At iTCHYROBOT, we have been developing and hosting WordPress themes and plugins for over a decade now. Our skilled team has provided solutions for a wide range of clients implementing high transaction e-commerce to brochure-based websites.
Over the years, we have transferred a number of websites to our care and this has lead us to notice trends and commonality in the issues we are asked to address by clients.
Our top bug bears revolve around security. With more and more cyberattacks and scams floating around the internet than ever, security should be top of your priority list. However, many people don’t take small, initial steps to improve their site’s security. So, the first three errors are quite basic and often come down to clients ignoring advice their webmaster probably gave them!
- Stop using the default Admin account
- Stop using the wp database table prefix
- Changing the security keys in the wp-config file
- Implement rate limiting on logins (All in one Security Plugin or Wordfence Plugin)
- Or better and as well as point 4 implement Multi-Factor Authentication
These are the basics you can achieve by yourself and of course with server level access we go a lot further with malware scanning, antivirus scanning, rules banning and blocking site access if activated and more.
Leaving default settings makes it much easier for naferious types to compromise your website as this information is common knowledge on the internet for anyone with a vague interest in hacking. However, if you’re not too website-savvy, these things are likely beyond your ability or knowledge to change.
The next common errors affect performance. Whether it’s users being driven away by your slow website, or staff being frustrated when trying to make changes to the backend of the site, poor performance can be a death knell.
- Not using the blocks builder and instead opting for a page builder that bloats and slows your website.
- Continuing from the previous point is installing a load of plugins to improve caching and performance for your bloated page builder! Page builders often come bundled with plugins. If you see that they include one to help performance, it’s likely to try and counteract the decrease in speed that the builder causes.
- Installing plugins that do the same job. We often get shown sites where the client says they’re too slow. When we analyse the sites they have often have multiple plugins designed to do the same thing, or countless plugins installed to try and fix issues with performance etc.
Don’t get us wrong, page builders can help you get jobs done and the layouts you wish but think of all the features in Microsoft Word. How many do you acutally use! When it comes to the web less is more. A lot of the after market page builders come with page level configuration allowing you to define the items that are loaded per page. But in reality most people install them to achieve an end goal and stick with the default values. Not good for performance or in some cases security.
Last set is related to housekeeping. Just like a car, websites need regular maintenance to keep running properly.
- If you insist on having loads of plugins, at least make sure they are kept up to date. Updates often include new security features that help to prevent cyberattacks.
- Have a load of deactivated old plugins and themes that you are not using – delete them!
- When clients wish to improve performance, remember – you get what you pay for! If you pay £2.99 per month for shared hosting located in a distant land – the chances are that your non-optimised hosted environment is the single biggest issue affecting your website speed. Choose decent hosting with excellent support for best results. This is a critical element for speed and security so don’t skimp out. Remember if you are located in country A and you put your website in Country B it has to travel all the way over wires to get to you. Put it close to your audience and choose a specialist provider with a reliable service record.
- Last of all is all down to Sod’s Law – if it can go wrong, at some point it will! It’s how you recover that counts and backups are key. Not all backup solutions are equal and MUST be based on your needs. If you run a very busy ecommerce website, then losing a day of data and orders could be catastrophic so a single daily backup likely is not going to cut it. We have noticed a trend on hosting providers charging for backups and clients not selecting the option as everything is good just now. Our hosting setup uses advanced solutions to ensure that optimal recovery points are always available on the unfortunate off-chance that they’re required one day.
How We Do It
In the categories above, all the issues are addressed and managed by iTCHYROBOT technical staff for our customers. We have collectively 40+ years in developing hosting environments, building websites and are now focused on supporting WordPress sites.
Stringent Security Measures
Our systems come with a range of security levels. There are gateway firewalls and intrusion detection systems which trigger before even getting to the hosting servers. Then on servers themselves, we have Firewalls, Antivirus, Malware Detection, and automatic banning of access based on stringent rules.
At WordPress level, we operate some core plugins that protect, monitor, and report login and other actions performed on the website. These are reported to the server logs, where rulesets dynamically configure firewall actions which gradually restrict down to outrightly blocking user access for the most severe misdemeanours.
By building layers and depth in our security we are able to protect our client’s website, data and their businesses.
Also within this camp is the basics of the admin account and WordPress configuration. Your site is setup by iTCHYROBOT techs (humans) not bots and follows our deployment procedures. We have been doing this a long time and are good at what we do. We have our own login system for our sites which works off email verification, rather than passwords, eliminating one of the weakest links for security.
When it comes to performance, we use top quality hosting environments and can provide plenty of advice and options for optimising your website. This is what we do and why we have retained the majority or our clients over the years.
Throughout our existence, we have inherited many WordPress websites from companies that specialise in PPC or SEO, rather than being dedicated website developers. These companies often take on website builds and produce something nice using lots of plugins and free themes, but that hits a glass ceiling at a point in time with most businesses. We understand our limits and create fantastic websites which can then be marketed by PPC or SEO companies that we work alongside. We know our limits and we don’t do PPC or SEO. Like our services there are experts who know way more than us so we will point you in the right direction. They know the nuances and intricacies of search engines down to the wonderful code names of new Google algorithms. We know the nuances of webservers, database optimization, replication and code and optimization and improvements.
The same is also true for accessing security. We can expertly review code and secure it against a range of issues, but even highly skilled developers need to be audited. We have great relationships with external security testers who are dedicated experts in picking holes in systems and we would rather know about these so we can fix them before they become an issue.
Client Training & Upskilling
Housekeeping and updating is something of an essential task. Lots of clients do not want to pay for monthly support and want to update the site themselves – this initial enthusiasm often wanes over time and the skills of a single person does not match that of a team. At iTCHYROBOT, we are the sum of our people and we love to share our skills.
What we have noticed over the years is that by sharing our knowledge with clients and providing free training for our VIP clients, they stay more engaged in updating their websites. Clients love to be creative, and in our training, we cover image editing & optimization, WordPress editing (fundamentals to advanced), marketing lead generation and data capture & handling mail workflows to support business goals.
Having access to expert developers, marketing professionals and digital media producers means we can support and advise on how to bring your ideas to life. WHY DO IT ALONE? Have the iTCHYROBOT team as a digital and marketing extension to your school and we will see you in our afternoon online training sessions. These sessions are lead by the team who build your website and who you will see out there at events and meetings.
We know our lane very well is what we’re saying, and we know that by sticking to it, we can continue to provide a top quality service. If you would like your WordPress site to be handled and managed by experts, get in touch.