The experience gained in 8 years of WordPress development is extremely valuable to us. By addressing some of the most frequent questions we got from our clients we hope this collection of considerations, resources and best practices will also prove useful to you. We plan to update this knowledge base constantly, filling in one piece of the puzzle at a time.
WordPress is an easy to use, very extendable and customizable content management system you can use to implement and manage your website. You can find a comprehensive list of relevant features on WordPress.org.
WordPress is the platform of choice for anything from small websites to more sophisticated eCommerce websites to even large corporate platforms. In fact, WordPress is used by almost 60% of all websites that use a content management system. This accounts for more than 25% of all existing websites.
WordPress is the ideal choice for building presentation, publishing, portfolio or eCommerce websites and more or less any type of small, medium or even large website.
The blog is built-in since it is the core functionality WordPress provides. Additional tools derived from WordPress include bbPress, a forum software and BuddyPress, a solution for developing and managing online communities.
WordPress is a free open source platform supported by a huge community of developers, which means you can find a lot of resources to help you manage and personalize your WordPress website. Among such resources it’s worth mentioning a wide range of free themes and plugins that handle anything from eCommerce to social media integrations. All this generally translates in lower development costs.
In case of large or very specific-purpose websites you will most likely need extensive customization, which can be covered by commercial plugins and custom feature development. This will have an impact on your budget, but in our experience the WordPress core and plugin ecosystem will cover up to 90% of the development effort.
To a very important extent your website’s security depends on simple best-practices such as using secure user passwords, proper use of user roles and access levels, and most importantly, making sure you have your WordPress core and plugins updated.
“Security” is an extensive topic, so complex security features are not available out of the box. However, these can be significantly optimized during the development phase of a WordPress website.
One of WordPress's key selling points is it’s easy of use. In just a few hours a user can get familiar with the WordPress interface. The abundance of how to's and tutorials available, combined with the intuitive user interface makes WordPress easy to master even for non-technical users who can quickly become proficient in using it.
While security has improved significantly in recent years, there are still a few things to look after in terms of securing your WordPress website. We have built a strong culture around taking care of these aspects for you. Whether it is making sure you will always have your WordPress up to date, applying the latest security fixes or simply educating customers on the importance of security (having strong passwords, employ least privileged principles and more), we are committed to deliver a secure experience for you and your business.
In terms of development, we follow a strict security checklist which among others includes:
- Disabling the file editor in the dashboard;
- Disabling any unneeded functionality;
- Using a custom database prefix for the tables;
- Never using role names as usernames (such as “admin” for an administrator user);
- Disabling the XML-RPC endpoint if you do not absolutely need it, and more.
We review and test these aspects during our development process and perform a security audit before delivering a website to any of our customers.
We closely follow the latest security reports and make sure we don’t use modules with a well known history of security issues or which are usually targeted by hackers.
Easy, no. But it can be hacked, depending on a series of factors, among which:
- How strong are the passwords you are using;
- What version of WordPress you are using (different vulnerabilities are found and patched in new releases, thus it is important to keep your website up to date);
- What themes and plugins you are using;
- What third-party libraries you are embedding on your website;
- How secure is the server you are hosting your website on.
Yes, especially the minor version updates, which are usually released to fix bugs or address security issues. One of the simplest ways to maximize security for your WordPress website is to always have the latest security patches installed. If we manage your website hosting you do not need to bother with this since we will take care of everything.
Updating WordPress can sometimes be cumbersome, especially if this implies updating a large variety of plugins that you use together with WordPress. If you use several well maintained plugins the update should be really simple. However, in case you’re using custom plugins or premium plugins that don’t come with automatic updates you may be better off leaving the update to a WordPress developer.
First you need to identify the vulnerability that lead to the hack (an SQL query that was not sanitized, a server security issue, a weak password, etc.) and fix it. Second, you need to check for modified files (added files that are not yours) or changes in the database, identify what has been altered and fix it.
To minimize the damage of the hack, we recommended that you have a backup of your website stored locally to make sure you do not compromise your data. You can temporarily switch to the backup site (with limited or restricted functionality) until the vulnerability is analyzed and a security fix is applied.
You can take several steps to minimize security risks, among which:
- Update your WordPress and your plugins regularly (though we highly recommend you let us deal with this);
- Always use strong passwords, especially for administrator users;
- Always check plugin ratings and relevant user comments before installing a plugin;
- Never login while using public networks if your website does not have an SSL certificate installed.
In case your needs (or budget) do not call for a custom theme and you are confident you can model your website solely on what a premium theme is offering, you can go for a premium theme. However, you need to be prepared to learn that a lot of things cannot be handled the way you want to, but rather in the way that the theme was designed to handle them.
In case your budget matches your ambitions our advice is to go for a custom theme.
A premium theme requires no development time, only configurations, but there is a very limited amount of configurations that can be done in terms of design and functionality. Additionally, if you are using a premium theme you may encounter issues when updating it.
There are multiple eCommerce plugins available for WordPress, but we recommend you use the WooCommerce suite.
Magento and PrestaShop are stand-alone eCommerce solutions, while the WooCommerce plugin is based on the WordPress CMS and integrates with it directly.
Yes you can, while also using WPML or other internalization plugins.
Though WordPress is search engine friendly you still need to do some manual SEO work to achieve best results. WordPress as a CMS has nothing to do with SEO.
The SEO tags are displayed in the markup by the theme or by plugins. So standalone WordPress is neither good nor bad for SEO, it depends a lot on how you write your content.
You can improve your SEO rank by installing a plugin and by configuring the appropriate titles, search engine friendly URLs, descriptions and meta tags for each page.
There are plenty of plugins available for that, though we recommend that you use the Yoast SEO plugin. It will also analyze your SEO score and give you recommendations on how to improve your page rank.
You can improve your page speed considerably by:
- Serving compressed images;
- Using caching and compression to speed up the page transfer;
- Concatenating and minimizing your assets;
- Taking several other optimizations into account, such as: homepage and database optimization, remove unnecessary PHP executions and DB access and more.
Another important factor is the choice of a good host. In case you lack sysadmin experience, opting for a shared hosting solution would be the obvious choice, but you should keep in mind that shared hosting usually accounts for slower website load speed and frequent downtime during high traffic periods. In order to mitigate such issues you can use several plugins meant to increase your overall site load speed performance, such as MaxCDN, W3 Total Cache or WP Fastest Cache.
Depending on your use case and needs a wide variety of plugins can be recommended.
Besides the ones showcased above, we can also recommend Google Analytics Dashboard for WP if you want to track Google Analytics statistics, Akismet which provides spam protection and CloudFlare to protect yourself against DDoS attacks many more which can cover a wide variety of use cases.
We recommend you to use as few plugins as possible. Keeping their number to a minimum will reduce update times and the issues that may appear when two or several plugins generate conflicts.
Furthermore, using fewer plugins will decrease the chances of security threats by reducing the overall attack surface and increase performance by reducing the footprint of your website.
As a rule of thumb, use only the plugins you need to run your website and either deactivate or uninstall the rest.
WordPress as a platform has no limitations over the design itself and is very permissive. You should just keep in mind some common web design principles like sticking to a grid and being consistent in your design.
There are no font-related limitations with WordPress, but as a general advice, be consistent and do not use more than 3-4 font families and more than a couple of font sizes.
If you want to get better website load times it’s recommended to serve fonts from your own server, as opposed to loading them from third party platforms may impact your website performance. However, you should note that opening an account on a web foundry will be less expensive as buying the fonts you need to host. We regularly use Google Web Fonts which offer a wide variety of free and open source fonts and fonts.com.
You can use any format you desire but there are a couple of dedicated formats that are preferred because of their widespread use in the design of a WordPress website, namely Sketch, Adobe Illustrator and Adobe Photoshop formats.
WordPress is a very versatile platform, but when it comes to design it’s important to use the tools of the trade.