Posts Tagged ‘Wordpress’

WordPress Security 101: Preventing Website Hacks

As you may already be aware, WordPress has received a lot of attention this year because of recent security concerns. And if you’re building a new website, or wondering about the WordPress security of your own website, I sincerely wouldn’t allow scare tactics to sway your opinion of WordPress. It’s the #1 platform in the world with over 25% of the population’s websites running on it. It’s the preferred choice for developers and easily the most user friendly with unlimited resources for troubleshooting, plugins, support and security. With so many users, it’s mathematically going to have more security attacks, but fortunately there are just as many (if not more) security preventatives and blocks available.

wordpress security

WordPress resources are abundant because it is run by a volunteer group of consultants interested in expanding the software. It’s a community where experts are invited to create a theme, write a plugin, answer tech support issues, and generally contribute. The professional developers that created WordPress are quick to jump on any attack against their platform & offer the fix to their users. That’s part of why we love it, use it and recommend it. Other website platforms will leave you to fend for yourself if you get hacked.

Any website is going to have security risks no matter what platform or coding is used, but you must consider the resources available to prevent these attacks and counter them. When it comes to the benefits, WordPress is unparalleled. Click here to read more about the many benefits WordPress can bring to your company’s website.

Websites will have security risks no matter what platform used, but you must look at the resources that prevent and counter the attacks

You may be thinking, “I sell cupcakes in Beatty, Nevada, why would anyone care to hack into my website?” But it’s actually every day websites like these that are targeted.

Here are some common reasons your WordPress website might be targeted:

Spam. Unfortunately for the purpose of pharmaceuticals or porn. Spammers search for vulnerabilities and openings on your website like outdated plugins. With this technique, there can be anywhere between 10-60,000 email messages queued, ready to send from your server at any time. It’s also typical for spammers to use your domain name as the “from,” sending email address which can cause your legitimate email to be delivered to a spam box. Websites can be black listed and you run the risk of your host taking down your website.

link spam

Another common reason your WordPress site might be targeted is for advertising or SEO links. Hackers splice in 2-200 links into already published WordPress posts & pages. Typically they search for posts that haven’t been updated in a long time (because people rarely check those). The purpose is to get the links they spliced in to show on search engine results. Pharmaceuticals are the most common, but often women’s products like shoes or apparel that lead to affiliate sales or viruses are also typical. Most people who find out they have been hacked this way have been hacked for months previous. Google gives an alert on their search results marking a site as a suspected hack. Outdated WordPress and WordPress themes are usual targets. So if you still have your default theme installed even though you’re not using it, your website is vulnerable if those themes are not updated. This includes Twenty Fifteen, Twenty Fourteen & Twenty Thirteen WordPress themes which are automatically installed when you install WordPress. XML-RPC is the connection method exploited in these attacks, so it’s best to disable it. To do so, simply add the following line of code to your theme’s functions.php file:

add_filter('xmlrpc_enabled', '__return_false');

Another common hacking technique is Distributed Denial of Service (DDOS) attacks (aka using zombie websites.) My husband makes fun of me, but I like to refer to it as, “website puppeteering,” because someone else is controlling the virtual strings of your website.  However it makes sense to you, right? This technique is used to knock another site offline by overloading the target website’s bandwidth. By sending false web requests in a way that makes them appear to come from the target site, the hacker can bog down that website with more traffic than it can take. This kind of attack also exploits the XML-RPC connection method, so you can see how important it is to disable that in WordPress.

Here are some preventative WordPress security steps you can take to decrease your risk of being hacked:

  • Keep WordPress and all your plugins up to date.
  • Ensure all your user accounts have strong passwords. Do not use default user names like admin. Do not make all users an administrator and only give users as much access as they need.
  • Only install plugins that have been developed by reputable companies and that have been updated recently.
  • Install WordPress security plugins faithfully.
  • Check with your web host to be sure that server-wide malware scans and nightly off-site backups are included in your hosting package. If they’re not, we recommend BackupBuddy.
  • Install an SSL certificate to provide https security support for specific pages or your entire website to encrypt all transfer of data. This is especially important for eCommerce websites and any site that uses contact forms.

