Cyber security and data protection should be top priorities for your business right now. Of course, this is particularly important for large businesses, and those in strictly regulated industries like financial services, where the outcome of a cyber attack or data breach can be catastrophic.
As these security concerns continue to intensify, you must be increasingly careful and vigilant about the technology solutions you use. You should also take more proactive steps to ensure everything in your tech stack is built and managed in a way that minimises your risks.
When it comes to WordPress, there’s a common misconception that the platform isn’t secure enough for large businesses. This misunderstanding tends to come from the fact that it’s free-to-use, so it was originally more popular among smaller independent businesses and B2C blogs.
Today, however, WordPress is the world’s most popular content management system (CMS), and for good reason. Considering a significant percentage of that user base includes global enterprises, you’d think such popularity would be enough proof that it’s a secure platform.
On the contrary, large businesses still ask us on a regular basis, “Is WordPress secure enough for us?”
Is WordPress Secure?
The answer to that question is, yes, WordPress is a secure, stable platform, even in its “out-of-the-box” state. WordPress’s core code is thoroughly tested and quality-checked by a team of security experts continuously. Not only that, but the same team regularly releases security updates and reinforces any potential weaknesses before they can be capitalised on by cyber criminals.
In fact, the speed at which security updates are implemented in WordPress is arguably the fastest in the world today when compared with other CMSs.
Additionally, WordPress is open-source software, meaning all its code is available to the public. Users are constantly suggesting changes and updates, often to fix bugs in the code and minimise opportunities for cyber criminals. This keeps the platform safe and secure for everyone else.
But while WordPress does have the ongoing support of some of the most talented and devoted developers in the world, it’s not immune to security vulnerabilities. No software is, unfortunately.
That’s why it’s important to be aware of, and work with, some fundamental best practices for security. Listed below are some steps you can take to further strengthen the security of the WordPress CMS.
Best Practices to Strengthen WordPress Security
1 – Secure Hosting
The hosting service you choose for your platform will determine how secure and well protected your data will be.
It goes without saying that WordPress should be hosted in a secure environment, overseen by an experienced provider who prioritises security within their services.
Some things you should consider essential for a hosting provider include:
- A fully-managed service with 24/7 support
- Automated monitoring and alerts
- Back-up and disaster recovery
- 99.99% up-time
- 100% pass-rate for data centre audits.
Before choosing your hosting provider, do plenty of research to ensure they’re able to provide these measures. Most businesses will work with a development agency partner for WordPress, and that agency should be able to help you with this process.
2 – Back-Up and Disaster Recovery
Following on from the previous point, any good hosting provider should also offer back-up and disaster recovery services. These are like safety nets that will allow you to protect, save, and recover all your data in the event of any losses.
3 – Be Careful with Plugins
Plugins are a great way to enhance the WordPress platform with new capabilities and features. But you should only ever use plugins from reputable, credible sources, otherwise you could experience security problems.
It’s also important to keep all your plugins regularly tested, maintained, and updated. Again, this is an area where a WordPress agency partner will help you.
4 – Always Keep Your Platform Updated
When you’ve built a website with WordPress, you’ll often receive software updates from the platform. Any time this happens, it’s because a bug has been fixed or some improvements have been made to the software.
Keeping up with these updates is so important from a security perspective, because they’re designed to keep your site secure. By letting your site run on an outdated version of the platform, you leave yourself at risk of a known issue being exploited by a cyber criminal or some malware.
This is another thing that a good agency partner should take care of for you, so you don’t need to worry about keeping your platform up-to-date.
5 – Never Auto-Update Your Plugins
You have the option to enable auto-updates within your WordPress platform. While this may seem like an easy way to keep your CMS up-to-date, doing so can create technical issues and security risks that simply aren’t worth the convenience.
Each plugin you use will have its own button for you to turn auto-updates on or off. Any good agency will advise you to turn those auto-updates off and instead opt for a more secure approach to your updates, to maintain the resilience of your platform.
