Educating a client is rewarding, and fun. At WebDevStudios, we take the time to walk clients through our processes and their new website, never abandoning them after launch.

Here are five things all WordPress website owners should understand. Comprehension of these concepts makes it easier for the discovery and strategy process of their website project.

1. Process vs Plugin

When you install a plugin that has the features you need, it is a small part of the process. Let me explain further with some examples.

SEO is a process, not a plugin.

One thing WordPress website owners should understand and accept now is that SEO plugins cannot magically improve your search engine rankings and get you more traffic by themselves.

Let’s take a look at the SEO process:

SEO Audit

This step includes auditing the whole website and content. Without this step, website owners cannot understand how to find and fix technical errors or flaws in the content strategy.

Technical SEO

Checking, creating, or fixing the following is a part of technical SEO: sitemaps, faster load times, internal links, 301 redirects, broken links, indexing status, and crawl errors.

Keyword Research

This is a significant step in SEO. Research the costs for keyword research software and services, and you can see this step is an industry itself.

Know your audience, then you can find what they are looking for online. The general rule is to choose long-tail keywords with high search volume and low competition ratio. But you can also choose competitive keywords and their related keywords.

If your competitors have long-form articles and rank high for a keyword, you can create videos. This gives you the edge over them.

Content Strategy

Once you have keywords, you should come up with a clear content strategy. This helps you create content related to each topic and is also valuable to your website’s visitors.

WordPress website owners should understand that there are many critical factors involved in SEO. You can’t predict the search engine algorithms, but you can control the quality and relevancy of your content and user experience.

There are a few popular SEO plugins out there, well documented and maintained. You might be using one of them, but SEO doesn’t stop there.

If you are not sure about which plugin to use, our UX designer Jennifer Cooley’s comparison of the top SEO plugins should be helpful.

Security is a process, not a plugin.

A security plugin or combination of plugins can let you set up a Web Application Firewall, IP-based restriction, etc. However, a security plugin alone can’t stop cybersecurity attacks.

Your hosting provider plays a crucial role in keeping the environment safe. You should keep the plugins and themes and core WordPress version updated.

Google / Harris Poll 2019 found that 24% of Americans used common passwords or some variation like Password, abc123, iloveyou, Welcome, etc.

WordPress introduced a password strength indicator in 2013, to encourage the use of strong passwords. But many users go with predictable passwords, even today.

Use two-factor authentication to add another layer of security to your website. DDoS, butte force and XSS attacks could be prevented with a combination of SSL, CDN, and following The Open Web Application Security Project’s best practices.

Security plugins play a part in the security process. You can keep your site secure with a combination of plugins, server configuration, and automated backups. For better understanding, watch this WordCamp London 2108 talk by Thomas Vitale.

Accessibility is a process, not a plugin.

Accessibility should be included in the development process. All WordPress website owners should understand that each component of the website should be accessible.

Allow your website development partner to take time and implement accessibility and audit the website in each sprint. Many website owners assume that installing an accessibility plugin at the last minute is good enough, which is not true!

2. Performance Scores vs User Experience

A performance optimization plugin is not the magic pill for performance issues. A popular myth among website owners is that a good performance score alone can bring more traffic.

The main idea behind core web vitals (CVW) is to offer a good user experience. You should not just rely on the CVW scores. Delight your website visitors with relevant content, clear navigation, faster load times, and follow best practices.

The content has to be relevant and worth reading and sharing with others, if not users might bounce off the page. This in turn increases the bounce rate which signals search engines that the content is not the best for the search query.

For further reading on CVW, dive into this piece from the Search Engine Journal.

3. Rebuild vs Redesign

Every website deserves a fresh look. No one likes the outdated design. This brings up the question, does your website needs a redesign or a rebuild?

Redesign refers to changing the look and feel of the website, and retaining the same content and features. Rebuild means you are changing the website structure, adding or removing features, and even migrating content from one website to another.

• When you change your brand’s colors or messaging, a redesign can help.
• If you want to introduce new features like memberships, shopping carts, etc., you need to rebuild the website.

Further reading: Dev Shortie: Rules For Your Redesign

4. You need to test before you update.

Updating plugins and themes and also core WordPress is always recommended. However, every major update needs to be tested on a development or staging site before going to the live site.

