Blog

How to keep your WordPress website secure

How to keep your WordPress website secure

Over 74.6 million websites are using WordPress today. Of these, 18.9% use WordPress.org, the self-hosted CMS which I personally love building with. That’s around 14 million websites. With more and more people starting to use CMS for their websites for ease of use and updating with no programming knowledge, Wordpress is almost always the first option due to its user-friendliness compared to other CMS out there on the market. If you can write a blog, you can manage your own WordPress website with no problems! It’s almost the same thing! If your website is built on WordPress, keeping your website secured should be at the top of the priority list.

Besides having a strong username and password combination, what else can you do to make sure that you can install as many locks as possible (no matter how small) on your website to keep hackers out?

Steps to secure your WordPress page

  1. Hiding your WordPress login pageOne of the principles of security would be to stay away from the defaults. The default login page for every single WordPress installation out there is /wp-login. If someone were to try to look for your login page, this would be the first thing they’d try. That’s one layer of protection down. One of the first few steps I’d take when securing a website would be to hide it’s login page with a custom URL. Doing this makes it harder for the hacker to even find your login page!
  2. Do not use the default admin username.While we are staying on the topic of defaults, another default username created when you install WordPress is admin. A lot of hackers perform Brute Force Attacks to gain access to a website. What this does is a computer trying out every single combination it knows, hoping that at least 1 of which will crack open your website. If you use the default username admin, the computer gets a huge head start already knowing what your username is. A computer is potentially able to run millions of combination a second, so it would take absolutely no time at all it will be able to guess your password. Once in your WordPress Dashboard, the hackers can log you out, deface your website or even upload viruses into your website.
  3. Disabling XML-PRCXML-PRC is how other applications log-in to communicate with your site. Wordfence reports that a majority of attacks don’t even attack the login page, but instead XML-PRC. XML-PRC is used by applications such as Jetpack, the WordPress mobile app and pingbacks. If you are not using these services, it is best to disable XML-PRC altogether.
  4. Keeping your core WordPress and plugins updatedI cannot stress this enough. Owning a website is a little bit like owning a new car. When it is purchased, everything is spanking new and works perfectly. However, as time goes by, you realize that some features stop working or seem buggy. Just as a car wears down through daily use, technology on a website gets outdated (at a startling pace, I might add). Every day, a community of WordPress developers are hard at work improving WordPress and their plugins and most importantly, patching up vulnerabilities. Hackers get smarter everyday, finding new holes and tears in plugins and writing code to attack the flawed logic. That’s why plugins always seem to have new updates. It is absolutely important for your website’s core WordPress installation and plugins to up-to-date and properly maintained. Do note though, that sometimes it is not as easy as clicking the update button. Sometimes, due to customizations required for your website or incompatibilities between different plugins/scripts, things may stop working. Which is why you should always get a developer to backup your website and be on-hand if bugs happen after the upgrade.
  5.  Using 2-Factor AuthenticationIf you want to be super secure, you can also install 2-Factor Authentication. Doing so, creates an extra step in your login process similar to making online payments with your credit card. The system will send a text to your mobile phone with the pincode, which is required to log in.
  6. Implement an SSL CertificateIf you are really kiasu, another way to add a layer of protection to your website is to sign up for an SSL Certificate. So your website would have a https URL instead of a http. SSL protects transactional data, which means any data that you are passing over from the website to the backend such as customer’s payment information. SSL is definitely a must if you are accepting credit card payments through your website (and credit card information is passed through your website instead of a 3rd party service like Paypal).

Soooo…. Is WordPress secure? Should you build your own CMS?

Without doubt, WordPress is the most popular CMS out there today. Statistics say that it is being used 4 times more than Drupal and Joomla combined (They tend to look too techy). It is no surprise that it therefore becomes the #1 target on hacker’s to-do list. When there is a vulnerability scare and due to the sheer amount of websites using WordPress, it is understandable to feel as though WordPress is less secure than than Joomla or Drupal.

The sheer number of WordPress websites out there means that an active community of developers are constantly working around the clock to improve it. Due to this huge global community, any security scare of vulnerability gets patched in almost no time at all. Compare this situation to one where you had built your own CMS. Your small team of developers would have to work on a patch or fix for their customized system. Furthermore, custom-built systems run the risk of being badly coded by inexperienced developers – and that makes it very difficult to understand for new developers you engage in the future.

