At a recent business lunch event, I heard a competitor of mine make the claim that you can’t update key SEO elements of a page in WordPress. Because of that, they argued WordPress should be avoided. Unfortunately, I had already spoken and talked a bit about myself and my business at the meeting, or I would have corrected the point in my introduction. SEO elements like meta title and description CAN be easily updated in WordPress.
I’ve heard from other companies in my industry that WordPress is full of pitfalls and shortcomings. I agree with that point – it is full of them; but so is every content management system on the market. They’ve all got their pros and cons. The great thing about WordPress it that it is pretty easy to overcome any such issue.
The meta title and description tags, while not a huge factor in ranking, should be customized for each individual page on a site. With the out-of-the-box WordPress install, that’s not really doable. But by simply adding the Yoast SEO plugin, it’s easily taken care of. Plus, there are countless other benefits of using Yoast on a site. Heck, Yoast alone is reason enough to use WordPress.
Yes, there are security shortcomings, but again, it’s 2018 – ALL content managements systems and event straight HTML sites have security concerns. Again, with WordPress, we can install WordFence and those security issues are addressed.
If you’re worried about SEO or security limitations in WordPress, I can assure you, they are easily taken care of with a few simple plugins. I’ve played around with several content management systems and even built one internally (Blossom, RIP), and all pale in comparison to WordPress.
If you hear someone saying those things about WordPress, they probably haven’t spent a minute or two actually looking into the program to see just what is available. As an out-of-the-box system, it’s one thing, but with the addition of a few simple plugins, the content management system takes on a whole new life. If you’ve got any concerns about security or SEO in WordPress, feel free to reach out. We’d be happy to answer any questions you may have.
Remember when you were a kid, and you needed a password to get into the tree fort? Not a bad security step. If you recognized the person who wanted to get in to your fort and they knew the password, that person was welcomed in. If they didn’t have the password – and they weren’t bigger than you – they didn’t get in. If you didn’t recognize them, there’s no way they’d get in, even with the password. Your website can work in much the same way: no username, no password, no entry.
One of my favorite plugins in WordPress is WordFence. Even the free version of the software has some amazing features. You can easily limit the number of login attempts as well as block a user after a certain number of attempts (10 or 20 is what I recommend). In the tree fort, if you didn’t recognize someone, it didn’t matter if they had the password, they weren’t welcomed in; we can do the same through WordFence. If someone uses a certain username, we can automatically lock them out.
One username to block right away is ‘admin’. These usernames are all set up by either your developer who built the site or you yourself when you created the various user accounts. If you never set up an account with the username of ‘admin’ – which you should never do, by the way – no one should ever be looking to login with that username. ‘Admin’ is one of the first names that spammers and hackers will use in a brute force attack to gain access to your site. Block the use of the ‘admin’ username, and then block the IP that they’re using: quick and easy.
The other names you should block are any names that a spammer or hacker attempts to use. With WordFence, the plugin will send you an email anytime a user is locked out because they failed with a username and password 10 times (or whatever you have it set to). An awesome feature of WordFence is that they’ll also tell you what username was used and where this user was logging in from. I received one of these emails from a client’s site and it said that ‘clientsDomainName’ had attempted login 10 times. I went in to the client’s WordFence settings and added ‘clientsDomainName’ to the list of blocked names. Now any time a spammer or hacker attempts to get in with that username, they’ll be blocked immediately. Whenever I receive an email like that, I will always login and block that username.
If you are a Full Scope Creative client on Security Essentials Hosting, you enjoy the benefit of having your site monitored by us. We maintain all of those emails from WordFence for you and will add any of those username attempts as soon as we see them.
When I was a kid, keeping my tree fort free of unwanted visitors was a top priority. Our websites shouldn’t be any different. We know to keep passwords safe and secure, but there’s also work to be done on the usernames as well. Thankfully, with WordFence for WordPress, we’ve got a lot of great tools at our disposal.
In the same way that it wasn’t surprising to see Toys ‘R Us go out of business, it’s also not surprising to see that Blockbuster is down to one remaining location. Actually, that is surprising – I’m surprised they still have one location that can somehow turn a profit. While there were a number of things that lead to the end of Blockbuster (like their biggest profits coming from late fees), the biggest issue was that they never saw the online jump coming.
In 2000, Reed Hastings, CEO of Netflix, approached the Blockbuster CEO at the time John Antioco, and pitched an idea that would bring Blockbuster into the space that Netflix was (online). Hastings was reportedly laughed out of the office. Fast forward to 2018: I still buy a DVD every now and then, but all the movies I watch are either through Netflix, Amazon Prime, or another source for online streaming. We’re still consuming movies but the manner in which we do so has changed – drastically. And quickly.
