In this exercise, you will deploy a locally-created WordPress site to a web server.
For information on how to accomplish the tasks required, consult the following videos listed in Brightspace in the week we cover deployment:
- Amandeep: How to Login to Plesk
- Deploying Your WP Site to a Live Server (skip videos 7 and 8)
- Using WordFence for Two Factor Authentication (videos 1-3 only)
These videos will cover most of what you will need to know, but occasionally trips to Google might also be required.
Starting Project
Please use your completed Miyazaki exercise as the starting site for this project.
IMPORTANT: please delete the two other admin accounts that were in the initial starting files for the account. If any content is assigned to those admins, assign them to another user.
Initial Steps
Login to Plesk.
Make sure that SSL is enabled. If it is not, let me know.
Important: using the Plesk control panel, delete any previous sites we might have made in class.
You have a small quota (500 mb). If you go over it, Plesk will automatically freeze all access to the account, making it unavailable to you — or the marker.
Install a “clean” copy of WordPress using the Plesk dashboard, in a folder called deployed-site.
On the live site, install and activate the All In One WP Migration plugin.
Using the steps in the “Deploying Your WP Site” video series, prepare your local (mamp) site for deployment.
In the video where I discuss checking your classic theme code, you can ignore those parts, since we didn’t write classic themes in this course. There is a comment in that video which asks you to forward the video beyond that discussion.
Using the All In One WP Migration plugin, create an Export file from your development site.
On the live site, use the same plugin to import your content.
This will overwrite the live site with the development site.
Make sure that you change the easy “development environment” password of your admin account: you can do this locally (before deployment) or on the live server (after deployment).
For this exercise, do not delete that account (even though the video suggests you should). Just make sure it has a complex password.
Note: All In One WP Migration Import File Size Limit
Please note that the free version of All In One WP Migration has an import file size limit of 250 MB. So if you are moving your dev site to a live server, it’s possible that you might run into this issue.
If you’ve created an All In One package that is over that size, consider the following troubleshooting options:
- deactivating and deleting unused or non-essential plugins. You and always reinstall them after the site transfer, if they are still needed.
- deactivating and deleting unused themes (keep one “twenty” theme for troubleshooting
- checking that you don’t have undeleted Duplicator archives in the root level of the site
- checking that you don’t have a folder of old Duplicator packages in wp-content/
- checking that you haven’t imported a ton of large images that you did not use. To find unused images, go to the Media Library and filter by Unattached (from the drop down menu above the files listing).
Tasks to Perform on the Live Site
- Set permalinks to a category/postname scheme.
- Delete any plugins not necessary for the continuous operation of the site.
- Delete all themes except two: the active theme and a “twenty” theme for backup.
- Make sure that all posts on the site are published from a non-admin WordPress account. You will need to make another account with Author or Editor user privileges, and assign the posts to that user.
- Enable all Plesk control panel security features shown in the videos.
- From the Plesk dashboard, enable automatic updating for themes and plugins (all updates).
- Turn commenting off for all current and future posts.
- Install and configure a contact form plugin (recommended: Ninja Forms).
- Make a page with a Contact form that asks for the following info: name, email, city, comments. Make all fields except city be required.
- Add a link to the Contact page in the Header menu.
NOTE: if you try sending from your contact form, it will likely not work. We will discuss how to setup reliable SMTP service with a third-party provider, in a future class.
Second Admin Account
- In the Live Site, make a second admin account with a complex name and complex password.
- Update the Plesk dashboard with that new admin name and password. To test if you have done this correctly, try to login to the site from the Plesk dashboard rather than from the WordPress login screen.
This is how your marker will access your site, so if you want a mark, make sure that this login is accessible via Plesk. To test this, log out of the live site, and try to login to it, using Plesk rather than the front end of the site.
Two Factor Authentication
Do this section very carefully. The plugin interface here could be more clear, so you will need to carefully work out how to do this part.
- On the live site, set up Two-Factor Authentication for your all admin accounts, using the WordFence Login Security plugin.
In the video, I used the full WordFence plugin, but for this part just use the WordFence Login Security plugin, which contains a subset of the full WordFence suite. - Set up a Two Factor Authentication grace period of three weeks for the second admin account only. The marker will access the site from this account, so make sure that a grace period is setup for this account, or you won’t get a mark (other than zero).
- For your original admin account, make sure that TFA is enabled and working by the assignment due date.
Set up Automated Backup
- Use the Updraft Plus plugin to configure an automatic daily backup (database and files) to a cloud service of your choice.
Make sure that you do not backup to the server: that will cause you to go over quota almost immediately.
You will be able to disable this cloud-based backup once you get your mark for the exercise.
What to Hand In
- A text file containing the site url and the second admin account and password (the one without Two-Factor Authentication in force).
Note: I require a .txt file, not a .doc or .pdf file.