Website downtime is scary.
New leads can’t get in touch with you.
People can’t learn about your products or services.
A crashed website can reflect poorly on your entire brand.
So how do you avoid your website crashing? While 100% uptime may not be realistic (at least not yet), you can certainly keep downtime to a minimum. Below are tips from my B2B web design experience on steps you can take to limit website downtime.
Choose Good Hosting
Hosting is absolutely critical. If your hosting goes down, your B2B website goes down. You must choose a good host for your website because you get what you pay for. A cheap host might seem like a good way to cut costs, but if you lose leads and give people a negative impression of your brand, it’s not worth any cost savings.
While uptime isn’t the only thing to focus on, you do need to think about it. If a host offers 99% uptime, that will still mean 6-7 hours of downtime per month.
Some hosts are also more likely to temporarily disable the website while certain updates or changes are made. A popular host that offers managed WordPress hosting, but will remain unnamed, once disabled a site when I migrated changes from their staging environment to the live environment. When I talked to support, they said that was expected behavior and that the site should return in a couple of hours. I was shocked that was an acceptable timeframe for migrating a few code edits.
While I don’t like to publicly shame specific hosting companies, I have no problem promoting the companies I do like. We recommend both Pantheon and WP Engine to our clients. While I can’t guarantee your B2B website will never go down, if you host with one of them, they do their best to provide a stable environment with the highest uptime they can manage.
Restrict Admin Access
Ideally, only one or two people should have admin (full) access to your WordPress website, preferably people who are more familiar with the platform. Some people logging into the B2B website may only need access to one or two parts. For example, your HR manager probably doesn’t need to do anything except update the job openings (or maybe add new people to the team page). Ask your B2B web design and marketing agency if they can set up specific user roles for situations like this.
If you can limit the number of people who have the power to crash your site, you’ll significantly reduce the likelihood of the site going down due to human error.
Be Careful What You Change in the Live Environment
The safest way to edit your website is to test the edit in a development or staging environment first. If you’re adding code to your website, try it in a non-live environment first. Want to install a new plugin? Test it out. Think you may not need a plugin? Absolutely test it in a non-live environment first. I’ve seen clients crash their website by deactivating a plugin they didn’t know was critical.
You might wonder what a development or staging environment is and how you can get one. This brings me back to hosting—most managed WordPress hosting companies include at least one additional environment for testing. WP Engine offers two: development and staging. Pantheon offers at least two: dev and test (more if you’re on the gold plan). This makes it easier for you to test out code changes and updates. If you’re going to crash a site, you better do it in a non-live environment!
This is a good time to mention plugin updates. Occasionally, a plugin may have a large update that can break elements of your website. Fear not, regression testing is becoming more readily available! WP Engine has a Smart Plugin Manager that makes a copy of your site, installs the updates, and then runs visual regression tests the updated copy against the live site. So, if a plugin update breaks part of your site, the testing will identify the difference and not push that update. This keeps your website software up-to-date but limits the likelihood of crashing. (Pantheon is rolling out a similar tool called Autopilot, but it isn’t readily available yet.)
Again, most managed WordPress hosting sites will include automated backups. If you somehow manage to completely break your B2B website, usually the fastest fix is to restore the latest backup. This is why you should always run a backup before you make changes to the live site! A combination of automated and manual backups is usually the safest.
Renew Hosting and Domains
Speaking of automation, auto-renew your hosting and domains. I can’t tell you how many clients have had a site go down because they ignored emails from their website host or domain registrar about renewing. While it doesn’t happen very often, it’s even possible that you could lose your domain if you let it expire. Make sure you have a credit card on file and have everything renew automatically!
We’ve talked about how to avoid human error and how to mitigate potential crashes due to technology. Now let’s talk about malicious causes of website downtime. First, you must remember that, no matter how small your site is, you are not safe from spammers and hackers. Most website hacks are automatic and have nothing to do with how much traffic a site gets.
Security experts will tell you that you’ll never be 100% safe from hackers. But there are some things you can do to protect yourself:
- Use strong passwords. WordPress will autogenerate passwords for you—try to use those. Definitely don’t use your pet’s name or your street address.
- Keep WordPress and your plugins updated. Many plugin updates (and nearly every WordPress update) contain some security patches. If a major vulnerability is found, you’ll often get an email about updating. I talked about automated plugin updates—sign up for it, if you have the option.
- Remove access if it’s no longer needed. If an employee leaves the company, delete their user account (although make sure not to delete their content!). User accounts that no one is using can be openings for hackers.
- Don’t use “admin” as a username. This used to be the default username when WordPress was installed on a server and it’s still very common. A lot of hackers will try this username when logging in. If you don’t have a user account called admin, they can’t log in.
- Limit login attempts with a plugin. Basically, if someone tries to log in with the wrong password more than, say, five times, the plugin will block that IP address temporarily. This is a big help against malicious programs that rapidly guess passwords.
- Two-factor authentication is an option. There are several plugins that make it easy to require 2FA for WordPress login. It isn’t critical, but it can block a lot of automated attacks.
- Hide your WordPress login page, if you’re really concerned. Services like Sucuri allow you to whitelist IP addresses that can even access your login page. If that isn’t practical for your team, there are plugins that allow you to change the default domain.com/wp-login.php URL. You can change it to whatever you want.
While all of this might sound like a lot of work, your website is worth it. Think about how much time and effort you’ve spent to get your B2B website design looking the way you want. Think about how much value it brings to your organization. It’s worth it to take some extra steps to keep downtime to a minimum.