WordPress Tips Every Webmaster Needs to Know

WordPress Tips, More than 800 websites are being built on WordPress every day. 

WordPress is a powerful CMS. More than 19.5 million sites across the world use the platform.

Some of you may have been using WordPress for a while. Others might have had some failed sites and need some guidance moving forward.

So for those of you who are new to the growing WordPress network, welcome to the club. Launching a new website can be intimidating if it’s your first time. But if you can quickly learn some tips and tricks on WordPress, it will make your life much easier.

Regardless of your situation, this guide will help you.

web hosting

With WordPress beginners in mind, some of these tips are being overlooked by people who have been using WordPress for years.

WordPress Tips

1. Find the right web hosting plan

WordPress is an open-source CMS (content management system). Simply put, it’s a tool for creating and managing websites. You can use WordPress to build a personal blog, business website, ecommerce store, or anything in between.

But the platform itself does not host websites. This is a common misconception that I find with prospective website owners.

With that said, you can use any web hosting provider that meets the WordPress minimum hosting requirements. Basically, your host needs to have a PHP version of 8.0 or higher. It needs a MySQL version of 5.6 or higher or MariaDB version 10.1 or higher. Your host also needs HTTPS support.

When it comes to web hosting, there are lots of different options to choose from. After you find the best web hosting provider, you’ll also have to determine the type of hosting you need. Shared hosting, VPS hosting, dedicated servers, and cloud hosting are the most popular options.

Choosing the right plan and host from the beginning is crucial. It’s important that you find a plan that gives you enough resources to meet your traffic needs.

Picking the wrong hosting plan (CHEAP) can end up causing slow loading times, crashes, and very poor Google rankings, and downtimes. Plus, changing hosts down the road can be a pain.

2. Pick a quality theme

The options are seemingly endless when it comes to picking a WordPress theme. You can browse for options from the WordPress theme directory.

However, too many people make the mistake of rushing when they pick a theme. That’s not going to benefit you at all.

There are tens of thousands of themes out there. Not all of them are offered directly from the WordPress theme directory.

Resources like ThemeForest have nearly 46,000 themes to choose from. In order to get a quality theme, you might have to pay. It’s not a huge expense, and most themes are reasonably priced.

Your theme should also be based on the type of website you have. For example, the best WordPress themes for blogs will be different than the best ecommerce WordPress themes.

Always look at the live demos of themes. It will give you a chance to try a theme out before you install it. This way you’ll be able to get a better idea of the look and feel of a theme from the user’s perspective.

It should go without saying, but you need to make sure that any theme you install is mobile-responsive. Themes are useless if they can’t be displayed properly on mobile devices.

3. Use Google Analytics

It’s impossible to know how well your site is doing unless you can measure its performance metrics. WordPress alone won’t give you enough information.

But by installing a Google Analytics plugin, you’ll be able to get added insight into how site visitors are behaving on your pages.

MonsterInsights is a top option to consider for this.

The plugin has more than 2 million active installations. It’s definitely the most popular Google Analytics plugin on the market today.

After installing this, you’ll have access to audience reports, behavior reports, content reports, and ecommerce reports (if applicable).

The best part about using a Google Analytics plugin is that you’ll be able to view all of your data directly on your WordPress admin dashboard. It’s better than having to bounce around between multiple sites and platforms to access this information.

4. Install a plugin for SEO

In addition to Google Analytics, you’ll also want to use a WordPress SEO plugin. There are hundreds of options out there, but I personally recommend Yoast SEO.

Without a proper SEO strategy, your WordPress site won’t get much organic traffic. This is crucial for survival in today’s day and age.

You can’t just assume that your content alone is good enough to bring people to your site. I don’t care what type of website you have or what industry you’re in, SEO needs to be a top priority.

A plugin like this makes things easier for you whenever you want to optimize your site for SEO.

It will analyze keywords and content to ensure that you’re taking the right approach. Yoast also helps you handle the technical side of SEO, like managing your sitemaps or robots.txt files.

WordPress Tips

5. Don’t use too many plugins

I know this may sound contradictory to my last two tips, but you need to limit your use of plugins.

Google Analytics and SEO plugins are definitely necessary, as with some other plugins to add functionality to your website. There are great plugins for things like:

  • Caching
  • Forms
  • Directories
  • Bookings
  • Memberships
  • Popups
  • Backups
  • Security

But with that said, you don’t need a plugin for every category. If you’re not going to actually add popups to your website, you don’t need a popup plugin. Don’t install a bookings plugin unless you run a business that would benefit from it.

Installing too many WordPress plugins can ultimately make your site slower. Adding the extra code associated with a plugin can weigh down your website.

More plugins don’t necessarily translate to a better or more functional website. So just don’t go overboard when you’re installing them. Limit plugins to ones that you’ll actually need and use.

6. Compress images

Like excess plugins, images are another way to slow your website down. But that doesn’t mean you should shy away from using lots of images in your content.

In fact, I encourage you to use as many images as possible, all over your website. Incorporate them into your blog posts, use them on landing pages, add them to product pages and descriptions as well.

There aren’t many circumstances where I would say an image doesn’t belong on your site.

But with that said, these media files are large, and result in slower loading times. That’s why every image should be compressed before it’s published.

WordPress Tips. I’d recommend using a tool like the Kraken Image Optimizer.

As you can see from this example, Kraken reduced this file size by 61%. I like this tool because you can handle all of your image compression on the web, without forcing you to download any software.

If you’d rather do this in WordPress, you’ll need to install a plugin.

7. Modify your permalinks

Are you familiar with permalinks?

This is the part of the web address that comes after the domain name. These are the web addresses of each individual landing page and blog post.

Each time you create a new page or post on WordPress, it automatically generates a new permalink by default. However, these defaults need to be changed before you publish the page.

A carefully crafted and custom permalink is very valuable. It gives your website visitors an understanding of what the page is about, without having to read the content.

They keep everything organized, and can be used by search engines and site visitors alike for accessing content.

To modify your permalinks, navigate to the “Settings” option from your dashboard. From here you’ll see a “Permalinks” button. The “Post Name” option is the one that will provide the most SEO value, so that’s what you should go with.

8. Prioritize safety

We discussed the popularity of WordPress earlier. Since it’s so common for websites to use this platform, it’s also common for hackers to target WordPress sites.