There are two plugins that we install across our network to maintain a high level of WordPress security:

  • WordFence – WordFence regularly scans websites for modified files, which could be an alarm for a hacked website. This plugin prevents brute force attacks where a machine might try thousands of user login combinations in a few minutes to hack your site. It also makes you aware of plugin, theme, and WordPress security updates.
  • Anti-Malware and Brute-Force Security by ELI – This Anti-Malware scanner searches for malware, viruses, and other security threats and vulnerabilities on your server and it helps to fix them.

What should I do if my website was hacked?

If your website does get hacked, contact your web host immediately and let them know. This will lessen the chance your host will take down your website. If you’re using a quality host, they should help you either clean up the files or help you restore a backup of your website. Once a backup version of your website has been restored, your first priority should be to update WordPress, all plugins, themes and user account credentials.

But the responsibility of security doesn’t solely rest on your host’s shoulders. Your web developer should be assessing your site to ensure proper security measures are in place. Contact us to perform a WordPress security audit on your website. As an agency using WordPress, we make sure our clients are well protected (our own website is built into WordPress). Your agency should be alerting you to recent threats, a list of plugins that are vulnerable, as well as how you can update your WordPress site to ensure you are protected. If you’re not confident in making these updates, we will be glad to help.

7 FAQs About Web Development Made Simple

It seemed last year many of our readers had the same questions about websites that kept coming up. So for convenience’s sake, we’ve compiled them neatly right here. Take a look and see if one of your questions topped our list of FAQs:

1. Why Does It Cost So Much?

This most frequently asked question opens the golden gate of opportunity for us to explain precisely what the value of your website is. In a previous article on the cost of a website, I likened your website to an employee for your business. Your company’s website is working for you 24/7, without ever needing a break. It sells for you while you’re sleeping, and it’s a constant advertisement/promoter/educator for your products and services.

So if you paid $20,000 for your website, that means after 2 years you have paid your website “employee” $10,000 per year. That’s an hourly wage of $1.14! Whatever the cost of your company website (and you should expect it to be at least $15k if working with an agency), you can be sure that it will quickly pay for itself and its value greatly outweighs the initial cost.

Want further insight on what other agencies charge? Let a global digital agency expert, Karl Sakas, give you his weigh-in.

2. Can’t You Just Build on the Website I Already Have?

Do I Need to Start From Scratch? I hate this question because no matter how thoroughly we explain why a prospect’s current website isn’t usable, many clients still come away feeling slighted as if dealing with sleazy auto mechanics pushing to sell them a manual clutch for their automatic car. I addressed this issue in Before You Hire a Web Developer as a caution to clients.

Just like you need the keys and title to a car before you can make any changes to it, your web agency also requires a few things in order to touch your website:

  • FTP / SFTP Access
  • Admin Log in Credentials
  • Proof Of Domain Ownership

If you rent or lease your site, we do not have the legal right to make changes to it and therefore need to build a new website from the ground, up. Also, if it’s been coded in a custom framework such as a privately licensed shopping cart, it’s on lock down. Try translating Japanese into English after only taking a year’s worth of education in that foreign language. That’s why we use and recommend open source code (like WordPress).

3. Why Should I Switch to WordPress?

Our favorite reason? No monthly on going maintenance fee to install and run it on your website. WordPress has become the world’s most popular content management system (CMS), with over 24% of websites powered by it. That means naturally there are more themes, plug-ins and tech support than any other CMS out there.

It’s also the most user friendly. More and more entrepreneurs want to learn how to maintain their own website, and there’s no better platform than WordPress. It’s intuitive, simple and many features require little to no coding. We could go on and on, but I suggest you read the following article on how your business can use WordPress.

4. Isn’t There a Plug-in for That?

As easy as that would make our job, the answer is not always, “Yes.” Even with thousands of plug-in options that exist for WordPress, a lot of times a client needs a custom function that an already existing plug-in won’t solve.

Also be careful of installing too many plug-ins as they increase the load time of your website and often cause bugs because one plug-in is not compatible with another. They don’t always play nice together.

5. Can You Teach Me How to Maintain My Own Website?

We sure can. We believe basic website maintenance is becoming the norm of the future, so when we hand over your finished site, we also equip you with the knowledge of how to keep it up to date (unless of course you don’t want to learn, in which case we will maintain it for you. We’re fine with that, too.) With us, training comes standard.