6 – Use Security-Specific Plugins
Another way to reinforce the security of WordPress is by implementing security-specific plugins like WordFence, Sucuri, or Defender Pro.
These handy tools will do a lot of the hard work for you, monitoring your platform and spotting potential vulnerabilities so you can fix them before they’re allowed to have any negative impact.
7 – Enable SSL
A secure sockets layer (SSL) is a protocol which encrypts the transfer of data between your website and your users’ browsers. Enabling SSL makes it more difficult for cyber criminals to steal or compromise data online. Don’t worry, though, as this will be taken care of by your hosting provider as a standard practice.
8 – Avoid Tools that Open Direct Access to Your Site Database from the Dashboard
Some tools and plugins will enable direct access to your site’s database from within your CMS dashboard. While this can make certain aspects of website management easier for you, it also creates security vulnerabilities. This is something you should always avoid, because these additions are often severe security risks.
9 – Encourage Your Users to be Mindful of Security
The biggest security risks, and many opportunities for cyber criminals, come from unsafe user behaviour, poor platform maintenance, and badly built sites.
Your behaviour, and the behaviour of your end-users – and your agency – should always be mindful of security. If it’s not, sooner or later you’ll encounter problems. Some security best practices you can introduce include making strong passwords compulsory for all users and implementing measures like two-factor authentication.
10 – Find a Trustworthy Agency Partner to Support You
We understand that following all these steps sounds like a lot of work. Of course, when you’ve got your own job to focus on, the last thing you need is to be spending time struggling through complex website security processes.
That’s why it’s so valuable to find a reliable, trustworthy agency partner when using WordPress to build and manage websites. A good agency will ensure everything is secure and up-to-date for you, so you can spend more time providing outstanding services and experiences to your customers.
It’s always worth taking time to find an experienced agency with a strong track record of building robust, secure sites, to give you the peace of mind you deserve. That means they should handle your secure architecture, testing, monitoring, updates, and ongoing support for you as part of their services.
Being Truly Secure is an Ongoing Process
When you’re selecting a content management system (CMS) to build critical digital assets like your website, security must be a top priority. It’s for that very reason more and more large businesses are looking to WordPress as their platform of choice.
However, it’s equally important to choose an agency you can trust, and one that has these security best practices incorporated into their approach. This doesn’t just stop at the delivery of your website, either. True security is a constant ongoing process, and your agency partner should help you through that.
Following the tips listed here will give you everything you need to build a resilient, secure website on WordPress, suitable for the enterprise.
Interested in learning more about WordPress? Discover how a global enterprise achieved game-changing results by using WordPress to build a secure, innovative, bespoke solution. Check out the story of RedeWire from Rede Partners LLP here.
Would you like these insights straight to your mailbox?
- Bespoke development capabilities
- Easy integration with existing systems and legacy technology
- Scalability and performance in peak traffic
- Enterprise-grade security
- Quick and easy editing capabilities
- Drupal is a highly secure platform, which is a crucial quality for a CMS to have.
- It’s very intuitive for users who have coding experience or advanced content management skills.
- It has a great community of users surrounding it, which contributes a lot of value and is able to provide support.
- It also has hundreds of unique thematic options to choose from when designing your site.
- Drupal can be hard to work with for non-technical users, as it lacks simplicity and provides limited customisation.
- It can take a long time to get up and running, which means your costs will be quite high if you work with an agency partner.
- It’s also worth noting that the version of Drupal most businesses use now (Drupal 7) will be reaching end-of-life soon.
- Sitecore is purpose-built for large businesses, guaranteeing an enterprise-grade experience.
- Sitecore is a robust CMS with a high level of in-built security.
- It actually provides a fully-managed ‘digital experience platform’ that comes with more capabilities than the average CMS.
- It also offers great personalisation and excellent pre-built features.