The same pitfalls are out there for any business. If a grocery store isn’t willing to update the lines of food and variety that their customers are demanding, they’ll quickly see those customers going to the places that will.
To make sure you avoid those pitfalls, look at your business and try to see what changes are coming. Ask your clients how they use your product or service and if there’s anything changing. As the business owner, we’re possibly so close to our product we may not see these changes coming until they’re on top of us. That’s not 100% a bad thing, but we do need to be sure to find ways to gather more input and feedback on our products and services.
Look back at how things were done in your company 5 years ago versus today. Changes like those that happened in the past will continue to happen – or they’ll be replaced by completely new changes. It’s been said that the only thing constant in this life is change. (That was said by Greek philosopher Heraclitus of Ephesus 500 years years before the birth of Christ – and it’s still true today.) You can take the changes from 5 years ago and double them to get an idea of what the next 2 or 3 years will hold. Change happens so rapidly now that what took the past 5 years to get done will now be done in 2 or 3 years.
I can still remember going to the Blockbuster a few blocks from my childhood home and renting my first movie – Ace Ventura 2. The building that held Blockbuster then now houses a Qdoba, a Smart Cow, and a Noodles & Company. If you want to keep your business relevant in the next 5, 10, 15, 20 years, keep an eye out for oncoming changes and act upon them. Don’t let the Netflix of your industry catch up and surpass you overnight.
In 2018, security on your website is a big deal. One security measure you may have heard of is “security by obscurity” or SBO for short. While it may sound like a great idea, the results will likely leave you frustrated. Security by obscurity – while sounding logical – is actually a huge vulnerability.
SBO can be traced as far back as Alfred Charles Hobbs, who in 1851 (yes, 167 years ago) demonstrated and spoke of the issue as it applies to padlocks of the time. The idea behind SBO (again, yes logical) is that if the bad guys (hackers) don’t know how your systems are laid out, they’ll never be able to hack them. Many programmers, including yours truly, have used this technique only to see it fail… miserably. Hackers and spammers are just simply too good. Yes, SBO might keep the rookies out, but anyone who has been at it a while will still get through.
Thankfully, with WordPress (my content management system – CMS – of choice), there are a couple of great ways to provide security to your site. One way is with the plugin WordFence. We talked about WordFence in a recent blog about brute force attacks. You can easily install and set up the plugin to block unnecessary logins in and scan your site for vulnerabilities.
Another great feature of WordPress is that the core system (and themes and plugins) are updated fairly often; in fact, we just had another big update this week. While the hackers do have access to the new code, they will need to dig into it and start working up a new way to hack into sites all over again. Of course, this is only a benefit if you keep your site regularly updated. If you have Security Essentials Hosting from Full Scope Creative, no worries – we handle all those for you.
While it sounds logical, security by obscurity will eventually lead to headaches for your site. It’s been proven wrong for at least 167 years thanks to Alfred Charles Hobbs. Security is a big deal, obviously, for any website. Take the time and make sure you use the best security measures available for your site.
I’m sure you’ve heard the phrase ‘brute-force’ at some point in time. Whether used to describe an army invading a castle or a raging river, it simply speaks to the sheer volume and power of the force. In recent years, the phrase “brute force” has taken on a new meaning. Today, a brute-force attack is one of the most common and cornering security threats to any website or secured login. Thankfully, there are a couple of great options for preventing our sites, especially WordPress sites, from falling victim to a brute-force attack.
A brute-force attack is a trial and error type of method used to guess useful information, such as username and password. Just like a river slowly and gently flowing downstream isn’t too big of a concern, a person sitting and guessing usernames and passwords isn’t that big of a concern (though still not appreciated). The concern with the river and our logins, is simply in the sheer brute force. To accomplish this, spammers and hackers will use a software-based algorithm to automatically generate a large number of guesses for the desired piece of information. Some sources that these guesses can be as numerous as up to 350 billion per second. As you can probably guess, 350 guesses per second can be a problem – and 350 billion per second can be catastrophic. The obvious concern is that the attacker could gain access into your site and wreak havoc. The problem with that many hits on a page (attempts to login) is that it will eventually cause your website to crash and simply be down. While that can stop the attacker, it also means legitimate users can’t access your site. Thankfully, there are several easy-to-implement security protocols in WordPress as well as basic practices that can help eliminate the risk for brute-force attack.