You need to update your WordPress version whenever a new one comes out. This will help you avoid some bugs and hackers. But that alone won’t be enough to keep your site secure.

There are other steps you can take to beef up the security of your WordPress site.

The first thing you should do is get an SSL certificate. This will encrypt information on your site, including sensitive details like customer data. The best web hosting services (like the ones we mentioned earlier) will usually include an SSL certificate.

You should also be backing up your site on a regular basis. If something goes wrong and your content gets lost, you don’t want to be forced to start over from scratch. There are plugins you can install for backups, as well as plugins made for enhancing your site’s security.

9. Learn how to use heading tags and meta tags

These are meta tags that appear in SERPs.

I’m sure you’ve seen them before.

Heading tags get used within your content. For example, this blog post that you’re reading right now has 12 tags. There’s a title tag at the top, a heading for each of the 10 tips, and a conclusion tag at the bottom.

Both meta tags and title tags have SEO benefits. They also make it content easier for website visitors to consume content.

Imagine trying to read this post without these headers? It would not be as easy.

Based on which type of header is used, it ranks the tag’s significance on the page. The size of the text will change based on this as well. For example, H1 tags are the biggest and most important, while an H6 tag is smaller and less important.

If you’re not familiar with how these work, just review my guide on how to use heading tags to get more search engine traffic. I also wrote a guide on how to craft meta tags for SEO and CTR.

WordPress Tips. Both of these are valuable resources for your WordPress SEO strategy.

10. Eliminate clutter

WordPress gives you tons of customizable options for your website. You have the option to include ads, banners, and widgets all over your page.

However, all of these extras just add clutter to your website. This makes your page looks untrustworthy and unprofessional.

Adding too many elements to your website is also very distracting to your website visitors. It makes it hard for them to focus, which means your content won’t get consumed and they won’t click on your CTAs.

While it might be tempting to take advantage of everything that WordPress has to offer, in some instances, less is definitely more.


WordPress is one of the best content management systems on the market today. It’s easy to use, and extremely versatile for nearly every type of website.

However, WordPress isn’t really a set it and forget it platform. You’ll still need to actively manage your website.

With so many different features, functions, and add-ons to take advantage of, it can be a bit overwhelming at times. But if you follow these 10 simple WordPress tips outlined above, your site performance will improve.

What is Cloudflare?

Cloudflare is the foundation for your infrastructure, applications, and teams. Read More

One of the Largest Global Networks Read More

Learn about the Cloudflare Network. Read More

Get the latest news on how products at Cloudflare are built, technologies used. Read More

Continuously Innovating. Read More

Trusted Partner to Millions. Read more.

website designers dothan

What can the Cloudflare network do for you?

Every day, customers use our network to deliver applications to users around the world, secure corporate assets with a Zero Trust model, and streamline WAN architectures. Whether you are storing objects, deploying serverless code, or blocking cyber attacks, all our security and performance capabilities extend globally, making configuration a breeze.

What makes them different?

Cloudflare’s architecture gives you an integrated set of L3-L7 network services, all accessible from a single dashboard. It is designed to run every service on every server in every data center across our global network. It also gives your developers a flexible, Internet-scale platform to deploy serverless code instantly across the globe. No software or hardware is required. Simple to set up, use, and maintain.

Credit T0

Contact Dothanbydesign.com

What is email security?

email provider

Email security is the process of preventing email-based cyber attacks and unwanted communications. It spans protecting inboxes from takeover, protecting domains from spoofing, stopping phishing attacks, preventing fraud, blocking malware delivery, filtering spam, and using encryption to protect the contents of emails from unauthorized persons.

Security and privacy were not built into email when it was first invented, and despite email’s importance as a communication method, these are still not built into email by default. As a result, email is a major attack vector for organizations large and small, and for individual people as well.

What kinds of attacks occur via email?

Some of the common types of email attacks include:

  • Fraud: Email-based fraud attacks can take a variety of forms, from the classic advance-fee scams directed at everyday people to business email compromise (BEC)messages that aim to trick large enterprise accounting departments into transferring money to illegitimate accounts. Often the attacker will use domain spoofing to make the request for funds look like it comes from a legitimate source.
  • Phishing: A phishing attack tries to get the victim to give the attacker sensitive information. Email phishing attacks may direct users to a fake webpage that collects credentials, or simply pressure the user to send the information to an email address secretly controlled by the attacker. Domain spoofing is also common in attacks like these.
  • Malware: Types of malware delivered over email include spyware, scareware, adware, and ransomware, among others. Attackers can deliver malware via email in several different ways. One of the most common is including an email attachment that contains malicious code.
  • Account takeover: Attackers take over email inboxes from legitimate users for a variety of purposes, such as monitoring their messages, stealing information, or using legitimate email addresses to forward malware attacks and spam to their contacts.
  • Email interception: Attackers can intercept emails in order to steal the information they contain, or to carry out on-path attacks in which they impersonate both sides of a conversation to each other. The most common method for doing this is monitoring network data packets on wireless local area networks (LANs), as intercepting an email as it transits the Internet is extremely difficult.

Email domain spoofing

Email domain spoofing is important in several types of email-based attacks, as it allows attackers to send messages from legitimate-seeming addresses. This technique allows attackers to send an email with a forged “from” address. For example, if Chuck wants to trick Bob with an email, Chuck might send Bob an email from the domain “@trustworthy-bank.com,” even though Chuck does not really own the domain “trustworthy-bank.com” or represent that organization.

What is a phishing attack?

Phishing is an attempt to steal sensitive data, typically in the form of usernames, passwords, or other important account information. The phisher either uses the stolen information themselves, for instance to take over the user’s accounts with their password, or sells the stolen information.

Phishing attackers disguise themselves as a reputable source. With an enticing or seemingly urgent request, an attacker lures the victim into providing information, just as a person uses bait while fishing.

Phishing often takes place over email. Phishers either try to trick people into emailing information directly, or link to a webpage they control that is designed to look legitimate (for instance, a fake login page where the user enters their password).

There are several types of phishing:

  • Spear phishing is highly targeted and often personalized to be more convincing.
  • Whaling targets important or influential persons within an organization, such as executives. This is a major threat vector in enterprise email security.
  • Non-email phishing attacks include vishing (phishing via phone call), smishing(phishing via text message), and social media phishing.

