Many legacy website owners are now looking at upgrading their websites to leverage new technologies but what type of site should you consider as you weigh your options?
WordPress Websites Pros and Cons
I have a love/hate relationship with WordPress. I love the power and adaptability. I love the free plugins, but I hate the security problems and I hate the lack of really fine control both for SEO use and for image placements.
If a client decides that they want to do their own content updates, WordPress is perfect for them, but at a cost.
If a client does not buy a security monitoring service like WordFence or SiteLock, they may leave their expensive new website open to becoming hacked and banned on Google (until remediated from a hack).
Being secure costs money and WordPress is not a set it and forget it application. Be prepared if you decide to do your own updates that you need security software and need to do your own weekly site updates to keep WordPress secure.
HTML Websites Pros and Cons
For clients that are never going to do their own updates and do not need special plugin features from WordPress, I love a regular HTML version website. I love the control of page and image naming, the ability to have total control over site architecture, and the security of knowing that hackers do not typically use HTML websites as a platform to spew spam or malware.
HTML websites do not need regular security review, analysis and monitoring as WordPress sites do. But as technology changes they typically should be replaced about every five years.
If you need help with a SEO focused information-rich website for your service business and are not using ecommerce, pick up the phone and chat with me about your needs at 540-693-0385. I’d be glad to let you candidly know if our services would be a good match for your needs.
Security, you never realize how much you really should be thinking about it until your site is hacked. For business owners, let me caution you to not leave this most important aspect out of protecting your online presence to staff without some oversight.
Here’s what you as the business owner need to know about security.
You need a back up and redundancy plan.
You need to know what your webmaster is doing on security.
You need to routinely monitor the Google Search Console for messages.
Sometimes the Bing Search Console will notify you faster of a hack, so monitor there too.
Look for weird URLs and strange activity in Google Analytics.
Make sure you do regular back ups of your website files and keep several archives not just one.
Back up your back up!
If you use WordPress as the backbone for your site see below.
Remain vigilant. If you have security plugins monitor the messages.
If you have WordPress…
I like WordFence as my security plugin. I am getting nice results and actionable message about access, updates to do to stay secure, and not too many messages that I get “security fatigue”.
I do use other plugins as well for WordPress. Below are the ones I will typically install for clients.
Locks out brute force attacks and bad passwords.
WordPress File Monitor
This plugin monitors the core files for changes and uploads.
Sucuri or WordFence
I have used this program but found that the number of messages was too overwhelming so at this time I am using WordFence instead. Just make sure you use something AND make sure to actually read the alerts!
Everyone likes a bargain! Sometimes however you’ll want to pay for an app or WordPress plugin that is really valuable, but why pay when you can get one that does the trick for free?
I deleted Askimet as my spam plugin in WordPress when they moved to pay to play and really tried to wring $5 a month out of their users after years of free service. I understand that everyone needs to make a buck, but in the world of WordPress what they offered was not unique.
I searched for spam filtering plugins. I found Cleantalk and tried it for the seven day free trial period. I liked the interface, but just did not feel that paying for it was worth it to me. Cleantalk bills $8 per year. Not a lot, but free is free.
Now I am trying out the free WordPress plugin Anti Spam Bee. This plugin appears free – well at least for now.
Before you buy of any plugin, make sure to try it out. I may be back with Cleantalk, but for now I am going free, free, free with the big yellow bee of Anti Spam Bee.
My firm blogs for many clients and in the process we’re on blog sites more frequently than the blog owner. In some cases my team was the first to notify the client of a hack. Typically when a site is hacked, we cannot login to write or see the WordPress site when we go to gather links for a blog post.
To keep your WordPress blog or WordPress website from being hacked these are my tips for security.
1. Make sure you are using a secure password. Many times the client’s webmaster will send us our logins and the password is something like 123456. For security, I like passwords like this A&Ji3nGba*3!. Impossible to remember but really hard for a hacker to guess.
2. Secure your site from brute force login attempts. I like the WordPress plugin Login Lockdown. This plugin allows you to lock out intruders who are repeatedly trying to get in by blocking their IP address.
3. Monitor your core WordPress files. I really like this plugin. It monitors your core WordPress files and emails you when there have been changes and advises you what files have been changed. I cannot begin to tell you how easy this makes fixing a hack attack by having an idea where to start.
4. Use an exploit monitor. I use the WordPress plugin called Exploit Scanner. We’ve found several deep hacks with roots in a parent website feeding into an on-domain blog this way. By scanning the WordPress files for explode and hidden elements we have been able to quickly identify a hack and work fast to remove it.
There is nothing worse for a website owner than to do a search for themselves on Google.com and find a note next to their site for users not to visit it due to malware or Google to turn off the links to their site.
These simple preventatives are what we suggest for every blog owner they are easy to install and require just minimum of vigilance.
I am in the process of finishing up and readying for launch a new website built on the back bone of WordPress. I have to say the website has turned out nice, but I wanted to share with you a few of my thoughts on using website built like this for search engine placement.
I think that if you want to save money on webmaster services, like the control of being able to add and update your content at will; a well designed website using WordPress has no comparison. But for people, like me, who are used to full and complete source code control for SEO purposes a website built with WordPress leaves much to be desired.
Professionals in my industry know that template based websites (and that is really what a WordPress built site is- a custom template) do not allow you full source code control. Although the designers that have worked with me on building this site have really done a great job, there are instances when I wanted to name my uploaded images my own way; I wanted to custom design my site architecture and be able to change the names and structure easily if I needed to down the road; I wanted to add special design or style elements to my pages without having to create hacks to make the page work the way I wanted it to within the template constraints. In other words, there is an element of control, subtle though it may be, that is simply missing with a WordPress site versus a custom created, built from the source code up, website.
I guess with all new improvements to allow customers to control their own content there are trade offs, but I’m not sure that I want to lose that control for every customer.
Here’s a cool plug-in to help you monitor, change, and keep up-dated your WordPress blog administration names. It is called Admin Renamer Extended. You may ask why not just use the WordPress control panel to update your admin names? Sometimes a hacker will hide the admin name from you to keep you from deleting their access. This renaming plug-in allows you to update, see, and change the administrative names for your WordPress account.
It is interesting to know that many blogs are set up with the name admin and lame passwords making their blog easy to hack. By default WordPress calls your main login simply admin. I recommend a much more difficult user name such as a combination of words and certainly a secure password with letters and number. I don’t recommend that you use your business name as the administrators name.
Try to make your administrator login complicated for others to guess and easy for you to remember.