Many organizations choose WordPress for ease of use, readily available plugins, and quick launch. But beware: Those assets can turn into liabilities without thoughtful planning and ongoing technical management.
Northwoods helps numerous businesses develop and maintain WordPress sites. Experience tells us that business owners and managers must be able to answer six key questions about their sites.
1. What Version of WordPress do I have?
Let’s start simple and at the very beginning: Installation of the WordPress core application. Automattic, the company responsible for building and maintaining WordPress, updates the WordPress core on a routine basis.
Which version did you install? Which version are you running now? Is it the latest?
Don’t know? Go to WordPress.org. At the top of the Releases page, you’ll see this statement:
“This is an archive of every release we’ve done that we have a record of. None of these are safe to use, except the latest in the [x.y] series, which is actively maintained.”
They’re not kidding. Your site might seem to work just fine from the dashboard to the public pages. But the code running the environment might have gaps that leave the door open to bad actors or well-intentioned error.
2. What Version of PHP am I Using?
Let’s consider the underlying code running your website. Developers of WordPress and its plugins use the PHP scripting language. The PHP Development Team, the organization responsible for maintaining the scripting language, releases updates once or twice a year.
Like WordPress, PHP is open source and information about it is easy to find. For information on the latest version, visit this website. Like WordPress, only the latest few versions of PHP are supported. Go to this website to find the most updated list.
3. What Theme is Used on my Website?
The convenience of choosing and applying a theme to a WordPress website simplifies development. But don’t choose thoughtlessly.
The WordPress core comes with a set of basic themes out of the box. Most users find or build a theme to give their websites a more polished or custom look. Thousands are available, including page-builder themes that give website administrators complete control over the look of a website. Many themes have low or no license fees.
Among the things to consider when selecting a theme:
- Does the theme’s developer make routine updates that coincide with WordPress core and PHP updates?
- How do other users rank the theme? Is it well-received or panned?
An unstable theme could cause headaches when the WordPress core updates. Learn as much as you can about your theme.
4. How Many Plugins Does my Website Have?
WordPress-based websites expand functionality when owners “plug in” third-party applications. Developers, from large firms to individuals, design and create them. Most plugins have a low- or no-cost license.
Beware “shiny object syndrome.” Too many site owners succumb to a plugin frenzy and pile them up. This leads to maintenance and security issues.
Log into your WordPress dashboard and click on the Plugins section to see how many plugins you have.
How many are too many?
Small to Mid-Sized Website of General Content
- Fewer than 10 Plugins – Nice Job! You are efficient!
- Between 10 and 20 Plugins – You’re doing okay, but review to see whether you actually use all of them. Chances are, you could reduce your plugin dependency and rely more on built-in features from WordPress core or your theme.
- More than 20 Plugins – Pull back! In most cases, we find more than half of those plugins to be inactive or so obsolete that you’re begging to be hacked!
Large Content Website, Muti-Site, or E-Commerce Website
- Less than 15 plugins – A website of this size needs a lot of plugins to get up and running. Gold star!
- Between 15 and 30 plugins – Could be okay. This number depends on how big a website you have. Some websites need a fair number of plugins to get e-commerce right.
- More than 30 plugins – Yikes! The more plugins on your site, the more opportunity for plugin conflicts and vulnerabilities. Consider a plugin audit to determine if there are other efficiencies you can leverage.
5. When DID I LAST Update Plugins?
If the answer to this question is beyond a month ago, then your business is potentially at risk.
We’ve coined the term WordPress Mess for the condition of way too many plugins and way too old updates. This condition occurs because in-house site managers don’t understand the depth of maintenance needed to keep a WordPress website stable and secure, or maybe a previous vendor failed to provide ongoing support.
On the upside, the WordPress dashboard lists all the plugins that need to be updated. It also tells which version you have versus the latest available. These numbers tell you, very quickly, how far behind you are.
If you’re too far behind – say, years since your last WordPress website update -- a rebuild might make more sense than an update. Bring in a professional website developer to analyze and compare costs of an upgrade versus a rebuild.
6. Where is My Website Hosted?
This question goes beyond the name of the company that sells you server space. That company should adhere to best practices for your website. Seek the answer to these questions:
- Does your host offer separate development, staging, and production environments? In these environments, you can work on your website without affecting what the public sees.
- Does your host provide security certificates to protect your users? Transport Layer Security (TLS) or Secure Sockets Layer (SSL) are protocols that place a layer of security between your website and the user. Google also includes this as one of many items in its search algorithm.
In terms of host service and support, you get what you pay for. Hosts that cost a few dollars a month are not likely to provide great support or security.
A low-cost host might save a business money in the short term, but when a problem arises, that business will pay in lost revenue and in payments to a security vendor to fix the issues. Expect to pay $25 per month and up. This level of host for WordPress will provide greater support, will do more to secure their servers, and will keep your website speedy.
Your business is at risk if you cannot answer most of these questions confidently. Do your due diligence; figure out what’s running your website and how it works. Establish a plan to run routine updates, either through a vendor or via internal resources, and stick to that plan.
You don’t have time for all this? Then turn to a respected website developer.