3 Scary Truths about WordPress That Can Keep You Up at Night

by Jennifer Beever

Beware 5164166031_462b41515a_bThe advent of open source, templated WordPress websites that non-programmers can create and maintain has been revolutionary. But beware, there are some very scary things that can go on behind the scenes you need to know about and prevent!

[I originally published this post in 2015. Last night I attended a really great WordPress meetup and decided to update the post. And, yes, there are still reasons to beware of open source, templated websites!]

As a marketing consultant, I’ve been working with websites since 2000 and on WordPress sites since 2009. I’ve seen some great successes and real nightmares with the WordPress platform. Today I and my associates prefer to create websites in WordPress, because it is so cost-effective and flexible. But, it’s not right for every project, and there are some things you need to watch out for.

WordPress is an open source technology. That means that the source code is available to anyone who wishes to modify or expand upon the code. It is widely used and relatively easy to access and modify.  Because its open source, programmers have developed design themes that your can purchase to quickly implement and website with a nice design. They have also developed add-ons for the websites called plugins, so that depending on what features you want to create on your website, you can pick and choose plugins to install without having to program the features yourself. Many templates and plugins are free, which can be very cost-effective.

But, here are some of the nightmares that I’ve seen:

1. Because WordPress is open source, it can be hacked.

But, you say, “I’m a small business, and I don’t do sales transactions on my site. Why would someone hack my my site?

Because! (Really, some hackers hack WordPress sites just because it’s there.) Some hack sites so that they can install malware or use the site to conduct attacks on other sites or programs.

This became really clear to me in 2011 when a web developer casually mentioned he had noticed some malware on a client’s WordPress site and removed it.

Me: “Whaaaaat?

All businesses could be hurt by malware inserted into their website, but in particular, this was a business for which reputation was critical!  There are standard security procedures and tools you can implement to help prevent this, and regular reviews of your WordPress site for malware and hacks are a must.

Since I originally wrote this post, I had to work with a web developer and with Google to help a client get malware removed from their hacked site. The site had been hosted on a legacy hosting service that had some security holes, and there is a possibility that the client’s network was not secured against hackers. We had done a good job of optimizing content for this client and getting them found online, so it was disappointing when we had to take time out to remove malware and resubmit it for review by Google. I learned in this process that there are new ways to secure a WordPress installation from hackers, and I’m sure the methods and tools continue to evolve.

2. WordPress templates or plugins can result in a bad website.

There are good templates and plugins and bad ones. Don’t buy a bad template or plugin! Have an experienced WordPress programmer evaluate it first. Check to make sure the author does regular updates. This is one reason you may want to buy your template instead of using a free one. At least with a paid template, it is more likely that there is someone with “financial skin-in-the-game” (e.g. someone who is incentivized) who will maintain it properly.

I learned from my WordPress web developer that when they download templates, they have seen that some WordPress template creators load in a bunch of plugins, which they don’t disclose before you purchase. Even if you do research on the template, now you have the plugins on your server, and you may not know who created them or if they are maintained.

I’ve run into some businesses that updated their site in the last couple of years but are still using a non-responsive template. A responsive template automatically adjusts for whatever device (desktop computer, tablet or phone) is used to view the site. Google announced that sites that are non-responsive will not rank well in the search results well in advance of making the change in April 2015. It’s a shame to invest money in a new site or site update and not have it responsive, when Google pre-announced the change to give everyone time to update their site – something Google rarely or never does! Before you choose a template, make sure it has all the features that are necessary to perform well for visitors and with the search engines.

I have worked on client websites that were set up incorrectly. Sometimes the templates are modified, and if the site was not set up properly,  installing an update to the template (critical to plug possible security holes) wipes out the modifications. In one case, a business’s home page was heavily modified so that the client could not edit the content, and our team could not optimize it for the search engines. Graphics were not the correct resolution and load slowly. If websites are not set up with the proper security measures in place, and they get hacked.

3. There is a wide range of quality when it comes to WordPress development.

Today, almost anyone can say they are a web developer, create a website, create graphics and optimize the site for the search engines. Graphic designers create websites. Web developers create graphics and provide search engine optimization (SEO). Heck, I even created a very simple site for a client (they begged me). But, does the SEO that was done get results? Is the site really secure from hackers? Are the images and graphics designed and optimized for the web? Does the site have loads of plugins and widgets that slow down the performance (another factor Google takes into consideration when it evaluates websites for search results).

Some really successful traditional, print-oriented graphic designers do not understand how to create graphics for the web. Some graphic designers and some web developers do not keep up with the ever-changing SEO techniques. Programmers are not always good web developers and some are not experienced in WordPress. And, now that content marketing and social media make a difference in how a website gets found in searches, there are also many web developers and graphic designers don’t know how to integrate this into a WordPress (or any) website.

This was not a blog post written to bash web developers, programmers and graphic designers. For me, the last few years of working on WordPress websites have taught me is that there are many aspects of a website that need an experienced professional.  There are talented professionals out there that create good, optimized, well-performing websites. But, unfortunately, there are also a lot of bad WordPress website creators. They may not even know what they don’t know. If you, the website owner, doesn’t know what to look for when buying web development services, you may end up with a website that’s very, very scary.

If you need a new website or wish to update your existing site, contact me at New Incite today. I provide written website creation or update plans that include the design, security, marketing and technology details you need. I  have reviewed proposals for websites and social media projects and consulted with businesses to help them choose the best provider. I continue to work hard to continue to identify and work with the good guys and gals – designers and developers who create great websites that generate results.

Photo by David Goerhing on Flickr. Some Rights Reserved.


{ 2 comments… read them below or add one }

Gee Ranasinha October 31, 2015 at 1:47 am

“…Google announced this early this year and said sites that are non-responsive will not rank well in the search results.”

This isn’t entirely accurate. Google’s edict is based on the ‘mobile-friendliness’ of a site. You can read Google’s original announcement at https://googlewebmastercentral.blogspot.fr/2015/02/finding-more-mobile-friendly-search.html

1) Building a site on a responsive framework does not guarantee that Google will deem the site ‘mobile-friendly’. For example if you have Flash elements in your site, if font sizes are set too small (anything under 16 CSS pixels) or if touch elements are set too close (should be at least 32 CSS pixels apart) Google will deem the site to be not ‘mobile-friendly’.

2) There are ways to create a website as mobile-friendly in Google’s eyes that do not rely on using a responsive framework, such as using an ‘adaptive’ design, or by have a separate mobile-specific site. You can even have a website that mixes all three together. Google supports all three positions equally.

3) The change concerns searches from mobile devices only. The ranking position for a non mobile-friendly site will be the same if the search is conducted from a non-mobile device.

Your readers might be interested to know more at https://kexino.com/marketing/mobile-friendly-website-impacts-seo/

Jennifer Beever November 6, 2015 at 9:04 am

Thanks, Gee, your points are good ones. A responsive template may not solve the problem of displaying well on mobile devices if things like font size and buttons don’t display or work well on mobile.

Leave a Comment

Previous post: