WordPress Security & Maintenance

Securing & Maintaining Your WordPress Website Together

WordPress is one of the worlds most popular web platforms.  In fact, they estimate that 1/3 of ALL websites on the internet, is built on the WordPress CMS.  Whilst I’ve always built websites using a range of options, I increasingly find myself drawn to WordPress. 

However, WordPress sites are also the most targeted for malware, SQL Injections, spambots, viral attacks and more.  Their universal code spread over 30% of the internet means that unethical elements of the online community only need to write a programme to attack a site once and it’s suitable for all equal installations of WordPress.  There’s very little targeting in these attacks – think of it like a normal cold-and-flu virus.  It will simply bounce from one person or website, to the next it comes into contact with, infecting all who have weakest immunity.

WordPress are very good with keeping on top of these evolutions in malicious code though, and routinely bring out updates and security patches to keep websites safe.  The same can be said for the most popular elements of WordPress Plugins.  A plugin is an element built into WordPress to perform a specific function – some plugins are as complex as a shop, whereas others are very simple text buttons added.  The world of plugins is vast and deep, ranging from high-priced top-quality development work in action on millions of websites, down to poor quality and ineptly built cheap plugins.  Just like WordPress itself, credible developers bring out updates and security patches on a regular basis to defend your website.

So far, so good, right?  The WordPress community is targeted often (purely because of its visibility) but the frequent updates and patches from the core and credible plugins should continue to keep your site safe.  That’s entirely true – provided the malware doesn’t reach your website before the update.  However, websites are built on layers – thousands of them integrating with each other (think Tetris!). When one of those layers is updated, it affects all of those around and above it.  If one of your plugins is set to automatically update with a fault – your layers are as useful as a house of cards in a hurricane.  Even the most stable of updates on the WordPress platform can modify a layer one of your plugins uses, preventing them from integrating and working correctly.

Level One

secured from hosting
  • Automated cPanel Backups
  • Updates on Request
  • Captcha form and login protection
£20 p/m

Level Two

includes all from level one, plus:
  • Entry level versions of iTheme Security plugin

  • Entry level SSL
  • Protected login links
  • Updates implemented every 4 weeks
£42 p/m
Plus £45 setup if purchased without website

Level Three

includes all from level two, plus:
  • Professional level versions of iTheme Security plugin

  • GoDaddy SSL
  • Daily Malware Scanning
  • Google Blacklist monitoring and removal
  • Updates implemented every 4 weeks
  • Database & file optimisation every 4 weeks
  • Maintain Audit Logs
  • One hour of integration resolution
£59 p/m
Plus £45 setup if purchased without website

Level Four

includes all from level three, plus:
  • WAF malware prevention
  • CDN performance accelerator
  • Advanced DDoS mitigation
  • Daily Malware Scan
  • Advanced DDoS mitigation
  • Advanced DDoS mitigation
  • 2 hours of integration resolution
  • Updates implemented every 4 weeks
  • Database & file optimisation every 4 weeks
  • Staging site on request
£115 p/m
Plus £45 setup if purchased without website

Level Five

includes all from level four, plus:
  • 2-factor authentication logins
  • Premium DNS to prevent Domain Hijacking
  • 4 hours of update integration resolutions
  • Weekly updates
  • Weekly database & file optimisation
  • Uptime monitoring
£155 p/m
Plus £45 setup if purchased without website

What's your website worth?

Website security isn't just an issue of stopping the site going offline. Malware attacks frequently add content to sites as it's easier to do that edit existing content. How would your brand's reputation cope if there was pornography, credit-card fraud, or viagra ads on your site for two months before you noticed?

What's more, the site will constantly be scanned by Google and other search engines.  This can have your company linked permanently to whatever type of spam is advertised on your site, or worse can get your website blocked from search history - prevent users from visiting it, and send all your emails to spam.

It's so much more than going offline.  So how prepared are you?

This website page is constantly being updated and modified as we adjust to threats in the online community.  Keep checking.

Read more: ...