An email security strategy can include several approaches for blocking phishing attacks. Email security solutions can filter out emails from known bad IP addresses. They can block or remove links embedded within emails to stop users from navigating to phishing webpages. Or, they can use DNS filtering to block these webpages. Data loss prevention (DLP) solutions can also block or redact outgoing messages containing sensitive information.

Finally, an organization’s employees should receive training on how to recognize a phishing email.

How are email attachments used in attacks?

Email attachments are a valuable feature, but attackers use this email capability to send malicious content to their targets, including malware.

One way they can do this is by simply attaching the malicious software as an .exe file, then tricking the recipient into opening the attachment. A far more common approach is to conceal malicious code within an innocent-seeming document, like a PDF or a Word file. Both these file types support the inclusion of code — such as macros — that attackers can use to perform some malicious action on the recipient’s computer, like downloading and opening malware.

Many ransomware infections in recent years have started with an email attachment. For example:

  • Ryuk ransomware often enters a network through a TrickBot or Emotet infection, both of which spread via email attachments
  • Maze ransomware uses email attachments to gain a foothold within the victim’s network
  • Petya ransomware attacks also usually started out with an email attachment

Part of email security involves blocking or neutralizing these malicious email attachments; this can involve scanning all emails with anti-malware to identify malicious code. In addition, users should be trained to ignore unexpected or unexplained email attachments. For web-based email clients, browser isolation can also help nullify these attacks, as the malicious attachment is downloaded in a sandbox separate from the user’s device.

What is spam?

Spam is a term for unwanted or inappropriate email messages, sent without the recipient’s permission. Almost all email providers offer some degree of spam filtering. But inevitably, some spam messages still reach user inboxes.

Spammers gain a bad “email sender reputation”* over time, leading to more and more of their messages getting marked as spam. For this reason they are often motivated to take over user inboxes, steal IP address space, or spoof domains in order to send spam that is not detected as spam.

Individuals and organizations can take several approaches to cut down on the spam they receive. They can reduce or eliminate public listings of their email addresses. They can implement a third-party spam filter on top of the filtering provided by their email service. And they can be consistent about marking spam emails as spam, in order to better train the filtering they do have.

*If a large percentage of a sender’s emails are unopened or marked as spam by recipients, or if a sender’s messages bounce too much, ISPs and email services downgrade their email sender reputation.

How do attackers take over email accounts?

Attackers can use a stolen inbox for a wide range of purposes, including sending spam, initiating phishing attacks, distributing malware, harvesting contact lists, or using the email address to steal more of the user’s accounts.

They can use a number of methods to break into an email account:

  • Purchasing lists of previously stolen credentials: There have been many personal data breaches over the years, and lists of stolen username/password credentials circulate widely on the dark web. An attacker can purchase such a list and use the credentials to break into users’ accounts, often via credential stuffing.
  • Brute force attacks: In a brute force attack, an attacker loads a login page and uses a bot to rapidly guess a user’s credentials. Rate limiting and limits on password entry effectively stop this method.
  • Phishing attacks: The attacker may have conducted a previous phishing attack to obtain the user’s email account login credentials.
  • Web browser infections: Similar to an on-path attack, a malicious party can infect a user’s web browser in order to see all the information they enter on webpages, including their email username and password.
  • Spyware: The attacker may have already infected the user’s device and installed spyware to track everything they type, including their email username and password.

Using multi-factor authentication (MFA) instead of single-factor password authentication is one way to protect inboxes from compromise. Enterprises may also want to require their users to go through a single sign-on (SSO) service instead of logging directly into email.

How does encryption protect email?

Encryption is the process of scrambling data so that only authorized parties can unscramble and read it. Encryption is like putting a sealed envelope around a letter so that only the recipient can read the letter’s contents, even though any number of parties will handle the letter as it goes from sender to recipient.

Encryption is not built into email automatically; this means sending an email is like sending a letter with no envelope protecting its contents. Because emails often contain personal and confidential data, this can be a big problem.

Just as a letter does not instantly go from one person to another, emails do not go straight from the sender to the recipient. Instead, they traverse multiple connected networks and are routed from mail server to mail server until they finally reach the recipient. Anyone in the middle of this process could intercept and read the email if it is not encrypted, including the email service provider. However, the most likely place for an email to be intercepted is close to the origin of the email, via a technique called packet sniffing (monitoring data packets on a network).

Encryption is like putting a sealed envelope around an email. Most email encryption works by using public key cryptography (learn more). Some email encryption is end-to-end; this protects email contents from the email service provider, in addition to any external parties.

How do DNS records help prevent email attacks?

The Domain Name System (DNS) stores public records about a domain, including that domain’s IP address. The DNS is essential for enabling users to connect to websites and send emails without memorizing long alphanumeric IP addresses.

There are specialized types of DNS records that help ensure emails are from a legitimate source, not an impersonator: SPF records, DKIM records, and DMARC records. Email service providers check emails against all three of these records to see if they are from the place they claim to be from and have not been altered in transit.

The Cloudflare Email DNS Security Wizard helps domain owners quickly and correctly configure these crucial DNS records. To learn more, see our blog post.

How can phishing attacks be stopped?

Many email providers have some built-in phishing protection (and the DNS records listed above are usually one of the signals they look at for blocking phishing attempts). However, phishing emails still regularly get through to user inboxes. Many organizations employ additional phishing protection to better defend their users and networks.

Cloudflare Area 1 Email Security offers cloud-based phishing protection. Cloudflare Area 1 discovers phishing infrastructure in advance and analyzes traffic patterns to correlate attacks and identify phishing campaigns. Read in more detail about how this anti-phishing service works.

Credit Cloudflare.com

What is website security?

web design dothan

Website security refers to the protection of personal and organizational public-facing websites from cyberattacks.

Why should I care about website security?

Cyberattacks against public-facing websites—regardless of size—are common and may result in:

  • Website defacement,
  • Loss of website availability or denial-of-service (DoS) condition,
  • Compromise of sensitive customer or organizational data,
  • An attacker taking control of the affected website, or
  • Use of website as a staging point for watering hole attacks.

These threats affect all aspects of information security—confidentiality, integrity, and availability—and can gravely damage the reputation of the website and its owner. For example, organization and personal websites that fall victim to defacement, DoS, or data breach may experience financial loss due to eroded user trust or a decrease in website visitors.

Read More

Your website is at risk.

I’m not saying this to try and scare you, but that’s the reality of the world we live in. Tens of thousands (50,000+) websites get hacked each day.

