 The decision was working out well. After that I had to work on the test. I had to buy some things for the actual product. Good morning everyone. It's great to see so many tests in here. Excuse me if I look a bit nervous. This is my first one-time presentation. And I'll try and take it smooth. I'm Anil Shubham Goyal. I work at Raw World, which is a WordPress backup and security service. Today I'm here to talk about the art of managing multiple WordPress sites. I firmly believe that to build a great product, I firmly believe that to build a great product, it is very important for us to understand our users. Other than that, I spent a lot of time talking to our customers, understanding their problems and requirements. And over the time I have started noticing recurring patterns in the problems that most of our users face. My talk today will focus on identifying this problem and solving them. There I'm making it easier to manage hundreds of websites. So over the course of this talk, we'll walk through various lifecycle stages of the website, time to identify these patterns each day and solving them. So to start off with our website journey, the first thing we need to do is set up the website. So this is why we generally interact with our hosting providers. Now, there are hundreds of web hosting services on the Internet. The Internet is hosting once you definitely does not fit all. Knowing that every website has a different requirement, knowing that every website has a different requirement, it was a simple step of choosing a hosting provider can be difficult. And when we are managing hundreds of websites, we might end up using multiple hosting services. Now, while setting up these services, we tend to take shortcuts. That is, oftentimes we use the same credentials of a multiple account. This is not a great security practice. And we should definitely avoid it. Take for example, if one of your accounts gets hacked, now the hacker has the username and password combination related to that account, and it can be easily used to brute force over your account, making them all case accurate. So even though you are using a very strong password to secure the site, it is no longer strong. And to avoid situations like this, you should use a password manager. So basically what it does is, it stores all your credentials in a single word and let you sign in at any time. So all you have to remember is, this one marks the password for all your accounts. Last pass, G pass, Robocone, are few recommended password manager solutions that you can look for. Another issue which I have noticed with hosting is that sometimes we end up using shared hosting services. Now shared hosting services by its very nature tends to be insecure and unreliable. That is oftentimes someone else's mistake on a shared hosting server can be expensive to us. Say for example, if a website gets hacked on a shared hosting server, it will automatically put all the other websites which are sharing resources with this website in danger. And cleaning of the website are even worthless in such cases because the actual vulnerability might still be present on the server and which can lead to quick reinfection. Now think of this problem in terms of hundreds of websites and it will automatically expand exponentially. So, to overcome this situation, I don't suggest you to avoid shared hosting or together or at least be aware of the consequences you might face because of it. Now once we have set up the website, over the course of its life, I have noticed that the website tends to move from one location to another. Now this could be because we might be following practices to have a separate development environment, production environment and a staging environment. And based on the requirement, we keep on switching between those environments. Also sometimes based on the business requirement, we might have to switch the hosting provider of the live website. And we can deal with hundreds of websites moving a site from one place to another keeps on happening on a monthly basis if not daily. So, at this point we should ensure that we are using a robust migration plugin which helps us move the site easily. Some of the hosting providers have their own migration tool and you can definitely offer them. Or you can have a universal migration plugin which helps you migrate easily without even considering the host. So, migrate guru and calling on WP migration are two recommended solutions for the same. Now when we are managing hundreds of sites, we might have contributors and collaborators working on different section of the website. So, some might be handling the maintenance work for us, some might be updating the content of the website while some might be actively developing the website. And when we are doing so many things, human error tends to occur. That is, someone might accidentally delete some post on the live website or say the update we were trying to perform crashed the website. And all of these actions unintentionally lead to some kind of data loss. And solving these problems for users on a day to day basis, I cannot recommend you enough to have a good backup and restoration solution. WordPress projects is a detailed instruction on how to perform a manual backup and you can automate these steps to perform backup for all your websites on a regular basis. Or if it is not physical to use, there are many free and paid backup plugins and you can definitely off for any of them based on your requirements. The most important thing to understand with backup is that backup is a resource intensive task. And running a backup during a heavy traffic time or scheduling a backup for multiple websites which are sharing the server resources can eat up a lot of your resource and may slow things down. So at this point we have to ensure that we are following a great we are following a good design for backup that we should have a good backup strategy. So we should have a good backup strategy. Now this includes when to schedule the backup when do we expect the least traffic do we need to perform backup on a day to day basis and so on. And since this is a one time thing we can design a backup strategy for all our websites and let our backup solution handle the less trouble. Now another pattern which tends to occur a lot which I guess everyone is familiar about is websites getting hacked. Now getting hacked is expensive. It is expensive not only money wise but also reputation wise. Because a hacked website can cause frustration and doubt among our loyal clients due to which they might lose their trust and eventually take their business as well. So at this point we have to ensure that we are following the best security practices and basically we never get hacked. Unfortunately nothing guarantees this. Now say for example that you are using one of your favorite plugins on many websites and that plugin unfortunately develops some vulnerability. Now in this case without having a mistake we might end up getting all our websites hacked. And this is a nightmare situation for us. And with what we have seen is that sometimes