Launching your Website with Kinsta.

Now that you’ve decided to host with Kinsta, the first step is to create an account. Please watch the video below which will walk you through signing up with Kinsta.

Part of this video mentions specific actions to take if you’re viewing tutorials via the LattePress App – you can ignore this bit as it doesn’t apply to you.

• Use the button below to open up the Kinsta homepage.
• Click on “Plans” in the main menu.
• Select the plan you’d like to purchase, most likely the “Starter” plan if this is your first website, and click on the “Choose” button.
• Fill out your information such as name, e-mail address and password, then enter in your billing information when asked.
• After purchasing your plan, you’ll be brought to your Kinsta Dashboard, once there you’re ready to move on to the next tutorial.

Don’t worry about setting up a site within Kinsta, we’ll do that next.

Creating a Staging site with Kinsta

Now that your account has been created, we want to setup our initial staging site we’ll use to build our site. Watch the video below to review creating a staging site with Kinsta.

• Within the Kinsta Dashboard, click on the “Add Site” button.
• Select a location, the location should be as close to your target market as possible, or if not applicable, the one closest to your location.
• Enter in a name for your website, which is used to reference the site within Kinsta.
• Select the option to “Add a brand new WordPress install” from the dropdown menu.
• Enter in a site title and add in your administrator username and password you would like to use for the site, as well as your e-mail address.
• Select the default language for your website.
• Leave the plugin and multisite checkboxes unchecked.
• Click on the “Add” button.
• Back on your Kinsta dashboard, select “Manage”, then view the “Domains” tab to find your staging URL. Once you have your staging website opened, move on to the next tutorial.

As mentioned in the video, it’s important to use complex and unique usernames and passwords for your websites, as well as services you use around the web. If you would like to use a great program to help you remember, check out LastPass by clicking the button below.

Migrating Your Site and Data

For migrating data from your staging environment to your host we recommend the all-in-one migration plugin. This is a free plugin which makes it very easy to migrate a complete site from one WordPress install to another.

This works when moving our site to our live host – it also works for moving from one host to another if you decide to change your host later.

In the section above we setup a fresh WordPress install on Kinsta. Simply install the all-in-one migration plugin on the staging site you’ve been working on as well as the fresh install on the new location.

Next, using all-in-one, run an export on the site you want to take the data from, then run the import on the fresh installation.

Once the import is complete, follow the instructions, making sure after you log back in (when the import is complete you’ll be logged out, log back in with the admin credentials from the site you migrated from, as the default username/password you used when creating your default WP install will be overwritten), finally save your permalinks twice. The video below will show you how easy it is.

Cloning our site to our Staging Environment

Now that our site has been imported into the live environment on Kinsta we want to create a copy of it in the staging environment before we go live so we have a version of our site to work on in the future.

This is incredibly easy to do with Kinsta, just follow the steps in the guide linked below to create a staging copy of your website. We’ll talk more about how we’ll use this later on in this guide. For now, it’s enough to create it, which will make a copy of your site which will be available on its own staging URL, and will have its own section within your Kinsta panel.

Integrating our Domain with Cloudflare

Use the guide below to integrate your domain purchased from Gandi (or another domain registrar) with Cloudflare. When it comes to the step of updating your nameservers through your domain registrar (step 4 of the guide), refer to the second button which will show you how to do this with Gandi (follow steps 1 & 2, ignore the section on LiveDNS). Follow Kinsta’s guide on Cloudflare until step 6, the optional plugin, we aren’t going to that quite yet.

Add Primary Domain to Kinsta

Now that you’ve updated your DNS to point at Cloudflare and you’ve pointed your A record within Cloudflare to point at your Kinsta Live environment, we need to add your domain as the primary domain within your live environment. Basically, what this means is, your domain is guided from Gandi to Cloudflare, and Cloudflare is saying, this domain should point at Kinsta, but once you get to Kinsta, we need to make sure Kinsta knows what files it should show when requests to that domain are made and we do this by adding the domain in our Kinsta dashboard.

You can do this following the simple steps detailed in the guide linked below.

Note: Make sure within your Kinsta dashboard the dropdown tab is set to Live Environment as that’s where we want our domain to point. If you’re using both www and non-www versions of your domain, be sure to add both!

Add an SSL certificate to your site.

