Wordpress info for website owners

Now that your website has been professionally designed, developed and handed over safely into your hands there are a few common things you may want to do yourself on the backend. Finding the right place in WordPress to make these changes is described below under basics. There are also some issues around security and maintenance and you should consider how you will handle these. There are some links with further reading at the end of this page to point you in the right direction with more advanced editing of your website appearance and content. If you are unsure about any of this it is better to get in touch with us to assist with maintenance and advanced changes.

Wordpress basic website editing

Wordpress is a Content Management System (CMS). This means that instead of the information for each page on the website being hardcoded into a file that is only editable by a developer using a specialised programming inferface; there is an admin panel that you can log into yourself with a more basic interface where you can change the content and settings for the site. There are thousands of CMS platforms on the market, WordPress is the leader because it is powerful and the easy to use. It is used by more websites than any other and is supported and improved constantly by a huge community of professionals.

WordPress has become a very sophisticated tool with almost endless capabilities to meet some quite complex demands. Developers are constantly bringing the most up-to-date development and design techniques to WordPress through powerful Themes and Plugins. It is the leading CMS (Content Management System) on this planet and it is also the most user-friendly. With a few pointers you should be able to make basic changes and updates to the website on your own.

You will access your WordPress dashboard by visiting the admin link provided to you by email together with the username and password for WordPress. The WordPress Admin Panel link is usually something like: “http://mywebsite.com/wp-admin”. Please be aware that we install a basic security plugin on all of the sites we develop, so if you get your password wrong too many times you will be locked out temporarily.

It is helpful to login to the Dashboard in a new tab and keep the frontend of your website open in a separate tab. Once you have successfully logged into the dashboard, you can then go back to the frontend of the website and refresh the page, you will then have a thin admin strip at the top of the page. This admin strip has an “Edit Page”/”Edit Post”/”Edit Product” link on it (depending on the page you are viewing on the site) which is a handy way to get to just the right place to edit that item each time in WordPress.

Login to your WordPress dashboard by going to: “http://mywebsite.com/wp-admin” and entering the WordPress username and password supplied.

Once you are successfully logged into the Dashboard you will see a screen like the image below, with a menu down the left hand side of the page. Near the top of the list is “Pages”. You can choose to either see a list of “All Pages” that exist already, or to “Add new”.
Wordpress Edit Page

You can then either choose to add a new page or select an existing page you want to make changes to by clicking on the name of the page in the page list. You will then see the page editor. You can enter/change the page title and below this there is a content editor where you can edit the content of the page. Most of the sites we build include a drag-and-drop content layout editor. You can drag in columns and various types of content and layout structures easliy (see screen grab below).
Drag-and-drop content builder for WordPress

Once you have added or changed the text and images that you need you must scroll up to the top right hand side of the page and click on the big blue “Update” button to save your changes and make them live on your website. Note: if you are adding a new page this button will say “Publish” instead of “Update”.

Pages work exactly the same way as posts on WordPress except that posts are pulled through into the blog feed and pages must be added to your menu or linked to from somewhere else on the site so that people can find them.

Login to your WordPress dashboard by going to: “http://mywebsite.com/wp-admin” and entering the WordPress username and password supplied.

Once you are successfully logged into the Dashboard you will see a screen like the image below, with menu down the left hand side of the page. Near the top of the list is “Posts”. You can choose to either see a list of “All Posts” that exist already, or to “Add new”. You can also add/edit the categories of posts that you have. This all works exactly the same as editing pages on WordPress except that posts are pulled through into the blog feed.
Wordpress Edit Post

You can then either choose to add a new post or select an existing post you want to make changes to by clicking on the name of the post in the posts list. You will then see the page editor. You can enter/change the post title and below this there is a content editor where you can edit the content of the post. Most of the sites we build include a drag-and-drop content layout editor. You can drag in columns and various types of content and layout structures easliy (see screen grab below).
Drag-and-drop content builder for WordPress

Once you have added or changed the text  and images that you need you must scroll up to the top right hand side of the page and click on the big blue “Update” button to save your changes and make them live on your website. Note: if you are adding a new post this button will say “Publish” instead of “Update”.

Orders are created when a customer completes the checkout process and are visible by Admin and Shop Manager users only. You will receive a notification email when an order is placed on the website.

To process your orders login to your WordPress dashboard by going to: “http://mywebsite.com/wp-admin” and entering the WordPress username and password supplied.

