Over 20% of the worlds websites are developed using WordPress, its popularity and continuous global growth provides thousands of developers and small businesses powerful, convenience with a relatively good degree of flexibility (providing your don’t want to change things too much) saving huge amounts of time on development thanks to its open source structure.
Recently we came across a website that had been developed using WordPress, a few things shocked with this site mainly being the lack awareness of what was actually required when owning a website in terms of security and maintenance.
In this post I want to cover the importance website security and especially updates and backups when it comes to owning, running or managing a WordPress website that relies on various plugins.
When a WordPress website, or any other content management system website is not kept up to date, your website is wide open to spammers, cyber criminals and unauthorized access. The same applies to plugins that a WordPress website uses. If plugins are not kept updated, again this is an open doorway for a tonne of nasty activity.
Getting back to the situation a recent client found themselves in.
The company had a very stylish and I must say nicely designed WordPress website with an e commerce function installed using WooCommerce.
I’m not a fan of the WordPress WooCommerce, mainly because (in my experience) it has delivered more problems than success in regards to inherited WooCommerce sites we have worked on in the past.
We found customization was limited with not much scope for flexibility.
Support for 3rd party WooCommerce plugins and extensions is not always available. Also when a website expands and grows to thousands of products and requires various customization for certain products or a seasonal range for instance – adding these options often comes down to manually coding it and building it in.
I may be stuck in my ways but prefer the power, robustness, huge amount of flexibility and the room to grow Magento offers when it comes to online stores and e commerce functionality.
This company’s site had never been updated due to some of the plugins associated with the WooCommerce extension, not being compatible.
Resulting in the site being hacked.
Instead of site displaying a very unique, high class, product range their sleek and stylish website was host to Viagra banners and re-directs.
What had also happened was the WP admin area had been completely re-directed, god only knows where to!
There was no access whatsoever to the admin area, the path that once directed to the admin login page displayed “page not found”.
Needless to say the company were seeking assistance to gain access to their site and remove the spam adverts that were littering up their home page and plastered all over the sites header and footer areas! The site also had various links in the navigation re-directed to similar spam websites selling sexually orientated medication and various other colorful delights!
The company had assumed their web host was providing a back up service, only to find when the question was asked – do you have a backup?
The seriousness of the situation soon began to hit home.
The sad and very unfortunate thing being, the site had been developed less than a year ago and had began to take root within the search engines and drive very targeted and converting traffic. This was a fairly new and bespoke company, whose entire business was based on selling a select range of bespoke, unique handmade products for a very specific high end market – online.
What the company essentially was left with was a home page littered with Viagra adverts and all but one page on the navigation bar re-directed to similar Viagra type websites.
Sadly there was very little that could be done, especially without any backup and the path to the sites admin area changed.
Three things completely shocked the team at ServeOnly,
Firstly, even though the business was relatively small they had grown immensely over the past 6-12 months in terms of conversions, customers and online presence. The company had just opened premises a few months ago and employed staff to help with production and Christmas sales.
In their initial stages this company was a start up and had invested a small amount in website development, choosing a shared server hosting company costing a few pounds a month. Although there is nothing wrong with starting this way, many businesses are keen to get their idea, concept and ambition out onto the market as soon as possible – common for a lot of small businesses.
What the company should have done is, as they began to grow, invest in SEO and digital marketing, seek premises and grow their customer base. Thought should have been given to website backups and updates, especially when they were unable to update their version of WordPress due to compatibility issues with their chosen plugins that offered no support.
We here it time and time again,
Businesses trying to keep their costs to a minimum and maximize their sales – choosing to ignore the fact they needed to look at a more suitable e commerce solution or even just invest in a better WooCommerce extension. Completely overlooking the most valuable asset to their online business – their website!
Secondly, despite the WordPress platform needing updated and this being an issue due to plugin compatibility they didn’t want development costs on, the company has assumed as the site was still working fine, looked fine, there was no issues.
Last but not least, the backup schedule of the website. There’s nothing wrong with using a public host providing low cost hosting on shared servers, again this is a common starting place for many businesses making their first steps online. The thing that went wrong here, to put it bluntly was assumption and negligence.
The company had assumed as they were paying hosting, then a back up of their site would be available from their hosting provider. This was not the case, once again the harsh realities of a small business focused on setting up as quickly as possible, with as little cost as possible had got the company established, however the attitude of its working fine, so it is fine. Endured costs hundreds of times more than the site cost or any annual costs of maintenance would have been.
The critical error in all this was, the opinion the company had adopted was (in their eyes) the site looked and worked fine, so why change it or upgrade when there was no need for any extra costs, after all the site was doing what it was supposed to…
Its unfortunate this company had such a harsh reality check just weeks before Christmas, now left with no functional website whatsoever.
The only resolution was a complete new build, correctly this time with correct planning and structure developing the site as an e commerce site, rather than the nightmare that had cost the company their first year of profitable Christmas sales due to building on an e commerce function using a poor plugin, allowing their website to run on an out of date version of WordPress, having no additional security on the site or having a website backup procedure in place.
All in all many lessons to be learned from this horrific yet very common situation many small businesses find themselves in due to adopting an attitude of “If it ain’t broke, why fix it!”
To be successful with any content management system,
Hopefully the above situation details why you cannot take this attitude when it comes to WordPress web design or any other content management system website for that matter.
WordPress is an amazing platform with so many great features and flexibility, there’s even some pretty good WooCommerce extensions out there, providing your not trying to find the cheapest option available!
If your reading this and have a WordPress website make sure you KNOW you have a backup schedule in place and the version of WordPress your running is always the latest version, same is applicable to plugins.
If you find there’s an issue in compatibility after updates, don’t just assume things are still working fine so they are fine – there NOT!
Least not when your site is full of voids that can easily be exploited and unauthorized access gained resulting in complete savatage – as in this case.
If you have issues with updating your WordPress website, associated plugins or extensions – get help!
The risk of loosing your entire site ( And Revenue) is not worth the small short term reward of saving a few pounds.
We provide affordable monthly website security and maintenance plans, that take care of every aspect when it comes to the safety, security and maintenance of your site. Implementing various measures to provide additional protection for WordPress, two-step authentication processes, website updates, maintenance and full site security.
If there’s ever an issue with plugin compatibility, we solve it! Ensuring your site is always fully up to date, safe, secure and running smoothly as it should.
You can also call us on – 0141 374 2374
ServeOnly - Design and Search |
The Web Design & SEO Company
A: Park Lane House, Broad Street Business Complex, Glasgow, G40 2QW | 1330 Avenue of The Americas, New York, USA
DEVELOPED & POWERED BY SERVEONLY.COM