You can’t have an “it won’t happen to me” mentality. I encounter businesses all the time who feel this way. They think hackers have bigger fish to fry and don’t have any reason to target their website. That’s simply not the case. In fact, the majority of cyber crimes are against small businesses.

Roughly half of companies worldwide say they have experienced a cyber attack in 2021. Just 40% of businesses say they’re prepared to handle cyber attacks.

I don’t have a magic crystal ball or some way to see into the future, but my gut tells me that cyber criminals aren’t going to just wake up one day and decide to stop hacking websites.

Bottom line: Hackers won’t stop trying to gain an edge. That means you need to regularly improve your website security.

That’s what inspired me to write this guide. I’ll show you what needs to be done to secure your website today, in 2020.

Common Website Security Threats

Websites get attacked in a lot of different ways. So before we proceed, I want to give you a brief overview of some of the most common threats to your website security. These are the things that you’ll want to be prepared for when taking security measures.


We’ve all been contacted by a Nigerian prince or had a distant, wealthy relative die and needed to claim our money. Usually, it’s annoying—but relatively harmless if you ignore it.

However, sometimes spam is more malicious. Spam in the form of comments is extremely common on websites. Bots can hammer the comments section of your website with links to another site as an attempt to build backlinks.

These comments harm your website because:

  1. They don’t look good on your site and might turn readers off who might otherwise engage with your content by commenting.
  2. Phishing links might contain malware, which can harm your website visitors if they click on them.

Furthermore, Google’s crawlers can often detect malicious URLs and penalize your website for hosting spam. This will crush your SEO ranking.

Viruses and malware

For those of you who don’t know, malware stands for “malicious software.” So malware and viruses are essentially the same thing. Malware is arguably the biggest threat to your website. As much as 350,000 malware samples are created each day.

According to Statista, these are the most common types of malware used in cyber attacks across the world:

Malware comes in all different shapes and sizes. That’s why it’s such a big threat to your website.

These types of viruses are often used to access private data or use server resources. Criminals also use malware to make money with ads or affiliate links by hacking your website permissions.

Hackers are able to introduce malware into your computer infrastructure in a variety of different ways including emails to employees, redirects, and direct hacking.

Our biggest piece of advice: Don’t click on weird links. That might seem like a, “duh” moment, but it’s easier to fall for the trap than you think. Be sure to educate your employees and any other users who might be using your company’s computers on the importance of keeping vigilant online.

With malware, both you and your website visitors are at risk. Someone visiting your site could click a link that downloads a malicious file onto their computer. It’s your job to keep your website secure and prevent that from happening.

WHOIS domain registration

Buying a domain name is like buying a house. The company that sells the house must know who they’re selling to and be able to contact them. Plus, anyone can go to the county auditor and find information about any address.

The same goes for buying a website. Depending on the country you’re in, you’ll be required to release some information about yourself that is recorded on WHOIS data.

Outside of your personal information, this also contains information about your URL nameservers (these are the servers that connect your domain name to your actual web server).

Hackers can use this information to narrow down the location of the server that you’re using. They can use this as a gateway to access your web server.

DDoS attacks

DDoS attacks deny access to users trying to visit a specific website. Basically, the hacker uses spoof IP addresses to overload servers with traffic. This essentially takes the website offline. Think of it as spamming website traffic to your site. Instead of you benefiting from more traffic though, your website crashes.

Now the host needs to scramble to get the server back up and running as fast as possible, which leaves the server vulnerable for malware—not to mention the loss of revenue and credibility for you.

These attacks are on the rise too. In Q3 of 2020, websites saw a 50% increase of DDoS attacks when compared to 2019.

Search engine blacklists

When you don’t keep your website safe, it’ll have a ripple effect in other key areas of your business. For example, if your website is attacked, Google might take notice and diminish your SEO rankings.

According to a recent study, 74% of hacked websites were attacked for SEO reasons such as adding backlinks to your website. They can also create new web pages on your website or display an entirely different site in order to bring your ranking down and boost the ranking of whatever site they want.

web design dothan

I briefly mentioned this earlier when we were discussing spam comments. If search engines detect malicious content on your website, your SEO ranking will suffer.

If lots of users are reporting your site as spam or unsafe, you could be added to a search engine blacklist. Once you’re on that list, it’s extremely difficult to get off.

Here are a few ways people can report your website for security issues on Google:

  • Web page spam. These are websites that attempt to get better placement on Google results through black hat methods such as hidden text, redirects, and cloaking.
  • Paid links spam. This is the purchase and sale of links that pass PageRank.
  • Rich snippets spam. If you give leaders false or misleading information such as fake reviews.
  • Malware. This is when sites are infected with malware and present a harmful user experience as a result.
  • Phishing. These are websites and pages designed to steal your personal information by posing as another page (e.g. setting up a fake PayPal landing page to get bank information).

The best way to avoid being reported is to play by the rules and do right by your website visitors. That starts with keeping your website safe.

How to keep your website safe

Now that you’re familiar with some of the most common security threats, you need to get serious about preventing them from ever happening on your website.

You can’t just assume that your website is secure. If you haven’t done anything to beef up the security, it’s probably vulnerable for attacks. Even if you have done something, you need to keep updating your site and making sure that it’s still secure. The Internet moves fast. There’s no room for “probably” here.

These are the steps you need to take to improve your website security in 2020.

Use HTTPS protocol

If your website isn’t currently using HTTPS protocol, that needs to jump to the top of your priority list. This essentially tells your website visitors that they’re interacting with the proper server and nothing else can alter or intercept the content they’re viewing.

Without HTTPS a hacker can change information on the page to gather personal information from your site visitors. For example, they could steal login information and passwords from users.

HTTPS protocol will also improve your search ranking. Google rewards websites that use this security measure.

This is comforting to people who visit your website as well. When they visit your site, they’ll see this next to the URL:

Example of HTTPS protocol use.

It’s secure and trustworthy. Now, compare it to a site that’s not using HTTPS protocol. The URL in the web browser will look like this:
Not secure website example.

Do you feel safe when you’re browsing on a website and see this? I don’t.

Furthermore, you can improve this security measure even more by combining your HTTPS with an SSL (secure sockets layer) certificate. This is required for ecommerce websites since users are submitting sensitive information like credit card numbers, names, and addresses.

