SoBold are delighted to announce that we have obtained a sponsor licence in order to sponsor international skilled workers to come and work at SoBold.

SoBold have always put heavy emphasis on hiring the best global talent for our needs, and we have strengthened our ability to do this by obtaining a Skilled Worker Sponsorship Licence. 

With all sponsorship licences that the Home Offices grants they need to be reassured that the sponsors can live up to the “significant trust” that the department places in them. The Home Office further made checks that SoBold is a “honest, dependable and reliable” workplace, and capable of meeting the responsibilities that it expects from sponsors.

Since being granted our Skiller Worker Licence, we have been fortunate enough to put it to use to hire two new team members. 

Anna de Moraes, joined SoBold, from Portuguese company, SpringParrot. Anna had been able to work remotely, and was living and working from the UK, when she got in touch with SoBold. Anna, who is natively from Brazil, said of the process: 

“​The steps were pretty clear and the whole process was quite simple. I’ve had friends waiting years for their visas to be approved while we were able to complete everything in a short period of time! I was already excited to start and, in a blink of an eye, I was finally part of the SoBold team!”

More recently, SoBold hired Santosh Gajera as a Back End WordPress Developer. Santosh has relocated from India in order to provide his services to SoBold. When asked about the process behind him getting his Skilled Worker VISA granted, Santosh said:

“To keep my IT career moving forward, I needed sponsorship from an organisation that sponsored my visa. SoBold has been an invaluable help in obtaining my Tier-2 (Skilled worker) visa. I am very thankful to their hard work and professionalism. My documents were handled very scrupulously by them, and they provided full support throughout the whole application process . I got my visa approved in two days, which is amazing, and they handled everything for me.”

SoBold worked with all-in-one digital platform, Nation Better in order to achieve our sponsorship licence and the process was streamlined, affordable and transparent.

SoBold already have a diverse talent pool, with staff from all over Europe, and with the help of Nation Better, we have been able to improve the way in which we hire international talent and open up opportunities further afield. We look forward to continue growing our team with exceptional overseas talent and have access to a wider talent pool.

SoBold Managing Director, Will Newland said:

We are absolutely delighted to welcome both Anna and Santosh to the SoBold team. Without our Sponsorship Licence we would be missing out on a large pool of talent that is the future of our business. We very much look forward to continuing to use our Sponsorship Licence to our advantage and giving skilled employees the opportunity to come and work here at SoBold.

For more information on what current vacancies we have, please visit our website careers page.

Penetration testing, often abbreviated as pen testing, is an essential process to ensure you maintain a safe and secure website. But what exactly does pen testing involve, and how can you rest assured your agency partner is covering all potential vulnerabilities for you? 

This article will provide a detailed guide to penetration testing, helping you minimise your security risks and ensure your website is fully protected. 

In a recent series of articles published in our resource library, we provided an in-depth explanation of the end-to-end process of building a high-performance, enterprise-grade website. (If you’d like to read that series first before learning about pen testing, you can start here). 

After you’ve worked with your agency partner to successfully build your website, you’ll also need to ensure your site is protected from cyber security threats.  With that in mind, you should understand the important role that pen testing plays in effective website security and maintenance. 

What is Penetration Testing? 

Penetration testing is a form of website testing that’s used to identify security vulnerabilities When conducting pen testing on your site, your agency will simulate a range of cyber attacks that could be used by cyber criminals or malicious software (malware). 

The purpose of this is to identify security weaknesses within your site and take action to prevent them from being exploited in the real world. This approach goes beyond basic tests, as it doesn’t just list the vulnerabilities, it examines how they could be exploited and helps to prevent that from happening. 

Why is it Crucial for an Agency to Conduct Penetration Testing? 

Website security is critical in today’s digital business landscape. Cyber security threats have become highly intelligent and sophisticated, now capable of penetrating even the strongest security networks. 

For instance, global technology giant Acer was the victim of a cyber security attack that demanded a ransom of $50 million USD in recent years. 

The outcomes of a cyber attack on your website could be catastrophic, either through sensitive data being stolen, lengthy losses of business continuity, or even reputational damage. 

Remember, your site’s security isn’t just vital to you as a business, it’s also something your clients need assurance with when they agree to work with you. You should be taking as many proactive steps as possible to ensure your security measures are rigorous enough to match high levels of risk. 

Covering All Bases for Robust Security (in WordPress)

It’s useful to be conscious of the common security weaknesses and pitfalls cyber criminals typically aim to take advantage of. 

