Launching your Website with Flywheel.

Now that you’ve decided to host with Flywheel, the first step is to create an account. If you built your site using Local by Flywheel then should already have a Flywheel account and can skip to the next step.

Please watch the video below which will walk you through signing up with Flywheel. Part of this video mentions specific actions to take if you’re viewing tutorials via the LattePress App – you can ignore this bit as it doesn’t apply to you.

• Use the button below to open up the Flywheel’s homepage.
• Click “Sign up”.
• Fill out the registration form, and once completed, you’ll be redirected to your Flywheel dashboard and be ready to move on to the next tutorial.

Don’t worry about setting up a site within Flywheel, we’ll do that next.

Creating a Staging site with Flywheel

Now that your account has been created, we want to setup our initital staging environment we’ll use to build our site. Watch the video below to review creating a staging site with FlyWheel.

• Once you’re logged into your Flywheel dashboard, click on the “Create a New Site” button.
• Enter in a name for your website (you can change this later).
• Enter in a preferred temporary domain/URL for your site, or leave this option blank to have it generated for you.
• Enter in an admin username and password you’d like to use to login and manage your WordPress site. This should be unique to this website, and complex.
• Select “My Client will pay later” under “How would you like to pay”.
• Select your data center (closest to your target market).
• Click “Launch a Demo Site”.

If you need help generating and keeping track of usernames and passwords for your websites, consider using a password management tool. We recommend LastPass as a great way to store, generate and track usernames and passwords for every site you use online.

Migrating Your Site and Data

For migrating data from your staging environment to your host we recommend the all-in-one migration plugin. This is a free plugin which makes it very easy to migrate a complete site from one WordPress install to another.

This works when moving our site to our live host – it also works for moving from one host to another if you decide to change your host later.

In the section above we setup a fresh WordPress install on Flywheel. Simply install the all-in-one migration plugin on the staging site you’ve been working on as well as the fresh install on the new location.

Next, using all-in-one, run an export on the site you want to take the data from, then run the import on the fresh installation.

Once the import is complete, follow the instructions, making sure after you log back in (when the import is complete you’ll be logged out, log back in with the admin credentials from the site you migrated from, as the default username/password you used when creating your default WP install will be overwritten), finally save your permalinks twice. The video below will show you how easy it is.

Cloning our site to our Staging Environment

If you have a package with FlyWheel above the tiny package, and so have staging server capabilities, use the guide below to clone your current site on your live environment to your staging site.

Integrating our Domain with Cloudflare

Use the guide below to integrate your domain purchased from Gandi (or another domain registrar) with Cloudflare. When it comes to the step of updating your nameservers through your domain registrar (step 5), refer to the second button which will show you how to do this with Gandi (follow steps 1 & 2, ignore the section on LiveDNS).

Add Primary Domain to Flywheel

Add an SSL certificate to your site.

Before doing this, we have to make a change to our Cloudflare account to work with our SSL – In Cloudflare, click into the “Crypto” tab and turn off SSL (it’s also recommended to set Cloudflare to development mode till the SSL is ready on the Flywheel side. You can do this from the quick actions on the overview dashboard.)

Then follow the guide below.

And finally, install the Cloudflare plugin for WordPress, which can be installed via the repository, or downloaded using the link below. Set this up and it will make sure cloudflare works best with your site, WordPress, and Flywheels setup.

Additional Security Steps

Since our host is taking the main responsibility is keeping our site safe and secure and we’ve added in our SSL certifiate, security is something we don’t have to worry too much about, however there are some common sense solutions to increasing our security and reducing the potential for problems.

Mandatory Security Practices

Always use strong passwords – This seems obvious but it was one of the most widely seen issue when there is a security issue with a site. You can use LastPass or a similar service to help memorize usernames and passwords for your website. If you have multiple admins, also consider installing the Force Strong Passwords Plugin to ensure all of your admins use a strong password. With LastPass, it’s easy to generate strong passwords, you can also look at How to create a strong Password or use a tool like The Strong Password Generator.

