Securing your users
This should be your overriding concern.
A server or site with issues can lead to more than functional problems, downtime, and data loss. It can lead to a lack of user confidence, the spreading of malware, the sliding of your hard-won search engine ranking, and ultimately, of wasted time and income.
Considering maintenance mode
If you've clearly been hacked or are trying to wrap your head around an uncertain issue, to play it safe, bring the site safely down into maintenance mode.
There are two ways to do this.
Using a plugin
If you have a functioning Dashboard, you could use a plugin such as Michael Wöhrer's aptly named Maintenance Mode to inform visitors that your site's taking some time out:
On the plugin's options page, ensure that you set the Splash Page Theme preference to Use 503.php from theme folder and check the box Apply HTTP header '503 Service Unavailable' and 'Retry-After <backtime>' to Maintenance Mode splash page. Properly, that throws a 503 Error (service unavailable) to stop search spiders from trawling the site, giving you the chance to mop up any salacious spam that would otherwise get indexed (possible porn links and all!). Logged in admins, meanwhile, retain full access:
Using a rewrite rule
Then again, you may prefer or have no alternative but to create a splash screen, similar to using the previous plugin, and again with that all-important 503. As with the plugin, this will reroute everyone but you. There are two steps:
Create a
maintenance.phppage to inform search bots and regular visitorsCreate an
htaccessrule to rewrite regular traffic to the maintenance page
Here's the code for the maintenance.php file, which must live in your WordPress root folder. Change SomeSite for your site and otherwise customize to suit:
<?php
header('HTTP/1.1 503 Service Temporarily Unavailable');
header('Status: 503 Service Temporarily Unavailable');
header('Retry-After: 7200');
header('X-Powered-By:');
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>503 - Temporarily Undergoing Maintenance</title>
</head>
<body>
<h1>SomeSite.com is Temporarily Undergoing Maintenance</h1>
<p>Thanks for popping by. Unfortunately you've caught SomeSite justas it's having a tweak. We won't be long, all that.</p>
</body>
</html>
Of the directives in the <head> to </head> section, the variable you may want to change is header('Retry-After: 7200');, where 7200 is the number of seconds you are telling search bots to wait before coming back.
Now we can force everyone but you to go to the maintenance page by adding a directive in the htaccess file, again in your WordPress root directory:
RewriteEngine On
RewriteBase /
# Provide an exception for your IP. Swap 123.45.67.890 for your IPbut leave the backslashes before the three periods.
RewriteCond %{REMOTE_ADDR} !^12\.345\.678\.90$
# If any page is accessed, other than maintenance.php which doesn't need the exception ...
RewriteCond %{REQUEST_URI} !^/maintenance\.php$
# ... then rewrite the request to the maintenance page.
RewriteRule ^(.*)$ /maintenance.php [L]Note
Got a local dynamic IP? Sod's law says that, having set this up, you'll drop your web connection, log back on with a new IP and, because the new rule wants your old IP, lose access! No worries. SSH or SFTP into the htaccess file to switch the old IP reference for the new one. Then you can regain access. Sweet.
That was a good insurance policy that you can remove once the site is back on track.
Now let's isolate the trouble.
