The Cost of Keeping Your WordPress CMS Website Secure

WordPressWordPress Content Management System (CMS) websites come with ongoing update costs that are easily overlooked. If you are like most of our clients, you don’t often think about, or pay much attention to, the backend of your website. WebWise Design & Marketing clients who choose to have a Security, Maintenance and Updates Plan may safely ignore updates needed to the functionality of their website as we take care of those tasks for you. Our security and maintenance plan includes monitoring and applying all WordPress security software updates, and all plugin updates. It also includes repairing any damage an update may cause to the website.

For those who do not have a Security, Maintenance and Updates Plan, please continue reading.

It is important to remember, simply ignoring or not applying WordPress and plugins is not an option. Updates must be applied, either by you or your web developer.

WordPress Plugins

PluginI am sure many of you are thinking, “what the heck is a plugin and why do I need them?” According to the WordPress Codex, “Plugins are ways to extend and add to the functionality that already exists in WordPress. The core of WordPress is designed to be lean and lightweight, to maximize flexibility and minimize code bloat.” Plugins offer custom functions and features so that each website can be tailored to the website owner’s specific needs. Some examples of functions and features often added with plugins include calendars, photo sliders, forms, captcha for forms, anti-spam, navigation menus, security, and additional SEO features. Most interactive and dynamic aspects of a WordPress website are provided through the use of plugins. Some plugins (generally those with fewer features) are free to use. Sometimes, it is essential to use “premium” plugins that are sold as a license subscriptions that includes all code updates for a year. Note: these updates are for the code and subscriptions only; they do not include applying the updates to your website.

Security and Maintenance Updates

If you have read this far, I imagine you have a fairly good idea about what drives the hidden costs of security and maintenance updates, so I will confirm it. WordPress and plugins need to be updated frequently. Not long ago, we could say “periodically,” but unfortunately, “frequently” describes how often security and maintenance updates are required in today’s world. With every new WordPress release (there have been six so far this year), any website built with WordPress needs to have it updated. Of course, it doesn’t end with that simple update. Often, most if not all plugins used in building a website will have to release updates of their own, which will need to be applied to the website as well. Throughout the process of updating, one has to check to make sure the website is not negatively impacted by an update. In other words, the website must be checked and all functions tested to make sure the update didn’t break anything, and that the website is still displaying and working properly. That “checking’ is done for multiple devices, browsers, and operating systems.

I know some of you are asking, “What happens if I don’t do the security updates?” Well, there are many things that can happen as a result of not having the latest version of WordPress and plugins installed on your website. Here is short list of some possible consequences.

  • Unauthorized access to your WordPress administrative area.
  • Unauthorized and hidden remote control of the computer of an authorized user (you) .
  • Your website doesn’t display properly.
  • Your website doesn’t display at all.
  • Your website is hacked and displays offensive and/or harmful content.
  • Your website is hacked and infected with malware that, in turn, infects the computers of your website visitors.
  • Your web hosting company disables your website because of security risks in violation of their Terms of Use Policy.

What Can You Do?

  • Monitor WordPress and Plugin updates status.
  • Make the updates yourself.
  • Review your website to be sure nothing is broken.
  • Fix what is broken if you can, or contact your website developer.
  • Hire your website developer to do those update tasks for you.

Summary

Websites created using WordPress need frequent back-end updates and maintenance that cannot be ignored. Updating WordPress, themes, and plugins takes time and money. Some plugins used require annual license/subscription renewal fees. Ignoring updates puts your website at risk. 

Please see how WebWise helps mitigate the risk of your website getting hacked, and what you can do to make your website more resistant to hackers, by reading our Website Security For Content Management Systems blog post, as well as Secure Passwords Should Not Be Optional.

Of course, we are always happy to discuss how WebWise Design & Marketing can help you with anything in this post.

Call 1-800-281-9993 or 608-822-3750 Today!

Google Changes The Rules – Mobile-Friendly or Not

If Google does as stated, today is the day many small business websites disappear from Google Mobile Search Results. Of course, not only SMBs will suffer, but so will churches, associations, and other non-profits. A few major corporations will be surprised as well.

mobile-friendly-webwisteWe understand the importance of mobile in today’s world. Nearly all the new websites we create are device-responsive, and have a mobile-friendly version, as defined by Google, as well as a desktop version.

