The background
It was about six to nine months ago when I was exploring some different options to get myself back into development without investing a ton of effort and energy into creating things from scratch (as I had in the past). Basically I was exploring options for developing with the “low-code” approach. Leveraging tools like a CMS to speed up my development, to focus more on the content and not just the code.
So, as I took on this new exploration of options, I worked on introducing myself to Joomla, MODx, and WordPress. Even though WordPress had quite a bit of market share between these options, with Joomla close behind, I started with MODx. I chose MODx as it touted security as its cornerstone. But overall it did not give me quite what I was looking for. After using MODx for about six months, I decided to trail both Joomla and WordPress as well.
It wasn’t long after trailing each, I came to the conclusion that for my application and needs the WordPress platform provided the greatest amount of upside. In general, the way I came to this conclusion was my overall experience. But also my initial reservations about the top “myths about WordPress” were quickly dashed with some research and then some trail and error. I was shocked how quickly I debunked these myths I had heard all along: Security, backups, customization, and ease of use.
Security
The first line of defense is making good decisions from the start. So to tackle this common myth about WordPress I start at the beginning. Taking the time to ensure the tools are there working for you creates that first line of defense. It is this initial setup that lays a solid foundation for your site. From there it is all about keeping up to date, and making good decisions.
So the first things I check and fix, when I create a new site are the following:
- /wp-content/, /wp-content/plugins/, /wp-content/themes/ and /wp-content/uploads/ directories listing prevention
- Hiding the Worpress version number
- RSD (Really Data Sample) tag removal from front-end
- Windows Live Writer meta tag removal from front-end
- Disabling of database error reporting
- Disabling of PHP error reporting
- Removal of scripts and stylesheets information from URLs
- Remove the readme.txt file from WordPress root
- Ensure the Administrator username is not “admin”
The second thing I do, is I utilize the iThemes Security Plugin. This plugin is on all of my sites, as well as over 900,000+ other WordPress sites. It boast 30+ ways to secure and protect your WordPress site, but my favorite is the ability to change the default Admin login URL. However for most of my sites, I simply use their default set up which has proven to help keep my sites safe thus far.
Check, one common myth about WordPress taken care of.
Malware, and what to do if you catch a case
Malware is certainly related to having or not having good security on your site. But what if you take all the precautions and still get infected? In these cases there has to be a backup strategy, as well as an ability and understanding about how to restore your site.
I am not sure how, but backups seem to be a commonly overlooked feature to someone’s site. This goes for not only WordPress sites, but really any platform you use. If you take only one thing away from this post, make sure it is to check with your webmaster on your backup strategy.
As for how I solve this, first I come up with the expected amount of changes to the site. If I have a general brochure website that is mostly static and changes somewhat infrequently, I will create backups once a month. However, if I have a blogging site I will likely go with once a week if not daily. But if it is an eCommerce site, depending on traffic I will go with daily or even twice a day.
With all of these options, I ensure that I keep at least two copies of each backup that I can roll back to. This all seems a bit daunting when you think about “how will I back this up?” Good news, there is a WordPress based tool called UpdaftePLUS. It is a free plugin that allows for all the essential needs out of the gate. You can create your backups to offsite storage (I use Google Drive) and also set your desired frequency. If you do get into a situation where you need to roll back, their automated process is very simple and easy to use.
This may not have totally gotten rid of a myth about WordPress. This is something that is common to any site, and now you know that there are great tools available for your WordPress installation which will go a long way towards keeping your site up and running. Even if you get attacked!
Customization
It seem to be that when you have a thought about “Can I do that in WordPress?” all you need to do is some research on the plugins that are available. Estimated at 29,000+, chances are what you are in need of, already exists. But one of the common myths about WordPress is still that it is “just a template.”
While there are certainly many templates out there to choose from, you can develop sites with a very basic theme. From there developers can write custom HTML and CSS. There is also a great plugin called Elementor. This page builder tool offers an ability to create custom designs in far less time. One of my favorite features is using dynamic content, which I have been experimenting with ACF to create a robust CMS experience for my clients.
While plugins are powerful and almost a necessity in WordPress. There are a couple important factors to remember when using them. First, do the research before you start using a plugin. If it is in their library it likely will not come with malware. But still, if you have the option test it on a beta site or a site with low traffic before you get going. Also, always have a clean backup just in case installing or configuring your new plugin messes something up.
Second, be very careful when using any plugin or theme you download from a third party website. If this is an absolute must, make sure you run it through a malware scanner prior to installation. As I reference once already, I use the iThemes Security Plugin to run this. The only problem is that this tool comes with a “pro” upgrade, so look into some free options if you are on a budget.
That is another myth about WordPress taken down, next…
Development knowledge
This is often an element that is overlooked, but is really something that needs to be consider. Especially when you have strong development resources at your disposal. WordPress is a platform that can be developed on. As previously discussed you need to look no further than the 29,000+ plugins that are out there.
This is why organizations that have developers on staff should still give WordPress (or other CMS platforms) a fair review before making decisions. At this point in the technological evolution, our willingness to use tools at our disposal in a smart and safe way can create the ability to create a plan, quickly develop, learn, and then iterate constantly.
So what’s next?
With these key tips in mind, my hope is that your next web development project takes into consideration WordPress and other tools to do some of the heavy lifting. Do the investigation, make smart decisions, and don’t rely on unfounded fears that come with the myths about WordPress. It is secure, it is flexible, and it is a tool that if used right can save you time while still creating an extraordinary result.
As always, start up the conversation now if you want help evaluating you current site. Or if you are in the market for a new site reach out today and let’s spark the conversation about what Rauch Digital can do to help.