6. Why Do I Need an Advanced SEO Package?

Though we build your website around keywords from the very beginning and optimize it for local search and quick page load time, that is no replacement for a strategic search engine marketing plan. We work with an SEO specialist who lives, breathes and sleeps SEO the way we obsess over the strategy, design and development of your website.

Once the design of your site both wows and funnels users into sales and conversion, the next step of attack is to be found first above your competitors and in front of your audience. This involves investing some marketing dollars, but with SEO as the future of business marketing, you can’t afford not to. A good SEO specialist will gain you quality links, mobile search optimization, and integration with social media among many, many other factors. Don’t just take our word for it. Read for yourself.

7. Does It Really Matter Where I Host My Website?

Yes! There are free and cheap web hosts that lead to banner ads and downtime on your site as well as slow load times. You can also use your own virtual private server (VPS) if you know what you’re doing, but if your website goes down (think 404 error), you are responsible for fixing it. Quality hosts, on the other hand, guarantee website up time by managing the server, fixing bugs, and security for you. And as your website sees spikes in traffic, a quality host will manage the changes for you automatically. You can read more here about the differences in web hosting.

Got a question for us we didn’t answer? Feel free to email us or leave a comment in the section below.

6 Key Website Updates to Make More Money

make more money website

There is no over-stressing how important it is for your company to have a great website, yet while some business owners do, many of them are not taking full advantage of its selling potential. Your company’s website nears the top of the list for the most important investments in your business, so you should know how to maximize its return and make it work for you. If you’re not yet ready for a complete website redesign, here are some key updates you can make now that will increase revenue, retain customers, and make you more relevant in your field.

1. Go Responsive

This year, mobile commerce sales are expected to top $100 billion due to the fact that an increasing amount of shoppers are making purchases from their mobile devices. That number is projected to hit 54% by 2018, according to Forrester. And if your company’s website isn’t functional on mobile devices, you can expect a lot of lost opportunities. Over half of mobile users will abandon a website if it doesn’t function on their device.

With the need for a responsive website growing, it’s smart to prepare for the future. New devices are emerging and the way consumers shop is evolving, so ensuring your company’s website has a responsive design is like having insurance for the future; no matter what new device comes next, your customers can access it with no problems. Responsive websites also rank higher in SEO so you can be found above your competitor, and make more money.

2. Implement WordPress

Have you ever thought about how much revenue you’re missing out on because you cannot easily manage your company’s website to post a simple event, store promotion, or new product? Website management systems are moving toward novice-friendly platforms and our favorite is WordPress. It allows for owners to easily learn how to make quick, simple changes to their websites so their latest promotion or event is relevant. No more relying on your developer to make these updates, which cost you the very money you’re trying to bring in. Posting new content engages customers and keeps them coming back. By implementing your site into WordPress, you are partnering with a powerful tool that helps increase sales through ease of use. Learn more about having a WordPress website.

3. Use Videos

Because people have different learning styles, you should have an array of content to capture your audience so they will stay engaged on your site. One of the most engaging methods is video content. Use it to show off your office through a tour, explain how your products work, relay customer testimonials, and offer expert tips and advice. People process visual information much faster than reading text, so adding video to your company’s website can be a great way to boost sales.

4. Scale Down Your Website

Website abandonment is a huge loss for company profits. The average online user expects your website to load in 2 seconds or less. After 3 seconds, nearly 60% of users will abandon your site. By making a key update to scale down the images, JavaScript and CSS files, you can dramatically decrease the load time and prevent customers from abandoning your company’s website, therefore increasing conversion. Here are some other tips for speeding up your load time.

5. Show Customer Reviews

Word of mouth continues to be the most trusted avenue for business referrals. By posting testimonials on your website, prospective customers develop a sense of trust from reading real-life experiences from their peers on what it’s like doing business with you. Even the negative feedback, if handled tactfully, will increase sales through your website by allowing customers to see their concerns are addressed and dealt with respect.

6. Add a “Buy Now” Button

make more money

Simple, right? But how many times have you searched a website, looking for a way to “check out”? Adding this handy little e-commerce tool makes it stupid simple for customers to quickly get what you’re advertising without having to go through a round-about process. Not to mention people like to push buttons, so why not give them a big, obvious one they can’t resist and improve your conversion rate at the same time?