5 Ways Small Businesses Can Utilise April Fools

April Fools Day is a huge day for small businesses and marketers. If you’ve never really made the most of it in past years, now is the time to change that. With April Fools Day just around the corner, your business should be plotting how to utilise it and advance the interests of your business in doing so. Here are 5 ways in which your small business can utilise April Fools Day

 beer 2027412 640

  1. Have Some Fun with Stereotypes

If you know that there are certain stereotypes associated with your business or the industry you operate in, you can have some fun with these on April Fools Day. When you do something that’s over the top yet still kind of possible for a business like yours, you’ll make people laugh and get people talking; that only be a good thing from a marketing perspective, so embrace it.



  1. Introduce a (Fake) New Product or Idea

One idea that works well is creating a new product or idea that your business launches on April Fools Day. Of course, you won’t actually launch it but it can increase interest and get people talking before you launch a real product that you actually do want to sell to people. You get people’s attention with a comical, joke idea before unveiling a real product that you want them to buy.



  1. Find a Way to Go Viral

Getting your content picked up on social media can make a huge difference for your brand. When it goes viral and people start sharing it in huge numbers, suddenly a whole lot of people who had previously never heard of your company will know all about it. Use a trend and find a joke that really lands; it’s not easy but it certainly can be done.

april fool



  1. Let the Business’s Personality Come to the Fore

One of the things that matter most when coming up with an April Fools Day prank is letting your business’s personality come to the fore. This helps people to know your company better and feel more attached to it. People don’t feel loyal to companies that are bland and faceless, so show the human side of your business and don’t be afraid to show some personality.



  1. Aim to Surprise and Increase Engagement

When you surprise your audience, you drive engagement with your brand on social media platforms. Do something that people really won’t expect because that’s what gets people interacting and engaging. For small businesses trying to succeed in the Wild West of online digital marketing, more engagement is always helpful when you’re trying to grow and improve, so make the most of it.



April Fools Day is a great opportunity for your business to do something new and make your brand better known, so be sure to make the most of it. Achieving the right tone and getting the humour right isn’t always as easy as it sounds, but if you work at it and take it seriously, the results will be incredible.

How Seasonal Branding Helps to Increase Sales?

“Holiday spending” no longer refers to products that are purchased during just the winter months. There is ample evidence which suggests that spending on other holidays of the year such as Mother’s Day or Easter is slowly climbing.

If you look at sales figures for all holidays in question, it is quite obvious that consumer-based holidays generate large spikes in sales. While running promotions during the holidays at the end of the year can be extremely beneficial for creating hype, brands are starting to realize the importance of creating the same kind of hype for other holidays. While UK consumers are pressured with rising inflation, that doesn’t seem to have much of an impact on the online sales, which can be gauged by the graphic given below. In fact, online sales are expected to account for around 21.5% of the retail industry in 2018 in the UK.  Companies wanting to be part of the supply for this demand need to be aware of how to adjust their own brands to best fit the consumers' search.


What is Seasonal Branding?

Before we can get into the benefits of seasonal branding, we need to understand what it is. Seasonal branding or promotions are those special discounts, offers or limited-edition items that are tied to a specific event or back to school season. The whole idea of creating a seasonal marketing campaign is to attract the attention of a target audience towards your brand.

Seasonal branding isn’t a complete makeover of an existing branding strategy, but rather an extension of existing marketing efforts to attract customers and increase sales during important holidays of the year, for instance, the eight bank holidays in England and Wales, not to mention Black Friday and Cyber Monday.

Types of Holidays

There are three types of holidays that marketers have their eyes on from the start of the year.

  • Recognized Holidays — These are well-known holidays such as Early May Bank Holiday, Spring Bank Holiday, Summer Bank Holiday, Valentine’s Day, Christmas, Black Friday, etc.
  • Annual Events —These are those periods of time when certain cultural events occur. A good example of this type of holiday would be the back-to-school season, which occurs between August and September.
  • Non-Traditional Holidays — These are the holidays that are not considered real holidays but can be classified as such nonetheless because they serve a particular purpose. For example, there is National Craft Month or National Coffee Day.

