Tips for people hiring WordPress developers

dealing with malware

Let's imagine this horrid scenario

This is a made up scenario but the resemblance to situations you or your friends have experienced is purposeful.

You pay someone to create a WordPress site for your business. It looks great and works exactly as you hoped. So you pay the developer and they take off and leave you to manage your site from here. Life continues to go well for a while until it doesn't. 

Suddenly your site has been hacked and is broken and everything is horrible. It's clear malware has made you its victim.

Trust me when I tell you that:

  • it's not fun at all
  • it happens to a lot of people
  • it's not you; it's not personal

You call the security guys

If you're like me, or you talk to someone like me, the first thing you're going to do is call – the specialists in malware detection and destruction. If you've met my friends Tony or Dre, you know you can trust their company to completely and utterly destroy all malware with extreme prejudice.

Now, to be clear, they will do the following:

  • determine if you're actually infected
  • find the infected files
  • take out the infection
  • find other security risks and highlight what you should do to fix them
  • replace any core WordPress installation files needed

That's not bad for less than $8/month. What am I talking about – that's GREAT!

But like the pest guys that find termites that have done damage to your house – they can find the bad guys, and even kill the bad guys, but they can't replace the damage that the bad guys did.

If malware has corrupted your theme's files, it's not like Sucuri can magically guess what the code used to be before the malware got there (and did its thing).

So they're going to ask you a question. It's an important question. It's one you should have the right answer to.

Do you have a backup of your theme files?

See, Sucuri can replace your entire WordPress installation – that's easy. They can get rid of the infection on your site – not easy, but they're experts. But they need a clean version of your site. And for that, they need a backup of when your code wasn't infected.

They need a clean copy of your theme.

If you don't have a solution for backups, my recommendation is BackupBuddy from iThemes.

  • It will back up your theme files.
  • It will move the backup off-site.
  • It will let you restore a single file.
  • It will let you restore the whole site.
  • It will backup your database.

That's not bad for less than $7/month. What am I talking about – that's GREAT!

But wait – those are recommendations for a service and a plugin, not a developer!

I know. I'm getting there. Why are you in such a rush?

Here're the thing. My tips regarding your next hire when it comes to getting a WordPress developer to create a custom theme for you, or to even tweak a commercial theme for you are relatively simple.

And they'll make sense, given all of the above.

  • Make sure your developer not only deploys your site to a hosting server.
  • Make sure your developer gives you a copy of your custom/tweaked theme.
  • Make sure your developer has implemented a backup approach.
  • Make sure backed up files are not in the same place as the main site.
  • Make sure your developer knows all this.

Hiring WordPress developers

If you're the kind of person who interviews a developer before you start on a project (which you should), ask some of these questions:

  • What's your backup strategy?
  • How do you decide where to host sites like mine?
  • Will I get a digital copy of my own theme?
  • If not, will you keep a copy? For how long?

You can go further by asking questions like:

  • Have you ever worked with Sucuri?
  • Do you do your own malware remediation or work with specialists?
  • Have you ever worked with BackupBuddy?

Let's end on a happy note

Turns out you used these questions and ended up hiring a WordPress developer that not only gave you a clean copy of your final theme, but also helped you get BackupBuddy installed – with backups going directly to your Dropbox account.

Then the malware hits and you call your developer. Tell them what's going on. And immediately they tell you that you need to give Sucuri a call.

Those guys ask you about a backup, and you inform them that you've been doing off-site backups using BackupBuddy. You give them access to the folder and they clean up the site, replace WordPress files, and drop in a clean version of your site.

What do you do?

You come back here and leave me a comment telling me that it all worked out right. Right?

Probably not. I'll tell you what you do –

You go to bed for another night where you're not worried about your site.