Imagine how painful and maddening an experience it can be to wake up one day and find out that your website has been hacked and your data is either corrupted with malware or worse, just gone. Now there are services which will charge you a pretty penny and can clean up your site— but there's no guarantee that your data will be entirely or even partially recovered.
Even if they manage to recover all your data, there’s a good chance that it can happen all over again. Now imagine how different this story would have been if you had a complete and most recent backup of all your data.
Like all other popular publishing platforms, WordPress is quite secure, but that doesn't mean it is immune to malicious attacks. Even the most secure sites run the risk of getting hacked, and WordPress is no different. WordPress attracts a lot of attackers because it's extremely popular, perhaps the most popular content management platform and it powers a whopping quarter of the entire internet.
Now you might have never fallen victim to hacking, and that might give you a false sense of security, but it is unwise to sit around waiting for disaster to strike. Hackers could steal your passwords, valuable user data, or delete your site altogether.
All this damage would prove near impossible to revert if you don’t have all your data backed up. Since you’re the owner of your site, the responsibility of backing up your data falls squarely on your shoulders and your shoulders alone.
Now that we’ve established the need for backing up your WordPress site, the next logical question should be, how can you go about doing that? There are many different options you can rely on to create your site’s backup.
A no-brainer solution is simply to use your web hosting service's backup features. Most web hosting services offer automatic backing up of your WordPress site at regular intervals. You just have to set it up once, and it will do your work for you. As simple as this process sounds, it is not fail-proof or completely reliable.
Although they offer the WordPress backups feature, web hosting companies are not legally bound to back up your data nor are they accountable if the data gets corrupted. If the web hosting service terminates your account for non-compliance or non-payment, you will lose all your data along with the backups.
Another solution is to back up your data manually. You can do that by using a File Manager like FileZilla, logging into your hosting account and downloading the WordPress files to your computer, thus making WordPress backups. You can also manually create WordPress backups using cPanel or Plesk Onyx, but the process is convoluted and requires some technical know-how.
Not only is manually making WordPress backups is drawn out and complicated, but you will also have to make a lot of WordPress backups quite often.
On the other hand, making the WordPress backups up via plugins is an effortless and time-saving alternative. Plugins like BackupBuddy, UpdraftPlus, BackUpWordPress and WP Time Capsule are relatively easy to use and pretty effective. They can be set up to make WordPress backups after specified intervals of time and can be used to recover your website if the need be.
The plugins mentioned above don’t all perform the same, of course. Some are better than the others. Even the premium plugins aren't always the better option. Some free plugins can do just a good job as paid ones—if not better. WP Time Capsule is one such plugin. It is free but also has a paid version.
WP updates can sometimes break your site and WP Time Capsule is created with that in mind. You can set it to make WordPress backups every time before installing an update. If something goes wrong during the updating process, you can simply restore it to the last saved point.
It detects changes made to the site and automatically backs up the new files.
After you’ve installed WP Time Capsule, you have to log in using your Time Capsule account, after that, you can connect it to your Google Drive, Amazon S3, or DropBox. After it has established the connection, it will create a WordPress backup of your entire website and save it to Drive or DropBox.
After the first WordPress backup has been created, WP Time Capsule will make incremental WordPress backups of recent changes after set intervals. You can schedule these WordPress backups to your convenience.
The plugin also lets you restore your website using restore points that date back to the last two weeks. However, the paid version can restore backups up to 30 days. In either case, you’ll be prepared for the worst.
WP Time Capsule stands out from traditional backing up methods because it doesn’t store backups as compressed zip files. Not only does that reduce server resource consumption, but it also saves you valuable storage space by updating the pre-existing backups.
Typically, you’d have to unzip the backup files to restore your site, but with this plugin, you can quickly restore your website and lower consumption of server resources. Besides, traditional backup methods save the entire website and database every single time which takes up time and storage.
You can set a staging site using this plugin and test new changes, updates, themes and plugins there. It takes only a single click to set up the staging site, and you can prevent unforeseen problems that can occur with the live version of your website.