Security vulnerabilities can be created when your website is running on outdated versions of your platform, or if something hasn’t been configured or integrated properly. Other common pitfalls include weak authentication measures and insufficient protection from the perspective of your users. 

With platforms like WordPress, there are some areas in which less experienced agencies could allow security vulnerabilities to creep in as well. For instance: 

• Auto-updates – When your platform’s software is automatically updated, changes in the code can cause new security weaknesses to arise. 
• Plugins – Using WordPress plugins from untrustworthy sources, or neglecting to update and maintain your plugins properly, can also cause security issues. 

This is one of many reasons why it’s important to work with an experienced agency partner who has proven platform-specific knowledge and expertise. Your agency should know your CMS of choice inside out, and should therefore be well aware of all the most common security pitfalls and targets for cyber attacks. 

What Does Effective Penetration Testing Involve? 

To conduct pen testing, your agency’s security experts will run through a process that attempts to penetrate your site’s security measures. 

This is usually done in stages, as follows: 

1 – Planning and Preparation

1. Review the results and analysis of any previous tests (if there are any)
2. Define the scope of the testing, including which tests will be performed
3. Gather all necessary data and information on the system to conduct the testing
4. Determine the criteria of success or failure for the tests.

2 – Running the Tests 

1. Use automated tools to scan for vulnerabilities and identify weaknesses 
2. Attempt to exploit the identified weaknesses 
3. Repeat the tests with different types of user roles and permissions
4. Measure the outcomes against criteria for success or failure 
5. Create a report on the outcomes and results of the tests. 

3 – Post-Testing 

1. Review the reports and analyse the results 
2. Remediate and resolve the vulnerabilities that were able to be exploited
3. Re-test the vulnerabilities to ensure remediation was successful.

The Benefits of Thorough Penetration Testing

Working with an agency partner who can support you with ongoing pen testing is a necessary step towards gaining enterprise-grade security for your website.

Technology changes so quickly today. Your platform receives updates regularly, your site is always growing, and cyber criminals are constantly finding new ways to breach your defences and gain access to your data. Penetration testing allows you to keep the pace with new emerging vulnerabilities. 

Conducting regular pen testing can also help improve client relationships and create competitive advantages as well. In certain industries, a demonstrable commitment to security will be greatly appreciated by your target audience. This can help to differentiate you from the competition and provide the trust required to attract more prospective clients to work with you.

Website Security is a Never-Ending Battle 

While every business with a website faces tremendous security risks today, this is a proven process that can help to minimise that risk and give you the confidence you need in your site’s security.

Any agency partner you work with should have the knowledge and expertise to understand the importance of pen testing, and should insist on making this an integral, ongoing part of your site’s maintenance. 

Cyber security and data protection should be top priorities for your business right now. Of course, this is particularly important for large businesses, and those in strictly regulated industries like financial services, where the outcome of a cyber attack or data breach can be catastrophic. 

As these security concerns continue to intensify, you must be increasingly careful and vigilant about the technology solutions you use. You should also take more proactive steps to ensure everything in your tech stack is built and managed in a way that minimises your risks.

When it comes to WordPress, there’s a common misconception that the platform isn’t secure enough for large businesses. This misunderstanding tends to come from the fact that it’s free-to-use, so it was originally more popular among smaller independent businesses and B2C blogs. 

Today, however, WordPress is the world’s most popular content management system (CMS), and for good reason. Considering a significant percentage of that user base includes global enterprises, you’d think such popularity would be enough proof that it’s a secure platform. 

On the contrary, large businesses still ask us on a regular basis, “Is WordPress secure enough for us?” 

Is WordPress Secure? 

The answer to that question is, yes, WordPress is a secure, stable platform, even in its “out-of-the-box” state. WordPress’s core code is thoroughly tested and quality-checked by a team of security experts continuously. Not only that, but the same team regularly releases security updates and reinforces any potential weaknesses before they can be capitalised on by cyber criminals.

In fact, the speed at which security updates are implemented in WordPress is arguably the fastest in the world today when compared with other CMSs.

Additionally, WordPress is open-source software, meaning all its code is available to the public. Users are constantly suggesting changes and updates, often to fix bugs in the code and minimise opportunities for cyber criminals. This keeps the platform safe and secure for everyone else. 

But while WordPress does have the ongoing support of some of the most talented and devoted developers in the world, it’s not immune to security vulnerabilities. No software is, unfortunately. 