Conclusion

Nearly 80% of hacked websites occur due to a bad username/password combo or WordPress core/plugins that were simply left unupdated. Having some sort of maintenance program in mind is definitely a must for anyone who is serious about their business. Once your website is hacked, Google removes it from the results page entirely and you need to go through a lengthy procedure to scan and clean the website, and resubmit the cleaned website to Google for analysis. It also reflects poorly on your business, especially if the hackers had defaced your homepage with malicious texts or graphics.

Hello Pomelo offers maintenance programs for every website that we launch for up to 6 months. However, we strongly encourage our clients to continue taking up a maintenance package in order to keep their website updated, safe and secure! Ask us about our maintenance packages today.

Project Meet-ups!

Project Meet-ups!

I strongly believe in working closely with my clients on projects. This is because the websites that I aim to design are highly customized to our client’s needs and requirements. I also believe that it is important to keep the client involved and connected throughout every phase of the project, and I try to do this as much as possible. I usually offer a non-obligatory meetup during the start of the project, which combines 2 things: introduce myself and what I do, as well as find out everything I need to know regarding the client’s company, requirements, problems and needs.

Before beginning the project, it is also important to clearly outline the expectations, fees, services provided – so as to reduce misunderstandings between both parties.

However, throughout the course of the project, I sometimes receive requests from clients to meet-up to discuss the design or development issues. This is quite a difficult situation to be in – as such requests would normally not come up before the engagement of the project, and therefore would not be considered in the final fee. The official agreement also states that the cost only includes meet-ups at our office, and not at the client’s location.

But why am I not able to provide such personalized service then, if I pride myself on customized solutions?

In short – limitations.

  1. As one-half of a 2-woman show, I am the salesperson – project manager – designer – developer – tester – customer relations officer – finance manager and more! As much as I would love to provide every single client personalized service, I do have other responsibilities ongoing at the same time. Going to a client’s location would remove at least 3-4 hours from my time in the office, which sets back my other client’s deadlines.
  2. The fees charged do not include additional time required for the travel to/from the client’s location, and one-on-one consultation with the client. Did you know that when hiring an agency, you are actually paying for the project manager’s time to handle your project, and managing meet-ups and discussions? The fees can go up to as much as $5000 just for the project manager – possibly includes all the Uber rides he has to take as well. You haven’t even yet included the cost of the actual product!
  3. The client did not request prior to the project for such one-on-one service – therefore it was not factored into the cost or project schedule.
  4. It is unfair to our other clients who adhered to the agreement, but suffer having their project delayed.

Client relationships and mutual respect are one of the core building blocks of a small agency/freelancer. It is important to understand each other from differing point-of-views. Understanding of expectations from the get-go is essential, and as much as possible, something I try to establish for a successful working relationship.

With DIY Free Websites, Why Should I Hire a Webdesigner?

With DIY Free Websites, Why Should I Hire a Webdesigner?

Hello everyone, its been a while since I’ve blogged and today I’d like to discuss the reality that we web designers face today – free DIY websites.  So a couple of these have been cropping up – a popular one is Wix, Blogger, WordPress.com. Here’s what they usually promise – build your own professional-looking website for absolutely free, no programming knowledge needed, no paying designers, no recurring hosting fees, FREE templates!

Sounds amazing! But what’s the catch?

  1. Advertising

    Building your website for free on a platform like Wix comes at a price. Your website will be host to Wix’s advertisements. While your free site might not have cost you a cent, a pretty obvious stamp that tells people you got it done for absolutely nothing does cheapen it a bit.

    wix
    This sticks to the bottom of the browser, on every page!

    All of this will eventually affect your business or company’s professionalism and credibility. Will you be willing to engage a company, or proceed with an online transaction (a daunting task in itself) on a website that was built on a free platform?

  2. Domain name wix2The worst thing about free website builders is that, unless you upgrade to their Premium plans, you will have to use their domain name yourname.wixsite.com. Nothing screams unprofessionalism than a wixsite.com address.
  3. Most features aren’t available until you upgrade to their Premium plansThey have to make money somehow right? Their free sites are essentially a demo to their actual product, which is all part of their Premium plans. Granted, that it is still quite affordable at around SGD$17/month and will roughly cost you about SGD$200/year. It is definitely a better option than shelling out a few thousand dollars on a professional designer to craft a personalized website for you, and I would actually recommend this option for people who aren’t yet confident to invest in their business or company and just need to test the waters a little bit.
  4. There is a little bit of a learning curve, but their website builder is pretty neat 

    Well, now that you aren’t paying someone to do all the technical bits for you, it’s up to you to learn how to use their website builder. I admit, it is pretty good for a free website but of course there are limitations to what you can do. You must be satisfied with whatever little you can change.wix3

  5. Lack of personalization optionsThis is another issue that free web builders aren’t able to address. You’re extremely limited to what you can change. So if you wanted a specific change to the design, it might be impossible to make that change simply because you do not have access to the actual codes. You can only change what they allow you to change.

