Website development has changed a lot, even in the last 5 years, and there are two major ways you can save money on your website. The first is re-using existing tools to get some great results; the second is keeping your site safe. Let me expand on these in the following article.
The first – using modular WordPress concepts
Web development is a continually changing area; ten years ago we were writing mainly HTML websites using Dreamweaver. Now, most website development is done using intelligent website systems, called Content Management Systems (usually known as “CMS”es).
One of the really cool developments is that surprisingly good results can be achieved by combining modules from these systems. The most popular CMS in the world at the moment is WordPress, with estimates ranging from 30% to 60% of websites, meaning roughly 74 million users worldwide. WordPress’s nearest competition, Joomla, cracks from 2% to 14% of users, depending on the country and survey methodology. With these figures, whatever the methods used to derive them, it’s pretty clear that WordPress owns the website development industry now and thus there are real advantages to using it as an established standard, including ready access to affordable developers and access to a massive amount of free or affordable software. WordPress itself is “open source” software, which means it is provided for free. What you pay for is the knowledge and expertise of developers in getting it setup, plus the hosting service which makes it visible on the internet.
This cheap or free software is the key to reasonably priced development for most small business. One can simply pick up an existing theme (themes are software modules that provide the look-and-feel of the website), and add some quality software modules to do the things you need to take care of, and you have a running site providing often very advanced functionality. If it’s possible to use existing modules without customization, you can get some very good results for a lot less than you’d expect.
The modular system behind WordPress is built on two main concepts – plugins and themes. WordPress Themes allow you to choose a pre-built look and style for your website and are often excellent and well beyond what your own team could affordably achieve. You can source a theme that would cost you $10,000 to develop yourself for $50 and essentially use it as leverage to achieve an impressive and professional look at a fraction of the investment – something that is always attractive to a small business. The trap though? Be aware, that as it is free to publish a WordPress theme, quality varies enormously from stunning to terrible; we find it best to use paid themes to get a professional look while staying secure. Our favourites at the moment are Genesis and Divi – Genesis is fast and secure, but a little harder to configure; Divi is easier to change but not as lean and fast. There are many excellent options other than these.
Plugins is the term used to describe WordPress modules, many of which are free or inexpensive (sub-$50AUD). With over 54,000 published plugins listed on the free wordpress.org site, these cover almost any area you can think of, from improving Google ranking (termed “SEO”) through eCommerce, forms, mailing lists, security, and making your site run faster. Plugins are installed through WordPress itself in only a few clicks, taken from their library, or from a downloaded zip file.
One of the really nice things about WordPress is that it evolves constantly. For instance, if there is a weak point for hacking, they fix it very quickly – sometimes overnight. The downside of the evolution process is that, on rare occasion, they do make incompatible changes or that require some understanding from users – an example is the Gutenberg editor, a complete change to the way website pages are updated which was released in Nov-Dec 2018. Either way, in two to three years you’ll find that your site will keep pace with technology changes and ultimately that is a good thing!
Part of the real trick here, as mentioned, is making sure that your themes and plugins are quality, and that’s something that’s not always obvious to a non-developer. As a quick rule of thumb, I look for regular updates, good documentation, a wide user base, and good reviews and buzz about the product. A bad theme will always work well when you first install it, but it can fall apart over time, and free themes often contain website malware of various sorts. Most of the really amazing plugins do cost something, or have both a free and professional version.
A few specialized notes
Membership plugins: these can be a lot more complex than you’d initially think. Be aware that membership needs can be subtly complex. Having said that, for basic “out of the box” needs there are many viable solutions available now.
eCommerce: The runaway leader in the area of WordPress eCommerce is the excellent WooCommerce. Estimated to have 3 million active sites, WooCommerce impressively powers around 22% of all eCommerce sites. Easier to use than Magento, it’s probably a better option for getting started these days. WooCommerce tends to be more popular with starting or smaller sites.
Security: we love the Wordfence plugin, our favourite part being that it is the only security plugin we’re aware of that can go through your entire site and check it hasn’t been hacked.