Before a business can take advantage of seasonal branding (i.e. adding a Santa hat on the logo or adapting colours in the brand to an autumn leaves pattern), they must first understand what roles a holiday plays in their promotions. That’s because not every holiday or annual even will apply to a particular product.

Are You Providing a Satisfying Online Buying Experience?

This brings us to the most crucial part of any online sale. According to a survey by Barclaycard, the average British online shopper abandons baskets worth £29.37 every month. Why is that?

To find out the reason for these low conversion rates business need to ask what the recent report from Qubit asked more than 4000 customers the following question:


Knowing which Season/Holiday to Target

Continuously latching on to each and every holiday of the year with a full-fledged promotional campaign will cut into your profits. On the other hand, depending on the product you are selling, certain holidays or seasons in the year could really add value to your branding efforts. A great example can be given of Autumn when there’s a spike in gardening appliances and products, such as grass lawn seeds, weed killer, hedge shears, and leaf rakes. They say that those who fail to learn from history are doomed to repeat it. In the case of e-commerce businesses, the seasonality of the shopper is something that is counted on.

Seasonal branding can help create a stronger connection between the customer and your brand because brands that cater to seasonal wants and needs of the consumer seem more personable and relatable. While the total average eCommerce spend per consumer is estimated at £1,600 over the course of the year in the UK, according to Barclaycard, nominal spending was 4% higher [ft.com] between November 19 and December 23 in 2017, as compared to previous years, which also happens to be a span which includes Black Friday and Cyber Monday.  Tying your brand to those events at a core level helps users connect the brand with the holiday in the minds of your shoppers. 

christmas store branding

The Offline Experience

Much of this is targetted towards the online market - but that doesn't mean it's not relevant to the high street brands and face to face traders.  For most of these, social media and online communications are a crucial component to interacting with their demographic.  This is where a customised and seasonal brand helps entice your client and solidify that connection between the holiday and the company.  For all of living memory, we've seen shops deck their aisles and fill their windows with seasonal and festive displays.  As shoppers start to understand the concept of branding more and more, it's only natural that this seasonal acknowledgement spreads.  Social media, in-store posters, and staff nametags are just three great ways to make your brand seasonal.

Ending Note

Since consumers are already going to be thinking about upcoming holidays and seasons, putting your seasonal campaign up front with a solid marketing campaign surrounding that product can create a nice buzz around your brand that will help feed that seasonal excitement. According to A Marketer’s Paradox of Strategy VS Practice, two-thirds of consumers expect a same-day response to queries about a particular product or service, and 43% expecting a response within an hour, so companies need to have their finger on the pulse at all times if they want to stay ahead of the curve.

How IR35 Will Affect UK Small Business Owners?

IR35 is nothing new and was first introduced in the year 2000 as a way for HMRC to clamp down on the threat of employees posing as contractors for tax avoidance reasons. After years of ambiguity regarding the issue, Chancellor Philip Hammond’s Budget confirmed plans for a reform that is to be implemented from April 2020.


One of the most notable factors is that it is set to extend to the private sector too, which will naturally mean big changes for small business owners that work with freelance contractors and agencies. Here’s all you need to know.


american 3748708 1280 Large

UK Business Owners Need To Take Responsibility

IR35 isn’t designed to scare small business owners, especially those that are running their ventures with honesty, transparency, and integrity. However, those that are caught bending the rules or failing to comply with the new reforms by getting caught up by a contractor’s shortcoming, you will face fairly severe fines as HMRC come for the money that should have been paid at source.


Given that synthetic self-employment can cost as much as £1.2bn per year, HMRC does take this seriously. As such, small business owners need to accept that employees need to be treated as such, and not contractors using agencies.


UK Business Owners Forced To Increase Pay


UK business owners will need to subtract National Insurance Contributions from the wages of contractors deemed to fall inside IR35. Experts have forecast that public sector workers could lose around 30% of their home takings as a result, and those figures are likely to be very similar for freelancers in the private sectors.


Consequently, then, freelancers will feel forced to increase their charges to compensate for the loss. In turn, small business owners using these forms of employment could be set to see their staffing costs increase without necessarily gaining increased productivity.


