Attention wordpress owners - is your site in danger?

We recently took over a customer's website with the task of getting it to rank well in the local search results for the city of Melbourne.

However upon getting full access to the website and the Google analytics we noticed something was not quite right - that the site had been hacked.

Unbeknownst to the website owner there were many links on his website to sites selling guns and even less savoury items!!

Thankfully the domain had not been blacklisted...

Given that the website had been compromised for some time and that the content on it had to be revised anyway we opted for a clean install - and a new website.

Which fixed the problem. And the site is now moving up the local rankings as it should.

Anyway this is not the first time I have seen this occur. And 99% of the time it is because someone gets a website built for them on wordpress and then believes that is the end of the story.

Sorry to say, it is not.

Many site owners never update the wordpress core or the plug-ins for their site

Mostly because they simply do not know that they need to do this.

Why would they!!

But in failing to do so they leave their site open to security breaches and the performance of the site will also degrade over time - typically it will get slower or lag

If this sounds like you then please don't just immediately jump in and hit the update link. It may cause you even more problems.

Read on for my suggested (safer) update sequence.

First thing is always, always, always make a back up first. Before any changes are made.

Second step is (if you are up to it) is don't update a live site.

Instead make a staging or clone copy of the site so you can see if the updates are going to break anything. This is especially true for busy sites and sites that have not been updated for a while.

It is also advisable to have server access to your website - usually something like cpanel

Lastly do your updates in stages. Now if this is the first update in several years and you are updating everything then do it one item at a time. Or better still call in a professional to help you.

Otherwise the advised sequence is always?update core first, then update your plugins and themes right after that. And check your sites after each part of the update.

Ongoing Maintenance

1. Keep everything up to date

Now I am not one for always updating every single plug-in the instant a new version becomes available.

Wordpress is an open source code platform and sometimes updates get pushed out which cause more issues than they resolve.

Even with major well known plug-in such as Yoast SEO I have seen updates break the sites they were installed on. So I tend to give it a week or two and if no further revisions are forthcoming then it is probably safe to update.

This is even more true for theme updates.

The only time I don't do this is if there is a major security breach in the plug-in or theme that need immediate attention.

2. Be careful who you give web and server access to. If you need to hire a developer then give them their own log in and be sure to revoke it when they are done.

3. Also invest in a security plug in - the free version of Wordfence is excellent and will save you from most malicious attacks

4. have a good backup schedule. So that you can roll back to an earlier (unhacked) version of the website if you have to. There are several plug -ins which do this - I have used updraft before and it is okay. Personally though I prefer to have my backup hosted remotely ie somewhere separate from the server the website is on.

Pro Tip: A very good resource is ManageWp (https://managewp.com/) which will allow you to make regular backups, clone sites , do safe updates on plug-ins and a few other nice things for only a few dollars per month. They even have a free version which makes a backup every month and still allows you to update the site.

Also some of the more expensive wordpress hosting companies do all of these things for you as part of the hosting package. Again you pay for it in your hosting fee.

Wordpress Alternatives

Now you may be thinking this is a lot of hassle and work to keep your website up to date and maybe you would be better off on a managed platform like Shopify or Wix.

Certainly with these platforms your website code is maintained for you. Of course you do pay for this in your monthly subscription fee.

BUT they are not fool proof either and only just recently I noticed a problem reported with the cart checkout on shopify not working for many users. It was of course fixed but it means some people had their sites down for close on 24 hours. Which is a lot of lost sales...

At Rankwell we prefer to use wordpress for most service based websites and either wordpress+woocommerce OR shopify for eCommerce sites. That is because we find these to be the best from an SEO point of view.

Whatever platform you choose to set your website up on it is going to need some ongoing maintenance. This will either be part of your monthly subscription (ala Shopify or the more expensive Wordpress Hosting companies) or you will need to arrange to do this yourself.

Otherwise you will leave you site open to performance issues and security holes. And you don't want that.