Performance: with Google now checking site speed, we’ve also fallen in love with the amazing new performance plugin, WP Rocket. You can basically drop it into a site and it will just work – the other performance plugins need a lot of fiddling to get right and can be unreliable. Rocket can reduce site load time from seconds to 200ms just through being installed and activated.
The second – keeping your site secure and safe
A lot can happen to attack your site, or to steal or damage your data, so this part is more about not having to spend large amounts of money on your site at the last minute, in emergency situations. A small amount of work done when you set up your site can literally save you from a nightmare down the track. The problem here is simply that it can cost a lot more to rescue your site in a crisis than it does to put in place the right things to keep you safe. It’s not unusual for an emergency rescue to cost $1000 or more, especially if you don’t have good backups.
For years, hackers have conducted a weaponized arms race with security and hosting providers. Every time the bad guys come up with a new trick, the good guys work out how to catch them; and then the bad guys work out a way around it. The bad guys literally have rooms full of computers all running the latest anti-virus software and they use those to make sure their tricks don’t get stopped by even recent anti-virus. The point here is that the bad guys are constantly evolving and getting better; it’s no longer enough to look for spelling mistakes in an email as a clue to trustworthiness. A good base rule here is never to click a link in an email or message unless you’re sure you know who it comes from, and that they actually sent it.
Why do the bad guys even hack websites? The background is that, back in the day, viruses used to be caught by putting an infected floppy disk (!) or USB drive in your computer. With the growth of the cloud, few people use these any more, and so hackers have had to move their hacking into the web arena to get onto new victims. What they do is to either email you a link, or infect a website you visit. When you click the link or visit the website, they try a series of tricks to try to take over your web browser. If you’re up to date, you’ll be OK, and as a second layer, if you have good anti-virus, that could trap the attempt and save you.
So as a website owner, the bad guys are trying harder than ever to get into your stuff and to use your website to hack other people and spread their viruses in the only way now possible. You can imagine what it does to your business when people visit your website and an anti-virus warning – or worse, Google blocking page pops up! Or worse still, if they get infected by your site and find out.
There are also many things that can eat much of your website and cause you to lose all your work – from mistakes made by hosts or web people working for you, through to not having good backups. A little bit of extra care here can prevent you having a horror story which can vary from many wasted hours recovering through total business loss.
The most important from a website point of view, is hardening your website to make it resistant to attack. There are a number of tricks here that act like armour for your site which we really encourage you to take, before you have problems. Probably the key is keeping your site updates current, but there are a number of other useful tricks. For those with the skills, we’ve written earlier articles about it, which provide good free information on steps involved in this. For those who’d rather have an expert do it, we provide an inexpensive hardening service that removes many points of entry and makes it much less likely that your site will ever be hacked (ask us for info).
The second most important is making sure you have good automated website backups; automated so you don’t have to remember, and done in such a way that they are separate from your server, so that if the server dies you do have a separate copy of your site. This also serves to protect you really well against comprehensive site hacking, as your web people can simply restore a recent backup. Also, if you have a major investment in your website, you should do offline backups regularly – make a backup then ensure it stays completely disconnected from everything.
There are many other security and reliability concerns these days; “crypto” attacks being amongst the worst. A crypto attack will encrypt your entire office using a serious of deviously smart hacks and checks; and the potential for losing everything is huge even if you do pay the ransom (which can be not inconsiderable). Even having stuff in the cloud is no longer sufficient protection. We’ve written separately about these, but at the end of the day you should make sure you have some offline backups at least, and that you train your staff to be both alert and very careful, and have up to date anti-virus protection.
While there are many other concerns, this article is intended to only list some key issues, in the hope that we can save you some money down the track.
Some simple preventative steps can save you a lot of money; hardening your website and making sure you have good off-site backups being key parts of that.
If you are into doing some site reliability work yourself, you’re welcome to check out our previous articles. If you’d like some help from the experts, get in touch. We can also help you save some money building a professionally-styled site with WordPress modular systems, if that’s what your current need is.