That’s why it’s important to be aware of, and work with, some fundamental best practices for security. Listed below are some steps you can take to further strengthen the security of the WordPress CMS.

Best Practices to Strengthen WordPress Security 

1 – Secure Hosting

The hosting service you choose for your platform will determine how secure and well protected your data will be. 

It goes without saying that WordPress should be hosted in a secure environment, overseen by an experienced provider who prioritises security within their services. 

Some things you should consider essential for a hosting provider include: 

• A fully-managed service with 24/7 support
• Automated monitoring and alerts
• Back-up and disaster recovery
• 99.99% up-time
• 100% pass-rate for data centre audits.

Before choosing your hosting provider, do plenty of research to ensure they’re able to provide these measures. Most businesses will work with a development agency partner for WordPress, and that agency should be able to help you with this process.

2 – Back-Up and Disaster Recovery 

Following on from the previous point, any good hosting provider should also offer back-up and disaster recovery services. These are like safety nets that will allow you to protect, save, and recover all your data in the event of any losses. 

3 – Be Careful with Plugins 

Plugins are a great way to enhance the WordPress platform with new capabilities and features. But you should only ever use plugins from reputable, credible sources, otherwise you could experience security problems.

It’s also important to keep all your plugins regularly tested, maintained, and updated. Again, this is an area where a WordPress agency partner will help you.

4 – Always Keep Your Platform Updated 

When you’ve built a website with WordPress, you’ll often receive software updates from the platform. Any time this happens, it’s because a bug has been fixed or some improvements have been made to the software.

Keeping up with these updates is so important from a security perspective, because they’re designed to keep your site secure. By letting your site run on an outdated version of the platform, you leave yourself at risk of a known issue being exploited by a cyber criminal or some malware. 

This is another thing that a good agency partner should take care of for you, so you don’t need to worry about keeping your platform up-to-date.

5 – Never Auto-Update Your Plugins 

You have the option to enable auto-updates within your WordPress platform. While this may seem like an easy way to keep your CMS up-to-date, doing so can create technical issues and security risks that simply aren’t worth the convenience. 

Each plugin you use will have its own button for you to turn auto-updates on or off. Any good agency will advise you to turn those auto-updates off and instead opt for a more secure approach to your updates, to maintain the resilience of your platform. 

6 – Use Security-Specific Plugins

Another way to reinforce the security of WordPress is by implementing security-specific plugins like WordFence, Sucuri, or Defender Pro. 

These handy tools will do a lot of the hard work for you, monitoring your platform and spotting potential vulnerabilities so you can fix them before they’re allowed to have any negative impact.

7 – Enable SSL 

A secure sockets layer (SSL) is a protocol which encrypts the transfer of data between your website and your users’ browsers. Enabling SSL makes it more difficult for cyber criminals to steal or compromise data online. Don’t worry, though, as this will be taken care of by your hosting provider as a standard practice. 

8 – Avoid Tools that Open Direct Access to Your Site Database from the Dashboard 

Some tools and plugins will enable direct access to your site’s database from within your CMS dashboard. While this can make certain aspects of website management easier for you, it also creates security vulnerabilities. This is something you should always avoid, because these additions are often severe security risks.

9 – Encourage Your Users to be Mindful of Security 

The biggest security risks, and many opportunities for cyber criminals, come from unsafe user behaviour, poor platform maintenance, and badly built sites.  

Your behaviour, and the behaviour of your end-users – and your agency – should always be mindful of security. If it’s not, sooner or later you’ll encounter problems. Some security best practices you can introduce include making strong passwords compulsory for all users and implementing measures like two-factor authentication.

10 – Find a Trustworthy Agency Partner to Support You 

We understand that following all these steps sounds like a lot of work. Of course, when you’ve got your own job to focus on, the last thing you need is to be spending time struggling through complex website security processes.  

That’s why it’s so valuable to find a reliable, trustworthy agency partner when using WordPress to build and manage websites. A good agency will ensure everything is secure and up-to-date for you, so you can spend more time providing outstanding services and experiences to your customers.

It’s always worth taking time to find an experienced agency with a strong track record of building robust, secure sites, to give you the peace of mind you deserve. That means they should handle your secure architecture, testing, monitoring, updates, and ongoing support for you as part of their services.

Being Truly Secure is an Ongoing Process 

When you’re selecting a content management system (CMS) to build critical digital assets like your website, security must be a top priority. It’s for that very reason more and more large businesses are looking to WordPress as their platform of choice. 