The vast majority of the websites we have created in the last few years look great and work well on desktops and tablets, as well as phones with “full-browser” capabilities. With smaller devices, the user will have to pinch and stretch some, but they will function. We did create fully mobile-friendly versions for some of our clients websites who chose to be out front in the mobile revolution. Even a year ago a mobile-friendly of a website was a hard sell for us and most other developers, especially those of us who have small businesses and non-profits among our clients.

Google seems to think everyone has deep pockets and/or a development team to create exactly the type of website they deem appropriate. They constantly tweak Google Analytics and Google AdWords. Sometimes the tweaks are amazing and time saving. Sometimes they are amazing and very time consuming.

Google wrote this Finding more mobile-friendly search results post on February 26, 2015, and followed with this announcement Rolling out the mobile-friendly update today.

Here is an excerpt from that post.

“April 21 st’s mobile-friendly update boosts mobile search rankings for pages that are legible and usable on mobile devices.

  • Affects only search rankings on mobile devices
  • Applies to individual pages, not entire websites

While the mobile-friendly change is important, we still use a variety of signals to rank search results. The intent of the search query is still a very strong signal — so even if a page with high quality content is not mobile-friendly, it could still rank high if it has great content for the query.”

You may check using Google’s Mobile-Friendly Test to see if Google classifies your website as mobile-friendly.

It is too soon to know the impact of Google’s latest forced mandate. Every website owner should review their analytics program to see what percentage of traffic is mobile. Remember Google separates tablets traffic from mobile, as most tablets display the desktop version of a website. Once you determine the percentage and number of mobile visitors (and what they do while on your site), you will have to decide if having fully mobile-friendly (as defined by Google) is right for your customers and prospects. Only you know what percentage of mobile traffic meets your pain threshold. Please remember that for this purpose, the mobile statistics, are only valid going backwards in time. Mobile search results change dramatically as of today!

If you have any questions, please contact us.

Website SEO Health Check List – 5 Important Elements

How long has it been since you reviewed your website SEO health? Here is a tried and true checklist to use.

Check markPage Title – The page title is the most important element of your page. A concise, well-written “Title” with your primary keywords at or near the beginning makes a world of difference to Google and the other search engines.

Check mark Description tag – These descriptions are often used as a part of the snippet shown in the search results. The description needs to be page specific, provide an overview of page content, and include the keyword search terms. New page = new description.

Check mark Headers – Generally, every page should have a header, coded as an H1. If at all possible, your header should contain the keywords used in the previous elements.

Check mark First paragraph – The first sentence is very important and should include your most important keywords. This paragraph may be the only paragraph your visitor reads before making that “should I stay”, or “should I go” decision.

Check mark Internal Links – When possible, your home page should include a short paragraph introducing each of the major areas on your website. Link to those internal pages using the keywords in their titles, descriptions and headers. Google loves that kind of linkage.

There you have it! Review your pages, make those changes, and enjoy improved SERPS (Search Engine Results Page) rankings.

Some Things We Do Just Before and Shortly After Launching Your Website

Here are some of the tasks that you may not realize we routinely perform before launching new or redesigned websites. Of course, they will have already been Search Engine Optimized.

  • Complete proofing of text provided for your website
  • Validate the code to ensure it is standards compliant
  • Cross-browser and cross-platform testing and tweaking.
  • Create a Google Analytics account, and add a Google Analytics code snippet to each page of your website.
  • Create and configure a Google Webmaster Tools account, and a Bing (and Yahoo) Webmaster Tools account as well.
  • Link the Google Analytics account with the Google Webmaster Tools account.
  • Create a sitemap.xml (a specially formatted list of all the pages in your website), upload it to your web server and submit it to the above mentioned webmaster tools accounts. The sitemap.xml file will get crawled by the major search engines, and your pages will be indexed for inclusion in the databases of those search engines. (The correct method to “Submit your URL.”)
  • Add a link to your website on the WebWise Design & Marketing Client’s page (which gets visited daily by Google bot).
  • Send a Tweet about your new website.

Yes. Those tasks do take time, but you deserve to have everything about your website done right. Ask your web developer (or yourself, if you do your own website) if they do these things for you.