You can use its all-in-one migration feature to export your database, plugins, and themes and transfer them to a different location. You can also encrypt your backup files, and you have access to customer support if you run into an issue you can't resolve on your own.
Now that you’re familiar with different backup methods and how to employ them, it should be a breeze to back up your entire WordPress site. The online world hasn't been a safe place since its inception, and your website can be the in a hacker’s cross-hairs too.
They can inject your site with malware to display their own ads, or they can get your site blacklisted by sending out spam, they can extort money from you if you are a small online business.
Aside from active malicious attacks, you can make mistakes too. You can inadvertently delete core files or overwrite them. A single faulty command can cost your entire database. If you are in the habit of regularly backing your site up and have a recent backup, you can instantly get your site up and running again. Whatever solution you opt for, make sure you always backup your website.
WordPress is an extremely popular content management system because it is open-source and provides you access to a ton of useful tools thanks to its extensive library. This popularity, however, comes with a trade-off that makes it a popular target for malicious attacks.
Although WordPress is secure, it isn’t without its vulnerabilities. Third-party developers write its themes and plugins – hackers can easily exploit poorly developed plugins and themes and inject malware into your site. Even the web hosting service the users choose can also be compromised if it is insecure.
WordPress patches these vulnerabilities as they’re found by releasing updates. To protect yourself from these attacks, you can install those updates, avoid flooding your site with plugins and limit yourself to plugins that are evaluated and regularly updated, more on that shortly.
Improving your website security might seem like a daunting challenge if you are not a web developer, but taking simple steps like the ones mentioned earlier can drastically improve your website security and go a long way in earning the trust of your users.
WordPress site login pages can be accessed by using the default login address in the URL bar, and hackers can brute force this page to access the backend of your site. This makes your login page one of the most vulnerable pages on your website and hackers are known to target it most commonly during an attack.
Securing the login page should be the starting point of fortifying your website security. You can start by hiding the login page, and transferring it from the default location – domainname.com/login.php – to a different one on a different URL address that only you know.
If only you know it, a hacker can’t access it. In addition to the login.php page, you should consider hiding the wp-admin directory too. It’s pretty straight forward, but a plugin like WPS hide login can do the job for you also.
If the hackers somehow figure out your login URL, they will attempt to brute force it to find out your username and password. Weak passwords and common usernames are painfully easy to brute force. Fortunately, this can easily be remedied by using a strong password and a difficult to guess username and changing them both frequently.
It is also crucial that you don't use the same login credentials elsewhere. If you have trouble choosing and remembering strong passwords, you can use one of many password managers that will generate and remember a strong and secure password for you.
Another way to combat brute force attacks is to limit the number of login attempts. After a specified limit of wrong guesses, you will get an alert of malicious activity, and the site will lock itself down. Again, there's a useful plugin which does exactly that – iThemes security lets you limit the number of failed login attempts.
Instead of using an obscure username to login, you also have the more secure option of logging in using your email. There are plenty of plugins out there which let use email addresses for log in purposes.
If you have come across error messages, such as “error establishing database connection,” “no such file/directory,” and “Post/xmlrpc.php HTTP” on your WordPress site or server logs, you fell victim to an XML-RPC attack.
Xmlrpc.php is a file that lets you communicate with your site remotely with a device, say your smartphone. Said in another way, when you don’t have your computer handy, xmlrpc.php would allow you to interact with your site using your phone or any other device for that matter.
Back in the early days of WordPress, users wrote the post in an offline client, which connected to their site and published the post. XMLRPC would serve as an intermediary between the website and offline client.
XMLRPC becomes a vulnerability to website security because hackers can use it to brute force their way in. They exploit one of the vulnerabilities in XMLRPC to access the site and go under the radar of your website security plugins, undetected. They can also use it to crash your site and thousands of others using DDoS attacks.
For these reasons, you need to disable XMLRPC. There are several different ways you can go about doing that. You can use a tool called XML-RPC validator to check if you have it disabled or not. If it is enabled, don't fret because disabling it is a walk in the park.
Simply install Disable XML-RPC and run it, and it will turn off the XMLRPC. If you don't want to disable it altogether, use plugins like Stop XML-RPC attack to retain some functionality of the file you require.
