With any site built on WordPress, there are three major components that regularly get updated. There is WordPress itself, the theme or themes installed and the plugins. If they are not all updated in a timely manner, problems could arise. We recently saw evidence of this on a couple of sites.
A client contacted us about an order placed in their online store. On a specific order, the wrong amount of shipping was charged. We investigated the shipping rates on their site and it had all the right info so there was something else causing the issue. Anytime we go into the back end of a site for a client, we take the time to install any available updates.
On this shopping site, we tried a few sample orders and couldn’t re-create the problem. Why had the problem happened the first time? Quite simply it was because the plugin for the shopping cart hadn’t been updated recently.
While visiting another site recently, we ran into an issue with the business directory. We could search the directory, but the page would not scroll on the results page. This was great for whichever business was listed first, but really bad for anyone else. As this wasn’t a site we built, we contacted the business to let them know about the problem. It was fixed within an hour and it turned out the problem was a plugin that needed updating.
Making sure a site is updated regularly was the driving force behind our decision to offer maintenance packages. We wanted to make the entry-level package as inexpensive as possible and our Bronze package does handle the updates described above. For clients that was more service, we offer Silver, Gold and Platinum packages with increasing levels of services.
Clients can choose to do the updates themselves. Some do visit their site regularly and keep things updated. We find that most don’t. They can choose to have it done when other changes are made, though often this ends up costing more. Lastly, they can choose a maintenance package that install updates very regularly so that everything runs smoothly.
Each time we hear about a Web site being attacked, the owner of the hacked site doesn’t understand why their site was targeted. The short answer is that the bad guys are rarely looking to attack a specific site. Instead they are looking for sites that are vulnerable. Let’s go over some of the specifics that can make your site vulnerable and ways you can protect it.
For a minute, pretend you are an enterprising hacker and you want to make the most money possible. If you are going to attack sites, wouldn’t it make sense to go after the most popular platform on the Web? WordPress powers 28% of all sites (as of this writing) which is far more than any other platform. Because of this, it is targeted regularly.
What Needs Updated
There are three major components to the WordPress ecosystem that can be vulnerable. First is the core WordPress installation. Next are themes installed in WordPress. Every site must have at least one theme and it is common to have 2-5 installed. The third are plugins that are added to a WordPress site. Typically sites will have 10-25 plugins installed. All of these components provide a way for bad guys to compromise your site. Let’s look at each component separately.
In a given year, the core WordPress is updated 5-10 times. Updates address known security issues, fix bugs and add new features. For site security, the most important reason to install an update quickly is to make sure the security issues are patched. When you purchase hosting for a WordPress site, it may include automatic installation of the core WordPress files. It also may not. We’ve seen sites that haven’t had the core WordPress updated in several years and those sites are huge targets for hackers.
For those of you who have hosting plans that automatically update the core WordPress, you can at least breathe easy on that component. Most site owners probably don’t even know if the updates are automatic so this is something worth investigating. If your site isn’t updated automatically, you need to develop a plan to check for updates and get them installed in a timely manner.
Do You Have a Good Theme?
It is possible that a theme never has updates released. While this may seem like a good thing since you don’t have to install the update, it typically means the theme becomes more vulnerable over time. Let’s pretend you use XYZ Theme (this is a fictional name) and it hasn’t been updated in a year. In total, we’ll say this theme is installed on 10,000 sites. When the hackers find an issue with that theme, they know they can attack a large number of sites very quickly. They aren’t targeting your site, they are targeting all sites with that theme.
Other themes are updated almost every week. While this can mean you have more updates to install, it also means the developers are making sure it is as safe as possible. This is one of many reasons we like Elegant Themes. Plus they are likely adding new features! The key is that someone must login to the back end of your site and install those updates in a timely manner. This is not a feature often included as part of your site hosting. So if you aren’t doing it, is someone else doing it for you?
Since most sites have a small number of themes installed, it is important to make sure they are all updated. Even the themes not active can be vulnerable. Maybe some of them should be deleted. Even then, the best plan is to make sure they are all updated regularly.
Plugins Provide Power and Vulnerability
Plugins make it very easy to add features to your site, even by adding a layer of security. But each plugin also provides one more component that can be vulnerable. You want a form on your site for visitors to contact you, right? So let’s pretend your site uses ABC Form Builder (again, a fictional name). It is a really popular plugin with 500,000 installs. And because it allows anyone to enter information, it is especially vulnerable if the developer has missed something. When you don’t update it for six months, the hackers will gladly come infect your site with malware.
Since most sites have at least ten plugins and these plugins are regularly updated, you have to really stay on top of it. On a given site, it is quite common to have at least five plugin updates in a given week. If any of them aren’t installed, the bad guys may have a way to attack your site.
We’re not aware of any hosting plan that includes plugin updates. Maybe your Web developer has included this in the plan they sell to you. What we’ve seen is that most site owners simply don’t install updates. It is those same site owners who don’t understand why their site was hacked. Are you installing plugin updates? Is someone else installing them for you?