When should you hire a web designer then?

Wix sites are amazing for people who are just starting out on an idea or business, and not yet ready to invest too heavily yet. You get some basic features, and a free presence on the web for a small amount of money. But when and why should you hire?

  1. You do not have any design sense, and need someone to do it! Many of my clients have actually tried their hand at creating their own websites before engaging me to do it! What I hear most from them is “It is not professional enough. I’m not a designer.” Which is perfectly fine! Not everyone is born with a keen sense of colours, typography, typesetting and layout. It is amazing how very slight oddities to font, colour, spacing can break the whole design.
  2. You want to focus on your business, while someone handles the techy parts! Let’s face it. You’ll probably be making more money focusing on the core essence of the business or company, rather than fumbling with design, editing of content and maintenance of the website.
  3. You’re ready to take your business to a new level You’ve spent a few months on Facebook, your business is starting to get successful and you’re ready to launch a full blown website for a fresh online-presence. Having a website not only shows how professional your company or business is, but a website with a good design is sure to raise some eyebrows. Investing in a website also shows that you’re in for the long run.
  4. You understand the importance of design How does Apple sell overpriced MacBooks with half the specs of a PC laptop? Good design and marketing. Good design sells. Good design is able to shape your price. Good design is able to alter first impressions. That’s how important good design is.

 

In conclusion, free to build websites are great for those who are not too serious, or not willing to invest yet into their company or business. But a good website designed by a professional will definitely set you apart from your competitors. In this day an age, we’re almost always on our phones and the first thing we do when we check out a new business is to go to their website. That being said, it should be as great and impressive as your company is!

Should I hire external web developers?

Should I hire external web developers?

“There has been some communication problems…”

“They were unable to deliver according to the brief.”

“My developer’s ignoring me.”

Any of these sound familiar to you?

After 8 years in the industry, I’ve encountered several clients who have had such problems dealing with the web designer that they hired. More often than not, these designers or developers were from external sources, or charged extremely cheaply – think $500 for a full WordPress website. In almost all cases, there was also no contract or specifications of the services to be provided as well. This is an important aspect of any agreement as it makes sure that both parties are agreeable to the price and scope of service provided, and for how long. However, with developers charging such attractive prices, it is highly unlikely that they will go through the proper administrative processes.

So what happens then, when you don’t have a contract and your developer goes MIA? You do not have any legal documents to actually do any action against your service provider! For a $500 fee, how many hours do you expect your developer to spend on your project?

So a lot of my clients have to turn to another designer/developer, and then pay them ANOTHER fee to restart or continue their unfinished project. Having wasted their initial budget spent on a low-quality service provider who wasn’t able to give them what they really wanted, they now have to spend even more.

This is why, all my projects:

  • Start with a proper specifications list with expectations, scope and terms & conditions
  • Everything is in black and white, and signed / agreed by both parties
  • Duration of service and after-sales is also clearly stated
  • Client communication is integral throughout the process of the whole project
  • We’re locals, working in-house, so communication is no issue

Of course, we can never compete with companies or freelancers that provide the same service for $500. But in this industry, you get what you pay for. There’s no such thing as cheap and good. We are definitely not the cheapest, but what’s most important to us is the value. We are always looking to improve our portfolio and work quality, and focus on quality rather than quantity of websites produced. So you can rest assured, that your project is of great importance to us.

Why I set up Hello Pomelo Creatives

Why I set up Hello Pomelo Creatives

Hello all! I haven’t blogged in a while.

So today, more than 1 year after I’ve set up Hello Pomelo Creatives, I’ll share why I decided to set up a company when I was already quite successful as a freelancer. It all started when I was working at other agencies, my old work places. These were established web design companies, who have been around for quite a while. I’ve handled whole projects from start to finish, we were given free reign pretty much – from emails and discussions with the client, designing, reviewing what the client liked and disliked, development up till launch, and even post-launch support. Every single aspect of it (once the project was confirmed) was handled by 1 person.

