We’re still weeks away from 2016 but its never too soon to start planning. Today we’re looking at New Year’s Resolutions you must address if you have a WordPress site. These resolutions will help you keep your site current, protect you from being hacked and keep more visitors on your site for a longer time. These resolutions apply whether you are a B2B marketer, manufacturing marketer, small business, or simply writing a blog.
Three WordPress Items to Address as part of Your New Year’s Resolution
The three items we’re going to cover… updates, security and responsiveness …are items you must address, not items that you can get to at some point down the road.
1) Make Sure WordPress, Your Theme and Plugins Are Up-to-Date
A typical WordPress site will consist of the WordPress code, a site theme, and multiple plugins that add functionality. Each of these is typically created by different developer who make changes, revisions and updates independent of each other. If you have 20 plugins, a theme, and of course WordPress, you’re looking at 22 or more possible update each month. We say more because some plugins will update on a weekly basis.
Ok, so it’s agreed that there can be numerous updates available with a WordPress site, but the real questions is “why do you have to update them?”
The primary reasons to keep your site up-to-date are functionality, performance and security.
Functionality: You want to ensure that when a visitor arrives at your site, the site functions as expected. WordPress has had over 145 updates since it launched in 2003 (16 in 2015 alone). Each of these updates tend to include some functionality improvements that can benefit your site. There is value to ensuring you’re running the latest version.
An outdated plugin may stop functioning and present a less than favorable user experience. We were recently called in to fix a slider on a client’s site that had stopped working. The client had updated to the latest version of WordPress but had not updated to the latest version of the slider. We were able to resolve the issue in less than five minutes by simply updating the plugin.
In some cases you may find that you are using a plugin that is no longer being developed or supported. When your theme or WordPress is updated you suddenly find that part of your site is no longer working. In this case you are going to have to find an alternative plugin that accomplishes the same functionality.
Performance: In addition to better functionality, most of the WordPress updates include changes to improve your site performance. It might be how a function is handled on the back end or maybe even thinner code to improve site speed. Once again it makes sense to be running the latest version if it improves how your site performs.
When WordPress improves its code to improve performance, plugin developers want to do the same. You want to ensure that your plugins are coded to optimize performance with WordPress by keeping them up-to-date.
Security: While improved functionality and performance are great, the most important reason to keep everything up-to-date is for site security. One of the top ways that hackers are able to gain access to the back end of your site is by exploiting security risks and flaws when one or more of these items are out of date. Updating these items won’t make your site hack-proof but it can eliminate one of the primary ways your site can be compromised.
2) Secure Your Site From Hackers
Once you’ve ensured that all the elements of your site have been updated, there are some additional steps you can take to improve the WordPress security of your site. We’ve noticed an increase in the number of requests we’ve received to repair hacked sites and have completed 12 recoveries over the last six months. Most of these sites had been hacked long before we were brought in. Who knows what mischief happened while the sites were hacked. Statistics back up what we’re seeing as WordPress hacks are up 250% in 2015.
Why would some hack your site you ask. Here are several reasons:
- To tap into the power of your server. Once they have access they can set up processes to run in the back end of your site that can perform tasks on the internet, anonymously.
- To Send Spam. In this case they user your server to send out spam emails. Once again they can do so anonymously as the emails are tied to your website and account, not theirs.
- To seed your site with links to products they are selling. These links may be visible to people or only visible to search engines. On a recent site we recovered, the hacker had created over 1,000 product pages and added several thousand product images to our clients server.
- To spread viruses and malware. They can target visitors to your site (even your computer if you visit your own site) or use it to send emails with the viruses to others.
- To steal from you. They could replace your ads on your site with theirs. Through viruses they can record keystrokes on your computer or capture passwords.
- To deface your site or attack your company.
It does’t matter how big or small, how much traffic, or how popular your site is. If they can hack it, they can find a way to use it to their advantage.
Steps to Secure Your WordPress Website
Don’t use “Admin” as Your WordPress Username: Many hosts have functionality to automatically load WordPress to your server. Unfortunately many of these do so and create your initial account with q username of “admin”. If your current username is “admin” its time for a change. Here are a few ways to change your WordPress username.
Only Use Strong Passwords: When you set up WordPress or create a username you can set a unique password. Be sure that you avoid simple to remember passwords in favor of a more secure password. You can even set up your WordPress site so that it forces all new users to create a “strong” password. WordPress includes a strength indicator when creating your password making it easy to ensure you have a strong one. You will need to use a mix of uppercase and lowercase letters, numbers and special characters.