First things first – I gotta say this, and I know you’ve heard it before: PASSWORD for your password is a HORRIBLE idea! 1234 is a horrible idea! When you’re setting up your password in WordPress, one of its great security features is that WordPress will let you know how secure it feels your password is. Simply keep adding to your password until it comes up as Very Strong. To do this, you’ll most likely be using a combination of lower and uppercase letters, numbers, and special characters (!, @, #,$, etc.). For example, as I’m writing this, I’m listening to Quiet Riot. A musically influenced strong password would be something like Qu!t3#Ri0t#coftnoize – (Quiet Riot, Come On Feel the Noize). I added in uppercase, lowercase, numbers, and characters.
Okay, so now that we got the obvious one out of the way…. You can also install a plugin such as WordFence and customize its installation to protect your site further. With WordFence, you can take additional steps such as blocking a username. I never set up the username ‘admin’ – that’s far too obvious. With WordFence, if anyone tried to use that username, they’d be automatically blocked from being able to login for however long you specify. You can also set it up so that if they do try a legitimate username but miss the password a certain number of times (10 or 20 ideally, if you use strong passwords), it will again lock them out.
With WordFence, you can also run a scan on your site to see if there are any effected or infected files on your site that need to be cleared up. If there are any suspicious files, the program will let you know which ones are causing concern and which specific folders they’re in so you (or your web developer) can check them out and remove them if necessary. While this won’t stop a brute-force attack from hitting or entering your site, this scan can help prevent the amount of damage that can be caused by an attack.
Thankfully, there are several simple and easy-to-implement tools and plugins to help prevent brute-force attacks. Unfortunately, cyber threats such as a brute-force attack are one of the most common and concerning security threats that we face with websites, and the problems (the hackers/spammers/evil-doers) won’t be going away anytime soon. Just like when an invading army would storm a castle or the water in a river rages, we can be proactive and ready to counter these attacks when they come.
WordPress is an awesome Content Management System (CMS). Compared to many other leading CMS platforms (such as Drupal, Kentico, or Joomla), one of the great things about WordPress is how easy it is to keep the system updated and secure. Obviously, it is 2018 and there is no such thing as a “perfect” system – every CMS is vulnerable to attacks. Fortunately, there are several steps you can take to keep WordPress as safe and stable as possible. One area often overlooked is unused plugins.
One of the things that makes WordPress so amazing is how easy it is to install any of the countless plugins to expand your site’s offerings to fit your business needs. With just a few clicks, a new plugin can be installed and with just a few minutes of configuration, it can be ready to use. Once a good and stable plugin is selected and installed, keeping it updated regularly will help keep your site and that plugin safe and stable. However, it’s important to remember that when you’re done using that plugin or if you switch to a new plugin, you need to delete that plugin.
Alternatively, you can deactivate the plugin, but if you choose to go that route, the plugin’s code is still lying dormant on your site. The problem with unused plugins is that it can be easy to forget to update them. Kind of like an “out of sight – out of mind” sort of thing; if the plugin isn’t used, it’s easily overlooked during updates. So instead of just deactivating the plugin, be sure to go through and fully delete it.
There are some plugins, however, that for various reasons, you might not want to delete after you’re done with them. If that is the case, just be sure to always run the plugin updates as they become available. At Full Scope, we recommend checking for updates at least 3 times per week.
WordPress is a great CMS, partially because of the wide range of plugins available for use. That wide range of plugins, if left installed and forgotten, can also be a major undoing of WordPress. One of the best ways to keep your site safe and secure is to keep your plugins updated, and, if they aren’t being used, simply delete them.
Not long ago, someone asked me if I was surprised that Toys R’ Us was going out of business. I couldn’t help but laugh. Oftentimes in life we can learn so much from other people’s mistakes. The same is true in business and Toys R’ Us is a perfect example. I’m not saying to wear a bracelet that has “WWTRUD?” (What Would Toys R’ Us Do?) on it, but they can provide a great picture of what NOT to do. Simply flip those things around, and you’ll have what you should do.
While it’s true that I don’t have a finance degree or an MBA, I still can’t imagine that running a business with $5 BILLION in debt is a good idea. Add in about $400 MILLION to service that debt, and the situation is even crazier! After reading several of the many articles out there regarding the specifics of their situation, it is apparent that while those two factors were a huge burden to the company, they were only part of what doomed the toy retailer.
One of the many issues Toys R Us had – aside form their debt – was the fact that they did not evolve with the times. One point that hasn’t received a lot of coverage in the news is how their website was always outdated. For a long time, it was clunky and awkward to use.