SSL certificates encrypt the communication between the server and the user’s web browser. This is a very nice added layer of encryption to keep your website safe (though it doesn’t prevent attacks or malware distribution). Even if you’re not selling anything on your website, I strongly recommend using HTTPS protocol and adding an SSL certificate to add security.

Update your software

If you own a computer, you know how often you have to update the software to keep it running smoothly. They might be annoying, but they’re necessary. The same goes for your website.

Make sure you have the most recent version of WordPress software, plugins, CMS, and anything else that needs an update.

In addition to fixing bugs or glitches, software updates typically come with security improvements. No software is perfect. Hackers will always be looking for ways to take advantage of their vulnerabilities.

Lots of cyber attacks are automated. Criminals use bots to just scan for websites that are vulnerable. So, if you’re not staying up to date on the latest software versions, it will be easy for hackers to identify and target your site before you can do anything about it.

Choose a safe web hosting plan

In theory, if your web hosting provider has security on its servers, you’ll benefit from those same levels of protection. However, that’s not always the case.

Going with a shared hosting plan might be appealing because of the price, but it’s not the most secure choice you can make. As the name implies, you’re sharing servers with other websites if you choose this type of hosting plan.

If one of those other sites gets attacked, a hacker can gain access to the server that you’re using as well. That means hackers might hurt your website even though you’re not directly targeted.

It’s like if you shared an apartment with roommates—but one of your roommates accidentally leaves the door unlocked one day. Then a burglar came in and stole the apartment television. Even though it wasn’t your fault and you weren’t necessarily the target, you still suffer from it.

I’m not trying to steer you away from a shared hosting plan, but if you want to boost your website security, you’ll be better off with another option such as Cloud or VPS.

Change your password

Change your password—and do so regularly (every 6 months to a year). I can’t stress this enough.

All too often I speak to people who have the same password for everything they own, and it’s something they’ve been using since they were in college ten years ago.

Here’s the problem with that: if hackers get access to your password, they’re going to try on other things such as bank accounts, social media accounts, and more. If you’ve kept the same password over multiple different accounts, you’re essentially handing them the master key to your Internet life.

Shockingly, 35% of passwords can be hacked in just three seconds.

The information from this graph was obtained using an open source software called John the Ripper. Anyone can use this tool to crack passwords.

If software like this can figure out more than half of passwords in just two hours, I can promise you that the best hackers are cracking passwords even faster.

That’s why you need to constantly update your password. You can use a password manager like 1Password to help you generate long passwords with special characters that are nearly impossible to solve.

These password managers also leverage powerful encryption that keeps your passwords safe from hackers. You can rest easy knowing that your passwords are safe.

Furthermore, you should pick a web host that’s using two-factor authentication. This is a feature that requires you to confirm a login on a separate device (most commonly a smartphone).

This will add an extra layer of security for password protection. If your web host doesn’t offer this, there are other ways for you to enable it on your own using apps or third parties.

Secure your personal computer

Don’t allow your own devices to threaten your website.

Hackers can inject malicious files into websites by stealing FTP logins via your personal computer. That’s why you need a good antivirus software on your computer (yes, even if those McAfee popups annoy you).

The last thing you want is to be careless while you’re browsing online on personal devices and have that mistake end up hurting your own website. This is especially important if you use a personal device for your work.

If you’re a business owner, be sure to educate your employees to protect their personal computers from bad actors. In either case, scan your machine on a regular basis.

Use tools to monitor your security

You can’t manually prevent attacks on your website. Instead, look for online tools and resources that will monitor your site’s security for you.

If you use WordPress, I highly recommend looking at my guide on the best WordPress security plugins. The plugins on this list add a firewall to your website while simultaneously fighting malware, spam, and other threats in real time.

If you don’t use WordPress, check to see if your website’s content manager offers good security add-ons. Otherwise, check out this list of good endpoint security software that’ll keep your IT infrastructure safe no matter what your CMS.

You can run security audits that will highlight your vulnerabilities so you can take preventative measures to stop an attack before it happens.

Limit user access

Don’t blame yourself, but 95% of cyber security attacks are the result of human error. That’s why it’s so important to educate yourself and your employees about the importance of cybersecurity.

The best way to prevent this is to limit the number of humans who can make an error. Not every employee of your business should have access to your website.

If you’re hiring an outside consultant, designer, or guest blogger, don’t automatically give those people access to change settings on your website. Implement the principle of least privilege.

Let’s say you assign a project to someone who requires a certain level of access to your website. By applying this principle, you only give them the absolute minimum level of access for they need to complete the task. Once complete, the person goes back to their regular access abilities.

Make sure each user has their own login credentials. If multiple people are sharing a username and password, it doesn’t give them any accountability and makes it harder to trace a security breach. Your team is much more likely to be careful with sensitive information if an error or change can be traced back to them.

Backup your website

When it comes to securing your website, you should always prepare for the worst. Obviously, you never want to be in a situation where your website is compromised. But in the event that something goes wrong, your life will be much easier if your content is completely backed up.

So try using a backup plugin, like BackupBuddy, to make sure you don’t lose anything on your website as the result of an attack.

dothan website design
BackupBuddy is one of the five best WordPress backup plugins that I reviewed for this year. Check out the full list to see which option is best for your situation.

Some of these backup plugins also come with built-in security measures as well, which can help you prevent an attack.

Adjust your default CMS settings

So many cyberattacks these days are automated. Hackers program bots to find sites with default settings. This way they can target a wider range of websites and gain access using the same type of malware or virus. Don’t make it so easy for them.

Once you install your CMS, make sure you change some of the default settings:

  • Comments settings
  • User controls
  • Visibility of information
  • File permissions

These are all examples of some of the settings that you can change quickly and right away.

Restrict file uploads

Letting website visitors upload files to your website can be risky. That’s because any file could potentially contain a script that exploits vulnerabilities on your website when it’s executed on the server.

In some instances, the nature of your website might require file uploads. For example, you may want users to add photos of your products when they’re writing a review. In this case, you should still treat all uploads as a potential threat.

You could also set it up so that any files that get uploaded are stored in a folder or database in another location. This typically looks one of three ways:

  • DIY. You can create a script that will fetch those files from a private and remote location to deliver them to a browser. This will require some coding and is a bit complex to set up, so I won’t go into too much detail on this right now.
  • Third party software. There are third-party software such as Filestack and Transloadit that offer a secure file upload system with high grade security and virus protection. This can get pretty expensive though.
  • Avoid it. The simple solution is to avoid file uploads altogether, or at least restrict the types of files that can be uploaded to your site.