Here are the top 25 most common passwords in 2014. If you are using one of these its time to change your password.
Change Your WordPress Login URL: When you load WordPress to your server it automatically creates a login page. This login page can be found at yourdomain.com/wp-admin or yourdomain.com/login.php. Anyone wanting to hack into your WordPress site already knows where to start. You can improve security by changing to a custom login page URL.
Utilize 404 detection: 404 detection tracks site visitors who are encountering a large number of 404 errors (page not found). Its not unusual for someone to encounter a 404 page on your site. This could happen if someone links to a page on your site that you recently changed the URL. It could be that someone makes a mistake when typing a URL in to reach a section of your site. But if someone is hitting a large number, say 20 or more 404 pages, then there is a strong possibility that they are up to no good. 404 error detection can be used to ban visitors that reach a high number of 404 error pages.
Utilize Black Lists: This proactive step bans the IP of users who have been identified by others as being not trustworthy. Incorporating this in your site to automatically identify and ban the user is an easy way to help protect your site.
Add Brute Force Protection: Utilizing software, hackers can run an online program that attempts to gain access to your site by submitting millions of passwords in a short amount of time. Without a means for your website to identify its under a Brute Force attack, its only a matter of time until the right password is entered. Setting a “wrong password” threshold is one way to eliminate this form of attack.
These are only a few of the many steps you can take to improve the security of your site. There are 75 million WordPress sites out there. Hackers are looking for low-hanging fruit websites that have no security to hack, so implementing the items above can decrease your risk significantly.
3) Provide A Better Experience to Mobile Users
The usage of mobile devices, smart phones and tablets, continues to grow, exceeding desktop usage. Having a mobile site is fast becoming a “must have” for businesses. Consider that 89% of people search online before making a purchase decision and that over 74% of people use mobile devices for local information and you have a financial incentive to update your site to to a responsive web design.
Compelling Reasons To Make Your Site Mobile Responsive
Usability: User experience is one of the most important factors of a website. The screens are small on many mobile devices used to access your website so its important that your content adapt to fit the screen size the visitor is using. If you’ve ever viewed a site that is built only for a desktop on a tablet or smart phone, you know it can be a cumbersome, frustrating and unpleasant experience. Across the board, whether desktop or mobile, users have shown that if the site they visit doesn’t meet their expectations or provide a good user experience that it’s easy to click back and move on to the next site.
Easier to Manage: Prior to the adoption of mobile responsive techniques, the alternative option was to have multiple sites built to display for different devices. These days sites are categorized as desktop, tablet or smartphone. Within these categories you have devices that have different display sizes. You even have different sizes among the same brand of devices. Consider the different sizes available with an Apple tablet:
- iPad 1st and 2nd Generation: Portrait: 768×1024 px, Landscape: 1024×768 px
- Retina iPad iPad 3, iPad 4: Portrait: 1536×2048 px, Landscape: 2048×1536 px
- iPad Mini: Portrait: 768×1024 px, Landscape: 1024×768 px
With Android Devices you have even more screen resolution sizes. This makes building multiple sites for multiple device sizes an expensive undertaking. Besides the cost, you also have an increase in time required to manage and maintain your multiple size based websites. Each change has to be made on each version of your site. And each site would require a separate SEO campaign. With a mobile responsive site your website is coded to adapt to based on the screen size regardless of the device. You only have one site to maintain and optimize for search engines.
And the #1 Reason to Have a Mobile Responsive Website: Google Says To Do It: Google has been slowly moving towards favoring sites that provide a mobile viewing experience. In February of 2015 in a post titled “Finding more mobile-friendly search results” they clarified their intent, “Starting April 21, we will be expanding our use of mobile-friendliness as a ranking signal. This change will affect mobile searches in all languages worldwide and will have a significant impact in our search results. Consequently, users will find it easier to get relevant, high quality search results that are optimized for their devices.”
Let’s face it when we conduct search engine optimization we’re not doing it for Yahoo, Bing or any number of other available search engines. We optimize for Google. So if Google says your site needs to be mobile responsive, then that’s just what it needs to be.
The best time to make your site mobile responsive is during a redesign of your website. If you’ve been on the fence regarding doing a website redesign, then this is reason enough to get started.