An Introduction to WordPress Security

An Introduction to WordPress Security

If you have a Web site, security is extremely important. The bad guys are trying to hack it, no matter how big your site. Having a few layers of security in place is an absolutely must.

RoboformJust over a week ago was WordCamp Phoenix and one of the speakers was Aaron Campbell who is one of the core developers for security in WordPress. He provided a lot of great information and he stressed that you absolutely must have strong passwords that are different on every single site. No matter how good your memory, you will never remember them all. I’ve always relied on Roboform as our method of creating and remembering passwords. I checked with Aaron and he said it is a great option.

Just a few days before that, I was at the GoDaddy Pro Summit and one of the speakers was Tony Perez of Sucuri. To say Tony is very animated when talking about security would be an understatement. I just felt more secure listening to him. Or did I feel more worried about security on my sites? Hmmm, I’ll need to think more about that. Sucuri provides a service to help you protect sites and is something you may want to consider for your sites.

Sucuri recently put out An Introduction to WordPress Security that provides an excellent step-by-step guide about a number of things you can do to make your sites more secure. For those who want help maintaining and security your site, please consider one of our WordPress Maintenance Plans.

10 Reasons Why It’s Worth Investing in Professional Web Site Development

10 Reasons Why It’s Worth Investing in Professional Web Site Development

Our friends at GoDaddy recently wrote a post titled 7 reasons why it’s worth investing in professional website development. I encourage you all to click the link and read the post as it contains some great information.

When I read it, I had my own thoughts on the reasons listed so I’ve taken the seven reasons from that post and have provided my answers below. Three other reasons came to mind as I thought about why I feel Unleashed is a great choice and they are included after the initial seven. As we focus solely on WordPress development, the solutions below are all based on WordPress.

1. Professionals can customize beyond templates

Elegant ThemeseEvery WordPress site has a theme (template) that determines the design and features of the site. Sure, there are a bunch of free themes available and some of them are OK. We’ve tried a lot of themes and found that there are many of them that are difficult and/or don’t work nearly as well as the demo.

Over time, we’ve developed a small number of themes that we use on most of the sites we build. We know how they work in depth and know that we can deliver a wide range of designs from them. There are also ways to extend our favorite themes to give them even more features and options.

Should you build a site yourself, you might choose a great theme and it’s possible you get a really bad one. When a bad theme is used to build a site, it can be very hard to switch to another theme at a later time.

2. The ROI is worth the initial cost

Let’s say you want a pizza for dinner tonight. It is simple to go to your favorite pizzeria and get a large pizza with a few toppings for $15-20. The alternative would be to make your own crust, either purchase or make sauce, get some cheese and the other toppings. Then add the time involved to take the raw ingredients and make the pizza. In the end, you could have a gourmet pizza or a complete dud and you will have spent a lot more money and time to get there.

Yes, a good Web site is an investment. If you work with a developer and provide the content required, it will save you money. Even if you built it yourself, you’d still need to come up with the content. What is your time worth? Expect that it can take you 3-5 times as many hours (minimum) to build a site as well as a good developer. In the end, will your creation be a masterpiece or a dud?

By using a pro, your site will be working for you sooner and will be designed to meet (or exceed) your goals. This brings a return to you sooner and that return will likely be much greater.

3. You can choose the right developer

No single developer is the right fit for every project and you’ll find many choices when looking for someone to build an awesome WordPress site. Clients sometimes judge only the cost and not what the developer can delivery. The goal is to have a site that best delivers on your goals while delivering a great return on investment.

We pride ourselves on being part of the GoDaddy Pro program as well as being a Google Partner. The online world changes every single day and we focus on educating ourselves on those changes so that we can deliver sites that follow all the latest standards. This also allows us to minimize the time and costs involved.

4. Managing your own content is still possible

At its heart, WordPress is a CMS (content management system). It is designed to allow multiple users to change content to varying degrees. Some clients only want minimal abilities to change a few words or photos. Other clients want full control of a site. Either option is possible and the abilities can even be changed at any time.

This also brings up the famous Spiderman quote “with great power comes great responsibility.” If a client has the ability to edit anything on the site, they also have the ability to accidentally create problems by clicking the wrong thing. We work with clients so they know how to complete the processes most important to them to minimize potential problems.

5. eCommerce functionality is doable

With a WordPress site, eCommerce functionality can be as simple as installing a plug-in. While it is technically quite easy, a good eCommerce site is much more complex. What types of products and/or services are you going to sell? What types of payments are you going to accept? Do you need to ship products? Are they downloadable? These are just some of the questions that need to be answered.