Choose the best for you. The important thing is to choose one and protect your website.


Website security needs to be one of your top priorities.

If you haven’t taken any steps to secure your website, you’re currently at risk while you’re reading this. Even if you have taken the steps, you need to do so regularly and often in order to keep your website secure.

Being vigilant and implementing the right systems will help set you, your website, and your business up for success when it comes to avoiding bad actors. But you can make this difficult on them by taking the security measures that I’ve outlined above.

At the end of the day, if cyber criminals are having a tough time hacking a website, they’ll just move on to other sites that haven’t implemented the website security tactics that we talked about. You don’t want your website on that list.

What is WordPress?

At its core, WordPress is the simplest, most popular way to create your own website or blog. In fact, WordPress powers over 43.3% of all the websites on the Internet. Yes – more than one in four websites that you visit are likely powered by WordPress.

On a slightly more technical level, WordPress is an open-source content management system licensed under GPLv2, which means that anyone can use or modify the WordPress software for free. A content management system is basically a tool that makes it easy to manage important aspects of your website – like content – without needing to know anything about programming.

The end result is that WordPress makes building a website accessible to anyone – even people who aren’t developers.

web design dothan

What Kinds Of Websites Can WordPress Make?

WordPress was primarily a tool to create a blog, rather than more traditional websites. That hasn’t been true for a long time, though. Nowadays, thanks to changes to the core code, as well as WordPress’ massive ecosystem of plugins and themes, you can create any type of website with WordPress.

  • Business websites
  • eCommerce stores
  • Blogs
  • Portfolios
  • Resumes
  • Forums
  • Social networks
  • Membership sites
  • …pretty much anything else you can dream up.

Who Made WordPress And How Long Has It Been Around?

WordPress was created as a standalone project all the way back in 2003, originating as an offshoot of a previous project called b2/cafelog.

WordPress is open-source software, so nowadays it’s made by a huge community of contributors. But if we were to trace WordPress’ origins back to its roots, its original creation was a collaboration between Matt Mullenweg and Mike Little.

The history of WordPress between its founding as a blog platform back in 2003 and today is a long one…

But suffice it to say, the software has pushed forward and, thanks to its contributors and huge community, developed into the most popular solution to create any type of website.

Why Should You Use it?

Ok, so over 43.3% of all the websites on the Internet are using WordPress, including well-known entities like the White House and Microsoft.

But what about you? Why should you use it?

Well, no matter what type of website you want to create, there are plenty of reasons to use WordPress. Here are some of the biggest:

It is Free And Open Source

One of the biggest benefits of WordPress is that it’s free, open-source software. While you will need to pay a little bit for hosting, you will never have to pay just to use the software, which isn’t the case with alternatives like Squarespace.

Beyond that, you can also find lots of open-source plugins and themes to change how your website looks and functions. Speaking of….

It is Extensible

You can easily modify your website thanks to WordPress’ huge ecosystem of themes and plugins:

  • Themes – these primarily change how your website looks.
  • Plugins – these primarily change how your website functions. Plugins can be something small, like a contact form, or huge, like creating an eCommerce store.

Currently, there are over 65,000 free plugins and 10,000 free themes, as well as tons of premium options. That to say – you have plenty of choices!

Contact Us


email provider
From Wikipedia, the free encyclopedia
Electronic mail (email or e-mail) is a method of exchanging messages (“mail”) between people using electronic devices. Email was thus conceived as the electronic (digital) version of, or counterpart to, mail, at a time when “mail” meant only physical mail (hence e- + mail). Email later became a ubiquitous (very widely used) communication medium, to the point that in current use, an email address is often treated as a basic and necessary part of many processes in business, commerce, government, education, entertainment, and other spheres of daily life in most countries. Email is the medium, and each message sent therewith is called an email (mass/count distinction).

From Wikipedia, the free encyclopedia

Email and calendar tools are essential for business success, and you need a solution that just works. Our easy-to-use Rackspace Email for small businesses are an affordable, reliable and secure choice that can scale to your needs. Discover why we’re the choice for millions of mailboxes worldwide.

The right budget
Pay for what you need with the professional features that can drive your business forward.

The right service
Enjoy our 100% uptime guarantee and our team of experts are ready to help, 24x7x365.

The right features
Access email anywhere, at any time, from practically any device while experiencing premium spam and anti-virus protection, and a strict ad-free policy.

As a Rackspace Email provider we offer an affordable, business-class email hosting solution with anytime, anywhere access and a 100% uptime guarantee- all backed by and industry leading SLA and administrator access to our team of email hosting experts, 24x7x365.

  • Users can access their email using Outlook, their mobile phones or through the webmail application.
  • Enjoy a 100% uptime guarantee with premium spam and anti-virus protection.
  • Experience the privacy you deserve, and know you’ll never see a pop-up ad.

Get the most out of your business-class email by customizing your solution with the following add-ons:

Contact Us

What is a Domain Name?

A domain name is a string that identifies a realm of administrative autonomy, authority or control within the Internet. Domains are used in various networking contexts and for application-specific naming and addressing purposes. In general, a domain name identifies a network domain or an Internet Protocol (IP) resource, such as a personal computer used to access the Internet, or a server computer. Domain names are often used to identify services provided through the Internet, such as websites and email services. As of 2017, 330.6 million domain names had been registered.[1]

dothan web design


Names are formed by the rules and procedures of the Domain Name System (DNS). Any name registered in the DNS is a domain name. Names are organized in subordinate levels (subdomains) of the DNS root domain, which is nameless. The first-level set of domain names are the top-level domains (TLDs), including the generic top-level domains (gTLDs), such as the prominent domains com, info, net, edu, and org, and the country code top-level domains (ccTLDs). Below these top-level domains in the DNS hierarchy are the second-level and third-level domain names that are typically open for reservation by end-users who wish to connect local area networks to the Internet, create other publicly accessible Internet resources or run web sites.

The registration of a second- or third-level name is usually administered by a domain name registrar who sell its services to the public.

A fully qualified domain name (FQDN) is a domain name that is completely specified with all labels in the hierarchy of the DNS, having no parts omitted. Traditionally a FQDN ends in a dot (.) to denote the top of the DNS tree.[2] Labels in the Domain Name System are case-insensitive, and may therefore be written in any desired capitalization method, but most commonly domain names are written in lowercase in technical contexts.[3]

Credit https://en.wikipedia.org/wiki/Domain_name

What is Web hosting?