Then I started thinking… Hey, I could handle a whole project in an agency, delivery agency-quality work (but at the agency’s inflated prices), why should I work for anyone? So I declined a job offer that my internship company wanted to give me when I were to graduate 1 year later.

And I started a company where I aimed to provide quality agency work (isn’t the work still done by the same person? Me?) but without the inflated agency prices. At Hello Pomelo Creatives, you’re not paying a premium agency fee and you’re still getting the same amount of work by that 1 employee which, in an agency, would’ve been assigned to your project anyway.

What you also get is an unparalleled passion from a business owner, which you’ll probably not find in an employee!

Do you know who is working on your project?

Do you know who is working on your project?

Hello, I’m here again to write about something that I’m very passionate about. Singapore has barely scratched the surface for supporting local musicians and artists, and I think we should supporting local web designers as a top priority too!

From my time in the industry, I’ve found out that a lot of companies outsource their work to cheaper labour in foreign countries. Most of these companies do not even have in-house designers or developers. It’s just 1 sales guy, who you meet up with, has barely any knowledge about design or coding and tells you he can deliver a website to you. He is merely just a middleman, so do you know who is actually working on your website?

Delays in replies

The main problem with working with a middleman, is he will need to relay all your questions, revisions and questions to the person actually building the website. Even simple questions like “Will I be able to provide a first sign-up discount for customers?” will take a few days to a week to get replied to, because a) the middleman doesn’t know the technicalities as he isn’t trained in web development, b) the foreign developer is on a different timezone and c) he also has a large number of projects from clients all over the world too. This results in projects that take a long time to complete!

Lost in translation

Most foreign developers from neighbouring countries do not have a good grasp of English, even though they may be very good at what they do. Certain things that may seem like common sense or common practice to you, has to be explained out step by step to the developer. Furthermore, most clients are not very well versed or knowledgeable in technical stuff, so you will have to rely on your middleman to know what you want and successfully relay that to the developer.

The design never looks like the final website

I’ve personally been engaged to just do the design portion of the website, and for some reason, the final coded website never looks exactly like my design. Whenever you have 1 person designing and another coding (especially someone who is not also a designer), such instances are bound to happen. Most of the time, there aren’t any quality checks done to ensure that the final product looks exactly like what the designer envisioned as there are some elements that are not best explained in a static mockup eg. mouse hovers, animated effects, slider effects, parallax effects etc. It is always best to have the site fully developed by the same person, so that the concept, ideas and creativity follows through from design all the way to development.

In conclusion, it is very important to know who exactly is working on your project and know the benefits you get from having a close working relationship with your web designer, compared to a sales middleman. Yes, I get it, labour costs in Singapore is way higher than it is in neighbouring countries like India and Vietnam, but working with local talents comes with its benefits as well!

How to Increase Sales for Your E-Commerce Shop

How to Increase Sales for Your E-Commerce Shop

I have been designing e-commerce websites for about, close to 7 years now, and have absolutely lost count on how many I have guided and completed along the way. I’ve worked on Love Bonito, when they were first starting up, moving from Livejournal to a self-hosted E-commerce site, Bag Charm Love, Lloola Shoes, Olette Lingerie, The Out Post Trading Co., Gymsportz, Ooma.sg and more. And it’s amazing to see how the e-commerce scene has grown in Singapore. Online stores have grown so successful, they now have their own brick-and-mortar store!

So how do you increase your site’s popularity?

  1. Good Design – You must think this is a given, but a lot of people totally underestimate how important it is to have a good design. Good design gives good first impressions – good first impressions leads to sales, because you look professional and legitimate. With current events, buyers are getting more cautious of fraud sites, it gets more and more important to portray a legitimate business front .
  2. Good Content – Make sure you have all your legal, privacy policy and terms & conditions pages set up properly. Even though most of us don’t read it (honest truth), it feels good there is actually one in place.
  3. Good Marketing  – This goes hand in hand with good design. Humans are naturally attracted to beautiful things. There is no point investing hundreds of thousands of dollars in marketing with Google or Facebook, when you have an ugly banner to go with it. An amazing banner design should be part of your marketing, or it will all go to waste.

So now, you have some people buying from your store. How do you make them buy more?

  1. Cross-selling – offer 3 or 4 complementary products that would go together with the main product they are looking at.

    You may also like - www.eaura.sg
    You may also like – www.eaura.sg
  2. Upselling – Suggest other products they might be interested in, before they checkout their cart
  3. Free Delivery with a certain amount – This will prompt customers to fill up their carts to the brim so they can enjoy free delivery! They might even ask their friends if they would like to share carts, and that’s free promotion for you too!