WP EasyCartWooCommerce is often mentioned as it is the most popular tool for adding eCommerce to WordPress. That does not mean it is the right answer for your site. We have found other tools that are better choices for our clients. Not only do we recommend these tools for clients, we use them on our own eCommerce sites so we know them inside and out.

6. Your site will be mobile-friendly and responsive

Google Mobile Sites CerticationWith nearly 2/3 of all Web traffic coming from mobile devices, it is an absolute must that your site works great on mobile devices. Visitors to your site could be on a computer screen that comes in nearly any size. Throw in the variety of tablets and mobile phones and there is just no single size anymore.

When we design a site, it is designed to be responsive. That means it adapts it to the screen of the device on which it is being viewed. Not only does it need to adapt to every screen, it needs to be usable on every screen. Your blog post must still look great on every screen. Visitors should be able to shop in your eCommerce store on every screen. Google created a certification test to make sure developers followed mobile best practices and all of our designers have passed the test.

7. Websites are constantly changing

One of the best parts about building a Web site on WordPress is that the platform itself is being regularly updated. We prefer to work with themes and plugins that are also regularly updated. First and foremost, this helps to keep your site secure. But these changes also support new and improved features.

Not only does the technology itself improve, we also focus on improving our skills and knowing that latest best practices in Web design. While you may choose not to have your site updated regularly, we’ll be ready to update it when you need it.

8. Keep all elements maintained and secure

It is thought that once a Web site is launched that all work is done for a long period of time. That just isn’t the case. It is not uncommon that some element of the site has an update almost every single day. If a client prefers, they can handle all of these updates. A far better value is to select a maintenance plan where all the updates are installed on sites for clients.

This keeps elements updated and keeps the site more secure as well. Additional layers of security are available for clients who want true peace of mind.

9. Your pages can be tested and optimized

If a user builds a site, will they test it on a variety of devices or do they decide it looks great on their own computer so it must be perfect? We want to test pages on computers, tablets and phones so that the user experience is consistently good.

Even when a site looks good on devices, it may not be optimized. Are images the right size in both dimensions and download size? Will the page perform well in search results? Can adjustments be made to make the site load as fast as possible? These are all tasks a pro will perform so that you get the best results from your site.

10. Resource for support after the site launches

When a site is first launched, it is only the beginning. Changes will inevitably be made. New content will be added. Quite possibly new features will be needed. Where is your time best spent? Is it becoming an expert on WordPress or working on your own business? Regardless of whether you are going to update the site or you want a developer to do it, we’re here to help.

We’d be happy to discuss your needs to see if we are the right developer for your project. Visit our Contact Us page or give us a call at 480-595-0065.

Featured image by Helloquence

Determining WordPress Theme Used on Sites

Determining WordPress Theme Used on Sites

As we work with clients on designing a Web site, we are interested in other sites they like. Sometimes they have an existing Web site of their own for which we need information to give them a quote on the makeover. When we see these sites, we want to know what WordPress theme was used to build them. It may be a great site we want to emulate, it may also be a theme we’d prefer to avoid. Below are three tools you can use to determine the theme used. With each, just enter the URL of the site and the tool will try to determine the theme used.

Note that these tools may not have an answer for a variety of reasons. The most obvious would be if a site wasn’t built with WordPress. Some themes have been highly customized and they are very hard to detect. Lastly, it could be a custom built theme for the site and therefore it isn’t a theme that is available for free download or purchase. We encourage you to test each of the tools as you’ll find that a theme that stumps one tool may be identified by another tool.

WPThemeDetector, What WP Theme Is That and WordPress Theme Detector are the three tools. Below is an example result for this site as generated by WordPress Theme Detector.

Not only is the name of the theme provided in the results, there is also a link to go to a page where the theme is available. You may only need to know the name of the theme yet it is nice that you can also purchase it as needed or simply to do more research on it.

Regularly Update WordPress Plugins to Avoid Site Problems

Regularly Update WordPress Plugins to Avoid Site Problems

With any site built on WordPress, there are three major components that regularly get updated. There is WordPress itself, the theme or themes installed and the plugins. If they are not all updated in a timely manner, problems could arise. We recently saw evidence of this on a couple of sites.

