Any advice on the best, most secure way to put a WP website into “cold storage”?
I have a client (an online magazine with lots and lots of posts/media) who is going to stop publishing new content, perhaps forever, definitely for the foreseeable future. But they want to keep the site around.
Two Questions
1) Do you know of a great way to entirely convert a WP site to HTML, that is, keep the site up but remove WordPress entirely?
I’ve used HTTrack a few times (a scraper) but was wondering if there’s an even better solution. I don’t think they’ll go that route, but it’s part of what they’re asking me to consult on.
2) Let’s say we were going to keep WordPress intact. What are the things you’d do to keep it as secure as possible, when site admins may be logging in very infrequently?
My list so far:
Automatic updates (with good backups just in case)
Hide the login form.
Remove all users except one or two admins + enforce strong passwords, maybe two-factor
What else? I thought about restricting access to wp-admin by IP but the site may be in cold storage for years, and no one’s IP is going to remain the same for that long. Or at least most people’s IP won’t.
This is a pretty easy answer.
- Backup the WordPress site into a zip file with the contents and database.
- Convert it using this plugin https://wordpress.org/plugins/simply-static/
- Upload it to Cloudflare Pages and attach the domain.
- Done. You might incurr some charges with Cloudflare pages, but it will be minimal. You could always look at hosting the static site somewhere else and using Cloudflare proxy to cache the site.