A few years ago, some friends who live out of state had their first kid. I jumped on the Toys R’ Us site to find some toys to purchase and have shipped to the new parents. You would think that would be an easy task, right? Ha! I literally felt like I was jumping through hoops to make a purchase. The specifics of what they did aren’t really what’s important here. The bigger take away is what they should have done – listen to their consumer base. It’s not difficult to hold some focus groups to see how users navigate the site and how they work through the process.
The problem for many businesses, and even me as a designer sometimes, is that since we use the site so much, we know exactly what to do, and therefore can often skip over the awkwardly clunky steps. Bring some users in, watch them make a purchase, ask their feedback, and best of all – remove a step or two in the purchase process!
Another huge issue they had was that they never evolved their offering. When I was growing up, certain toys were only available at Toys R’ Us. It was THE place to go to if you were looking for a cool new toy. Once other stores started to creep into that niche market, they should have at that point done something to remind customers why Toys R’ Us was the place to shop at. Instead, they pretty much dug their heels in and stood their ground. That works great for parenting, but not for a toy store.
In the 8 years that Full Scope has been in business, we’ve seen most of our clients go through a change of some sorts. Whether introducing new products, drilling deeper into their niche, or changing the way they market, they’ve all done something to stand out and keep customers coming in. We’ve done that ourselves: we’ve introduced new services like graphic design and copywriting and we’ve continually invested time and money into making our website hosting top of the line. Change really is a beautiful thing.
Sometimes seeing the struggles and failures of another company can help a business owner point their own company in the right direction. Toys R’ Us gave many businesses, even small businesses, examples of what NOT to do. Was Toys R’ Us going out of a business a surprise? Nope. We can take the tough lessons they’re learning and apply them to our own businesses, however, and it will be no surprise when our businesses are around for years to come.
Some of our clients have multiple individuals writing blogs for their website. Having content from different perspectives is a great way to showcase all that your business has to offer. However, you may not always want to give admin access to all blog contributors. Thankfully, with WordPress, there are two really great options.
The first option is to set the additional writers up with a WordPress account and set their role as “author.” By doing this, those contributors will be able to login as needed, create new blog posts (and a select few other types of posts, depending on the plugins used on the site), and edit older posts. They will not, however, be able to add new pages or edit older ones. With this account role, your additional writers can edit their personal WordPress accounts, but they will not be able to create any new accounts or change their own role.
Alternatively, a business may opt to not allow individual authors WordPress access. We’ve had a few clients who have had additional blog writers contribute, but all content had to be approved by one person before that content could go live. To achieve this, the client simply created a user account for each writer, but did not share any login information with them.
That way, when the client (or other approver within the organization) received the written information from the author, the client could simply copy and paste the blog into WordPress and manually select the name of the author for that particular post.
With WordPress, there are some easy-to-use options that allow for multiple writers on a blog. Whether each writer has their own login or not, having multiple writers on a blog is a great way to show different perspectives and viewpoints: just one more way to make the most out of your blog and website.
In the past month, a couple of clients have notified me that their website was down. For them, it was an easy process to correct the issue. They reached out to us at Full Scope and we walked them through fixing the issue. In each of these particular cases, the domain names had expired. We were able to walk them through the process of getting the domain name renewed. If you don’t happen to host your website with Full Scope, here are a couple of great tools that can help.
First, go to downforeveryoneorjustme.com. Simply load the site and enter in your domain name. You will get a notification telling you if the site is down for everyone or if it’s just down for you. If it is just you, you’ll want to check if there is a firewall blocking you from getting to your site. On the other hand, if it is down for everyone, you know to get in touch with your hosting provider as the problem is occurring for your customers as well.
Another helpful tool, although a bit more technical, is whatsmydns.net. Each website is hosted on a server that is assigned an IP address (184.108.40.206 or 220.127.116.11 for example). It’s not a bad idea to figure out what IP address your site is on and keep that information stored somewhere. If you find that the IP address is different from what it’s been in the past, there’s a good possibility that something changed with your domain name’s DNS settings. If your domain name is stored with a registrar such as GoDaddy or ENOM, log in there and see if anything has changed.
Finally, you can also run a WHOIS search at http://whois.icann.org/ . Doing so will give you a detailed report that includes the domain name servers and settings for the domain name. The main piece of information to look for here is the name servers. When your site is up and running, make note of what the name servers are set to. They’ll be something like “ns1.fullscopehost.com” and “ns2.fullscopehost.com” or something similar. If the name servers have changed, again, log in to your domain name registrar and see what was changed.
If you are a Full Scope Creative client who experiences your site being down, just reach out to us. We’ll go through to check for any potential causes of the problem and correct them to get your website back up and running quickly. If you don’t host with us, we will still do as much as possible to help. The three steps above are the first steps we take in order to find out what is going on with the website.