If you know that certain plugins are customized, then it is a must to test the new version before updating it to the live site. Take a look at the change log and see what has changed between the new version and the current version that your site has.

Fields, HTML markup, CSS class names other new features, or bug fixes might be introduced in the new version. Often newer versions require a database update too.

So you have to have a complete backup of files and database before the plugin, theme, or core updates go into the live site. If something goes wrong you can restore the backup.

Do you need auto-updates?

Since WordPress 3.7, you can allow automatic updates for maintenance and security releases. While this is good and saves time, it is not recommended for websites with a lot of customization. In most cases you will not get any critical errors or conflicts, so test it on a development environment, then update the live site.

Further reading: How to Test New WordPress Releases to Avoid Problems

5. Choosing the right approach for you.

When we say competition, we compare our products and services with the competitors on the market. It is common and unavoidable to compare, but you don’t have to go with the same tech stack that your competitors are using.

Choose the right plugins, themes, hosting, and other stack related to your website based on what works for you. Discuss with the web design agency and discover the available options. This will help you narrow down and decide well.

Don’t go with the trend just because someone is using it. Every website is unique in its own way. WebDevStudios is committed to delivering the best services to every client, as our mission statement goes, “Your success is our mission.”

Have an enterprise project in mind? Let us build and launch it together, contact us now!

The post 5 Things WordPress Website Owners Should Understand appeared first on WebDevStudios.

According to Wikipedia…

“Cloudflare, Inc. is an American web infrastructure and website security company that provides content delivery network services, DDoS mitigation, Internet security, and distributed domain name server services.[2] Cloudflare’s services sit between a website’s visitor and the Cloudflare user’s hosting provider, acting as a reverse proxy for websites.[3][4] Cloudflare’s headquarters are in San Francisco.”

For those who aren’t giant nerds like we are, Cloudflare is an easy-to-set-up tool that turbocharges your website, protects it from the bad guys, and tells you where your audience is coming from. So, let’s talk about what all this really means.

Speed

Faster DNS

Everyone likes a fast website, right? But did you know that there is a lot more to loading times than just a fast web host?

One common issue that causes sites to load slowly is having poor DNS lookup times. Cloudflare helps trim this time down by stepping in as your DNS manager. If you are migrating from a poor DNS manager, you could see your site load speeds reduced by as much as 2,000 milliseconds! For more information see Cloudflare DNS.

Distributed CDN

Ever heard of cache? A cache isn’t money misspelled, but when it’s properly configured, it can make you some.

I’ve covered caching in greater detail in Diagnosing a Slow WordPress Site, but the short answer is it helps your website load faster for all your users. A major factor of website load speeds is distance. In other words, how far away is your server from your audience?

The farther the user is from your host server, the longer it takes for your site to load for your users. Unlike caching solutions that are hosted on just your host server, Cloudflare provides you multiple cache servers distributed across the globe free!* In practice, if you have a global audience, they are served a copy of your website from a server that is closer to them. That means faster load times.

Bonus fact: Since Cloudflare can save a cached copy of your website, in the event your web server goes down, Cloudflare is able to continue to serve your users from its saved copy until your web services are restored. For more information see Cloudflare CDN.

Analytics

Another major benefit that Cloudflare provides is in-depth analytics of all your site’s traffic out of the box. Knowing where your audience is coming from is helpful for your marketing strategy. Perhaps you didn’t know you were popular in Germany. These types of insights aid you in making more informed business decisions, such as opening up a version of your site in German or load balancing your website to be closer to your real customers.

If you are a fan of Google Analytics, you can still use it in conjunction with Cloudflare. For more information see Cloudflare Analytics.

Security

While speed and analytics certainly are important, as a backend engineer, the biggest reason I love Cloudflare is for the security resources it provides. Better than a mall cop, Cloudflare provides free denial-of-service (DDOS) protection to all of its users.

A DDOS attack is when a bad actor wishes to make a website (or any network resource) unavailable to other users. One way this can be accomplished is when a pool of thousands of infected computers are instructed to load a particular website in the hopes of overwhelming that server’s capacity, and thus bring down the website.

The reasons why someone nefarious would do this are plenty; sufficed to say, it’s not a good thing to happen when your its next target. Being a leading provider of DDOS protection Cloudflare has a database of most bad actors and can block their requests from ever reaching your website, thus keeping it online. For more information see Cloudflare DDOS.