Another option, if you are comfortable, is to modify the .htaccess file in the root folder of your website. Be aware that modifying this file can stop your website from working. So make sure you have ftp or file manager access to the folder and take a backup/copy of the .htaccess file first.
Edit the .htaccess file with a text editor like notepad or sublime then scroll to the bottom and add this text. Save and close the file. Refresh your browser to test your website is still running.
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>With the new programming interface or WordPress, XMLRPC will become redundant. This new API can be used via a plugin.
By default, a file called wp-cron.php loads up every single time someone visits your website. This file is essentially a task scheduling tool; it publishes scheduled posts for you, checks for website security updates from WordPress, updates for your installed plugins and themes, and sends you email alerts.
As the traffic to your site starts increasing, wp-cron.php hogs more resources from your server and significantly slows down page loading times. Conversely, with little to no traffic, more the scheduled tasks will build up leading to even slower loading, next time the website is visited.
Not only does it slow down your site, but a cronjob can also be exploited by hackers to inject malware into your database and run it making it a risk to your website security.
Fortunately, fixing this problem couldn’t be easier. Access the File Manager in your cPanel, navigate to the wp-config.php file and edit it. Add this code after the PHP tag at the beginning: “define('DISABLE_WP_CRON', true);”
Now you might not need the task scheduler to run every time the site is visited, but you do need it to run at least twice a day. You can do this by setting up a manual cron job. Navigate to Cron Jobs section in your cPanel; then in the common settings, select 12 hours from the hour drop-down menu. To finish up, add this code: "cd /home/username/public_html; PHP -q wp-cron.php" and add a new cron job. Then, you’re all set.
If the same cPanel has multiple sites, set the Cron jobs to run in a sequence one after the other.
As crucial as they are to a WordPress site, themes and plugins can be exploited, so they pose a website security risk. WordPress patches vulnerabilities and releases security updates frequently. If you don’t stay up-to-date with the website security patches, you’re in trouble.
Hackers depend on the vulnerabilities that have been patched, but the users may not have updated them yet. Poorly developed plugins are at a higher risk of getting hacked for the lack of proper website security measures.
So, you need to limit the number of installed plugins as much as you can and restrict yourself to only plugins that have a good reputation and are curated continuously for better website security.
Luckily, keeping track of and updating your installed themes and plugins is a piece of cake. Every time WordPress rolls out an update, you receive an email alert as well as a notification prompting you to update on your dashboard. On a related note, to improve your website security and to gain your visitors' trust in submitting their personal information, consider getting SSL certificates on your website.
This post is by no means a comprehensive guide, but it will serve to point you in the right direction. Following these steps and doing more research on cybersecurity can save you from the headache of getting hacked. All in all, besides your site's design and performance, you need to make website security a priority too.
You might be surprised to learn that nearly 80 percent of all emails on the internet are spam. Regardless, it can be pretty frustrating if your business emails keep ending up in your recipients’ spam folder instead of their inbox.
While there’s not much you can do on your recipients’ end to fix that issue—they might have aggressive filters implemented that label even legitimate business emails as spam—there are some steps you can take to keep your messages from getting marked as email spam.
There are several reasons you might be getting labeled as email spam. For instance, if you don't have the required permissions, or if the server flagged your IP. If your email engagement is not high enough, or if you’ve used misleading subject lines or used email spam trigger words, your email can very easily land in the spam folder.
To solve this issue of email spam, you need to familiarize yourself with SPF and DKIM. If this is the first time you’ve come across these acronyms, don’t be concerned. We’ve got you covered.
SPF stands for Sender Policy Framework. At its very basic level, it is a security protocol that tells the recipient that it is actually YOU sending the email and not someone else posing as you. When you have this mechanism set on your DNS server, your recipient's DNS – a phonebook directory of networks – the server can authenticate that it is you sending the emails and not a spammer masquerading as you. This authentication process is used by mail servers to help protect you and your end users from email spam, phishing, and spoofing.
