WordPress Experiences — That’s What Every User Should Know

6 min readApr 3, 2021

Web Design Service Los Angeles Brings a user experience in front of you. Use the described WordPress experiences and recommendations to build up and protect your WordPress system better.

Within a week I had three WordPress experiences that surprised me a bit. I actually came across three hacked WordPress sites from new LinkedIn contacts. The owners obviously didn’t know anything about their misery. Was that just a coincidence or what actually promotes such hacks?

How is your WordPress experience in general?

I went looking for clues once and tapped various sources on the subject of security. Among other things, I also asked developers and web design service Los Angeles how they rate the security of a WordPress system. I would also be very interested in your WordPress experience and your point of view, and I think many other readers too. Feel free to write your experiences in the comments.

First of all — this is not supposed to be WordPress bashing. From my point of view, WordPress is solid software that serves many people well. However, I also ask myself critically, to what extent the WordPress software designed for blogging, for example, can still serve the current digital challenges of companies?

From my point of view, the crucial questions for today’s corporate requirements regarding a CMS or WordPress system are:

· To what extent does WordPress support me in achieving my goals in online marketing, online sales, and online service?

· How cost and time-saving does the software enable me to reach my goals?

· How many additional developments and follow-up expenses will we have to deal with?

Only a small part of it is probably the WordPress experiences that I was allowed to make by chance, but system security is of fundamental importance!

How the WordPress site hacks made themselves felt?

What surprised me about my present cases was that two out of three operators were software-savvy people from the online marketing sector and web design service, Los Angeles. So it can also affect experienced users. Or does it just hit them because they use and try more plugins, for example?

In the first and second cases, the hack was not directly visible on the website. I googled the company and surprisingly came across Asian characters in the search results.

Here the attack had obviously changed the website’s title and meta descriptions, among other things.

Since the changes had already reached Google, the WordPress system seems to have been infected for a while. Because depending on the relevance of the page, the Google crawler visits a website more or less often. Only then can Google add the change to the search index.

If you consider that the title of a page is extremely important for search engine optimization and your own ranking, then you as the site operator can suffer considerable damage from the loss of visitors, for example in the form of lost sales.

Searchers will also hardly click on your “Asian entry” and your reputation as a company will suffer accordingly.

You can see the software company and website design and development services search hits on Google. I had googled specifically for the company name. I blacked out the company name.

The second case of the hack was similar to the one described above, only with the difference that it had been going unnoticed for a long time. Google also shows me the following message in the search hits:

“This website may have been hacked.”

The third hack was pretty obvious. Instead of the actual website, a dubious competition was displayed here. This could hardly have been in the interests of the affected online marketer. The competition was removed the next day.

So how do you get to know about website hacks if you are not a specialist yourself or if the hack is not obvious?

You might have recognized the first two cases in your website or marketing analyzes.

For example, if you see strange drops in your access rates, this could indicate a hack.

The start page of your website can also be a well-visited entry page. If this suddenly changes, this can also be an indication of a hack.

In general, you should always keep sudden changes on your website on your radar screen and take a closer look. Both positive and negative in nature.

For example, if you have received links to your website from dubious spam sites, this will have a negative impact on your search engine rankings. Linking websites would be important to know here and of course also outgoing links that have been planted in your website. These experiences are also elaborated by expert website design and development service providers.

A positive example is when you can see from which sources you are receiving visitors and whether these trigger a conversion. In this way, you can continuously optimize your marketing.

How do WordPress sites like to be hacked? What makes you vulnerable?

According to my research and experiences of website design and development service providers, there are three popular gateways to WordPress that hackers like to take advantage of. This is:

· The topicality of the WordPress installation

· The WordPress plugins used

· The WordPress theme used

Accordingly, you should keep at least the following points in mind:

· Like website design service LA, if you use a theme or a plugin that has not been programmed in a security-compliant manner, both the theme and each of these plugins represent a potential security risk. In the next heading, you will find links with which you can determine your WordPress components and carry out a security test.

Note: However, if you are only going to be using heavily used and updated plugins to keep your WordPress installation secure, how can you build your online marketing efficiently? From my point of view, the advantages of an all-in-one inbound marketing software then score points.

· Also, make sure that the theme and plugins are updated regularly. For example, if you update your WordPress installation but keep your plugins in an old version, this can lead to security gaps.

· It is also advisable to keep your PHP version up-to-date and supported. If the PHP version has expired, reported errors are no longer corrected, for example, and your WordPress system is potentially vulnerable at this point.

I compared the discontinued PHP versions with the PHP versions used by installed WordPress systems. As of today, around two thirds of the installations are on a PHP version that is no longer supported, reported by web design service Los Angeles:

· In addition to the PHP version, you should also keep the database used (usually MySQL, but also increasingly MariaDB) up to date. In this way, you reduce the possibility of potential attacks at this point. The supported versions of MySQL and for MariaDB can be found here: https://www.mysql.com/support/supportedplatforms/database.html and https://mariadb.org/about/

· Last but not least, the update also applies to your HTTP server as such, e.g. Apache or Nginx.

How do you quickly find out the status of your WordPress installation and whether it is susceptible to attacks?

If you have access to your WordPress installation, you will find some of the most important information under Website status. Here you can also easily see the PHP version.

If you do not have WordPress access or you are interested in other websites, you can use the following test or also ask website design service LA to help you with it:

· With https://builtwith.com/ you get a quick overview of the technologies used on a website and, for example, the plugins used in a WordPress installation

· With https://whatwpthemeisthat.com/ you can determine the WordPress theme used on a website. Check further, for example, whether the developer updates the theme regularly.

· With https://sitecheck.sucuri.net and https://pentest-tools.com/website-vulnerability-scanning/website-scanner# you can check your website according to different security criteria.

· Finally, under the following link, you will find the recommendations from the developers of WordPress which versions you should use at least: https://wordpress.org/about/requirements/

Update:

With one of the quick tests, I just found an infected page from Case 1 described above. The website’s pricing page is still infected — kind of absurd. Website design service LA, Visual Design Inc., helped me out in fixing those.