As much as I’ve praised WordPress in my last two installments, it is definitely true that it has its issues. I’ve mentioned that being the dominant CMS platform has its advantages; in the same way it also has its disadvantages. Below I’ll discuss some of the issues and the way to overcome them.
As easy as it is to set up a site with WordPress, it is just as easy to get hacked. These days data is getting more and more susceptible to attack and security must the thought of during the build process. Even if you site is not hosting valuable data, it does not mean you are immune to attacks. Attacks can be automated and random, and can exploit various vulnerabilities, most of the time without you realising it has happened.
WordPress, being open source and popular, is a target for these hackers. If a venerability is found, it could be a basis to attack millions of sites. There are a few security plugins and other solutions for a WordPress site, but at Pugh Morgan we recommend it be handled at the web host side. WP Engine is a hosting platform dedicated to WordPress and has inbuilt features that include intrusion detection and firewall, as well as some tips on which plugins have security flaws.
If changing hosting providers isn’t part of the plan, you can also try Sucuri.net which have similar features which you can embed.
As I mentioned, plugins can have security flaws. This is part and parcel of an open-source community. Much of the time developers are creating these plugins for no income. When selecting plugins make sure they are popular and have a good update history. Always keep your plugins up to date to help to close security holes.
Nothing online is 100% safe, but taking some simple steps with security will avoid making your website an easy target.
Maintenance follows on from Security. Almost every time I am presented with a WordPress website which has be live there are a plethora of plugins which have been ignored. Add to that neglected theme updates and especially WordPress core updates.
Sometimes these updates aren’t carried out because a user is worried that something might break or become incompatible. This should not be an issue, there is no excuses for updating on the live site, if no staging site is available (it really should be, even an instance of an Amazon E3 on the free tier) you can always test your updates on the local environment. I would recommend a process that includes regular backups and version control.
It is easy to get drawn into themes, and most of the time they do have their place. In my experience themes are great if you don’t want specific functionality. Themes exist to make it easy for non-developers to get something up and running that looks decent with not too much fuss.
The issue is that not all themes are created equally, and some are very strict in their implementation. Change them and you might find yourself in a bit of trouble, especially if the whole purpose of using a theme was to avoid development costs.
Some themes utilise bootstrap or other frontend frameworks. There might be reasons to use bootstrap with WordPress, and lots of them valid. Improper implementation of bootstrap can lead to unnecessary code bloat.
At Pugh Morgan we prefer to build websites based on bare bones themes. These themes strip all design from WordPress and allow us to customise all facets of the site for our clients.
A good start
Apart from the base theme, there are a number of plugins which I install as a standard which adds some nice functionality:
- Disable Comments: these days most websites that are publishing news items don’t particularly want public comment, and if they do, there are better systems than what comes standard with WordPress, such as Disqus.
- Duplicate Post: this does exactly what it says, gives an option to duplicate a post.
- Enable Media Replace: ever upload an image that wasn’t quite right? This handy tool lets us replace that media item without having to change its URL.
- Formidable: I used to be a Gravity Forms user, but Formidable is now my preferred choice. It has a basic free version for a start, which suits most needs, and generates a nice markup that is easy to style.
- Toolset Types: many developers believe that Advanced Custom Fields is a great tool to customise post types, but I believe Toolset takes this to the next level, and has a great API and an extensive set of support documentation.
- WP Sync DB: This tool is a must for those of us who use a version control system. Once files are edited, pushed and deployed, this tool helps to keep the database in sync. From a local install it can pull, push or take a backup.
- Yoast SEO: A vital tool to keep all the onsite SEO in check. It makes all the basics an easy job, and has inbuilt XML sitemaps and social sharing options.
Hosting & Processes
Proper hosting and processes is vital for a website to run quickly, efficiently & securely. As mentioned earlier I generally recommend WP Engine for hosting. As well as the security features it also has a few other nice additions, like a staging server, regular backup, content deliver networks and helpful support staff.
In reality you can use whatever hosting you want to, I would suggest to add on a plugin that automatically makes backups to 3rd party storage such as Dropbox.
In addition to backup and security, I also use BitBucket (Git) to house my code. If another developer comes on board, they can create a fork from the original code and make their changes, before committing.
To deploy, I use a tool called deployhq.com. I’ve found this to be reliable, quick and simple. I deploy my code from BitBucket to the WP Engine staging environment, which allows me to deploy to the live site with a single click.
As mentioned previously, I also use a plugin called WP Sync DB which allows me to keep the database in sync. If you are working with a client who regularly updates content on their site, this is a vital tool.