In this article, we would like to share our experience, which confirms our important rule “to be in touch”. Any professional and decent marketer goes through any project, going through a lot of things, from getting to know the niche and product to understand how the client will search and who they are, to the technical side: website audit, usability, and health.
It is the security of the site that will be the focus of our story. Remember: a website is not an autonomous organism that works forever. You need to make frequent updates to your site, especially if it is WordPress with many plugins. Do not forget about competitors who can organize an attack or buy links from malicious (black hat) sites during the season.
Our case with problems on the WordPress site
The WordPress website engine itself is perhaps the most widely used in the world and, thanks to many plugins, is already suitable for any project: from blogs to e-commerce. But it is important to understand that WordPress itself needs to be updated regularly, and plugins should be installed only with a good rating and preferably paid.
This is exactly the kind of website our client had that was attacked. At the same time, it could have been avoided:
- They noticed that some plugins were not updating. Everything was crashing and the site was down.
- The new version of WordPress could not be updated due to a plugin conflict.
- We noticed a spike in clicks in one day. From 50 to 500 clicks in almost an hour.
Why wasn't anything updated on the website?
The reason, as always, is the most common: there was a developer, there was a CM, they built the site, maintained and updated it for some time, and did something additional. Over time, people began to move away from the processes, and the site went downstream without control, falling to other specialists.
Then, the site fell into our hands and after a short period of cooperation and the customer’s technical specifications for editing products, categories, or simply correcting the number in the footer, we already realized that easy tasks could not be solved due to plugin incompatibility. The site was assembled by one person from different parts that only he could make friends with each other, but it was a matter of time.
We immediately realized the problem and every month we highlighted the need to redesign the site. It was necessary to redo it, because it was physically impossible to understand the thoughts of the previous developer. There was no documentation, no comments, no communication with him.
The client did not want to change anything and pay for it. And then…
How the problem was solved:
- The first thing we did was to scan the site for viruses – none were found.
- We checked for unexplained folders on the site and found a large number of them. Everything was removed.
- We agreed to completely redesign the site, since deleting folders and files could cause the site to work incorrectly. It took a long time to figure out what a folder could be responsible for. We updated WordPress and all plugins.
- Search Console did not show anything critical, except for a surge in indexed, automatically generated pages. We closed it for the index.
- Search Console found a huge number of external links from bad sites. Everything was sent for rejection.
Conclusions:
In case of a change of team or developer, ask for documentation, all accesses, and a short guide on where to go to put out a fire. Ideally, if your business is running and your website is important to you, budget developer hours to pay for the maintenance of the resource. This may be a minimal amount of time, but it is important so that you don’t spend money on creating a new site later.
Keep track of all metrics – this is more for the marketer. But a professional will see the signals, maybe not immediately understand where to run, but will definitely keep the issue in focus. Don’t forget about website security and install protection systems against attacks.