Once you are successfully logged into the Dashboard you will see a screen like the image below, with a menu down the left hand side of the page. Near the middle of the list is “Woocommerce”. You can either click on “Woocommerce” or mouse over it and select “orders” both actions will take you to the order summary, which looks like the example below.

Managing orders in Woocommerce for WordPress

More details on managing orders in Woocommerce are available here: https://docs.woothemes.com/document/managing-orders/

Login to your WordPress dashboard by going to: “http://mywebsite.com/wp-admin” and entering the WordPress username and password supplied.

Once you are successfully logged into the Dashboard you will see a screen like the image below, with menu down the left hand side of the page. Near the middle of the list you will see “Woocommerce” (full of settings you should probably not touch) and then “Products”. Under “Products” you can choose to either see a list of “Products” that exist already, or to “Add Product”. You can also edit the “Categories” of products that you have.

Add Product in Woocommerce for WordPress
You can then either choose to add a new product or select an existing product you want to make changes to by clicking on the name of the product in the product list.

Because products have a lot of settings that you need to get right, the recommended way to add a new product is to duplicate an existing one that we have set up for you rather than starting from scratch. We will have added a plugin that allows you to duplicate an existing product from the list of products and then edit it from there, or at least copy the setup of an existing product the first time you do this.

On each product page there is a section for “Product Data” when you scroll down below the content area. This is where you will setup important things like the price and stock levels.

product settings

Once you have added or changed the product details you must scroll up to the top right hand side of the page and click on the big blue “Update” button to save your changes and make them live on your website. Note: if you are adding a new product this button will say “Publish” instead of “Update”. Note: if you have inventory management active and have none in stock the product may not show on the site, or will show as out of stock.

For more advanced editing and details about variable products please see the links section below.

Yoast is the leading SEO (Search Engine Optimisation) plugin for WordPress and it is currently only available for WordPress. In a nutshell what this plugin does once it is setup is check and then tell you in plain language what you must improve on a page to optimise it for Search Engines. This does not guarantee you that your page will rank on page one in Google (that requires ongoing work that includes regularly publishing unique, relevant content to your website and sharing it on Social Media.

All you need to do to make Yoast show you the way is fill in a “focus keyword” for the page.
Login to your WordPress dashboard by going to: “http://mywebsite.com/wp-admin” and entering the WordPress username and password supplied. Once you are successfully logged into the Dashboard go to the page or post you want to work on as described above.

Scroll down below the page title and content area and you will see the page settings for “WordPress SEO by Yoast”. Fill in a Focus Keyword for the page. The Focus Keyword can be a phrase with multiple words, but it is just one phrase like “buy shoes online” or “winter festival in london 2014”, you CANNOT have a comma separated list with multiple phrases.

Once you have filled in the Focus Keyword (phrase) update the page and then scroll back down to the Yoast page settings or click Check SEO to see the recommended improvements. You will probably see straight away that Yoast wants you to do things like include the Focus Keyword in your Page Title and URL. It may also want you to make your content longer, more relevant or include the Focus Keyword in headings and paragraphs on the page.
yoast seo plugin for wordpress

When Yoast gives you a green light then you have done a good job of optimising that page for Search Engines. To attract visitors to your site organically via search engines you will need to rank well on many, many search terms and to do this you will have to add more original content to your site continuously. Remember you are not the only website out there that wants to rank on page one so you will need to create and share more relevant quality content that the competing sites do to out rank them.

Wordpress maintenance, security and traffic

Hackers attack websites for a number of reasons. Some do it to install malicious software that enables them to run scams that earn them money, and some just do it for amusement. Do people really do this? Yes and it is on the rise too. Google currently blacklists 10,000 websites a day via it’s safe browsing technology. A conservative estimate by Sucuri puts the number of hacked or infected sites at 9 million (1% of all websites in the world). The more people use computers and the internet the more profitable it becomes to exploit technology.

A default WordPress installation does not include any security measures to block or detect intrusions. At least a basic security plugin should be installed to block brute force attacks on your site. Depending on the nature of your site you may need some more advanced measures too.