hacks leads to breaking the website. So it makes it easier to get identified. However in many cases we cannot see any visual change on the website. And we only learn that the websites we have once Google started showing malware warnings on the website to our site editor. And this is a nightmare situation. To avoid situations like this the most basic step we can do is set up a firewall on all our websites. It can help us avoid most of these attacks. However just as I mentioned that even the best firewall cannot guarantee never getting hacked. And this leads us to follow to ensure that we follow the best. So this leads us to ensure that we have a good antivirus system in place. Now some people might argue that why do we need an antivirus system when we already have a backup and restoration solution. We can always restore from a backup when the website is hacked. Now with my experience I can tell you that the backup is not sufficient in this situation. This is because if a website is defaced a quick backup might get it back to its original state. But there might be backdoor files or infectious files sitting on the website and it can lead to quick re-inflection. So and also since the hackers tends to impact thousands of files with malicious intent it is almost impossible to clean the website manually. So at this point in my opinion I would suggest you to have a good automated cleanup solution in place when we are managing hundreds of websites. It can save us a lot of time. So now that we have taken care of the calamities we still have to perform maintenance tasks and which takes us lot of our time apart from development. Now this task includes activating or deactivating a plugin and installing a plugin or performing updates. And for most of these tasks we tend to log in to the WordPress admin area. There is some problem I guess. We tend to log in to the WordPress admin area. Now when we are managing hundreds of websites logging in again and again can be really cumbersome. So and this leads us to follow the bad practices of using same credential over multiple websites. And to avoid this situation we can have a one click admin login system in place. So what it does is it lists all our websites at a single place and we can log in to the WordPress admin area without even entering the credentials. Now though we have a quick admin access tool is it good enough to manage plugins and teams across hundreds of websites I don't think so. And to ease our pain in this situation WordPress has an automatic update feature. So by default WordPress can update itself in case of minor security patches or some small releases. But we can extend this functionality for plugin theme and even major core releases. And I highly recommend you doing this. WordPress products have details on how to enable auto update feature and you can offer it. However you should be aware that when we are performing updates sometime plugins and teams might break the website. So you might want to limit this functionality to only core updates. But this leads us back to our original problem of how do we manage plugins and teams across hundreds of websites. So fortunately for this there are many solutions available already in surface and such as main WP or WP remote or even Jetpack. So what it does is it helps to manage plugins and teams update for all the websites from a single place. And you should definitely offer them. It can save a lot of time. Now that we have handled the situation whether when we have to manage plugins and teams across hundreds of websites we still are left with one situation that is website getting cracked after plugin or team update. Now I am going to categorize this crash into two types. One is soft crash and other is hard crash. Now soft crash are generally harder to deal with. This is because in case of soft crash the website won't throw an error but it would still be broken visually. So say for example there can be a white screen of death or a header of the website will be broken or something similar to this. And since the website is not throwing an error identifying it across hundreds of websites is a resource intensive task. To handle this situation we can have visual monitoring system in place which basically does is that it ensures that our website is pixel perfect post any update action or install action. And another type of crash is hard crash. Now this is generally easier to deal with this is because it breaks the website completely. So basically it is easier to deal with because it throws error like internal server error. And most of time monitoring system are good enough to handle this situation and alert us until the website is down. We just have to ensure that where with the notification we receive come to a platform that we check on a frequent basis. Now once the website is down our first step is to get it back quickly. And for most of this situation a backup restore is an ideal solution. But in case of error like 500 internal server error some backup service might ask you to fix the website before before restoring. Now fixing a server issue means debugging logs and this leads us to ensure that we are following we have a good robust login system in place. Most providers don't provide this full set of logs. Or even if they do they do it with limited interface. And also you might have a demo log on your website this method of logging error doesn't provide a great method to monitor log of a multiple website. So we should ensure that we have a log analyzer tool in place. Which basically helps us monitor all the logs from a signal dashboard and it could be great if it can highlight important logs for us. Now once we have recovered the website the next step should be to identify the root cause of the error. Now as I mentioned before when we are managing hundreds of websites we might have team members or collaborators working on a website so we might have collaborators or team members working on a website and the client and his team will also be accessing the website. And when a crash happens this situation mostly leads to petty finger pointing. So we should ensure that we have a user activity logging system. So basically what it does it logs all the user activity and helps us bring accountability among team members. Now and also it also helps us take informed decision in granting correct access to various collaborators. So we have gone through the complete life cycle of the website and we have tried to identify important patterns from a pool of patterns. And the main idea of this talk was to help to identify these problems. As I believe that the key to manage hundreds of websites is have an eye out there identify the recurring tasks that we are performing on a liquidity basis and automate them. And once you identify this pattern you will find that for most of these problems there are solutions available for this and you can hope for them and if something is not available you should be open to develop your own and it should be great if you can open source it. On that note I would like to end my talk and thank you and thank you for watching.