A web hosting service is a type of Internet hosting service that hosts websites for clients, i.e. it offers the facilities required for them to create and maintain a site and makes it accessible on the World Wide Web. Companies providing web hosting services are sometimes called web hosts. Wikipedia
web design

How does web hosting work?

Web hosting services work by maintaining stable and secure storage spaces. While web hosts provide more than just simple data storage, it’s a core part of their functionality. Hosts store data on hardware called web servers, which allows for easy maintenance and access by online users.

Without a large enough host capacity and proper maintenance, websites may behave erratically. That creates a more time-consuming process for your site’s visitors, in turn impacting your business’s sales and depriving your audience of information.

Types of web hosting

Hosting services shift the burden of setup and maintenance away from the user, and they do this in many different ways. Let’s quickly explore some of the different types of web hosting available.

1. Shared hosting

A common and economical option, shared hosting services manage multiple clients from the same server system. It’s a great option when your needs and budget are limited, but it comes with a trade-off. There’s more of an opportunity for disruption because the server’s resources are distributed between multiple users.

2. Virtual private servers

Virtual private server (VPS) hosting is similar to shared hosting, but your files are stored in a dedicated space with dedicated resources. The cost is typically higher as well, but this solution reduces the risk of sharing hardware with your provider’s other clients or subscribers.

3. Dedicated hosting

This provides a dedicated server, which cuts the security and performance risks associated with shared hosting. You can also gain substantial functionality, though this increases the need for regular management and maintenance, and will increase costs.

4. Managed hosting

You have access to a dedicated server, but you don’t have the same administrative options. Managed hosting leaves security and maintenance responsibilities with your provider, leaving you to manage content via FTP (File Transfer Protocol), the rules that networked computers use when they “talk” to each other.<

5. Cloud hosting

Cloud hosting is a newer option that uses resource sharing and scale to drive down costs and reduce the risk of noticeable service disruptions. It can be more affordable compared to other options, but make sure you understand how your plan’s pricing works before committing to one.
While these are the 5 most commonly used options, there are other forms of web hosting available. These include home servers that you set up entirely on your own. But as with any DIY tech project, make sure you do plenty of research beforehand.

website design dothan


Reasons to use a third-party hosting service

For most users, a third-party hosting service helps you avoid the hassle and risk of a home server. Setting up your own hosting can be time-consuming, expensive, and leaves your work more vulnerable if you can’t maintain good security and upkeep.

Most hosting services offer their own comprehensive support via email or telephone after you report an error. They also streamline many of the incidental services you’d expect, including visitor metrics and interface support. Pro users may enjoy the control and manageability of a home setup, but it isn’t for everyone.

What is SEO?

SEO stands for ‘Search Engine Optimization’. It’s the practice of optimizing your web pages to make them reach a high position in the search results of Google and other search engines. This means that people will be more likely to encounter your website when searching online. SEO focuses on improving the rankings in the organic – aka non-paid – search results. If you have a website and you want to get more traffic, there’s no doubt about it: SEO should be part of your marketing efforts.

dothan web design


Ways We Help Client Boost Their Site’s SEO

Your business may be the most amazing, visually appealing web storefront, digital forum, or product ever, but if you’re not visible to prospective buyers, your business’s growth strategy isn’t serving you. Search Engine Optimization or SEO is a powerful means of connecting with new audiences and includes showing up in visual search results.

How does SEO work?

Search engines such as Google and Bing use bots to crawl pages on the web, going from site to site, collecting information about those pages and putting them in an index. Think of the index like a giant library where a librarian can pull up a book (or a web page) to help you find exactly what you’re looking for at the time.

Next, algorithms analyze pages in the index, taking into account hundreds of ranking factors or signals, to determine the order pages should appear in the search results for a given query. In our library analogy, the librarian has read every single book in the library and can tell you exactly which one will have the answers to your questions.

SEO success factors can be considered proxies for aspects of the user experience. It’s how search bots estimate exactly how well a  website or web page can give the searcher what they’re searching for.

Unlike paid search ads, you can’t pay search engines to get higher organic search rankings, which means SEO experts have to put in the work. That’s where we come in.

The search algorithms are designed to surface relevant, authoritative pages and provide users with an efficient search experience. Optimizing your site and content with these factors in mind can help your pages rank higher in the search results.


What’s the Difference Between SEO and SEM?

The main difference is that Search Engine Optimization (SEO) is focused on optimizing a website in order to get traffic from organic search results. On the other hand, the goal of Search Engine Marketing (SEM) is to get traffic and visibility from both organic and paid search.

Put another way:

Google’s search results are divided into two main categories: the paid search results and the organic search results. The goal of SEO is to rank your website in the organic search results. You can also get your website in the paid area of the search results via pay per click (PPC). SEO is where you focus 100% on ranking in the organic results. SEM is when you tap into both SEO and PPC in order to get traffic from search engines.

What is Web Design?

Web design refers to the design of websites that are displayed on the internet. It usually refers to the user experience aspects of website development rather than software development. Web design used to be focused on designing websites for desktop browsers; however, since the mid-2010s, design for mobile and tablet browsers has become ever-increasingly important.

web design near me


A web designer works on the appearance, layout, and, in some cases, content of a website. Appearance, for instance, relates to the colors, font, and images used. Layout refers to how information is structured and categorized. A good web design is easy to use, aesthetically pleasing, and suits the user group and brand of the website. Many webpages are designed with a focus on simplicity, so that no extraneous information and functionality that might distract or confuse users appears. As the keystone of a web designer’s output is a site that wins and fosters the trust of the target audience, removing as many potential points of user frustration as possible is a critical consideration.

Two of the most common methods for designing websites that work well both on desktop and mobile are responsive and adaptive design. In responsive design, content moves dynamically depending on screen size; in adaptive design, the website content is fixed in layout sizes that match common screen sizes. Preserving a layout that is as consistent as possible between devices is crucial to maintaining user trust and engagement. As responsive design can present difficulties in this regard, designers must be careful in relinquishing control of how their work will appear. If they are responsible for the content as well, while they may need to broaden their skillset, they will enjoy having the advantage of full control of the finished product.