A client contacted us about an order placed in their online store. On a specific order, the wrong amount of shipping was charged. We investigated the shipping rates on their site and it had all the right info so there was something else causing the issue. Anytime we go into the back end of a site for a client, we take the time to install any available updates.

On this shopping site, we tried a few sample orders and couldn’t re-create the problem. Why had the problem happened the first time? Quite simply it was because the plugin for the shopping cart hadn’t been updated recently.

While visiting another site recently, we ran into an issue with the business directory. We could search the directory, but the page would not scroll on the results page. This was great for whichever business was listed first, but really bad for anyone else. As this wasn’t a site we built, we contacted the business to let them know about the problem. It was fixed within an hour and it turned out the problem was a plugin that needed updating.

WordPress MaintenanceMaking sure a site is updated regularly was the driving force behind our decision to offer maintenance packages. We wanted to make the entry-level package as inexpensive as possible and our Bronze package does handle the updates described above. For clients that was more service, we offer Silver, Gold and Platinum packages with increasing levels of services.

Clients can choose to do the updates themselves. Some do visit their site regularly and keep things updated. We find that most don’t. They can choose to have it done when other changes are made, though often this ends up costing more. Lastly, they can choose a maintenance package that install updates very regularly so that everything runs smoothly.

Your Web Site is Under Attack and How to Protect It

Your Web Site is Under Attack and How to Protect It

Each time we hear about a Web site being attacked, the owner of the hacked site doesn’t understand why their site was targeted. The short answer is that the bad guys are rarely looking to attack a specific site. Instead they are looking for sites that are vulnerable. Let’s go over some of the specifics that can make your site vulnerable and ways you can protect it.

For a minute, pretend you are an enterprising hacker and you want to make the most money possible. If you are going to attack sites, wouldn’t it make sense to go after the most popular platform on the Web? WordPress powers 28% of all sites (as of this writing) which is far more than any other platform. Because of this, it is targeted regularly.

What Needs Updated

There are three major components to the WordPress ecosystem that can be vulnerable. First is the core WordPress installation. Next are themes installed in WordPress. Every site must have at least one theme and it is common to have 2-5 installed. The third are plugins that are added to a WordPress site. Typically sites will have 10-25 plugins installed. All of these components provide a way for bad guys to compromise your site. Let’s look at each component separately.

In a given year, the core WordPress is updated 5-10 times. Updates address known security issues, fix bugs and add new features. For site security, the most important reason to install an update quickly is to make sure the security issues are patched. When you purchase hosting for a WordPress site, it may include automatic installation of the core WordPress files. It also may not. We’ve seen sites that haven’t had the core WordPress updated in several years and those sites are huge targets for hackers.

For those of you who have hosting plans that automatically update the core WordPress, you can at least breathe easy on that component. Most site owners probably don’t even know if the updates are automatic so this is something worth investigating. If your site isn’t updated automatically, you need to develop a plan to check for updates and get them installed in a timely manner.

Do You Have a Good Theme?

It is possible that a theme never has updates released. While this may seem like a good thing since you don’t have to install the update, it typically means the theme becomes more vulnerable over time. Let’s pretend you use XYZ Theme (this is a fictional name) and it hasn’t been updated in a year. In total, we’ll say this theme is installed on 10,000 sites. When the hackers find an issue with that theme, they know they can attack a large number of sites very quickly. They aren’t targeting your site, they are targeting all sites with that theme.

Elegant ThemesOther themes are updated almost every week. While this can mean you have more updates to install, it also means the developers are making sure it is as safe as possible. This is one of many reasons we like Elegant Themes. Plus they are likely adding new features! The key is that someone must login to the back end of your site and install those updates in a timely manner. This is not a feature often included as part of your site hosting. So if you aren’t doing it, is someone else doing it for you?

Since most sites have a small number of themes installed, it is important to make sure they are all updated. Even the themes not active can be vulnerable. Maybe some of them should be deleted. Even then, the best plan is to make sure they are all updated regularly.

Plugins Provide Power and Vulnerability

Plugins make it very easy to add features to your site, even by adding a layer of security. But each plugin also provides one more component that can be vulnerable. You want a form on your site for visitors to contact you, right? So let’s pretend your site uses ABC Form Builder (again, a fictional name). It is a really popular plugin with 500,000 installs. And because it allows anyone to enter information, it is especially vulnerable if the developer has missed something. When you don’t update it for six months, the hackers will gladly come infect your site with malware.