Making updates like these can increase your sales exponentially and who doesn’t want to make more money? With all the effort and investment you put into your company’s website, it makes sense to squeeze it for everything it’s worth and maximize your return. Most importantly, it helps to keep in mind that any update you make to your website should center around customer usability. Keep it simple, quick, and engaging. What tweaks have you made to your company’s site that has increased sales? Share some of your success tips in the comments section below.

WordPress – Why Your Company’s Website Needs It

wordpress website logo

As an agency specializing in WordPress design, we often hear business owners say their company already has a website. Then when we begin explaining the value of having a WordPress website to them, they quickly want to know why their current website isn’t good enough and why they should switch. Sound like you?

Or maybe you have already ruled WordPress out because it’s designed for blogs, which your company doesn’t use (although you should!). WordPress has been around since 2003 and in the beginning it was targeted toward bloggers, but it has evolved into the #1 most popular content management system (CMS) for good reason! Over 24% of the internet’s websites are powered by WordPress, with that number rising every year.

So why is it different? What are the benefits? Though there are literally thousands of reasons to convert your site to WordPress, I’ll give you the most popular ones:

WordPress is Free!

This fact still excites my developer husband. With thousands of design themes and plugins to suit any website need, it truly is amazing that WordPress is a free software service. It’s free because it is run by a volunteer group of consultants interested in expanding the software. It’s a community where experts are invited to create a theme, write a plugin, answer tech support issues, and generally contribute. Once you begin using WordPress, all those community benefits become accessible to you. You receive support, downloads, themes, etc. And many are also free to install and modify, which makes WordPress so universal and loved.

The open source code is also especially helpful for beginners wanting to learn how to maintain their own website. It enables anyone to view, study and change the source code of the software. The only investment required is on hosting and a domain in order to operate WordPress.

WordPress is User Friendly

wordpress website cms

No coding experience required. Novices are able to upload video and pictures, edit blog posts, manage content and create new pages. WordPress offers hundreds of articles for beginners. The WordPress platform allows you to log in from any computer, day or night, and make changes so you don’t have to wait until Monday morning to contact your design company. You have control. And because blogging was the original target for WordPress, it remains to be the simplest platform on which to blog. Blogging is already built in to WordPress and ready to use, so every site from e-commerce to photo gallery will gain from its benefits.

WordPress is SEO Friendly

If your company’s website is struggling for first page placement on Google searches, then powering your site through WordPress is a good option for you. WordPress’ code is written to be highly compliant with search engines. It’s clean and simple, making it easy for search engines to index your site. Additionally, you can prime your WordPress website using keywords to make search results very specific. And because Google loves new content, the fact that you can easily and regularly upload changes and modify your company’s site will boost your SEO.

WordPress is Safe

A lot of novices feel insecure with their ability to maintain their own website, fearful they might “break it” or that it might be susceptible to hackers. Rest assured, WordPress is secure. There is a specific process to “harden” a WordPress website installation that doesn’t exist in traditional websites. And with the right agency, your site will be safe even with multiple users. You, as the administrator, have the ability to appoint users on your site and grant them varying access levels and capabilities.

WordPress Can Grow

Your company’s website is not limited to its original design and functionality with WordPress. There is no need to start from scratch and build a new site because your business changed its marketing strategy or branding method. Want to add an event calendar, calculator, or email sign-up form to your site down the road? That’s not a problem for your WordPress engine. Even if you need to expand your site by adding pages or a video, WordPress is adaptable and none of it will negatively affect the performance of your company’s website.

A huge way WordPress grows a business is by recognizing mobile devices. If your company does not currently have a mobile-friendly website, WordPress covers that by configuring your site to adapt when being read on mobile devices so that it is viewed appropriately. Brilliant, huh?

There are so many benefits for companies that convert to a WordPress website, it’s impossible to name all of them. But if you are beginning to see the value of hiring a WordPress expert agency, feel free to fill out our contact form to discuss your project and we will be happy to set you up and on your way to managing and maintaining your own website. WordPress training comes standard, of course.

Have you already experienced the benefits of powering your site through WordPress? We’d love to hear it! Post below your favorite WordPress qualities and plugins to share.