exchanged, such as phone number, username, password, e-mail addresses, credit card information and similar; because we do NOT want this information seen by others.
In order to enable this encryption we use “keys”. When the visitor and a server/website have the same kind of “key”, only they can read, and encrypt the information. An SSL certificate is a certificate confirming the ownership of the “keys”, and that they are authentic and valid. How thorough this confirmation is, depends on the certificate, read more about it in “SSL certificate – How to choose the right one”. In short terms the certificate confirms it has been issued by a valid issuer, for the website visited, and its validation for this. As a visitor, you can see this by the green padlock in the address field and that the browser reports the website as secure.
As mentioned in “Google warns: Secure your website” encryption of information is highly relevant since it will be a demand soon. You can of course avoid using SSL certificates, but visitors of the website will be receiving a warning when entering your website. This warning can compare to shouting at your customers: “I do not care about security”. If you have not made the transition from http to https the time is definitely now!
Du you have any questions?
In the beginning of the article we mentioned security is a quite large topic and cannot be covered in one single article. Still, follow the advises given, and be more aware of security you will have come a long way already.
Did you read the article and is left with many questions? Do you want some guidance? Please, do not hesitate to contact us.
When you want to build a webshop, there are many options to choose from, such as OpenCart, CSCart, Magento and WooCommerce. All of these are eCommerce platforms where you can administrate everything from orders, products, storage, shipping and taxes. In this article we will take a closer look at WooCommerce, which is one of the largest plugins for WordPress.
What is WooCommerce?
Today WooCommerce is used on millions of webshops and about 39% of all webshops worldwide. In Norway 38% of webshops uses this platform. There are many good reasons why you should use WooCommerce. It is basically free, based on open sourcecode, with the option of buying and adding extensions for all purposes. WooCommerce gives you full control over all your products, customer data, orders and so on. You can also sell any type of products, both physical, virtual, subscription services and other types.
In the video below, you will see an introduction on how WooCommerce works.
How to install WooCommerce?
Since WooCommerce uses WordPress as a “base” you will need to already have WordPress installed. If you are a customer at PRO ISP WordPress can easily be installed with a few clicks (follow this guide for installation). When using WooCommerce and WordPress we recommend using LiteSpeed that is included in our Pro Medium/Premium web hosting.
In WordPress admin panel you can easily install and active WooCommerce like this:
Plugins – Add new – Search for WooCommerce – Install – Active
When WooCommerce is activated you will receive a step-by-step guide for the different functions on the website. After the installation you can add different types of extensions.
How to use WooCommerce
For a thorough guide on how to use WooCommerce we recommend WooCommerce step-by-step-guides with both pictures and videos. You will learn how to set up your webshop and how to administrate it. The video below is one of the training videos and will show you how to get started with WooCommerce.
Payment options within WooCommerce
We recommend you give your customers the option of paying directly in adddition to via invoice. Direct payment with VISA/Mastercard (creditcard) can be done via PayPal. The customer can either use their account with PayPal (where all the cardinformation is stored) or without an account.
Another option is STRIPE. This option works the same way most online card terminal does. The customer adds their card details and the amount is withdrawn and transferred to your account within the next few days. The difference between STRIPE and PayPal is with PayPal you need to transfer the money manually.
If you want to use invoice within WooCommerce, we would recommend taking a look at the extension from Klarna. With this extension the customer can choose between invoice and down payment. In Norway Klarna is a well recognized brand so this can boost sales. To be able to use Klarna, you will need to register with them. Only registered companies can create accounts for sales with most vendors such as Klarna. The downside using invoice instead of direct payment is that invoice usually recuires more work in terms of follow-up via bank or other costly services.
Secure your webshop with SSL certificate
You often need an SSL certficate for encryption. We highly recommend having every site on the website secured (not just the webshop). Show your customers you can be trusted because security is taken seriously.
SEO is one of the most important measures you can take to increase traffic to your website. SEO is short for “search engine optimization” and we recommend you read: “SEO – what do I need it for?”. There are also plugins to help with SEO for your website, such as YOAST SEO (free). WooCommerce also have their own SEO plugin (not free).