SPF works like this: you publish an SPF record – a list of authorized IPs – that defines mail servers that can send emails on your behalf. The recipient mail server compares the IP address of the sender with the ones on the SPF record and allows it if it checks out. If it doesn’t, it rejects it and flags it as spam.
DomainKeys Identified Mail, or DKIM, is another authentication mechanism that validates an email message. It works by attaching a unique digital signature to the header of the email to be sent. You, the domain admin, publishes a public cryptographic key in TXT format along with your domain’s DNS record.
Your mail server creates and attaches the digital signature to the outgoing email’s header. The recipient’s mail server decrypts the signature and compares it to the published key. If it matches, it means the email is authentic and not forged.
Now that you know how SPF and DKIM can land your emails in your recipients’ junk folders, the next question that might pop in your mind is how you can create these records yourself.
Before you can set up SPF, you need to find out whether it has already been set on your mail server or not. You can use Google App toolbox or MxToolbox and run your domain name there, and it will show you your current SPF settings.
Next up, you need to collect all the mail servers you'll be using to send your emails on behalf of your domain and compile them into a list. Your domain might be using one, or your domain might be using a combination of web servers, respective ISP’s mail server, mail server the same as your recipient’s or a third-party mail server. Make sure you include all of them in your list.
If your brand owns multiple domains, include the domains you’ll be mailing your users from as well as the ones you won’t be using.
Moving on, you need to tag each IP address with v=spf1, after adding all of the authorized IPs, conclude the record with an ~all tag. In case of a third-party mailing server, don’t forget to add include statements as “include:thirdparty.com." Here's an example of how a mail sending record should look like:
v=spf1 ip4:1.2.3.4 ip4:2.3.4.5 include:thirdparty.com -all
Strip all the code save for “spf1” and “-all” for non-sending domains. The final step is to publish this completed record to DNS. And you’re all set with the SPF protocol.
To create a DKIM record, start by choosing a DKIM selector – a text string defined by the user. This selector will help with identifying the public key.
Next, you need to create a pair of public and private keys. You can use puTTYgen if you’re running Windows and ssh-keygen if you’re on Linux.
If you’re using puTTYgen, simply click “generate” to create a public/private key and save it to your disk. The next step is to place the public key you saved on your disk as a TXT record in the DNS provider’s settings. This set up varies between DNS providers, so, you should consult the documentation provided by your DNS provider.
Once you’ve done that, you need to create and save your digital signature. Using an SMPT (an internet protocol used for transmitting emails) server of your choice, you can make use of the DKIM milter. A milter is an open-source extension that lets you flag spam emails. SMPT servers release milters and DKIM milter are released by Sendmail. It allows you to generate and attach private keys to emails.
A typical DKIM digital signature should look like this:
v=1;
a=rsa-sha256;
c=relaxed/relaxed;
d=isipp.com;
s=sel42;
t=1399817581;
bh=Pl25…dcMqN+E=;
h=Message-ID:Date:Subject:From:To:MIME-Version:Content-Type; b=Xp/nL93bv6Qo73K…KmskU/xefbYhHUA=
Once you have published a DKIM public key, you need to frequently change and update the private/public key pairs in case a key has been broken and is compromised. This process is called DKIM key rotation, and it is pretty straightforward.
All you need to do is to use the key selector – the “s=sel42;” in the above example – to introduce new keys into circulation. It also keeps the old keys maintained for a specified period of time, so the older emails with the old key stored in the headers have enough time to be delivered.
You can change the keys every week or longer depending on your brand’s policy.
Sometimes, instead of the mail going into the end users’ junk/spam folder, it will be rejected or bounced. Unlike your business email getting marked as email spam, when it bounces, the reason for the rejection is given to you.
The email might have failed to deliver because the recipient’s inbox might be full or the email server might be temporarily down. This is referred to as a soft bounce. When an email hard bounces it is probably because the email address or domain doesn’t exist anymore.
More often than not, the mail service would have you blacklisted and tackling this issue can be as simple as contacting the service and getting yourself removed from this blacklist. If the problem persists, emailing the admin of that server might help resolve it.