- Sitecore is an expensive option, even if you have a large budget to work with.
- It requires you to procure licenses to begin using it, and also restricts certain capabilities unless you progress to higher tiers of licenses.
- It typically runs with hierarchical, complex workflows that might be frustrating for small or agile teams.
- Umbraco’s scalability makes it very suitable for large businesses.
- It’s free to use and open-source, with an active community of users supporting it.
- It allows you to manage a high volume of pages easily and efficiently.
- It’s another platform that comes with a high level of in-built security.
- It can be difficult to work with for the average user. As with Drupal, Umbraco is mostly suitable for more technical users who have coding skills or some development experience.
- This complexity again increases the likelihood of higher costs with your agency partner (if you go that route).
- It’s common for sites built with Umbraco to be reported as slow, for both back-end editing and the front-end user experience.
- WordPress is extremely scalable and dynamic. It can easily grow and evolve as your business grows, continuing to meet your changing needs.
- It’s renowned for its ease-of-use. Because of this, it enables you to deliver your projects quickly and efficiently.
- It’s highly customisable, making it ideal for bespoke development. With the right knowledge and skills, you can build almost anything with WordPress.
- It also typically comes with a very low total cost of ownership (TCO). You won’t need to add on new features or capabilities, nor pay for costly extra work to handle platform upgrades or updates.
- If you apply too many plug-ins, WordPress sites can slow down and experience dips in performance, but a good agency partner should encourage you to minimise the use of these.
- Some still see WordPress as an unprofessional platform used mostly for small blogs, but that old myth couldn’t be further from the truth today.
- WordPress is a secure platform, but plug-ins can create vulnerabilities if they’re not tested well or taken from untrusted sources. Again, a good agency partner should guide you with this to reduce the risk and prevent any issues.
Announcement
24 September, 2022
SoBold is an accredited Living Wage employer
SoBold has continued to be an accredited Living Wage Employer and has formally made a commitment to ensure all new and existing staff contracts are renewed at the Living Wage rate as a minimum.
SoBold has been a Living Wage Employer since 2019 and they are committed to ensuring that all staff are treated fairly and remunerated fairly in line with the Living Wage Foundation.
The new Living Wage rates were announced on Thursday 22nd September 2022 and SoBold ensured that all staff pay is in line with this.
SoBold hope to see more agencies within the technology sector follow suit and become accredited.
SoBold Managing Director, Will Newland said:
We are proud of the people that work at SoBold and we truly care about them. Our staff have always been the life blood of our organisation and it is an absolute no brainer for SoBold to be a Living Wage employer.
Would you like these insights straight to your mailbox?
Latest from agency
24 November, 2022
SoBold obtain Skilled Worker Sponsorship Licence
SoBold are delighted to announce that we have obtained a sponsor licence in order to sponsor international skilled workers to come and work at SoBold.
SoBold have always put heavy emphasis on hiring the best global talent for our needs, and we have strengthened our ability to do this by obtaining a Skilled Worker Sponsorship Licence.
With all sponsorship licences that the Home Offices grants they need to be reassured that the sponsors can live up to the “significant trust” that the department places in them. The Home Office further made checks that SoBold is a “honest, dependable and reliable” workplace, and capable of meeting the responsibilities that it expects from sponsors.
Since being granted our Skiller Worker Licence, we have been fortunate enough to put it to use to hire two new team members.
Anna de Moraes, joined SoBold, from Portuguese company, SpringParrot. Anna had been able to work remotely, and was living and working from the UK, when she got in touch with SoBold. Anna, who is natively from Brazil, said of the process:
“The steps were pretty clear and the whole process was quite simple. I’ve had friends waiting years for their visas to be approved while we were able to complete everything in a short period of time! I was already excited to start and, in a blink of an eye, I was finally part of the SoBold team!”