Credit to www.interaction-design.org

Web design is different from web development, which is the actual coding that makes a website work. When you’re building a website, you need both web design and web development. Although you can find web designers who are also web and UX developers, these are distinct skill sets.

web design
Here’s what your website will look like in its earliest stages.

Web designers take your ideas and turn them into a mockup that shows what your future website will look like. Web designers handle the creative part of designing a website.

Web developers—also sometimes called engineers or coders—take the mockup your web designer made and translate it into a coding language so it can be displayed on the web. They make websites functional, which often means custom-coding widgets and other tools.

A user experience developer, also known as a UX developer, is the one who makes your website user-friendly. They have technical skills as well as design skills and put them to work creating websites that attract and keep visitors.

Why is web design important?

Your brand’s website is one of its most valuable assets.

First impressions really matter. We can’t stress this point enough: if you don’t have a strong web presence, you’re holding your brand back.

Prospective customers who search the web for your brand and find nothing might think you’ve gone out of business. If they search and find something subpar, they’ll get the impression that you don’t care much about your company or product. Make every relationship that begins on your website a great one by getting your web design right.

Now that you know what’s what and who’s who, let’s look at some tell-tale signs of great web design and what distinguishes it from not so great web design.

What does good web design look like?

Good web design isn’t subjective. With other types of design, like illustration or sticker design, a lot of what constitutes “good” is up to the viewer’s taste. With web design, the line between “good” and “not good” is much more defined. A well-designed website is a website that perfectly creates the experience your visitor is looking for.

dothan web design

Web design that works is web design that converts. In webspeak, “convert” means getting the user to take a specific action. When a user follows through with an action that your website set them up to take, your website made a conversion. Conversions can be anything, like signing up for a newsletter, making a purchase, opening an account or accessing more content on the website.

Effective web design brings a few different elements together to promote conversions. These include:

  • Compelling use of negative space
  • Clearly presented choices for the user (the fewer choices the user has, the less likely they are to become overwhelmed and confused)
  • Obvious, clear calls to action
  • Limited distractions and a well thought out user journey (ie. using only images and text that are 100% relevant to the subject on the page, featuring only buttons that lead to desired actions and using font variations for emphasis and calls to action, not just for the sake of featuring different fonts)
  • Responsive design (a design that resizes and reorients itself to the user’s screen, making the website easy to use on any device: phone, tablet, laptop or desktop browser.
  • Appropriately sized fonts that follow a hierarchy (see “Limited distractions”)
  • Relevant, high-quality content and images that hook your readers’ attention
  • A balance between the amount of text and images on each page (too much text can overwhelm a visitor, too little text can be equally disengaging)
Every design choice you make will affect your website’s usability and conversion rate in some way. 

If you don’t think aesthetic design choices affect conversions, think again. Your website must be attractive—especially to your prospective user, so try to figure out what style is going to speak to them.

Invest in eye-catching images that work with your brand. Stay away from obvious stock photography.

Remaining true to your brand is key to successful website design. Even the most gorgeous website is useless if it doesn’t match your brand.

Other building blocks of an effective web design are:

  • Buttons
  • Fonts
  • Color palette
  • The visual balance between your images and copy on each page

Of course, good web design isn’t just utilitarian. Visitors like websites that are engaging and fit the brands’ aesthetics. No matter how you achieve it, meshing an on-brand, engaging look with design elements that convert is how you win at web design.

Web design: what doesn’t work

We’ve gone over what good design is. Now let’s talk a bit about what it isn’t.

As a general rule, visitors shouldn’t have to do any work to use your website. The whole experience of using your website should be straightforward and intuitive.

Here are some examples: Clear calls to action are great web design; murky ones are bad web design. High contrast fonts are smart, effective web design; low contrast fonts that are hard to read are poor web design.

Here are a few other elements to avoid:

  • Distracting images and backgrounds. As a general rule, stay away from tiled backgrounds. Though there are a few select instances where a tiled background could be a good choice, in most cases they’re distracting.
  • Non-responsive design. Nowadays your website simply needs to be mobile responsive.
  • Unclear links and buttons. Visitors shouldn’t have to hunt for links and buttons, they should be able to quickly see which images and pieces of text will take them to new pages or confirm their choices. Similarly, users should be able to clearly recognize fillable fields.
  • Generic or irrelevant stock photos and filler text without valuable information.

Certain web design elements, like grid layouts, aren’t inherently good or bad choices. They can be used in effective and ineffective ways, so taking care to do them right is a must.

Another tricky web design element is animation. It’s not 1999 anymore, you shouldn’t have a comet tail trailing the user’s cursor or make them scroll past a row of dancing hamsters to get to your content. But an animated exit pop-up that brings visitors’ attention back to your site and gets them to convert? Yes.

How to get web design done

Whew, getting web design right is a complex process and there are lots of things to look out for. Thankfully, you don’t have to do it alone. When you’re working with a professional web designer you can rely on their skill to get the perfect result.

There are a few different ways you can get the website you need. The way that’s right for you and your company depends on how complex of a website you need, how much you want to spend and how much of the work you can do yourself.

You can work directly with a freelance web designer. Simply browse designer portfolios and pick the designer you like best and who fits the style and look you’re going for. A freelance designer can customize an existing template or design a completely fresh template for your website. If you want your website built from scratch, you can work with a freelancer who has the skills to make it happen.

You can also work with an agency that builds custom websites. Pick this option if you need to build a complex website from the ground up, but be aware that this end-to-end solution will cost you more.

Be prepared to invest in high quality web design. Your web design could cost a few hundred to tens of thousands of dollars, depending on its complexity. What you’ll spend is proportionate to what you need.

So how do you know if you need a custom-built website or if a template will do you just fine? That all depends on what you need your website to do and what you plan for it. If scaling is part of your business plan, get a custom website. If you need it to be search engine friendly, if you need to adapt it to various business needs, if you have very specific ideas about the website that demand that it be built to your specifications, you need a custom website. When these aren’t priorities for you and you don’t have a large budget, a customized template is the way to go.

Creating a website that works

By taking a hands-on role in your website’s design process, you’ll guarantee that you’ll get a website that meets or exceeds your expectations. Tell your web designer about your brand, your voice and what you plan to achieve with the website. The more information they have, the more equipped they are to deliver the perfect web design for you. Explain your vision to them and then let them work their magic.

Want to get the perfect website for your business?
Work with Dothanbydesign.com to make it happen.