Avoid Default Admin Username – If you followed our tutorials when creating your site, you should have picked a complex admin username, something other than the default admin username, “admin”. If this user account exists you should consider creating a new admin account under the users section of your WordPress website, and once created and confirmed that it’s working and you can access your dashboard with your new admin account, delete the user with the username “Admin” and use the new account going forward. This is only if you created your site and made the admin username, “admin”. Additionally, we want to create an editor account separate from our admin account to create content on the front-end, and use our admin account only for back-end administration purposes.

Keep Themes and Plugins updated – We’ve talked about this already quite a bit, and it’s pretty simple to do. Always keep your plugins and themes up to date at all times, as well as WordPress core. Check your site often (every day or two) for available updates and make sure to run this process (first on your staging site to check for issues), then on your live site. Additionally, always uninstall and delete plugins and themes on your site that you’re not using. This is both for performance and security benefits.

Optional but Recommended Security Practices

Form Captchas – If you followed our forms tutorials, you should already be using CAPTCHAs, specifically, ReCaptcha from google, to protect your forms from spammers. This is more annoyance than security issues, but adding Captchas to your forms does slightly increase overall protection.

Lock Down Your WordPress Admin – There are two ways we can protect our WordPress admin. The first, is to hide the URL all together. By default, the WordPress admin login URL is www.domain.com/wp-admin, this makes it easy for scripts and bots to find out admin and attempt to brute for our login screen. You can change the URL of your admin login using the WPS Hide Loginplugin. Once installed, you can change the URL of your admin login under Settings -> General.

Secondly, we can limit login attempts made when people make it to our Login screen by using the Login Lockdown plugin which limits login attempts and will blacklist and ban users who use incorrect information repeatedly. These plugins are also completely compatible with eachother.

Two Factor Authentication – By utilizing two factor authentication, even if someone does get access to your username and password, they still won’t be able to access your website admin without also having access to either your cell phone or your e-mail (depending on which method you use). We recommend you setup two factor authentication on your website which can be done using the Google Authenticator plugin which allows two factor authentication via your e-mail address or a mobile app on your phone, available for android, windows and apple phones.

If you weren’t hosting with Flywheel, there would be several other things we would recommend, however they would be redundant and a waste of time on a Flywheel hosted site, follow the steps above and you’ll be ready to launch knowing your website is safe and secure.

Post Launch Checklist

• On our staging site, make sure that under “Settings – > Reading” the option is enabled (checked) to discourage search engines.
• On our live site, make sure that under “Settings -> Reading” the option is disabled (unchecked) to discourage search engines.
• If you’re using WooCommerce, make sure to enable the setting to force SSL – Read more here.
• Enable password on staging site through FlyWheel. Under your “Staging” tab, on the right-hand side under “Privacy Mode”, make sure this option is enabled. You will be given a username and password required to view your staging site. This blocks traffic from bots and search engines as well as unexpected guests.
• Under the “Overview” tab of your site, make sure Privacy Mode for your live site is disabled.

Purpose of the Staging Site

The main purpose of your staging site is to test WordPress, plugin and theme updates on your website for conflicts before updating them on your live site. You can also use your staging site to update content and change settings, and once completed, push them to your live site. Flywheel has a process for this all in place which you can read about here.

The reason behind this is that you may have live data being updated on your live site, but not your staging, and we don’t want to overwrite those database tables. Since we’re not custom developing (custom-coding) changes to our site, we really just need our staging to test new features and test updates. And we suggest doing this, then if all is well, running those updates on our live site instead of pushing from staging to live which can overwrite important information.

You can copy your live to staging before doing tests in order to get the most up to date version, we just don’t recommend pushing from staging to live, and that you use your staging as more of a sandbox to test updates before you run those updates on your live site.