UK Business Owners Required To Investigate Agency Agreements

credit squeeze 522549 1920

While the employee/contractor is responsible for investigating whether they fall under IR35 or not, business owners will need to take greater responsibility when dealing with agencies. If you are paying an employee who is not classed as self-employed through an agency, you will need to pay their National Insurance Contributions.


The agency will still be tasked with making those calculations relating to PAYE and NIC deductions. GOV UK has provided an online tool to help business owners (as well as workers and agencies) check the employment status regarding IR35 regulations.


The Good News


Owners of genuinely small businesses may be exempt from the IR35 reforms. As per the Companies Act 2006, companies are deemed small if they have a turnover of under £10.2m, fewer than 50 employees, and £5.1m or less on its balance sheet (or at least two of those three elements) they will be exempt from the changes. However, the criteria could change in regards to IR35.


Nonetheless, this is major change ahead and even the small companies that feel as though they don’t need to worry should use the next year or so to conduct the necessary research. Moreover, they should still take responsibility when hiring freelance contractors and agencies.

Why Do We Suggest GoDaddy?

Why We Suggest GoDaddy

Hosting is an essential element for all website providers. In the past, we offered direct hosting for client sited - but in a world of intensive malware, that's become more of a vulnerability than an asset, to protect against which is too expensive to warrant. So we hunted our a provider that would work for our clients...

Hosting Providers

There are hundreds.  Thousands.  And that's just from a cursory google search.  For obvious reasons we are unable to investigate and support them all, but after great research we've chosen to assist our clients with GoDaddy hosting.  This doesn't mean they must choose GoDaddy - we will offer our services for any provider, but it will work out the most cost effective to work with a company we're already familiar with.

Why GoDaddy?

1. Size. It matters. The scale GoDaddy operates on allows them to provide a vast range of solutions to hosting, domains, and web security. Their prices are competitive and their reviews overall positive. They wont be right for everyone, but the same can be said for any business.

2. 24-7 Support - phone and email. Regular support is a very important step in hosting. It's one of those areas where things can just go wrong. A server update at 6pm on a Friday could cause downtime until your hosting provider opens the lines Monday morning. Of course, it's no guarantee that speaking to someone immediately will provide a solution but it offers far more information than waiting would.

3. Orange Reel support. GoDaddy offers features which allow you to authorise Orange Reel to act on your behalf. That can be as simple as helping you edit the site, and change the features of your hosting to better support your sites, or as far as ordering extra services you request, setting the options so that it debits your accounts directly. We also know, and can advise, on the range offered by GoDaddy. These vary between businesses, so it’s an extra head start.

4. Native English call centres. They operate in the UK and USA primarily – whilst worldwide call centres operate fine, when it comes to technical support for hosting any language barrier can become a severe one fast.


The absolute basics each of our clients need are the domain and an entry-level hosting account. The domain they generally own already, but if not GoDaddy offers virtually every conceivable domain extension available. The hosting account will depend on a number of things, but generally, GoDaddy’s “Essential” Plan works, it offers:

Award-Winning 24/7 Support

1 Website

100GB Storage

Unmetered Bandwidth

New PHP 7.0, 7.1, 7.2

Free Business Email - 1st Year

Free Domain* - with annual plan

Now you don’t need to understand all the details, it’s just what is included. Those with multiple websites, much higher visitor numbers or more demanding website features may benefit from upgrading to the Deluxe or Ultimate ranges. One of the benefits of working with GoDaddy is their payment structure. They offer a monthly package for convenience, as well as 1-year, 3-year, and 5-year options – usually the further in advance you order, the cheaper the package works out to be.

Checkout GoDaddy Hosting

SSL Certificates

As you can see in our Standard Vs Hosting blog from last year (Outdated in terms of our service but still relevant information) you’ll see an SSL is essential to reassure users that the website they’re looking at matches the domain they’re viewing.  This helps prevents phishing attacks whereby the site you’re logging into may look like Facebook or PayPal but is, in fact, a fake, just stealing your information. As of the latest Chrome update,  users are now told a site is “Not Secure” if it’s displayed without one of these certificates.  GoDaddy sells SSL Certificates from £50 per year, but for the time being Orange Reel is going to continue offering an entry-level SSL for £15 per year.  This is likely to cease as of June 2019, because more secure features will be required, but for now should help our clients save a notable amount per year.

