Website Requirements for Designers/Developers
We work very hard to ensure the safety and security of all sites hosted on our servers. To do that, we set guidelines to ensure only secure software is installed on the site and have the tools and access we need to do our job. Therefore, it’s critical everyone who works on sites we host follows the guidelines outlined below. If you edit a site we host and you have any questions about these guidelines, please contact Mary Beth at email@example.com.
When adding a new plugin, please follow these guidelines. If you don’t, you may unknowingly install a plugin that has vulnerabilities or the plugin may quickly become obsolete. We regularly review site plugins and if any pose a risk to the site or the server, we will ask you to either remove it or replace it.
You can search for free plugins at wordpress.org. When selecting a plugin, you must ensure the following actions have been completed:
- The plugin must have been tested with the “Latest Release” of WordPress. When reviewing plugins on wordpress.org, you will see a notation listed with the plugin that says, “Tested with [version number].” Check here for the Lastest Release version: https://wordpress.org/download/releases/ and make sure the plugin version and the Latest Release version are the same.
- Avoid plugins with low version numbers, for example “0.8”. This indicates the plugin is very new and it likely hasn’t been fully developed, may have vulnerabilities, and has a high likelihood the developer will abandon the plugin and you will be asked by OON to find a replacement plugin.
- Choose plugins with high star-ratings and a large number of reviewers.
- Choose plugins with a high number of installations. The higher the number, the more likely the plugin is a good choice. You can find this information on the plugin’s page at wordpress.org.
- Review the plugin’s support history. On the plugin’s page on wordpress.org, click the tab that says, “Support.” If posts requesting support have no replies, you can expect the developer to not be available to help if you run into any issues or have questions about the plugin.
- Choose a plugin that was has recently been updated, at least in the last year. If it has been over a year, may have been abandoned and have vulnerabilities. You can find this information on the plugin’s page at wordpress.org. Note: If it has been over a year since the plugin has been updated but it shows it has been tested with the Latest Release of WordPress, if the next step shows the plugin has no current vulnerabilities, it is probably safe to use.
Search for the plugin at https://wpscan.com/. to see if the plugin and version you want to load is listed. If so, click the link to see if the vulnerability has been fixed. (This is usually listed in green.), If it shows the plugin and version you want to use has a vulnerability that has not been fixed, you may not load it on the site.
Many of the free plugins listed above have a premium paid version with more functionality There are plugins are not listed on WordPress.org. For these plugin, go to the site where you purchase the premium version and look for the “changelog.” Make sure the plugin is releasing regular updates. If is not, do not purchase and use the plugin. If you can’t find the changelog or don’t know how to do this step, please contact OON at firstname.lastname@example.org and we will happily look for it for you. Do not load any plugins you find only on GitHub. They are likely not fully developed or supported.
Out of Nowhere uses special software to both monitor and update software (WordPress Core, themes, and plugins) on each site we host. Sometimes, like on a weekend, the software may go a couple of days without us applying an update. If you happen to notice that a plugin needs an update, DO NOT manually updated it.
The reason for this is simple. The program we use to update site software creates a history of all actions it performs on a site. If a site breaks because of an update we perform, we can easily examine the site’s history and quickly identify which plugin may have caused the problem. This allows us to efficiently diagnose and address the issue. Manual updates of site software are not logged in our program’s site history, and if a manual update creates a problem on the site, it can be very time consuming and difficult to fix, potentially resulting in unnecessary charges to your client.
If you notice a plugin that continues to show it needs an update, please notify us at email@example.com so we can determine and correct the reason for the delayed update.
This guideline is very similar to the one regarding manually updating software in the WordPress Admin. Out of Nowhere uses a special program to both monitor and update software (WordPress Core, themes, and plugins) on each site we host.
The program we use to update site software creates a history of all actions it performs on a site. If a site breaks because of an update we perform, we can easily examine the site’s history and quickly identify which plugin may have caused the problem. This allows us to efficiently diagnose and address the issue. WordPress automatic updates are not logged in our program’s site history, and if an automatic update creates a problem on the site, it can be very time consuming and difficult to fix, potentially resulting in unnecessary charges to your client.
Most plugins and themes that are disabled can’t be updated unless reactivated.
It is fine to test out new plugins, but if you ultimately decide not to use some of them, please fully delete them from your WordPress site. Do not leave them installed and inactive. Failure to fully delete the plugin greatly increases the probability your site will be hacked. Even inactive software can be accessed by hackers and used for malicious purposes.
It is also very important to review the themes you have installed. It is very common to load several themes at the beginning of a project to see which one will work best. Once you have made your decision, immediately remove the theme(s) you will not use.
To follow best practice, we recommend you install a Child theme and make it primary by activating it. The Child theme will allow you to make changes to native files included in the theme or WordPress core without having to edit the native files. Any changes you make to native files will be overwritten with the next software update.
Out of Nowhere Hosting may install plugins that provide site:
- Security functions (like firewall, traffic monitoring, and prevention of malicious activity.)
- Plugin & Theme maintenance
- SSL functions
- Cron job scheduling
- SPAM prevention for contact and comment forms
Do not uninstall these plugins as they are vital to the security and functionality of the site. If you are unsure if Out of Nowhere installed a particular plugin or theme, please contact Mary Beth at firstname.lastname@example.org.
Get to know the theme installed on the website and all the functionality it includes and use it. This is very important. Look up the theme documentation online for instructions on how to use it’s builder. If you need help finding it, please contact Mary Beth at email@example.com.
If you don’t take the time to learn the builder included with the theme, making edits to pages will be very difficult. If you build a new page and you use Gutenberg or Classic editor, you will create a confusing design/development environment for yourself and any future designer/developer.
Our Admin User account is required for us to do our job — to maintain and secure your site. We use it to monitor and update WordPress core, themes, and plugins. We need access the site to fix any plugin or other software conflicts. We also perform periodic manual site audits to take care of anything our site monitoring program doesn’t catch.