Category Design advice

Wordpress Security Blog Image

My top tips for improving WordPress security

There’s no doubt about it, WordPress is now the largest self-hosted blogging tool in the world, used on millions of sites and seen by tens of millions of people every day. Now on version 3.9.1 (as of June 17th 2014), WordPress has grown and evolved in to a powerful Content Management System (CMS) supported by over 33,000 plugins and widgets.

While its popularity has given both web designers and Internet users greater freedom and power to create amazing websites, it has also caught the attention of hackers and spammers across the globe. This has led to a lot of panic and doubt as to whether WordPress is a safe choice when building a website, in reality WordPress is as safe as any other web based CMS system. The truth is any online bank, email or social media account is vulnerable if the proper safety measures are not taken and WordPress is no different.

“So how do I make my WordPress website as secure as possible?” I hear you ask. To be honest it’s really not that difficult, as my top tips below will explain.

1. Choose a strong username

It seems obvious but it’s surprising how many users, and web designers, go with the default “admin” username and hackers are all to aware of this.

When it comes to WordPress security this is one of the biggest mistakes you can make yet it is also the easiest to fix, simply choose a unique yet memorable username using a mixture of capital letters, numbers and characters such as #, $ or !

2. Choose a strong password

Really this tip goes without saying and should be followed when setting up any online account, not just WordPress. I know it’s tempting to choose a straightforward password that’s easy to remember but it’s just not worth the risk.

Avoid using words that a hacker could easily find out, such as your favourite football team, the name of your cat or your mother’s maiden name. As with your username choose a good mixture of capital letters, numbers and characters.

3. Research themes, plugins & widgets

One of the easiest, and often most overlooked ways for someone to gain access to your WordPress install and potentially cause real damage is through a plugin or widget. Think of your website as a house, there’s no point having the strongest front door in the world if you leave a bedroom window wide open.

That’s exactly what can happen if you install an unsafe widget or plugin, even whole themes can be potential security risks. Always do your research; a simple Google search will find out if anyone else has had issues or security breaches. Also purchase any WordPress add-ons from respected sources, such as Themeforest, who will notify you of any issues as soon as they are found and offer a solution.

4. Install WordPress security

Many users of WordPress are unaware that specially built security plugins are available that monitor your site or blog, add firewalls, block multiple login attempts and help to restrict hackers and warn you of any potential security issues, such as an out-dated plugin. Best of all most of the best security plugins are actually free; Wordfence Security is just one example and is the plugin I install on all of my sites and those of my customers. If you do not have access to install security on your site then ask your Webmaster to do it for you. It is also a great question to ask when contacting potential web design agencies to build a WordPress website for you.

5. Keep WordPress updated

Once your website or blog is built it is easy to let it tick over, only adding the odd post or gallery image here and there and paying little or no attention to any out-of-date plugins, or what version of WordPress you are running.

Just like the updates to your computer and software it is crucial to keep WordPress and any add-ons up-to-date. This makes sure any security vulnerabilities have been fixed and you are as secure as possible. Again if you do not have permissions to do this yourself check that your Webmaster is doing this on your behalf.

6. Disable the WordPress theme and plugin editors

This is an area that is often overlooked by users and designers alike. When WordPress is installed it allows the core files for any themes and plugins to be accessed and edited within the admin area. This is a hackers and spammers golden ticket to install malware or viruses to your site without you even realising.

Luckily there is an easy solution to this problem, which can be found here. If you do not have the expertise, software or confidence to make this change yourself then your Webmaster or any designer agency should be able to help you.

And there you have it, a brief insight in to my thoughts of how to keep your WordPress website or blog as safe and secure as possible. If you have any comments or questions on this blog post, or have requests for future articles please use the form below or email hello@thread-creative.co.uk, as always your feedback will be gratefully received.

It's Time For A Website, Where Do I Start? Blog Post Image

I’ve decided it’s time for a website, where do I start?

It seems we now live in a world where every man and his dog has a website. Whether it’s for their business, favourite hobby, local book group or simply uploading countless photos of their cat it appears that getting a website is as easy as 1-2-3. There are, however, several pitfalls you can easily fall in to which I will run through below, along with helpful hints of how to avoid them.

