WordCamp Phoenix was held a couple of weeks ago and it is great to spend two full days with other WordPress users of all levels. One of the speakers that always delivers great content is Aaron Campbell. His main job is working on the security of the core WordPress software and he has a real knack for explaining complex security issues in an easy-to-understand way.
His talk at the most recent WordCamp was titled “Why the Open Web Matters” and he gets his point across by talking about video games and tractors. Yes, tractors! You can watch the entire session on WordPress.tv or I have embedded it below.
While there are many things you can do to protect Web sites, the hackers won’t stop trying. If you don’t have good protection, the hackers are far more likely to succeed in hacking your site. Should your site get hacked, you’ll need to get it cleaned.
Sucuri is one of the leading providers of Web security and they have authored detailed steps for How to Clean a Hacked Website. There are separate instructions for WordPress, Joomla, Magento and Drupal sites.
We’d love to help protect your site so the likelihood of getting hacked is minimized. Please consider one of our WordPress Maintenance Plans. They are a small investment into keeping your site working hard for you!
When I read it, I had my own thoughts on the reasons listed so I’ve taken the seven reasons from that post and have provided my answers below. Three other reasons came to mind as I thought about why I feel Unleashed is a great choice and they are included after the initial seven. As we focus solely on WordPress development, the solutions below are all based on WordPress.
1. Professionals can customize beyond templates
Every WordPress site has a theme (template) that determines the design and features of the site. Sure, there are a bunch of free themes available and some of them are OK. We’ve tried a lot of themes and found that there are many of them that are difficult and/or don’t work nearly as well as the demo.
Over time, we’ve developed a small number of themes that we use on most of the sites we build. We know how they work in depth and know that we can deliver a wide range of designs from them. There are also ways to extend our favorite themes to give them even more features and options.
Should you build a site yourself, you might choose a great theme and it’s possible you get a really bad one. When a bad theme is used to build a site, it can be very hard to switch to another theme at a later time.
2. The ROI is worth the initial cost
Let’s say you want a pizza for dinner tonight. It is simple to go to your favorite pizzeria and get a large pizza with a few toppings for $15-20. The alternative would be to make your own crust, either purchase or make sauce, get some cheese and the other toppings. Then add the time involved to take the raw ingredients and make the pizza. In the end, you could have a gourmet pizza or a complete dud and you will have spent a lot more money and time to get there.
Yes, a good Web site is an investment. If you work with a developer and provide the content required, it will save you money. Even if you built it yourself, you’d still need to come up with the content. What is your time worth? Expect that it can take you 3-5 times as many hours (minimum) to build a site as well as a good developer. In the end, will your creation be a masterpiece or a dud?
By using a pro, your site will be working for you sooner and will be designed to meet (or exceed) your goals. This brings a return to you sooner and that return will likely be much greater.
3. You can choose the right developer
No single developer is the right fit for every project and you’ll find many choices when looking for someone to build an awesome WordPress site. Clients sometimes judge only the cost and not what the developer can delivery. The goal is to have a site that best delivers on your goals while delivering a great return on investment.
We pride ourselves on being part of the GoDaddy Pro program as well as being a Google Partner. The online world changes every single day and we focus on educating ourselves on those changes so that we can deliver sites that follow all the latest standards. This also allows us to minimize the time and costs involved.
4. Managing your own content is still possible
At its heart, WordPress is a CMS (content management system). It is designed to allow multiple users to change content to varying degrees. Some clients only want minimal abilities to change a few words or photos. Other clients want full control of a site. Either option is possible and the abilities can even be changed at any time.
This also brings up the famous Spiderman quote “with great power comes great responsibility.” If a client has the ability to edit anything on the site, they also have the ability to accidentally create problems by clicking the wrong thing. We work with clients so they know how to complete the processes most important to them to minimize potential problems.
5. eCommerce functionality is doable
With a WordPress site, eCommerce functionality can be as simple as installing a plug-in. While it is technically quite easy, a good eCommerce site is much more complex. What types of products and/or services are you going to sell? What types of payments are you going to accept? Do you need to ship products? Are they downloadable? These are just some of the questions that need to be answered.
WooCommerce is often mentioned as it is the most popular tool for adding eCommerce to WordPress. That does not mean it is the right answer for your site. We have found other tools that are better choices for our clients. Not only do we recommend these tools for clients, we use them on our own eCommerce sites so we know them inside and out.
6. Your site will be mobile-friendly and responsive
With nearly 2/3 of all Web traffic coming from mobile devices, it is an absolute must that your site works great on mobile devices. Visitors to your site could be on a computer screen that comes in nearly any size. Throw in the variety of tablets and mobile phones and there is just no single size anymore.
