Ok, first things, first, who am I to write a review of WordPress? Well, I’m an independent web designer/developer who lives in the small city (pop 50,000ish) of Nelson in New Zealand. I mostly build websites for small local businesses in the Nelson region, sometimes for businesses in other parts of New Zealand and occasionally for clients in Australia, USA and Europe. I’ve been working in this area (small business websites), since 2007 – about a dozen years. I’ve worked with a handful of popular content management systems over the years – Drupal, Joomla, Silverstripe, a funky Apple OS X based one called Manila, some e-commerce specific systems – Magento and Prestashop. I’ve also encountered and worked on a few websites (just a few!) built outside of content management systems – static HTML/CSS, ASP (the old pre-dot Net Active Server Pages), JSP, PHP and, God forbid, even Dreamweaver! But WordPress has been may mainstay since I researched and trialed content management systems back in 2007 and picked WordPress as the CMS that I would focus on.
Stellar Web Works is based in Nelson on the top of the South Island of New Zealand. I’ve compiled a list of all the other web design companies located in Nelson. If I’ve missed any let me know.
When designing and maintaining a website, user experience is a simple, foundational concept that is often overlooked.
User experience is about how easy or difficult it is for visitors to your website to interact with the website to achieve their goals (and your goals). A good web site user experience requires:
easy to find and access content and use the functionality on the site (ease of use)
visual impact of the site is engaging and consistent with the brand identity
suitable
functionality and features which engage the user and make it easy to
complete the tasks appropriate to the site (e.g. purchase products, book
a room, interact with other site visitors)
the website contains compelling, up-to-date content, appropriate to the needs and goals of the visitor
Here’s a video that I came across on searchengineland.com that explains the basics of Search Engine Optimisation (SEO) in an easy to follow, non-tech-speak manner. I thought I’d share it here as it may serve as a useful primer on SEO for my clients:
Make sure you have a worst case scenario backup plan. Sure any web hosting service worth it’s salt will keep backups of your website but don’t just rely on that. What if they went out of business and shut down operations suddenly, would you be able to get your website back online with another hosting provider? What if your website was hacked but you didn’t notice it for several weeks, would your hosting provider have a clean backup to restore? Take these matters into your own hands and have a backup plan in place. Make sure you have your own backup of your website. Make sure your backup includes everything needed to get your website back online. If you update your website regularly you should save a new backup at regular intervals.
Step 2: Keep your website software up-to-date
Cyber-criminals and hackers are constantly scanning the web for websites with security vulnerabilities. Popular CMS software such as WordPress is scrutinised for any security weaknesses that can be exploited. If any security holes are exposed the WordPress team responds quickly with a security update. But you must update your website software to the latest version of WordPress to make sure you have all the security updates. If you are running an old version of WordPress, it may have known security holes which leaves your website vulnerable to attack. So make sure you regularly update to the latest version of WordPress (or whatever CMS software you are running). Beware that updating the software can have it’s risks – the upgrade could fail leaving your website inaccessible or there could be incompatibility issues, so it is important to backup your site prior to upgrading. WordPress plugins should also be kept up to date for the same reason. You can read the release notes for WordPress and plugins to determine if the latest release includes any security updates.
Step 3: Use strong passwords and keep them safe
A weak administration password could be the biggest security hole in your website. It is best to use passwords of at least 10 characters. They should contain a combination of upper case, lower case, numbers and symbols. It is safer not to use the same password for multiple different purposes. It is also recommended to change your passwords from time to time. That can mean a lot of passwords to remember so a secure password storage utility such as KeePass (Win), KeePassX (Mac, Linux) or Password Safe (Win) comes in handy for keeping track of all those passwords in a secure manner.
Step 4: Ensure your website is configured as securely as possible
Certain measures can be taken to add an extra layer of protection from hackers scanning your website beyond what is provided by the out-of-the-box content management system. e.g. Certain information that does not need to be displayed but could be of help to hackers can be hidden. For WordPress websites there are security add-ons that assist you with making your website more secure. One that we use and recommend is Better WordPress Security.
Sometimes I find stray p or br tags appearing inside a block of content that I’ve enclosed in shortcodes and this can mess up the layout by adding extra spacing where I don’t want it. It occurs because of the default order in which WordPress processes your content – wpautop (the function which converts line breaks to p or br tags) is run before the shortcodes are processed.
The Solution:
Change the execution priority of wpautop so that it executes after the shotcodes are processed instead of before. Add this in your functions.php file:
remove_filter( 'the_content', 'wpautop' );
add_filter( 'the_content', 'wpautop' , 12);
Now there will be no extra p or br tags added inside your shortcode block. In fact there will not be any automatic conversion of line breaks to p and/or br tags at all. So if you want the legitimate line breaks to convert to p and br tags, you will need to run wpautop from inside your shortcode function, e.g.:
function bio_shortcode($atts, $content = null) { $content = wpautop(trim($content));
return '<div class="bio">' . $content . '</div>';
}
add_shortcode('bio', 'bio_shortcode');
Flicking through Time Magazine on the plane back to NZ, I came accross an interesting read regarding website hacking. It is astonishing how organised these hacker organisations are, so much so that some of them even offer customer support!
One of my client’s websites got hacked recently but fortunately he was able to restore the website and tighten up security. He also discovered how the attack happened – his own computer got infected with malware which got access to a file created by the popular FTP client, FileZilla. That file contained his FTP connection details for his website, including password in plain text. Yes, FileZilla stores all the site connection details that you save in the site manager in a plain text XML file. This seems very unsecure. The FileZilla developers contend that it is the job of the Operating System to keep your information secure and that even if they encrypted it, malware authors would easily decipher it. However, I am of the opinion that encrypting the passwords would make it more difficult for the hackers and therefore would improve the security.