The result? Average cart size increase of 16%, 56% more time spent on the site, and a 116% increase in products viewed.

You will be amazed at the number of tips and tricks we have under our sleeves, that’ll help you increase your sales!

Building a trustworthy, successful e-commerce shop

Building a trustworthy, successful e-commerce shop

The trend of e-commerce shops is on a rise these days especially in Singapore. With minimal or little investment, anyone can own an online shop and start selling things to customers. While most internet savvy users have little qualms about purchasing things online, some are still wary when it comes to purchasing products online. The problem lies with the fact that just anyone could own an online shop. So how do we  create a shop that people will trust and buy from?

1. Reassure visitors with a professional design. A person’s first impression about your whole shop and company is based 5 seconds upon loading your home page. With the rise in popularity of Apple products and internet savvy people, the importance of good design to build credibility and quality is essential. Build reassurance by having a professional design. Good design comes with good usability and functionality.  Many people will not trust a shop that has a bad design because it looks like not a lot of effort and money has been invested into the business, and gives the feeling as though it is not very serious, or even a quick scam. 

2. Provide product reviews where people can leave comments about the product. Not only is user-generated content great for SEO, a lot of people base their purchasing decisions based on reviews from others. By allowing product reviews (which you can moderate by the way), is also a sign that you are dedicated to providing quality products with quality service and is a huge plus point in building a trustworthy shop. While this may not be ideal for fashion shops where products are released weekly, and people don’t really write reviews for clothes, you may consider a sitewide testimonials page as well.

Reviews and testimonials at Gymsportz.sg

3.  Quality of product photos. Many online shop owners fail to provide professional photography for their products. Customers are not able to touch and feel your products, plus good photography shows the status of your shop. All the big fashion stores such as ASOS and TOPSHOP, have professional models wearing their products and their photos taken in a studio, which results in a clean white background image. Products taken hanging from your bedroom cupboard handle or just tossed on the floor brings no reassurance that your store is professional at all. A lot of photos can easily be stolen from supplier sites or sites like Gmarket and Taobao, so as a customer, how do you know the shop actually has these products in stock? To solve this, it is best to have your own photoshoots with a model.

Pfffsh….All these typically obvious Gmarket/Taobao photos~ That does not even look like Singapore.

4. Elements of trust. Provide elements of trust throughout your website. These can be in the form of informational pages stating your dedication to provide customer satisfaction, trusted payment logos, contact details including shop address, phone number or email, business registration number. Return policies show that you have thought all of these through. You can also consider a live chat box.

5. Social network integration. Link your shop to a Facebook page, Twitter and Instagram. Not only does this help with your shop’s marketing for absolutely no cost, it also encourages participation and contribution amongst your visitors. A shop that has activity builds more credibility than a shop that’s just a standalone shop in the quiet depths of the internet. Besides, all the brands and shops now have a Facebook page, it would be weird not to have one!

These are just some of the practices that should be considered when trying to build a credible e-commerce store. I’m sure there are more, but lets leave that for another post!

Till then!

Picking the right web designer – the first time

Picking the right web designer – the first time

Throughout the course of my career I have encountered many people who have approached me with sites already completed. Some of them have told me that their previous web designer had done a bad job, didn’t manage to do things as they had expected, some functions were left undone or completely missing, or simply just evaporated into thin air. The worst thing is, the money has been paid and deposit lost. Which led me to think how important it is to choose the right web designer the very first time.

How do you know a web designer is reliable?

Check the quality of your web designer’s website. As a web designer, they should have a pretty awesome website right? Is it something that you would like? Can you see the quality of the web designer’s works and skills behind the design of their own personal website?

Check the works. Take a look through the portfolio of the web designer. Are the websites legitimate or still hanging around the web at least?

Check the clients and/or testimonials. A good web designer is proud to display his or her clientele, because they are confident that if approached, these clients will be able to speak good of their services. Email or contact some of those clients to get some testimonials regarding the web designer’s work and service.

Check what the web designer is charging you with the market price. Is the quotation too good to be true? It most likely is. Prices reflect the quality of work you will receive. A $300 website, will not end up looking like a $3000 website. You get what you pay for. It is better to pay a little more for a quality web designer rather than paying less, and then not being happy with the result in the end.

So those are just some general guidelines, from a web designer point of view. Would love to hear some opinions from a client’s point of view. Feel free to leave a comment or drop me a hello!