Since most sites have at least ten plugins and these plugins are regularly updated, you have to really stay on top of it. On a given site, it is quite common to have at least five plugin updates in a given week. If any of them aren’t installed, the bad guys may have a way to attack your site.

We’re not aware of any hosting plan that includes plugin updates. Maybe your Web developer has included this in the plan they sell to you. What we’ve seen is that most site owners simply don’t install updates. It is those same site owners who don’t understand why their site was hacked. Are you installing plugin updates? Is someone else installing them for you?

The Basic Level of Protection

Bronze WordPress Maintenance PlanAt the very least, every WordPress site must have a plan in place to install updates to the three components we’ve discussed. Even if this is only done once a week, it could take 10-15 minutes to login to the site and get everything updated. Over a month’s time, that could add up to as much as an hour. Will you take the time to do it? Do you want to pay your Web site developer for an hour of their time to do it?

This is exactly why we developed our WordPress Maintenance Service. Even our Bronze plan does more than simply keep these components updated. Instead of just doing it weekly, updates are installed more often to make sure security patches are in place quickly. So do you want to take an hour or more to do it? Do you want to pay for an hour of your developer’s time? Or do you want it done for a fraction of the cost on an even more regular basis?

What Happens When My Site Gets Hacked?

Each hack is different. Some hacks don’t seem to have any noticeable change to a site. Other hacks will take a site completely offline. Would not having a Web site for a few days hurt you? Some hacks install malware which infects visitors to your site and causes Google to label you as a bad site and remove you from search engine rankings. Would it hurt you if your visitors are mad at you and your site no longer appears safe to Google? Getting that label removed and re-gaining your Google ranking can take quite a bit of time.

We’ve also seen hacks where legitimate blog posts are deleted and a number of spammy posts were added. Would it hurt you if the posts you created were gone forever? Would your visitors trust you if your site had a bunch of spammy posts?

Silver WordPress Maintenance PlanInstead of asking yourself why anyone would want to hack your site, you should just assume it is being attacked every single day. Why? Quite simply, it is being attacked. Installing updates regularly is the first line of protection. More can be done by making sure your site is backed up. Should it get hacked, the backup could save you. Active security protection can also be put in place to repel the attacks. This additional protection is part of our Silver WordPress Maintenance plan.

As I write this, I think of an appliance commercial from long ago with the tagline “you can pay me now or you can pay me later.” If you want to do the maintenance yourself, go for it. It’s just most of you aren’t doing it. I’d rather you invest in a maintenance plan to keep your site working well. If not, the cost to recover your site after a hack is probably going to be a lot higher. Add to that any lost revenue from being without a working site for a period of time.

View Cart Product successfully added to your cart.
WordPress Maintenance Services Keep Your Site Performing Well

WordPress Maintenance Services Keep Your Site Performing Well

WordPress is a very popular platform for Web sites with nearly 28% (and growing) of all sites built on the WordPress platform. This also means it provides the biggest target for the bad guys. Occasionally they will target a specific site, but that is fairly rare. Typically they just look for any site that has an opening they can attack and exploit.

Just how bad is it? Google recently released their year in review for 2016 and they saw a 32% increase in hacked sites over 2015. They say that prevention is key, so it is simply a case of making sure your site is far less likely to be a target for hackers.

The simplest way to keep the bad guys away is to make sure you don’t have any of those openings. Updates to the core WordPress system as well as theme and plugin updates are released regularly to address security issues. Are you installing these updates? How many of you don’t even know if they are being installed? We’ve found that very few site owners install the updates on a regular basis and we wanted to provide an economical solution. For this, we built our WordPress Maintenance Services.

Our Bronze plan takes care of the updates for you. If you want to install the updates yourself, please do. For those who don’t want to go into their site multiple times weekly to install updates, we can do it for you. It really isn’t something that is optional. Somebody has to do it or it is only a matter of time before the bad guys hack your site.

While installing the updates helps, it doesn’t actively track and block the bad guys. Nor does it backup your site in case something does go wrong. Our Silver plan includes those services and more so that you can know your site is being protected.

Each person or company has a site for a specific reason. For some, the site is a major source of income. As one of our clients often says, “the site pays my mortgage.” Should the site not work for even a short period of time, it would be very costly. We’ve designed our Gold plan and our Platinum plan to provide detailed reporting, more maintenance help and more.

We’ve detailed each of the features offered in our plans and which of those features are included in each plan. Look over the plans we offer and choose the one that is best for you. Even if you don’t choose one, please make sure your site is actively maintained!

Pin It on Pinterest