Once you’re getting the proper nameservers and IP address from pingdom, and your domain loads up your live site, you’re ready to move to the next step, adding an SSL certificate to your site so we can be secure, as well as show visitors the green padlock in the URL bar which guarantees that their data and information transferred is safe and secure. First, we’ll follow the guide below to enable a Let’s Encrypt SSL certificate on our Kinsta site.

First, view the section “Option 3 – Install SSL Certificate With Cloudflare or Sucuri” as we’re utilizing Cloudflare, by clicking the button below.

Additional Security Steps

Mandatory Security Practices

Always use strong passwords – This seems obvious but it was one of the most widely seen issue when there is a security issue with a site. You can use LastPass or a similar service to help memorize usernames and passwords for your website. If you have multiple admins, also consider installing the Force Strong Passwords Plugin to ensure all of your admins use a strong password. With LastPass, it’s easy to generate strong passwords, you can also look at How to create a strong Password or use a tool like The Strong Password Generator.

Avoid Default Admin Username – If you followed our tutorials when creating your site, you should have picked a complex admin username, something other than the default admin username, “admin”. If this user account exists you should consider creating a new admin account under the users section of your WordPress website, and once created and confirmed that it’s working and you can access your dashboard with your new admin account, delete the user with the username “Admin” and use the new account going forward. This is only if you created your site and made the admin username, “admin”. Additionally, we want to create an editor account separate from our admin account to create content on the front-end, and use our admin account only for back-end administration purposes.

Keep Themes and Plugins updated – We’ve talked about this already quite a bit, and it’s pretty simple to do. Always keep your plugins and themes up to date at all times, as well as WordPress core. Check your site often (every day or two) for available updates and make sure to run this process (first on your staging site to check for issues), then on your live site. Additionally, always uninstall and delete plugins and themes on your site that you’re not using. This is both for performance and security benefits.

Optional but Recommended Security Practices

Form Captchas – If you followed our forms tutorials, you should already be using CAPTCHAs, specifically, ReCaptcha from google, to protect your forms from spammers. This is more annoyance than security issues, but adding Captchas to your forms does slightly increase overall protection.

Lock Down Your WordPress Admin – There are two ways we can protect our WordPress admin. The first, is to hide the URL all together. By default, the WordPress admin login URL is www.domain.com/wp-admin, this makes it easy for scripts and bots to find out admin and attempt to brute for our login screen. You can change the URL of your admin login using the WPS Hide Loginplugin. Once installed, you can change the URL of your admin login under Settings -> General.

Secondly, we can limit login attempts made when people make it to our Login screen by using the Login Lockdown plugin which limits login attempts and will blacklist and ban users who use incorrect information repeatedly. These plugins are also completely compatible with eachother.

Two Factor Authentication – By utilizing two factor authentication, even if someone does get access to your username and password, they still won’t be able to access your website admin without also having access to either your cell phone or your e-mail (depending on which method you use). We recommend you setup two factor authentication with both Kinsta, which can be done by following this guide. As well as on your website which can be done using the Google Authenticator plugin which allows two factor authentication via your e-mail address or a mobile app on your phone, available for android, windows and apple phones.

If you weren’t hosting with Kinsta, there would be several other things we would recommend, however they would be redundant and a waste of time on a Kinsta hosted site, follow the steps above and you’ll be ready to launch knowing your website is safe and secure.

Post Launch Checklist

• On our staging site, make sure that under “Settings – > Reading” the option is enabled (checked) to discourage search engines.
• On our live site, make sure that under “Settings -> Reading” the option is disabled (unchecked) to discourage search engines.
• If you’re using WooCommerce, make sure to enable the setting to force SSL – Read more here.

Purpose of the Staging Site

The main purpose of your staging site is to test WordPress, plugin and theme updates on your website for conflicts before updating them on your live site. You can also use your staging site to update content and change settings, and once completed, push them to your live site. Kinsta has a process for this all in place which you can read about here:

The reason behind this is that you may have live data being updated on your live site, but not your staging, and we don’t want to overwrite those database tables. Since we’re not custom developing (custom-coding) changes to our site, we really just need our staging to test new features and test updates. And we suggest doing this, then if all is well, running those updates on our live site instead of pushing from staging to live which can overwrite important information.

You can copy your live to staging before doing tests in order to get the most up to date version, we just don’t recommend pushing from staging to live, and that you use your staging as more of a sandbox to test updates before you run those updates on your live site.