When we design a site, it is designed to be responsive. That means it adapts it to the screen of the device on which it is being viewed. Not only does it need to adapt to every screen, it needs to be usable on every screen. Your blog post must still look great on every screen. Visitors should be able to shop in your eCommerce store on every screen. Google created a certification test to make sure developers followed mobile best practices and all of our designers have passed the test.
7. Websites are constantly changing
One of the best parts about building a Web site on WordPress is that the platform itself is being regularly updated. We prefer to work with themes and plugins that are also regularly updated. First and foremost, this helps to keep your site secure. But these changes also support new and improved features.
Not only does the technology itself improve, we also focus on improving our skills and knowing that latest best practices in Web design. While you may choose not to have your site updated regularly, we’ll be ready to update it when you need it.
8. Keep all elements maintained and secure
It is thought that once a Web site is launched that all work is done for a long period of time. That just isn’t the case. It is not uncommon that some element of the site has an update almost every single day. If a client prefers, they can handle all of these updates. A far better value is to select a maintenance plan where all the updates are installed on sites for clients.
This keeps elements updated and keeps the site more secure as well. Additional layers of security are available for clients who want true peace of mind.
9. Your pages can be tested and optimized
If a user builds a site, will they test it on a variety of devices or do they decide it looks great on their own computer so it must be perfect? We want to test pages on computers, tablets and phones so that the user experience is consistently good.
Even when a site looks good on devices, it may not be optimized. Are images the right size in both dimensions and download size? Will the page perform well in search results? Can adjustments be made to make the site load as fast as possible? These are all tasks a pro will perform so that you get the best results from your site.
10. Resource for support after the site launches
When a site is first launched, it is only the beginning. Changes will inevitably be made. New content will be added. Quite possibly new features will be needed. Where is your time best spent? Is it becoming an expert on WordPress or working on your own business? Regardless of whether you are going to update the site or you want a developer to do it, we’re here to help.
We’d be happy to discuss your needs to see if we are the right developer for your project. Visit our Contact Us page or give us a call at 480-595-0065.
With any site built on WordPress, there are three major components that regularly get updated. There is WordPress itself, the theme or themes installed and the plugins. If they are not all updated in a timely manner, problems could arise. We recently saw evidence of this on a couple of sites.
A client contacted us about an order placed in their online store. On a specific order, the wrong amount of shipping was charged. We investigated the shipping rates on their site and it had all the right info so there was something else causing the issue. Anytime we go into the back end of a site for a client, we take the time to install any available updates.
On this shopping site, we tried a few sample orders and couldn’t re-create the problem. Why had the problem happened the first time? Quite simply it was because the plugin for the shopping cart hadn’t been updated recently.
While visiting another site recently, we ran into an issue with the business directory. We could search the directory, but the page would not scroll on the results page. This was great for whichever business was listed first, but really bad for anyone else. As this wasn’t a site we built, we contacted the business to let them know about the problem. It was fixed within an hour and it turned out the problem was a plugin that needed updating.
Making sure a site is updated regularly was the driving force behind our decision to offer maintenance packages. We wanted to make the entry-level package as inexpensive as possible and our Bronze package does handle the updates described above. For clients that was more service, we offer Silver, Gold and Platinum packages with increasing levels of services.
Clients can choose to do the updates themselves. Some do visit their site regularly and keep things updated. We find that most don’t. They can choose to have it done when other changes are made, though often this ends up costing more. Lastly, they can choose a maintenance package that install updates very regularly so that everything runs smoothly.
Each time we hear about a Web site being attacked, the owner of the hacked site doesn’t understand why their site was targeted. The short answer is that the bad guys are rarely looking to attack a specific site. Instead they are looking for sites that are vulnerable. Let’s go over some of the specifics that can make your site vulnerable and ways you can protect it.
For a minute, pretend you are an enterprising hacker and you want to make the most money possible. If you are going to attack sites, wouldn’t it make sense to go after the most popular platform on the Web? WordPress powers 28% of all sites (as of this writing) which is far more than any other platform. Because of this, it is targeted regularly.
What Needs Updated
There are three major components to the WordPress ecosystem that can be vulnerable. First is the core WordPress installation. Next are themes installed in WordPress. Every site must have at least one theme and it is common to have 2-5 installed. The third are plugins that are added to a WordPress site. Typically sites will have 10-25 plugins installed. All of these components provide a way for bad guys to compromise your site. Let’s look at each component separately.