More recently, SoBold hired Santosh Gajera as a Back End WordPress Developer. Santosh has relocated from India in order to provide his services to SoBold. When asked about the process behind him getting his Skilled Worker VISA granted, Santosh said:
“To keep my IT career moving forward, I needed sponsorship from an organisation that sponsored my visa. SoBold has been an invaluable help in obtaining my Tier-2 (Skilled worker) visa. I am very thankful to their hard work and professionalism. My documents were handled very scrupulously by them, and they provided full support throughout the whole application process . I got my visa approved in two days, which is amazing, and they handled everything for me.”
SoBold worked with all-in-one digital platform, Nation Better in order to achieve our sponsorship licence and the process was streamlined, affordable and transparent.
SoBold already have a diverse talent pool, with staff from all over Europe, and with the help of Nation Better, we have been able to improve the way in which we hire international talent and open up opportunities further afield. We look forward to continue growing our team with exceptional overseas talent and have access to a wider talent pool.
SoBold Managing Director, Will Newland said:
We are absolutely delighted to welcome both Anna and Santosh to the SoBold team. Without our Sponsorship Licence we would be missing out on a large pool of talent that is the future of our business. We very much look forward to continuing to use our Sponsorship Licence to our advantage and giving skilled employees the opportunity to come and work here at SoBold.
For more information on what current vacancies we have, please visit our website careers page.
Would you like these insights straight to your mailbox?
Announcement
30 October, 2022
Transport for London renew Cookie Management Contract with SoBold
SoBold is pleased to announce that they have renewed their contract with Transport for London to manage and support a bespoke Cookie Consent Management Tool for use across TfL’s portfolio of websites which includes 30 domains.
SoBold recently became only the 3rd Platinum Certified Cookiebot Partner in the UK having been an authorised Reseller of Cookiebot since the new General Data Protection Regulation (GDPR) came into place on 24 May 2018.
Transport for London’s desire to extend its relationship with SoBold for a further year, highlights the importance of the work SoBold are doing to manage its bespoke Cookie Consent Management solution across its portfolio of website which have missions of visitors per month. The contract renewal cements SoBold’s position as one of the leading Cookiebot resellers.
For more information on SoBold’s work to date with Transport for London, see their case study.
SoBold Technical Director, Sam Phillips said:
It is great to see Transport for London renew its cookie management contract with SoBold for a fifth successive year. Over the last year we have continued to evolve their bespoke solution adding in full IAB TCF support as well updating the design to reflect TFL’s updated guidelines. We’re looking forward to continuing to support TfL over the next 12 months.
Would you like these insights straight to your mailbox?
Digital Business
30 November, 2022
Comparing the Leading Content Management Systems (CMS) for Large Businesses
A content management system (CMS) is a type of software-based technology, used to build and manage websites and other digital products. A CMS allows you to easily create, edit, and publish digital content across a range of online channels, such as the web and mobile. This is the most common technology platform used by businesses to build assets such as websites, with almost two thirds (63%) of all sites on the Internet now delivered via a CMS.
With that in mind, it’s clear why most businesses today are heavily reliant on this technology. Whether you’re developing something new from scratch or switching from an old platform to a new one, selecting your CMS is an extremely important decision with a lot riding on it. But with such a vast landscape of digital solutions to navigate, and so many different options available, finding the right CMS can be overwhelming.
To help you through the process of finding the right CMS, this article compares four of the most common options for large businesses. We’ve also listed their pros and cons, and provided some additional considerations that will be useful for you to think about along the way.
First, the Criteria
A CMS can be used to build various digital products and assets, from websites and mobile apps to bespoke systems like staff portals and internal training platforms. Particularly in large businesses, it’s common to need to create some bespoke features, functionality, or digital processes as well. Whatever it is you need, you should aim to find a platform that’s capable of delivering on your specific requirements.
Here are some points to include in your criteria when researching the options for your CMS:
Now we’ve covered what a CMS should be able to do when you start implementing it within your business, let’s look at the different platforms available to you.
