Steps for a bulletproof staging site (and why every website needs one!)

Steps for a bulletproof staging site (and why every website needs one!)

At Managed Hosting Partners, we’re huge fans of staging environments for website developments and see them as a best-practice non-negotiable. So much so, we include staging sites with every single website we host – all wrapped up in the same price for your live site hosting (yes, you read that correctly!)

If you’re unfamiliar, staging sites (also known as a testing site) is where you can develop or test changes to your website without risking anything on your live site. The environment is an “as close as possible” – that is, recent and identical – copy of your live site, so you’re comparing apples with apples when testing your deployments without risking the live site coming crashing down thanks to a rogue semicolon. 

Staging sites have been used in software development for over 30 years and are a common and widely used solution to test your work before it’s dropped into a live, customer-facing environment.

There are typically two ways they’re managed: either by the web developer or the hosting company. However, in a developer-led process, there can be issues that sometimes give staging sites an undeserved reputation. Here’s why:

When staging sites are development-led, they’re usually a manual copy of the site’s codebase stored as a sub-folder of the live website rather than as a standalone site in its own right. Asking the client to pay for another website’s hosting can be hard to justify (even though the cost of the conversation may exceed the cost of the hosting!), which is why this usually happens.

As staging sites are considered temporary, this often leads to a temporary mindset that goes something like this:

  1. The staging site is set up
  2. Development happens
  3. Everyone moves on, and the staging site is left there (rather than being cleaned up or maintained)


This leaves a huge security risk because, at some point, the staging site may get hacked – and because everyone’s moved on and forgotten about the “temporary” staging site, there’s been no security updates on it. And worse still, because the staging site was stored as a subfolder of the live site to save costs, you guessed it – the live site is now compromised.

There are a few WordPress plugins that “do” staging websites – but in reality, all they’re doing is automating the manual step of duplicating the code and popping it into a subfolder, so the risk remains the same. 

For that reason, we think of staging sites as a hosting challenge rather than a development one. We take care of the staging site process as a part of our service offering to ensure you’re getting all the upsides that staging sites have to offer, with none of the downsides. Here’s how we manage staging sites for your projects and make sure they’re bulletproof:

  1. Go with a different domain
    The first step to protecting your staging environment is to set it up on a different domain to your live site. That way, if your staging gets hacked, your live website will remain secure (and on the flip side – if your live site gets hacked, you have an uncompromised backup in your staging environment).

  2. Keep your access credentials for databases and FTP separate.
    Again for the same reason as above – if staging gets hacked, shared credentials with your live environment can put the site at risk. 

  3. Always, ALWAYS ensure your staging site is password protected.
    There are three good reasons for this: 
    1. It’s almost impossible to hack a password-protected environment with a sufficiently secure password (thus negating the concerns above!),
    2. You don’t want the general public (or competitors, for that matter) to be able to see what you’re working on before it’s ready for the world to see, and 
    3. It provides a secondary layer of protection to prevent search engines from accidentally indexing your staging site (there’s nothing worse than competing with your own website for rankings!)

  4. Disallow robots.txt
    Again, this is to prevent search engines from indexing your staging site. From time to time, we have to remove this security measure (so tools like Pagespeed insight work), but when we do, we manage this process tightly.

  5. Ensure your staging site doesn’t affect resources on the live site
    A development error may lock up (that is, bring down) your staging site. If the staging site shares resources with your live site, then your live is locked up as well. At MHP, we manage the resources of a staging site as if it was a real site to prevent this kind of error – and because sometimes, you actually need more power on your staging site than on your live site!

  6. We take care of the pesky URL problem
    The one challenge of managing two environments with different domain names is that hard-coded URLs can cause breakages. We have a program that handles this “under the bonnet” without you having to worry about a thing.

And lastly – what about managing changes between staging and live? 

A common misconception is that a staging site has an automated process to transport changes to your live site, and a testing site does not. In reality, “staging” and “testing” environments are words used somewhat interchangeably. 

On our platform, the way we handle the test to live deployment process depends on the specifics of your site and how users interact with it:

  • When five or more people are constantly working independently in your website’s backend, then it’s not realistic to do a content “brown-out” (that is, cease updates on production long enough to push across), even if only for a couple of days. In this case, there’s no choice but to repeat your development/content once again on the live site.
  • For smaller websites, a “brown-out” period may be pretty practical, and we can do a “swap service”, where we coordinate with the client to swap environments at a particular time. 
  • When a single third party manages all backend changes, we can continuously swap out the live site with the latest changes from staging, creating an even more streamlined process.


So there you have it! Implementing well-managed staging sites into your website creation practices is a terrific way to improve your agency’s processes, improve your deployments’ stability and quality, and offer enormous value to your customers. With the right partner, you can mitigate the downsides of staging sites and enjoy their significant benefits (and at no extra cost!).

More Articles