The Basic Level of Protection
At the very least, every WordPress site must have a plan in place to install updates to the three components we’ve discussed. Even if this is only done once a week, it could take 10-15 minutes to login to the site and get everything updated. Over a month’s time, that could add up to as much as an hour. Will you take the time to do it? Do you want to pay your Web site developer for an hour of their time to do it?
This is exactly why we developed our WordPress Maintenance Service. Even our Bronze plan does more than simply keep these components updated. Instead of just doing it weekly, updates are installed more often to make sure security patches are in place quickly. So do you want to take an hour or more to do it? Do you want to pay for an hour of your developer’s time? Or do you want it done for a fraction of the cost on an even more regular basis?
What Happens When My Site Gets Hacked?
Each hack is different. Some hacks don’t seem to have any noticeable change to a site. Other hacks will take a site completely offline. Would not having a Web site for a few days hurt you? Some hacks install malware which infects visitors to your site and causes Google to label you as a bad site and remove you from search engine rankings. Would it hurt you if your visitors are mad at you and your site no longer appears safe to Google? Getting that label removed and re-gaining your Google ranking can take quite a bit of time.
We’ve also seen hacks where legitimate blog posts are deleted and a number of spammy posts were added. Would it hurt you if the posts you created were gone forever? Would your visitors trust you if your site had a bunch of spammy posts?
Instead of asking yourself why anyone would want to hack your site, you should just assume it is being attacked every single day. Why? Quite simply, it is being attacked. Installing updates regularly is the first line of protection. More can be done by making sure your site is backed up. Should it get hacked, the backup could save you. Active security protection can also be put in place to repel the attacks. This additional protection is part of our Silver WordPress Maintenance plan.
As I write this, I think of an appliance commercial from long ago with the tagline “you can pay me now or you can pay me later.” If you want to do the maintenance yourself, go for it. It’s just most of you aren’t doing it. I’d rather you invest in a maintenance plan to keep your site working well. If not, the cost to recover your site after a hack is probably going to be a lot higher. Add to that any lost revenue from being without a working site for a period of time.
Product successfully added to your cart.
Successfully Added to your Shopping Cart
Successfully Added to your Shopping Cart
Successfully Added to your Shopping Cart
Successfully Added to your Shopping Cart
WordPress is a very popular platform for Web sites with nearly 28% (and growing) of all sites built on the WordPress platform. This also means it provides the biggest target for the bad guys. Occasionally they will target a specific site, but that is fairly rare. Typically they just look for any site that has an opening they can attack and exploit.
Just how bad is it? Google recently released their year in review for 2016 and they saw a 32% increase in hacked sites over 2015. They say that prevention is key, so it is simply a case of making sure your site is far less likely to be a target for hackers.
The simplest way to keep the bad guys away is to make sure you don’t have any of those openings. Updates to the core WordPress system as well as theme and plugin updates are released regularly to address security issues. Are you installing these updates? How many of you don’t even know if they are being installed? We’ve found that very few site owners install the updates on a regular basis and we wanted to provide an economical solution. For this, we built our WordPress Maintenance Services.
Our Bronze plan takes care of the updates for you. If you want to install the updates yourself, please do. For those who don’t want to go into their site multiple times weekly to install updates, we can do it for you. It really isn’t something that is optional. Somebody has to do it or it is only a matter of time before the bad guys hack your site.
While installing the updates helps, it doesn’t actively track and block the bad guys. Nor does it backup your site in case something does go wrong. Our Silver plan includes those services and more so that you can know your site is being protected.
Each person or company has a site for a specific reason. For some, the site is a major source of income. As one of our clients often says, “the site pays my mortgage.” Should the site not work for even a short period of time, it would be very costly. We’ve designed our Gold plan and our Platinum plan to provide detailed reporting, more maintenance help and more.
We’ve detailed each of the features offered in our plans and which of those features are included in each plan. Look over the plans we offer and choose the one that is best for you. Even if you don’t choose one, please make sure your site is actively maintained!
I recently read a blog post entitled How Much Should An HTML To WordPress Conversion Cost? Anytime that a question is somewhat generic, it is impossible to give a cost. But the post did bring up some important information.
First, let’s talk about the conversion process. Deep down, all Web sites are built with HTML. A common process in the past was to hand craft the HTML code. While the site may be awesome, it did take more time to build the site and some changes could be time consuming.
Now it is more common to use a content management system like WordPress to build a site. WordPress, the theme chosen and plugins do much of the heavy lifting and allow the focus to be on the content of the site.
We’ve done quite a few of these conversions and having the original HTML code can be helpful as it can be pasted directly into WordPress in many cases. But that is just a starting point and we often will make changes so the site uses the functionality WordPress offers so the site will function well on all devices.
Having a WordPress site also makes it easier for clients to make minor changes to the site. This can allow clients to save some money or use that money to allow us to make other improvements to the site.