Conclusion

If you like your website to go faster, become more secure, and ultimately know where your customers are coming from I hope you give Cloudflare a consideration.

To address the asterisk after free earlier, all the services I mentioned in this article are provided free for all the sites you own and should be all smallest to mid-sized websites should need. Who doesn’t like free stuff? If, however, you are a larger enterprise client, Cloudflare provides an extended range of paid services to help you even more.

So, whether you’re leveling up your current website or launching a new web project, consider my advice. If you’re seeking a team of pros to help you with that, contact us!

The post Why You Should Use Cloudflare for All Your Websites appeared first on WebDevStudios.

We often forget about our websites as life starts to get busier, especially if we don’t need to update our websites with any regularity. This time of year, more importantly for eCommerce website owners, site traffic will increase, and there are a few things we can do to potentially help your users our, as well as help, protect yourself.

I like to keep things clean and running smoothly with SOAP: secure, optimize, assess accessibility concerns, and prioritize updates. So, let’s get started.

Secure

Security, especially around the holidays, is essential. Even the smallest website could potentially put your users at risk if not adequately audited, configured, or updated. You don’t need a computer science degree to keep your website secure; you need to make sure you’re looking at a few key points.

Make sure your hosting provider has your back. Companies like WP Engine often release information about their ongoing security efforts to let you know that you’re covered. Hacks are happening all the time and often without your knowledge. It’s important to know that the hosting platform you choose is just as dedicated to staying safe online as you are. If they’re not, it might be time to find someone new.

Add a secure sockets layer (SSL) certificate to your site. It used to be that the only sites that handled sensitive data like names or credit card numbers required additional security in the form of an SSL certificate. Now, companies like Google and Mozilla, to “secure the internet,” are requiring SSL certificate on every website. Sooner or later, your website visitors (and customers) may not even be able to see your website without first seeing this:

You can imagine how much that will affect your website traffic. Plus, an SSL certificate is an extra layer of security at little to no cost. Check out options like Let’s Encrypt before paying the big bucks to your hosting provider.

There are a myriad of other ways to keep your WordPress and non-WordPress website up-to-date and secure, but the aforementioned items are more than enough to secure most websites and protect yourself and others into the New Year.

Optimize

Optimization is a funny industry buzzword. I get the impression that the word “optimization” gets thrown around as the goal of any website without really understanding what optimization means or what limitations revolve around a truly optimized website. Not every website needs to be optimized to the fullest. The more site traffic or interaction you have, the more beneficial it is for you to make some optimizations, but you won’t know until you take a look at your site traffic to figure out who’s visiting, which pages they’re visiting, for how long, and on which devices.

There are a few easy ways to optimize a WordPress website. For example, keeping in mind that some hosts already handle a good number of these for you, Flywheel and WP Engine both handle server-side caching and have options for a CDN to serve up media. You can learn more about some of those optimizations by reading Best Practices for WordPress Website Image Optimization.

• Utilizing a CDN to serve up images and media will help speed up your website by using cached images rather than needing to download them each time the page loads, which is especially important if your users are typically on slower networks or utilizing mobile devices.
• Utilizing a caching plugin like W3 Total Cache or WP Super Cache are good options for automatic handling site caching on Apache websites. Nginx websites may need a bit more manual configuration.
• If your theme has changed or you’ve made updates in the past six months, you may want to rebuild all of your thumbnails to make sure that you’re using an image meant for space rather than an extra large image in an area that renders a small image. Regenerate Thumbnails is an excellent option for doing this efficiently without needing to access your server directly.
• Remove unused plugins, and deactivate those that aren’t in use. You can cut down on extra JavaScript or CSS files being loaded when you don’t need them. Things change from year to year, and we often forget about that gallery plugin that we replaced six months ago but never deactivated. It happens. Deactivate, remove, and enjoy a tall cup of coffee for a job well done.

Assess Accessibility Concerns

Accessibility refers to two things: a user’s ability to access your WordPress Admin and the ability for website visitors with special considerations to access your website. Both items should be addressed to help you in the new year.

For access to the WordPress Admin, update and audit your Users. People come, and people go, but we often forget to remove old users who can leave your site open to unexpected access. Removing unused users and keeping passwords secure and changing them frequently will help optimize your site, not for performance, but for organization and security’s sake.