To keep you from getting blacklisted, after a specified number of failed soft bounce attempts the email address is labeled as hard bounced. This process keeps your IP reputation intact and minimizes the number of unengaged emails.
A couple of years ago I was at a WordCamp in Sydney, Australia and Japh from Human Made made a presentation about headless wordpress. or headless CMS. I think back at the time I was asking myself, what was the point? Or, what is the application for this? And... was this even possible to use the backend of WordPress without the frontend? Aren't they kind of glued together? It turns out not.
It has happened to everyone, at least once. You are experiencing a problem on your WordPress website. A new plugin that conflicts with your installation, a custom code that you incorrectly added to the functions.php file (if you run a theme). Whatever might go wrong, can do and sometimes does. In that moment, we find ourselves sweating bullets because we think we have broken our website. Newcomers to WordPress and development in general may even freak out a little bit. But when you have come to the end of your options, inevitably everyone looks around for help.
Unfortunately, WordPress does not have a phone number to call for help, nor a plugin to install and fix everything instantly. As with many activities, there is always a bad (poor) and a good (effective) way to do things. And seeking help with WordPress is no exception. If you find yourself stuck with your WordPress get in touch and lets see how we can help.
Otherwise, lets explore other options first.
Most likely due to something you have directly done, things went wrong, and you are experiencing some problems. Before seeking help right away, you should try to understand what caused the problem and try to think back to what you did right before it happened. Most common problems can fall under one of these categories: WordPress fails to update a Plugin which conflicts with other plugins. Or themes (sometimes free ones) don't update properly or are way out of date and break with incorrect syntax or missing secitions of code. Trying to understand what your last action was prior to WordPress breaking can set you in the right direction to a) deactive/delete/reverse your last action or b) share your current situation more accurately with other WordPress users. Knowledge is power, and it is more important than ever when things go wrong.
If you recently installed or updated a plugin or theme and noticed some unexpected behavior, turn off all your plugins and activate the latest default WordPress theme (such as Twenty nineteen) to "reset" your website. If the issue goes away, you now know either your theme or one of your plugins is causing it.
One by one, start re-activating plugins until you find which one breaks your site. make a note of the version number and what functions it provides for your site. Deactivate it again then quickly browse your site and see what functionality is missing. Delete the plugin and either try re-installing it or find another plugin with similar functionality and go through the installation and integration process.
If your plugins are not the cause then move on to your theme. Are you running a child theme? If so, activate the parent theme. Does this fix it? If yes, create a new child theme and slowly copy the attributes from the old child theme to the new one. If no, activate a solid reliable theme from WordPress. At time of writing twenty nineteen is most current. If this works then you have a theme problem and should either contact the theme support or consider now a good time to install a new theme and revamp your site. If you are at this stage then give us a call first. We don't use themes in WordPress anymore but would be delighted to talk to you about how we can help you re-build your website into something modern, attractive and functional.
When things don't go as we expect, and there is some business urgency to it then we need to fix our broken WordPress site as quickly as possible. Its often the case that a broken website will have immediate effect on your business income or affect the perception of your business as a reliable entity. WordPress forums are the very first place you should start looking for tips on how to deal with your current issue. By using the "site: wordpress.org / support" operator+ your keyword, you can quickly browse through them even through Google. Or just search on any error messages you see. We often find that any results with Stack Overflow often can be very promising. But sometimes highly technical.
There is an old saying that goes something like "There is no such thing as a stupid question"... Well, be careful asking stupid questions on Stack Overflow! You'll likely get a fast negative rating and some verbal abuse along with it. That said, if you can get by without asking a question, which is often the case, there is a very good chance you'll find what you need to progress or resolve your issue.
The abundance of plugins is one of the greatest things about WordPress, but sometimes they are not compatible with the latest WordPress setup. So if you know something has happened because of a plugin, you should head over its official page in the repository of WordPress.org and look for the "FAQ" tab to see if your issue is listed. If there is nothing there and your need is not urgent, click on the "Support" tab and follow the prompts to raise an email/ticket with the plugin support team. If its a free plugin be prepared for little or no help. Although that's not always the case and we can recall plenty of instances where free plugin developers have been very helpful.