Option 1 – Drupal
The Pros:
The Cons:
Option 2 – Sitecore
The Pros:
The Cons:
Option 3 – Umbraco
The Pros:
The Cons:
Option 4 – WordPress
The Pros:
The Cons:
Interested in learning more? Check out our related article here, where we explore the benefits of WordPress for large businesses in greater detail.
A Brief Word on Agency Partners
As touched on earlier, you’ll also need to consider whether you want to take the approach of working with an agency partner or not. For large businesses, most development projects tend to involve complex requirements that are almost impossible to manage without the support of an experienced agency.
An agency partner can provide you with strategic guidance, platform-specific skills and tools, and expertise to help you gain as much value from the technology as possible. While it’s perfectly valid to decide to implement a new CMS without an agency working alongside you, doing so will probably make things a lot more challenging, a lot more expensive, or possibly both.
All the platforms mentioned here have their benefits. But they’ll each be significantly easier to use, and will deliver far greater return on investment (ROI), if you have an experienced partner involved.
How to Choose the Best Option for Your Business
Keep in mind that every business is unique and every web development project is different. These platforms are all good options in their own way, but a solution that works well for the majority of organisations might not be the right choice for you.
Whether you’re building a bespoke website or migrating an existing site to a new platform, you have to be thorough in your assessment and make the right choice for your specific business.
To really understand the pros and cons of these options, you first have to be clear about exactly what you need and what you’re aiming to achieve. You’ll then need to determine which solution best aligns with your requirements, budget, and strategic objectives.
If you’re in the process of assessing solutions to help you deliver a bespoke development project, read our comprehensive guide to evaluating and selecting the right platform here.
Would you like these insights straight to your mailbox?
Industry News
21 June, 2022
Pixel Pioneers Bristol 2022
If you’ve never been to a conference of any type before, you possibly think you already know the important areas of your profession and can find out any developments from your colleagues or the internet. At least that’s what I thought prior to attending Pixel Pioneers 2022.
Which option sounds more appealing to you? Pick up extra skills on occasion, or go to a conference and absorb a mega-dose of industry knowledge, make connections and enjoy exploring fresh surroundings? Luckily at SoBold we have the opportunity to do both.
![](https://sobold.co.uk/wp-content/uploads/2022/06/IMG-20220614-WA0075.jpg)
The conference covered both ends of the telescope – from broad topics such as energy consumption, to a fifty minute talk about the brief three milliseconds your screen goes blank in between webpage loads. How the visually impaired experience the internet, to technical developments in styling / fonts.
My personal hero was Chris How – his mantra of valuing your customer’s time and giving them small moments of delight strongly resonated with me. In accordance, I want to guide you through the content of the conference, with links to the core material that will best replicate what the SoBold team saw, whilst valuing your precious time.
GAVIN STRANGE : Less Thinkering, More Tinkering
A must watch to boost your levels of creativity. Gavin shares his personal and professional projects with Aardman Studios. Lots of useful insights into reaching the pinnacle of creativity. Highly engaging delivery, visuals and plenty of ‘further reading’ material. Definitely worth watching in entirety. Gavin Strange website – will give you a sense of his creative flair and influences. https://www.jam-factory.com/
“It’s better to beg for forgiveness, than ask for permission.”
Gavin Strange
![](https://sobold.co.uk/wp-content/uploads/2022/06/52146362420_d2408d0468_b.jpg)
BIANCA BERNING : Variable Fonts – WTF?
