800.706.1191Contact Us

WordPress Design

When choosing a content management system, customers can sometimes be at a disadvantage when talking with a potential web developer or designer. Because of the ever-changing and technical nature of the web, it can be easy to be misled by someone who is not experienced or familiar with WordPress. Here are a few misconceptions we’ve heard over the years.

WordPress is just for blogs.

WordPress is the most popular content management system in use today. Because of its ease of use and flexibility, it has also become one of the primary platforms used by design agencies. In fact, over 25% of all websites, worldwide, are built on the WordPress platform. From small businesses to large enterprise level websites, if you can think of it, it can probably be accomplished using WordPress.

WordPress isn’t secure.

As with any site that can be directly edited, maintaining security is important. By working with a company that follows industry best practices for WordPress development and hosting, including security measures that discourage automated, brute-force attacks or other intrusion, you will ensure a safe environment and optimal site performance. Oh, and don’t forget to lock the front door. Regardless of the platform you chose, always use strong passwords.

WordPress isn’t suitable for big businesses.

Sony Music, The New Yorker Magazine, Walt Disney, Best Buy, Fortune Magazine, major universities, and many other enterprise-level websites are powered by WordPress, and more are being launched daily.

There’s no support.

WordPress is a very well documented content-management platform with an active development community. Questions posted to the wordpress.org forums are often answered within minutes. And, when you are working with an experienced and reputable developer, support is usually a phone call away.

Using plugins is dangerous.

One of the great things about WordPress is the many plugins that are available to accomplish just about any task. While you should always be careful when adding third-party code to your site, the WordPress repository provides detailed reviews and records of the latest updates. Again, working with an experienced and reputable developer will help ensure that your site uses well-vetted, secure scripting.

WordPress is a versatile, extensible, and reliable web content management system, but don’t take my word for it. Visit wordpress.org/showcase and see for yourself some of the latest enterprise level websites being on the platform. And be sure to visit us at DatAchieve Digital for more on WordPress design and hosting best practices.

Building the Best WordPress Websites

There are many things to consider when building a WordPress website. Aside from the obvious message, audience, and marketing aspect, there are technical considerations that should be addressed at the beginning of a project so that you don’t find yourself “painted into a corner” and unable to make changes later on. By following industry standard WordPress best practices for design, development, and hosting, you’ll be able to avoid problems.

WordPress Security

While perfect security is never possible, there are things that you can do when developing a WordPress website to significantly reduce risks and ensure recovery should a problem occur.

  • Hide the standard WordPress login area. WordPress is the most popular content management system in use today, powering over 25% of websites, worldwide. That means millions of websites can be accessed simply by adding “/wp-admin” to the end of the address. Changing this will send most attackers off to an easier target.
  • Force strong passwords. By including code that forces strong passwords for all users you’ll avoid having a client or someone else introduce vulnerability later on.
  • Limit the number of incorrect login attempts. Frequently attackers use automated scripts to repeatedly enter a variety of usernames and passwords. By limiting the number of incorrect login attempts, you’ll discourage these “brute force” attacks.
  • Use a separate username and WordPress nickname. Articles and posts are often published under the username byline. By requiring a posts to be published under a separate “nickname” you make it more difficult for a hacker to learn your WordPress login credentials.
  • Protect system files. Blocking public access to readme.html, readme.txt, wp-config.php, install.php, wp-includes, and .htaccess files prevents disclosing important information about your site.
  • Disable directory browsing. The contents of a web directory that does not include an index file can be easily viewed by anyone online.

Design & Development

  • Use the latest version of WordPress. WordPress is updated regularly to address ever-changing security threats, so always maintain the latest version.
  • Never modify core WordPress files. If core WordPress files are modified to accommodate a design or functionality need, the changes will be overwritten when WordPress is updated, potentially breaking your site.
  • Use recent HTML and CSS coding conventions. Currently HTML5 and CSS3 are the most recent version finalized, and published by the World Wide Web Consortium (W3C).
  • Use recent versions of javascript. Often plugin developers will include out-dated or conflicting versions of jquery.php within their code. You may want to consider loading the latest scripts directly from the Google Javascript libraries so that you’ll know they are always up-to-date.
  • Remove installation files. Remove wp-config-sample.php and /wp-admin/install.php after installation. These files are used during the initial installation of WordPress, but can introduce security holes after installation is complete.
  • Limit plugins. One of the great things about WordPress is the many plugins that are available to accomplish just about any task you can think of. Over-reliance on plugins, however, can create slow, code-heavy sites and conflicting code. Consider coding functionality directly into your site. When you do use a plugin, make sure that it is from the WordPress.org repository or a well-known company or developer.
  • Set proper directory permissions. WordPress needs to allow various files to be writable by the server, but this can sometimes be dangerous. Try and set directory permissions to be as restrictive as possible.

Hosting

Customers often assume that their hosting provider monitors their website and takes care of security. While some do, most only provide security that limits damage to the hosting providers servers, not your site.

  • Avoid shared and “underpowered” hosting. Shared hosting environments can be a bargain and seem to offer the same features as more expensive dedicated server plans, but your website will be hosted together with hundreds of other sites on the same machine. Someone else gets busy–your site slows down. Somebody else gets hacked–they slip into your site while they are there. These “noisy-neighbors” can have a direct impact on your website’s performance.
  • Backup both website files and databases. Schedule frequent and ongoing backups of your website files and databases. You may want to backup all of your website files each month and backup the database weekly, depending upon how often your site is updated.
  • Use version controlling. If you’re operating a large or enterprise-level website with frequent changes and multiple users, a version control system will enable you to track changes that are made to your site and revert to earlier versions when problems arise. Git and Subversion are both popular version control tools. You may also want to develop a “staging” site to develop, test, and review new content and functionality before deployment to the live site.

WordPress Resources

Here are a few tools that we’ve found useful when designing WordPress sites.

30 West Washington StreetHagerstown, Maryland 21740
Toll Free:800.706.1191Phone:301.791.2622

Navigation

Services