The most popular Content Management Systems (CMS) as we know them now have been developed during the last decade to allow the layperson to quickly build, edit, and modify websites. The most prominent of them – WordPress – was initially designed to fill the custom content in the predetermined spaces in the theme layout. Since its release a decade ago, WordPress becomes more sophisticated. In 2020, Elementor Pro page builder had changed the game by providing the Theme Builder for developing dynamic and fully customisable WordPress sites, so they don’t look like just “another clone”. However, with each release of Elementor, the Google Mobile Page Speed Score for websites built with Elementor Pro continuously falls. The development team of Elementor derailed by focusing on extra functionality at the expense of performance for websites. Some web designers are adopting a newer page building tool, based on the Kadence Theme and Kadence Blocks, to recreate Elementor website designs. Kadence is a simple, easy-to-use platform that works great on mobile devices because it loads the jQuery library only when needed.
How secure are WordPress websites?
Small businesses generally don’t have the security of their websites high enough on the priority list until the first successful attack. Unfortunately, hacks are a reality, and their malicious nature can turn a successful website into a nightmare in seconds. Sadly, that is a consequence of the popularity and simplicity of using WordPress among the public, especially if combined with a free-to-use but highly vulnerable WooCommerce plugin.
When the attack is successful, there will most likely be data breach concerns, privacy issues, customers’ notifications, and government authorities’ reporting. It is not just a small hassle.
WebWhim had recently served a client whose brochure/WooCommerce website became very slow – about 25 seconds to open a page on a desktop device. After investigation, we identified that the client’s website was hacked at least four years ago and used as a farm for keeping a massive amount of backlinks by the blackhat SEO intruder. The size of the client’s database grew out of control to 15GB (with the typical limit of 1Gb for WordPress databases), adding every 3 minutes for the last four years a backlink and a related descriptive text.
The good news is that we had managed to remove malware using WordFence. The bad news is that a hosting provider did not automatically notify a client that his database exceeded the size limit. There is no way to back up a database of this size using any regular tools or backup plugin. Without a backup, there is a significant risk to lose the whole website during the cleaning procedure with WP-Optimize or a similar tool. The time was ticking. Therefore the only solution that remained was to recreate this website anew manually, host it with a different provider, and add another security level – we had chosen WordFence.
This action alone improved website download time tenfold from 25 to 2.0 seconds. The client is now running his website in a much more secure environment. Nevertheless, the website is never safe if there is no routine security maintenance in place. The number of attacks on the client website is still very high and quite persistent – about one attempt per 30 minutes from the different IP addresses each day after the move. Fortunately, so far, the hoster and the Wordfence plugin are doing their job of blocking the hackers.
The next step will be to replace the WooCommerce plugin with Ecwid Ecommerce Shopping Cart, move DNS hosting to Cloudflare, and add a scheduled weekly cleanup of the database.
To WordPress, or not to WordPress? That is the question.
If you are happy to follow a template-driven website design, you might be better off with an alternative platform like Weebly. It is a close-code platform optimised for a much faster upload speed than the typical WordPress theme-based website. However, the WordPress platform gives an advanced designer the power to develop any layout with a page builder without coding.