Look locally. WordPress is so popular you are bound to find people in your area that can help. Here in Hobart we have a WordPress Hobart User Group that can be found on Facebook and also via Meetup.com. These options can often be free. And they can also be a great way to meet other people in the WordPress community, share ideas, drink coffee and chat about all things web related. If you need an expert and are willing to pay then say this on the Facebook page and clearly state your problem. People will still try and help you for free, but you will also attract the attention of local professionals who make a living from this sort of thing.
You can also try one of these groups. First try searching to see if your question has already been answered. If not, give it a go and remember to clearly describe what your issue is along with what error messages (if any) are being reported.
If time is of the essence and you need someone quickly then try the facebook page for WordPress Hobart User Group and if you have no luck here, either give us a call or perform a keyword search in Google for WordPress support in Hobart. You will discover there is plenty of local talent to help you out.
Would you be surprised if we said local web design services in Hobart Tasmania may be the best way to go when determining which agency to hire? While web design agencies abroad offer attractive prices and quick turnarounds, local web design agencies provide a slew of benefits that can't be found elsewhere. In the long run, working with a local web design agency can have a drastic effect on your online foothold's potency. Instead of listing the problems that arise from web design agencies abroad, let's look at the benefits you can receive when working with an agency in your own backyard.
Local insight and knowledge
One of the best reasons to work with a Hobart web design agency is the domestic knowledge they bring to the table. When lifting your website to the top of Google, local agencies will have a deeper understanding of the competition in your area and the best ways to improve your SEO. Being on the ground really does make a difference because they will see the same search engine results that your potential customers and your competitors see.
Need to talk to your web designer, but in their part of the world it's 4 am? Nothing hurts progress and momentum more than long communication pauses due to time zone differences.
Working with a local website design agency solves this issue. Communication should be instantaneous, allowing you to suggest changes, discuss progress, and review real-time results.
Without wanting to sound terrible, sometimes the language barrier can cause real headaches in translation.
Face-to-face meetings are integral to build trust, measure expertise, and accurately convey your online strategy's scope and vision. Not only are face-to-face meetings a valuable way to share ideas, explain concepts and avoid potential confusion, they also help measure your return on investment (ROI). Ultimately, you decide to invest in a quality web design agency in Hobart because you see the hidden longer term values in it.
Some countries may be exempt from mid-project disputes, a potential headache if the overseas web design agency you hire leaves a project before completing the contract, as originally stated. You can avoid this problem by hiring local, or at least ensure you have the best security the law provides. Another benefit is the agency's reliability. Which is easier to test when you can look up past customers and contact them directly for reassurance that your Hobart based web design agency is serious in their commitment to your business.
Another huge benefit of hiring a web design service in Hobart is the post-launch support they can provide. While an overseas agency will likely do the minimum work expected for the project to succeed, a local agency will try to establish a long-lasting relationship with you and your business. They'll not only build your website, they'll probably help you. Its actually in their best interest to see you succeed over the longer term because happy customers make for very good referrals in the future.
Many benefits come from working with a local web design agency, but that doesn’t necessarily mean a local agency is right for you.
Quality is undoubtedly worth it, and spending more for a professional service you can count on will almost certainly save you time, money and potential headaches in the long run. If you’re on a shoestring budget or you trust a particular overseas agency, then outsourcing isn’t necessarily a bad idea. However, local web design agencies offer peace of mind. To some, that’s priceless.
If you’re looking for a web design agency in Hobart or have any questions about working with a local agency, get in touhttps://fortewebdesign.com.au/contact/ch with us at the link below.
We take you through the 7 steps for how to design a website.
When I work with clients the first thing I'm trying to understand, apart from what their business is about, is why do they want a new website design and what are they hoping the website will do for them?
Defining the scope of your new website design is critical if you want to mark your against milestones and tick boxes to show you are progressing your project. Something called 'scope creep' can easily happen where, as you are working through the project, you see new things to add or change along the way. Each of these changes can extend out the time it takes to complete your project. In a commercial environment, extending the time it takes to deliver a project means the cost of the project goes up and the deadline has to be adjusted outward. You should always try where ever possible to stick to your original project scope and jot great ideas down on white board for consideration once completed.