Here are some of the common risks associated with being hacked (symptoms and consequences):
1. Blacklisting
When a website is blacklisted, a red warning page stops visitors to your website, or your search results might show a text warning. This happens whenever Google detects malware on your site. Not only is the loss of traffic devastating, but there is a risk that website visitors will not return after seeing your website has been compromised.
2. Spam
Hackers can use your website to distribute spam. There could be a file known as a “mailer” hidden on your website that sends emails from your domain. You might get a blackhat SEO infection that adds links and spammy keywords to your posts, advertising things like viagra, gambling and discount fashions.
3. Malicious Redirects
When a website is hacked, the attacker can force all your visitors to be redirected to another webpage. Unlike blacklisting, there is no warning telling your user that the website might be hacked. Similar to spam, redirects can be served conditionally to specific browsers or locations or mobile traffic only. Redirects are often used maliciously to steal traffic and attempt to gain search engine rankings, or earn affiliate commissions from sites (often porn or gambling sites) that pay for web traffic.
4. Drive-by-Downloads
Your businesses website may not be a valuable hacking target in itself, but the risk to your website involves the exploitation of your server resources or your visitors. One of the worst experiences for your visitors is to get a virus on their computer after they go to your website. Drive-by-downloads are maliciously installed on your visitors computers simply for viewing your page and the malicious code left by the hackers. This can lead to your visitors and customers having identity theft or ransomware installed on their computers.
5. Data Exfiltration
Data exfiltration is the act of taking information out of your web application that is unauthorised. The attacker is set on stealing the information your web application is storing.  This is of particular concern to web applications being used to support E-Commerce, in which web applications are processing credit card transactions and / or storing other Personal Identifiable Information (PII) for their customers.
6. Phishing
It’s the process in which an attacker looks to confuse the user into sharing their sensitive information. These often come in the form of emails, but can also be found in social media. While this is an attack on the end user, it’s a payload the attacker injects on web servers once they have access to the website. What’s most devastating about these payloads is that they are difficult to detect and most website owners never realise their web server is being used to trick people they’ve never met into sharing their sensitive information.

Hackers regularly find software vulnerabilities and then they can use scripts to find and exploit sites that have these vulnerabilities. Due of this, CMS Platforms like WordPress regularly release updates with security patches to close vulnerabilities. The updates for WordPress, as well as the Theme and Plugins used on your site need to be done regularly to keep the site as safe as possible. Some updates are more critical than others depending on the type of risk involved. Some updates are not security related and are done to add improvements to the functionality of the system.

Each time software updates are done there is a possibility that things on the site break, page layouts go funny or things stop working. A website needs to be checked thoroughly after updates are done and often small styling fixes must be done or methods changed to keep everything working. Updating the software is as easy as clicking a button. Resolving plugin conflicts or broken layouts caused by an update is not so straight forward. Most website owners will require professional help with this.

We offer maintenance packages on a monthly subscription plan which includes keeping the software up to date, maintaining backups and also allows you to request some ad hoc changes to content on the site.

Enquire about maintenance plans.

Read more about WordPress Security and Maintenance Releases.

If your site is successfully attacked the files or database are often compromised beyond repair and the site needs to be restored from a backup. Keeping everything up to date does not guarantee that you will not be targeted and hacked successfully. So it is important to maintain regular backups of your files and database. Most hosting companies keep a backup for you anyway, but this is generally only a file backup. A WordPress website CANNOT be restored without the database so you may need to have additional backup measures in place.

SSL Certificates are small data files that digitally bind a cryptographic key to an organisation’s details. When installed on a web server, it activates the padlock and the https protocol and allows secure connections from a web server to a browser. Typically, SSL is used to secure credit card transactions, data transfer and logins. More recently SSL is becoming the norm when securing browsing sessions on websites and social media.

Recently browsers have made a more obviously display in the address bar highlighting sites without SSL certificates so more users are aware of sites without SSL these days. Also search engines have begun to give preference to sites with SSL certificates. It is recommended to implement an SSL certificate on your website.

Websites do not collect useful analytics and traffic data about visitors by default. It is recommended to install website analytics to assist you with your planning and marketing activities. Google Analytics offers a free account, once this has been setup the tracking code can be installed on your website.

Wordpress advanced training and further reading

There are a wealth of resources available to help you learn the more advanced aspects of setting up and maintaining a WordPress website. Here are a few popular ones, there are many more to be found online:

https://learn.wordpress.com/

http://www.wpbeginner.com/

https://www.wp101.com/

http://www.lynda.com/WordPress-training-tutorials/330-0.html

It is important to use good quality images that present your business and products in the best possible way. If you are going to use Stock Images they need to be selected carefully so that your website remains unique and professional. Before loading images to your website they should be cropped appropriately and resized optimally for web and devices. This is a job for Photoshop. You can read more about how to do this here:
https://helpx.adobe.com/photoshop/using/resizing-image.html
https://helpx.adobe.com/photoshop/using/retouching-repairing-images.html