1. Make sure YOU own YOUR domain name

Now this may seem really obvious but it’s amazing how many people, and even businesses, don’t own their domain name. To me this is the single biggest mistake you can make when setting up a website. Why? Because simply put whoever’s name is listed as the registrant is the owner of that domain, just because it’s pointing to your website doesn’t make it yours.

If a family member, friend, work colleague or a web design/hosting company offers to register the domain on your behalf make sure it’s being registered in your name, with your contact details. Ask for written proof that this has been done in case you ever need to go to court – yes it can get this serious. For peace of mind you can check who owns a domain by looking up the WHOIS records online for free. There are numerous websites that offer this service including Nominet UK, the .uk domain name registry in the United Kingdom.

The safest option by far is to register the domain yourself. A .co.uk domain can be yours from as little as £3.49 a year and takes less than 10 minutes to register. Trust me, you’ll be glad you did.

2. Research your hosting company before signing up

It’s so easy to get caught up in the excitement of setting up your website that you sign up with the first hosting provider that comes your way, usually the same company where you bought your domain name from. But surely this doesn’t matter because they’re all the same right?

Wrong!

Website hosting providers, like mobile phone companies, insurance providers and energy suppliers are all different. Sure they all offer the same basic product or service, but it’s how they offer it that is the key to making your choice of who to go with.

The company you choose will usually be found in the answer(s) to three questions – How much do they charge? What can they offer me? Will I be looked after? It’s up to you to decide which of these answers is most important to you.

So where to begin?

A Google search for “the best uk website hosting companies” is a good starting point; read the reviews, opinions and experiences of others and take note of any companies who regularly appear, both good and bad, and the reasons why.

Once you’re happy you have a list of companies worth investigating further, I’d recommend at least three, the next step is to find out what each one has to offer and how much it’s going to cost. Which leads us to…

3. Choosing the right hosting package for your needs

Trawling through the different hosting packages on offer can be a tedious, and sometimes confusing process, as providers bombard you with seemingly endless lists of the features you’ll receive when you sign up. Therefore, it’s a good idea to know what you want from your website before seeing what’s on offer. For example:

Are you going to need to store a lot of large files?
If you are looking to upload a lot of large photos or video files, make sure you’ll be getting enough web space to handle this.

Do you want to have a WordPress blog?
Check that the packages on offer either support WordPress or match the minimum technical requirements to run it. If this isn’t obvious to you then ask, it will also give you a good chance to test their customer support.

Will you be sending and receiving a lot of email?
If so you’ll need to check the size of the mailboxes you’ll be receiving, a minimum of 1GB per mailbox is recommended. It’s amazing how quickly they fill up and you don’t want to be spending all your time clearing out unwanted emails.

And finally, don’t be tempted in to signing up for more than you really need. Getting unlimited web space, mailboxes and databases for just £9.99 per month sounds amazing, but are you actually going to use all that? Chances are there’s a package available that will offer you everything you need and more for half that price.

Thank you for taking the time to read this article. If you have any comments, questions or requests for future articles please email hello@thread-creative.co.uk, as always your feedback will be gratefully received.

Wordpress Custom Website Blog Image

My tips for building a custom WordPress website

There’s no getting around it, since it was founded in 2003 WordPress has become the overwhelming favourite platform for building CMS websites. In fact WordPress is now the largest self-hosted blogging tool in the world, used on millions of sites and seen by tens of millions of people every day.

So why is WordPress so popular? There are several key reasons.

1. It’s free
2. It’s completely open source
3. It’s straightforward to use
4. It’s extremely well supported

Now you could argue there are other CMS systems out there that offer these same features and you’d be completely right. WordPress, however, simply does it better and on a bigger scale. There are countless custom themes, plugins and widgets available for WordPress that add up to an infinite number of styling and functionality combinations. This makes WordPress simple to use for those starting out in website design as well as offering the power and customisation to seasoned professionals.

Having used WordPress for several years now I’ve learnt a few key tips and tricks, which I always refer to whenever I begin a new build and I’d like to share some of these with you. Hopefully they’ll be as useful to you as they have been to me.