Website Security

Protecting your site from Hackers, Viruses, and Malware is an important, though sometimes costly undertaking.  It will depend on your day to day use as to whether this is an important task for you, but GoDaddy offers you such services just in case. GoDaddy’s Deluxe Malware scan, removal and prevention. Plus, performance boost offers the following

12-hour response time

Unlimited malware removal

Google blacklist monitoring & removal

WAF malware prevention (basic firewall)

CDN performance accelerator

Advance DDoS mitigation

There’s plenty of information about each of these features on their website, on the wider internet at large, or available through us; but understanding the details isn’t crucial to using them.  In short, this is a round-the-clock level of protection – a basic firewall to protect from malware, hacker and virus attacks, along with a clean-up solution for removing any that get through.  This service costs approx. £192 per year or £15.99 per month - See More If you’d prefer to avoid this service, certain steps such as enforcing regular updates, maintaining security standards on the website, and performing regular backups can be significant assets. They’d require you to keep a close eye on the website of course, but nothing too time-consuming.  Maybe browsing it twice a week. If you would like a malware solution at a more affordable price, their “Essential” package offers:

12-hour response time

Unlimited malware removal

Google blacklist monitoring & removal

Essentially speaking, it will scan the site for malware every 12 hours or so and allow you to submit clean-up requests if it becomes infected.  This service can be brilliant if you find your website getting re-infected with malware on a regular basis.  However, this isn’t a fool-proof option, as the infection can permanently damage your site – preventing a repair.  In such a case it would need to be restored from a backup (providing you have a recent backup of the site which does not contain the infection) or you’d need a site rebuilt/built from scratch.  This is around £5.99 per month (though drops to £3.99 per month If you buy for periods of 12 months or more).

Website Security on GoDaddy

Website Backups

Backups are essential.  Whether you use included or paid extra services for those is entirely up to you.  Within the hosting account is an application manager - which will manage and maintain your Joomla.  One of the features it offers is daily backups which can store those backups either on your hosting account or your Dropbox (for off-site security).  These are great but not fool-proof. If a malware infection occurs, the site backup can include the infection.  If the infection goes unnoticed for a week, all of your current backups will have the infections, too. A managed version of website backups is available at a small cost from GoDaddy.  This starts at £2.99 per month (with 5gb space and discounts for longer term contracts), with the following services: 

Automatic daily backups

Built-in daily malware scanning

Back up a file, folder or an entire database

Scheduled or on-demand backups

Continuous security monitoring

Downloads to local storage

Easy one-click restore

Secure cloud storage

Expert 24/7 customer support

All of the site security and backup options are optional – much like insurance. Whether or not you feel they’re worth the money is entirely your decision. But most truly notice how valued they are when something goes wrong and you don’t have them. That said, as with every aspect of your business you need to balance to financial risk against the financial cost. It’s important to note, that regardless of the information given here, hosting and web security are constantly evolving fields and you should familiarise yourself with. 

This information is here for two reasons: 1st most of our clients haven't needed to deal with hosting before, so we want to provide a background. 2nd, clients will now be responsible for their hosting and it's consequences, so we don't want to throw anyone out into the cold

Orange Reel Support Will Continue

You'll be able to hire our support services for frequent little jobs or one off issues you need help resolving. However it works best for you.

Affiliation - we work on the GoDaddy Pro service. Basically, we get reward points for any of our clients who purchase GoDaddy services. Does this mean that beach-house in Aruba is days away? Sadly not. It's a minimal benefit which mainly provides discounts on the services we buy ourselves - but as there's a vested interest we're disclosing it. If you have any concerns about this clouding our judgement, checkout the service and you'll se it's not much incentive to steer clients. But we'll still happily assist you if you're not listed on our Pro account.

Read more: Why Do...