STORM has been designed to make hosting your WordPress-based sites as easy and simple as possible and has many useful features such as live to staging tools, and password protection built right into the panel. Here are some tips on how to get started with hosting WordPress on your STORM server as well as some handy pointers and an overview of some of the WordPress oriented STORM features.
Adding a WordPress site to STORM
You can add a new WordPress site to your STORM server by clicking “Websites” and then “Add Website” from your server’s dashboard.
On the add website page, type your websites domain name into the domain box, then select Wordpress from the Application drop down menu, and finally click the create website button.
If you are setting up a new site and would like STORM to install the application for you, select WordPress from the drop down menu and click “Install Application”.
If you are looking to upload an existing WordPress site to the server, again select WordPress from the drop down menu but just make sure that “Install Application” is not selected.
By selecting the application from the drop down menu, this will mean that STORM will set up the following for you:
- PHP Limits specifically tuned for WordPress
- WordPress version displayed in the dashboard
- Ability to use live to staging features
Please note that it is not possible to select the application after the site has been added to STORM. It has to be done at the point of adding the site to STORM.
Using the WordPress CLI
WP-CLI is a set of command-line tools for managing WordPress installations. It's installed on all STORM servers by default and allows you to update plug-ins, configure multi-site installs without having to use a web browser so is particularly useful if you’re a WordPress developer.
Before you run any commands on your WordPress site you will need to connect via SSH to the server. Every website that gets added to STORM will have its own website level SSH user and it’s important to use this user to run your commands to avoid issues with permissions.
You’ll need to get your IP whitelisted in the server’s firewall before you can connect via SSH. This can be done in the server’s main dashboard by clicking on Security and then by clicking the “Add record” button.
Once you have done this, you can find your SSH login details in your website dashboard under the “SSH” tab. We have a more in-depth, step by step guide for getting connected via SSH here if you need it: https://support.nimbushosting.co.uk/support/solutions/articles/36000022440-ssh-access
Now that you are connected via SSH as the websites SSH user you are ready to start running your WP-CLI commands. Here are few example commands you can use to perform some basic WordPress tasks:
Show server info
Show WordPress Version
wp core version
Show current plugins
wp plugin list
wp plugin deactivate pluginname
Show current installed theme + version
wp theme status --allow-root
For a full list of commands please visit:
Creating a WordPress staging site
With STORM, making a staging site is very easy. In order to use the staging feature of STORM you will needed to have selected you application when you added the site to the server. If you have done this then you will see the staging button from the list of menu options on your website. To create a staging copy of your website, simply click on "Staging", then "Configure" and then lastly "Create Staging Website".
STORM will then make an exact copy of your site onto your new staging domain.
How does the Staging tool work?
There are a number of things going on under the hood when STORM creates your Staging site. Here is a summary of the process that happens when you click the "Create Staging Website" button:
- STORM sets up a new vhost under your staging URL and adds this as a new site to your servers panel
- A complete copy of the web files are copied to the new site
- A new database is created on the staging site
- A copy of the original sites database is imported into the new database
- The URL in the database is updated to the staging URL (wp_options)
- Lastly, your staging sites connection string us updated to point the staging site at the new database
Some things to consider before you make a staging copy of your site are:
- How much disk space your server has (Is there going to be enough room to create a duplicate copy of your site?)
- The memory footprint of your site (Even a staging site with no visitors will have an impact on the servers memory usage)
- Are there any hard coded links in your site that could impact your live site (Whilst STORM takes care of changing your sites URL in the database, it won't know about any hard coded links in your code)
Whilst STORM is already pretty optimised for speed by utilising things like NGINX for serving your sites static content, you may also want to consider also using some website caching to further improve your load times. There are a number of WordPress plug-ins you can use for speeding up your WordPress sites.
Three of the most popular caching plug-ins are:
- WP Super Cache
- WP Rocket
- W3 Total Cache
This guide won't go into too much details into the differences of each of these but setup for each of them is fairly similar. You will need to log into your WordPress sites dashboard, download the plug-in, activate it and then enable any caching features you want to use from within the plug-ins interface.
One useful feature of the W3 Total Cache plug-in is the ability to use Redis Cache. Redis is a server side database cache that is installed on all STORM servers by default. To enable Redis in W3 Total Cache you just need to configure the settings as per below:
Keeping your WordPress version up to date, as well as any plug-ins and themes is extremely important to prevent your site from becoming compromised. STORM will display the version of WordPress you are running from within the website dashboard and if you are using STORM to install WordPress is will always install the latest version for you.
On top of keeping the site up to date you can use a security plug-in such as WordFence. This offers extra protection for the site and can alert you if someone is trying to brute force their way into your WordPress dashboard, and it also comes with a malware scanner as well as providing loads of useful information to do with the security of your site.
To start using WordFence you will need to log into your WordPress sites dashboard, download the plug-in, activate it. To fully utilise the plug-in you can will also need to add a variable to your sites php settings as below:
Make sure the path to your sites wordfence-waf.php reflects the path of your site, for example /home/storm/sites/yourdomainname-com/wordfence-waf.php
If you need some information on how to edit your sites php settings, please see this link: https://support.nimbushosting.co.uk/support/solutions/articles/36000020525-changing-your-php-configuration
- XMLRPC.php brute force attacks - WordPress has a built in some built in remote management via the sites xmlrpc.php file. Unfortunately this can be subject to brute force attacks so if you are not using this then we would suggest blocking access to in your sites .htaccess file. Instructions on how to do this can be found here - https://www.nimbushosting.co.uk/wordpress-xml-rpc-brute-force-attacks/