From a technical and design standpoint, learning about variable fonts is incredibly useful. Towards the end Bianca veers into the potential application of variable fonts – imagine a world where your computer mutates its content to fit the viewer’s specific needs. If you’re looking for new avenues for unique artistic features for your website – this talk is for you. Everyone should have a play with variable fonts – try it here https://v-fonts.com/
![](https://sobold.co.uk/wp-content/uploads/2022/06/52145894986_2550793ee2_h.jpg)
CHRIS HOW : You Got to Fight for the Right to Delight
Chris’s choice of examples and commentary is intentionally entertaining and eclectic. His approach to design changes your criteria for success and also would decisively influence your next project. Essential viewing. Whether you’re a seasoned designer or developer short of a design, this talk will give you a guiding direction. Information on the Kano product roadmap here. https://www.productplan.com/glossary/kano-model/
![](https://sobold.co.uk/wp-content/uploads/2022/06/52146162954_78f579e12b_b.jpg)
LÉONIE WATSON : Accessibility: The Land That Time to Interactive Forgot
Visually impaired people experience the internet through screen readers – the internet described in words. Léonie’s valuable insight will definitely re-balance your priorities and appreciation for how websites should function. Some of the technical history she overviews was a bit lost on the audience but the switch in mindset is valuable. Important to dip into, especially for gleaming a deeper understanding of how a web document is compiled and loaded. It might sound ‘techy’ but it’s like understanding how our lungs work – illuminating. If you haven’t viewed any of your own websites using a screen reader – you definitely should. For a great sense of how the net is best experienced for visually impaired users – just check out her website – tink.uk
LUKE MURPHY : Lightning Talk: Design Tokens – Searching for a Source of Truth
Design Tokens act as a very useful tool for blending the boundaries of where design and development meet, in fact, they act as a technical element that affect design and development in equal measures. If you have no idea what a design token is – this talk could unlock a tonne of structure for your product. Here’s an overview article on design tokens
![](https://sobold.co.uk/wp-content/uploads/2022/06/52145928848_bb111d7575_k.jpg)
HANNAH SMITH : How to Make Digital Services More Sustainable
Hannah Smith’s talk invited us to critique our energy consumption and make changes to our habits as both consumers and producers of digital content. She makes the case that space travel is a waste of resources, and that using less lays the path to fulfilment. See if her arguments resonate with you. Hannah’s book recommendation – Doughnut Economics by Kate Raworth
JHEY TOMPKINS : Supercharge Your Skills with Creative Coding
A mad professor of CSS and JavaScript – Jhey has a mixture of technical tricks and interesting libraries for speech recognition. Deadpan yet full of colourful examples, Jhey clumsily demonstrates his collection of magical creations and challenges you, the developer, to break out of your ‘siloed’ mentality for visual presentation. Check out his catalogue of wondrous CSS/JS creations here
![](https://sobold.co.uk/wp-content/uploads/2022/06/52144900787_929a13bea1_b.jpg)
STUART LANGRIDGE : You Really Don’t Need All That JavaScript, I Promise
Painting with the broad brushes down to the nat-hair infinitesimally small details, Stuart reminds us of the importance of returning to the basics in order to best utilise the web. Unfortunately some of the libraries he suggests do not have extensive compatibility and thus aren’t for mainstream production… yet. His insight does provide a deeper understanding of the mechanics of the tools we use, although the message is quite drawn out. Example of the shared transitions js library https://codepen.io/drenther/pen/NjzeOO
RACHEL ANDREW : What’s New in CSS?
Rachel Andrew – new css features either in or emerging from or newly arrived from CSS-land. Truly at the coalface of emerging CSS features. For a frontend developer it was akin to being shown new letters in the alphabet that were being proposed. A summary of similar information can be found here – https://www.smashingmagazine.com/2022/03/new-css-features-2022/
![](https://sobold.co.uk/wp-content/uploads/2022/06/hand-cropped-ws.jpg)
Bristol itself is well worth a visit – a centre for nightlife, hedonism and youthful idealism. Simply walking around the harbour area in the daytime will refresh your appreciation for one-of-a-kind shops and overflowing street art. Make sure you have plenty of free space in your phone for all the photos. The SoBold team had a very enriching experience and bonded even tighter as a team. I hope to see you at the next one!
Links to the conference videos will be available via the Pixel Pioneers website.