Bonus tip: stop using one login for all of your users. You’ll thank me later.

For visitor accessibility (WCAG 2.1, for example), you may need to do more comprehensive updates. If your site is trafficked highly, primarily if your website sells a product, you may be dismissing users with any disability because they are unable to navigate your website with the keyboard or by sound with the help of text to speech technologies. Picking a theme that meets WCAG standards is a great place to start.

Keep in mind that not all eCommerce and WordPress plugins are created equal. WooCommerce places much importance on their plugin’s accessibility; so it might be worth switching if you don’t already use it.

If you’re curious, you can use an online service like WAVE Web Accessibility Tool (also a browser plugin) to audit your website’s accessibility status. You might be surprised.

Prioritize Updates

Keeping your WordPress website up-to-date is probably the most important thing you can do to keep your website optimized and secure. This includes your platform, plugins, and add-ons. Auditing them and removing unused ones is crucial, but it’s also important that the ones that remain on your site are updated.

• WordPress Core: Unless you’ve switched the option off, updates can occur automatically. Along with new features and performance improvements, these updates address potential security vulnerabilities as they’re found and go a long way to securing your data.
• Plugins: Keeping plugins up-to-date offer the same benefits as keeping the Core updated, in most cases, but I recommend that you make sure that the plugins are confirmed compatible with your current version of WordPress, are updated fairly regularly, actively installed, and rated highly. The little things make a big difference.

I get asked a lot about plugins that go through a development change or are no longer supported with the current version of WordPress, but yet the website owner is reliant on a specific feature that the older version of the plugin provides, causing them to not update the plugin or the WordPress core and continue to operate their website on an old version of WordPress. In other words, they simply refuse to update anything.

To them, I say this: it’s time to update! You’re out of SOAP!

You risk security vulnerabilities, are probably causing optimization issues, and ignoring accessibility considerations. Plus, because you’re out-of-date, living in the past, and not taking advantage of the newest technologies the internet has to offer, you and your website visitors (aka your customers) are missing out on all the things meant to make your life and the lives of your users better. Think about that.

To the Future!

So, let’s see if we can’t get your website updated, secured, and optimized. I appreciate it and bet your users will, as well. If you’re one of those that have just been sitting on an old version of WordPress to preserve functionality, why not reach out and see how we can help you bring that up-to-date?

The post Get Your WordPress Website Ready for the New Year: What to Do Now! appeared first on WebDevStudios.

We use their services for all of our websites including the one you are on right now- WebDevStudios.com. We know that our site is being monitored by Sucuri 24/7, which gives us peace of mind. Also, if we were to be hacked, Sucuri would alert us of the issue right away, and it’s good to know that we have that security blanket in place.

Sucuri offers a free website security scanner that everyone should take advantage of. This scanner allows you to check for blacklisting status, out-of-date software, known malware and website errors if your site is on WordPress or any other platform.

Anyone who has attended one of Brad Williams’ security presentations at WordCamp, know that he is extremely knowledgeable in the best practices of WordPress website security and he cannot say enough good things about using Sucuri for your website. He says:

“Sucuri is a service anyone serious about their website should have.”

Here at WebDevStudios, we recommend to all of our clients that they sign up Sucuri monitoring services because we strongly trust in their capabilities as a company. If you’re looking to have affordable peace of mind for your website security, check out Sucuri Security today. We promise you won’t be disappointed!

The post Products We Love: Sucuri Security appeared first on WebDevStudios.

Last week I gave a WordPress Security presentation at the NYC WordPress Meetup. We covered some very important security topics, including my list of top WordPress security tips. One of my tips was to stay current on your WordPress version.

Many out of date WordPress installations were hacked by an internet worm a few weeks ago. This hack affected any WordPress websites running versions prior to 2.8.3. The latest version of WordPress is 2.8.4 so basically any site older than two versions was vulnerable to the security exploit.

WebDevStudios offers WordPress Maintenance Packages to keep you safe from such an attack. All current support package clients were safe from the attack and had no reason to worry. This is the peace of mind every website owner should have. Why worry about security? Let WebDevStudios do it for you!

Be sure to check out my WordPress Security presentation for essential tips below:

The post WordPress Security appeared first on WebDevStudios.