Part of the post focused on using an “agency” vs. using a “freelance designer”. The stereotypes perpetrated can be frustrating as it said agencies were likely to be there after the site launches to provide support and freelancers were far less likely. I’ve found that both agencies and freelancers can be there for support and I’ve also found they can disappear after a site launches. It really depends on each individual agency or freelancer and we’ve heard a lot of success stories as well as horror stories.
Recently a client posted a really nice review on our Yelp page, even though Yelp’s robots decided it was “not recommended”. This a huge fail for their automation as we’ve already worked with this client on four sites and there is no doubt there will be more in the future. Below is their review or working with us. Should you want to work with us on a conversion from HTML to WordPress, give us some basic information and we’ll discuss the project with you.
Unleashed came recommended to us by a trusted source. But still, it’s website design, and we had had more than our share of bad experiences with some shady characters in the past. Not the case with this company. They could not be more responsive, more knowledgeable or more principled. Since getting their help on a specific problem with a GoDaddy upload, we have transitioned into a more collaborative relationship, bringing them in to consult on everything from social media (double-spacing after a period, they politely pointed out, is a big no-no. Thank you for that!) to AdWords to the picky little technical details that leave us all so frustrated. After spending three hours trying unsuccessfully to embed a YouTube video onto our home page, we cried “Uncle” and asked them to look into it. In less than 10 minutes they called us back to explain that since our site has an SSL certificate and the site we were trying to link to (NBC’s YouTube, no less) does not, embedding a link to a non-secure site is not possible. And that is just one small example of the many problems they have solved for us. Their expertise, flexibility, and ability to offer a variety of solutions have made us proud to call them a partner and recommend them for website design three times this year alone. We cannot recommend Unleashed highly enough.
The folks at Website Magazine had a good article recently about what you need to have a site that works well for you. There was so much good information in this article that we’ll have more blogs in the future that focus on a specific section of the article. We encourage you to read Why a Good Website Won’t Cut It Anymore… and What You Can Do About It so that we can discuss it with you.
The second paragraph of the article was a bit surprising.
Everyone has a good website now. Even guys with food trucks have sleek, responsive online storefronts they use to pump out information and social media awareness. A good website is the minimum expected standard you have to meet, but it doesn’t give you any advantage.
Before you did deeper in the article, you really need to be honest with yourself as to whether you truly do have a good Web site now. Does it work on all devices, specifically phones? Has it been updated in the last year? Last month? Does it incorporate your social media channels? As the paragraph above states, this is the minimum expected standard and there are many sites that fall well below the standard.
In order to have a good Web site, it needs to be built in a responsive manner. Sure, there are various technical issues involved in the process. A good Web designer should be able to take care of this for you. Sadly, some Web designers aren’t nearly as good as they may claim.
One of the more difficult tasks can sometimes be getting great content from clients. Even if you get good content, does the client have a clear goal of what they want the site to accomplish? Just claiming you want the site to increase sales is not a complete answer. For example, one client was very clear about their goal. The site was supposed to make the telephone ring. This goal was quickly accomplished to the point that the company had to hire more employees to answer the phones.
Of course just making the phone ring could be a nuisance. If there are questions that can be answered on the site, it may make the call more efficient or it could even mean the call is never made as the company isn’t the right answer.
We want to help you get to the minimum of a good site. From there, we want your site to get taken to the next level so that it is delivering on your business goals. Let us know how we can help you develop a great site!
Clients come to us for our expertise in WordPress Web design. Some clients want us to handle everything while others want to have the ability to make any changes they desire. Even when we give clients the ability to make those changes, we try to give them advice that will help them to avoid problems.
Our thought is that it is truly their Web site so we have to allow them to make those changes. If the changes cause problems, they’ll rely on us to fix the problems. Fixing those problems will likely cost them more than simply asking us to make changes in the first place.
Recently just such an issue came up. A client contacted us because their shopping cart wasn’t functioning properly. Products weren’t staying in the cart and other products couldn’t be removed from the cart. At first glance, we also noticed that their pages were not being loaded securely. While this could be related to the problem, it was very concerning to us that the e-commerce data wasn’t properly secured.
We can only guess that the client had also noticed that the store wasn’t secured as there was a WordPress plugin installed related to SSL security. It wasn’t something that was installed by us so it was time to investigate this plugin. At the top of the plugin page was the warning below.
Each plugin included in the WordPress repository also includes some basic stats on updates, compatibility and popularity. As shown in the screenshot at right, this particular plugin hadn’t been updated in more than four years. In the WordPress world, that is ancient history!
As soon as this plugin was disabled, the shopping cart started functioning properly. There were still security issues with the site to be resolved, but the initial problem had been resolved. Unfortunately in trying to fix the security issues, the client had created more problems and yet the site still wasn’t secure.
We did find the root cause of the security issues and got them fixed. Now, the e-commerce functions on the site are working as designed and shoppers can enter their payment data with peace of mind on a secure site.