Mapping out your site sounds like a no brainer, especially when all you want to do is jump right in and start building amazing looking webpages. But the smartest thing you can do early on is step away from the keyboard and pick up a pen/pencil and paper. Carrying on from the site purpose and scope definition you are at that point where you need to clarify the site structure. Starting with the homepage, consider what other high level pages you will need branching off. What should the topics of these being, what layout of the page and so on. I like to have a page dedicated to each topic for purposes of better Search Engine Optimisation but often a client will want to reduce costs, at least initially, and will opt to place lots of topics onto something like a 'Services' page. This is fine but be aware that with so many different items being described, it does get confusing for a search engine to work out what your page is all about. If this happens I believe its best to make the Service page describe what your high level service is, ie: a plumber provides plumbing services, so we'd describe this. Then when we get to the sub-services, drain clearage, water heater replacement, tap repair, 24 hour emergency service and so on, then I would keep the summary of each of these to a minimum and talk to the client about expanding each of these out eventually to their own separate page.
Once you have this down on paper, start sketching out boxes on your paper to show how you would like the sections to be layed out. Scribble notes to yourself about what features you want, ie: bold <h1> Title, and even feel free to set down what fonts and font styles you will want. Keeping in mind you usually won't want more than two font families on a site, Serif fonts are fine for heading texts but Sans Serif are clearer and easier to read on body/paragraph text.
You should know have some very clear ideas in your mind about what content you want on each page and how the layout of each page.
With your writing, keep in mind that you want to make it interesting and descriptive for humans, but be sure to identify what your keywords are for the topic and make sure to use these a few times through out your text. This helps the search engines to understand better what the page is all about.
Page layout is all about making things interesting to the eye, so you don't lose your visitor too quickly, but also providing easy, readable material they can digest. This means getting it right with what images and/or icons you will need.
Now is the time to start bringing all these images and icons together to fit in and around your writing copy. With images, its always best if you can provide these yourself. For starters this is one of the cheapest options out there but also it means you own the copyright to the images. If you would prefer stock images then check out unsplash.com for a great supply of high quality free images.
Here at Forte Web Design we use WordPress. With well over 30% of the internet using WordPress its a safe bet that this content management system platform is robust and secure. But with so many other options out there for web design you may have different ideas. We live in a great time that there is so much choice!
Start laying down your website pages, one by one. This should be a fast process since you will have plenty of paper diagrams and notes to go from. Make sure the header of your site conveys important information like your business logo and contact details. And that there is a menu bar or menu icon making it easy for the visitor to navigate your site. Also be sure to add a footer section at the bottom as this is an opportunity to place a lot of this information at the bottom. You don't really want your visitor to have to scroll to the top of page to get your number.
Now comes the fun part! Test your site from the highest level pages to the lowest. Click on all of the links and make sure they behave as they are suppose to. Check the font sizes, weights and colours across all pages for consistency and also keep an eye on overall site design so that there is a consistent look and feel across the site.
A key tip I always follow is to grab a pad and pen then write down my changes for correction later. This means I'm not stop/starting the analytical process and keeps my brain more in the 'now' of testing.
Once you're happy with how it all looks and works, view it on a tablet and then on a mobile phone. Does it still look and behave as expected? If not, fix these issues. When you think you are really ready, ask a friend or two. Its likely they will use a different browser to you and a device with a different viewport size. Any feedback that they can provide is worthwhile. You'd rather a friend point out the faults than a potential customer.
Once you believe everything is working as it should be, go ahead and advertise the fact. The search engines will eventually get links to your site and crawl it for information to be indexed, or you can speed up the process either by creating an account with Google Web Master (Bing have a similar tool) and then submitting your sitemap for indexing. Premium SEO plugins can also submit the sitemap on your behalf.
If you want to fast track exposure to your new site, paid advertising is always a good way to start. This gets your site out there for everyone to see.