In a given year, the core WordPress is updated 5-10 times. Updates address known security issues, fix bugs and add new features. For site security, the most important reason to install an update quickly is to make sure the security issues are patched. When you purchase hosting for a WordPress site, it may include automatic installation of the core WordPress files. It also may not. We’ve seen sites that haven’t had the core WordPress updated in several years and those sites are huge targets for hackers.
For those of you who have hosting plans that automatically update the core WordPress, you can at least breathe easy on that component. Most site owners probably don’t even know if the updates are automatic so this is something worth investigating. If your site isn’t updated automatically, you need to develop a plan to check for updates and get them installed in a timely manner.
Do You Have a Good Theme?
It is possible that a theme never has updates released. While this may seem like a good thing since you don’t have to install the update, it typically means the theme becomes more vulnerable over time. Let’s pretend you use XYZ Theme (this is a fictional name) and it hasn’t been updated in a year. In total, we’ll say this theme is installed on 10,000 sites. When the hackers find an issue with that theme, they know they can attack a large number of sites very quickly. They aren’t targeting your site, they are targeting all sites with that theme.
Other themes are updated almost every week. While this can mean you have more updates to install, it also means the developers are making sure it is as safe as possible. This is one of many reasons we like Elegant Themes. Plus they are likely adding new features! The key is that someone must login to the back end of your site and install those updates in a timely manner. This is not a feature often included as part of your site hosting. So if you aren’t doing it, is someone else doing it for you?
Since most sites have a small number of themes installed, it is important to make sure they are all updated. Even the themes not active can be vulnerable. Maybe some of them should be deleted. Even then, the best plan is to make sure they are all updated regularly.
Plugins Provide Power and Vulnerability
Plugins make it very easy to add features to your site, even by adding a layer of security. But each plugin also provides one more component that can be vulnerable. You want a form on your site for visitors to contact you, right? So let’s pretend your site uses ABC Form Builder (again, a fictional name). It is a really popular plugin with 500,000 installs. And because it allows anyone to enter information, it is especially vulnerable if the developer has missed something. When you don’t update it for six months, the hackers will gladly come infect your site with malware.
Since most sites have at least ten plugins and these plugins are regularly updated, you have to really stay on top of it. On a given site, it is quite common to have at least five plugin updates in a given week. If any of them aren’t installed, the bad guys may have a way to attack your site.
We’re not aware of any hosting plan that includes plugin updates. Maybe your Web developer has included this in the plan they sell to you. What we’ve seen is that most site owners simply don’t install updates. It is those same site owners who don’t understand why their site was hacked. Are you installing plugin updates? Is someone else installing them for you?
The Basic Level of Protection
At the very least, every WordPress site must have a plan in place to install updates to the three components we’ve discussed. Even if this is only done once a week, it could take 10-15 minutes to login to the site and get everything updated. Over a month’s time, that could add up to as much as an hour. Will you take the time to do it? Do you want to pay your Web site developer for an hour of their time to do it?
This is exactly why we developed our WordPress Maintenance Service. Even our Bronze plan does more than simply keep these components updated. Instead of just doing it weekly, updates are installed more often to make sure security patches are in place quickly. So do you want to take an hour or more to do it? Do you want to pay for an hour of your developer’s time? Or do you want it done for a fraction of the cost on an even more regular basis?
What Happens When My Site Gets Hacked?
Each hack is different. Some hacks don’t seem to have any noticeable change to a site. Other hacks will take a site completely offline. Would not having a Web site for a few days hurt you? Some hacks install malware which infects visitors to your site and causes Google to label you as a bad site and remove you from search engine rankings. Would it hurt you if your visitors are mad at you and your site no longer appears safe to Google? Getting that label removed and re-gaining your Google ranking can take quite a bit of time.
We’ve also seen hacks where legitimate blog posts are deleted and a number of spammy posts were added. Would it hurt you if the posts you created were gone forever? Would your visitors trust you if your site had a bunch of spammy posts?
Instead of asking yourself why anyone would want to hack your site, you should just assume it is being attacked every single day. Why? Quite simply, it is being attacked. Installing updates regularly is the first line of protection. More can be done by making sure your site is backed up. Should it get hacked, the backup could save you. Active security protection can also be put in place to repel the attacks. This additional protection is part of our Silver WordPress Maintenance plan.
As I write this, I think of an appliance commercial from long ago with the tagline “you can pay me now or you can pay me later.” If you want to do the maintenance yourself, go for it. It’s just most of you aren’t doing it. I’d rather you invest in a maintenance plan to keep your site working well. If not, the cost to recover your site after a hack is probably going to be a lot higher. Add to that any lost revenue from being without a working site for a period of time.
View Cart Product successfully added to your cart.