1. Functionality over style

Custom themes are one of the reasons WordPress has become so popular; sites such as www.themeforest.net offer thousands to choose from with new themes added daily. You can have a fully functional, great looking mobile friendly theme from as little as £15, however it pays to do your research.

Before you begin any design work, or buy any themes, make a plan of what features you, or your client, want the site to have. Will it require ecommerce capabilities? Does it need to support an older browser like IE7? Will it need to be responsive for mobiles and tablets? Only once you have this information can you begin to work on the design. Too often people buy a theme or start designing based purely on the look of the site, only to end up wasting time and money when it doesn’t offer the required functionality.

2. Do your research

You’ve seen a custom WordPress theme you’d like to use, the description says it’s responsive, it works on older browsers, it is well documented and supported and is 100% bug free. So you buy it right?

Wrong.

Always research any theme or plugin you are looking to use before you buy or install it. A live demo of a theme is the least you can expect; sometimes it is possible to see examples of customer sites where this theme has been used. If you have any questions or concerns then ask them, either directly to the developer or through any available comments sections or forums. Read feedback and comments from others, did they get an answer to their question? How long did it take to get a reply? Was it an answer they were happy with? Chances are if a developer is quiet or tries to dodge a question there is a good reason why.

Use other tools to your advantage, if the developer says it’s responsive then find out. There are free websites that allow you to test how responsive a website really is, www.responsive.is is just one example. It just isn’t realistic to test a website on every available device and browser, so tools like these offer the next best option.

3. ALWAYS backup your files!

I can’t stress this enough. It’s a lesson I learnt very early on and it’s not something I’d ever want to happen again. A lot of WordPress themes come with their own admin areas that let you change the colours of headings, font sizes and add social media profiles. This is really useful if you have no interest or experience in editing, or adding to, the CSS, HTML and PHP files manually.

Unfortunately, if you do plan to do all or most of the coding yourself, this admin area can cause huge problems and end up costing you hours of hard work, sometimes through no fault of your own. The issue in question raises its ugly head when someone makes a change to the site using this admin system. It can be something as minor as changing the colour of a heading from orange to red. As soon as the ‘save’ button is clicked all the CSS files used by the site are overwritten by the admin system, sometimes even replacing them with the default files that came when the theme was first installed.

All the CSS you spent hours working has been replaced and, unless you’ve saved a copy locally, lost forever. I’m sure I don’t need to tell you if you’re working on a live site this can be a disaster. I highly recommend saving a local copy of the entire site and backing up files every time you make a change. You’ll be glad you did.

4. Test, test and test some more

Remember the tools you used when doing your research? It’s time to dust these off once again and put your WordPress site through its paces.

First things first, don’t make the common mistake of waiting until the site is finished before you do any testing. I always run tests after each major change I make, it saves so much time and is a lot less stressful to find any errors and fix them as you go instead of saving them all up until the last minute.

Don’t forget to proof read your site too, check for any spelling or grammar mistakes yourself instead of relying on your computer’s spellchecker. Once you’ve finished checking ask someone else to have a look through it, a family member or a friend is fine. Often a fresh pair of eyes can pick up a spelling mistake you’ve missed or suggest a different way of wording a passage of text.

5. Ask for feedback and listen to it

Following on from the previous tip I highly recommend you get as much feedback as possible. Ask friends, family and, unless it’s a conflict of interests, work colleagues. Ask them for their honest opinions on what they like and don’t like and the reasons why. Did they find the site easy to navigate? Was it informative? Was there too much copy or not enough?

Now comes the most important and challenging part, taking this feedback and listening to it. Before you begin throw your ego and emotions out the window. You might think your site is perfect and that nothing needs changing, these people are mad! In reality though you are only one opinion. If you build a WordPress site to sell shoes but you’re the only person who likes it then you’ll be going out of business pretty quickly.

Sure you’ll have a few stupid comments to sift through but if you are finding the same issues from multiple people then you’ll want to seriously think about fixing these. Once you’ve made any changes repeat the process again until you feel you are happy to show your site off to the world!

I hope you found these tips interesting and of use. If you have any comments or questions on this blog post, or have requests for future articles please use the form below or email hello@thread-creative.co.uk, as always your feedback will be gratefully received.