However, it’s equally important to choose an agency you can trust, and one that has these security best practices incorporated into their approach. This doesn’t just stop at the delivery of your website, either. True security is a constant ongoing process, and your agency partner should help you through that. 

Following the tips listed here will give you everything you need to build a resilient, secure website on WordPress, suitable for the enterprise. 

Interested in learning more about WordPress? Discover how a global enterprise achieved game-changing results by using WordPress to build a secure, innovative, bespoke solution. Check out the story of RedeWire from Rede Partners LLP here. 

The moment Marti joined us at SoBold, we were excited and eager to see how she would translate her enthusiasm and energy towards development towards real life projects. We were not let down and she hit the ground running.

2 years later, largely hampered by COVID, we now are getting the absolute best out of Marti. She is incredibly reliable, diligent and talented and she is involved in all of our biggest projects.

Marti has never been one to code for the sake of coding, and she always makes sure she understands the bigger picture before diving into a project. 

⅓ of the Italian SoBold Office crew, we are very fortunate to have Marti and we truly can’t wait to watch her skillset improve and see her continue to work on the biggest and best projects!

We caught up with Marti to find out more about what she gets up to in her day to day life.

At what point in your life did you decide to become a developer?

Having studied Foreign Languages and Literatures, since uni I had a dream to become a successful translator. I came to London to fulfil this dream but I wasn’t sure which field to specialise in yet. So I started working at a restaurant, and in my spare time, I would translate articles for online media sites and magazines, and also produce subtitles for tv series.

Later on, I started a course in software localisation, and this opened up the dev world to me as I had to put my hands on the software source code. When it was time to search for a job, reality had a massive hit: competition was high, work was difficult to find, it was clear I had to invest more time and specialise furthermore.

I felt stuck and didn’t really know what to do with my life. So I went backpacking around the world for a few months, and I decided to dive more into that dev world that I found so interesting. Time wasn’t really a problem while travelling, so I read a lot about web development and took a lot of online courses. I devoured so many online resources, I just couldn’t believe they were all a click away! Since my first “Hello World” project, I’ve found the process of coding and building a website from scratch a beautiful mix of creative problem solving that never disappoints. Long story short, that’s when I knew I wanted to become a developer.

Describe your typical day

I wake up at 6:30am, I feed Coco and Lucy (my cats), I put some tunes on while having breakfast, quick shower. Then it’s checking the weather time: if it looks cloudy and rainy I’ll take the tube, otherwise, I’ll most probably board my Brompton and off we go to the office! Ideally, I like to conclude the evening by doing some form of exercise, usually rollerskating or a walk/run.

What’s your favourite project to date

I really enjoyed working on the new SoBold website, it’s been a huge team effort and the result it’s simply amazing!

What is the best advice you have ever heard?

I once read this quote: “If we all threw our problems in a pile, we’d grab ours back.”

I think it’s a beautiful sentence, it makes me appreciate life every day and makes me very grateful for all I have.

If you had to change careers what would you do instead?

Not sure what but surely something related to sport.

What was your most recent challenge and how did you overcome It?

When you’re a developer, every day there’s a new challenge. You just have to learn how to tackle them. In general, I think talking with a colleague helps a lot. Also “rubber ducking” can be a useful method for debugging code. In both cases, they’re powerful methods that consist in taking a break and articulating the problem in plain language.

What’s your favourite thing to do outside of work?

I’m a big ramp skate fanatic. https://www.instagram.com/martymcroll/

What 3 items would you bring to a desert island?

🇨🇭 🔪  🎸 and  🛌🏽

If you’re responsible for marketing, you’ll be well aware of the importance of a great content management system (CMS) for digital products like your website, mobile apps, staff portals, and so on. You may even need to create bespoke digital processes or systems unique to your business, such as internal training platforms or communications channels.

WordPress is the most popular CMS available today, powering almost 45% of the world’s websites. That popularity is on the rise, too, as more and more businesses realise the vast potential of the platform and the benefits it can deliver.

However, there’s still a misconception that WordPress isn’t suitable for large businesses. That’s no more than a myth, though. In fact, some of the biggest companies in the world use WordPress for their CMS.

But what are the specific reasons why that popularity has spread into the enterprise market over the past decade or so? To answer that question, let’s take a detailed look at the benefits and advantages WordPress offers large businesses:

1 – Scalability and Agility

WordPress is famous for its high level of scalability. However large your company, or the size and complexity of your site – as well as the amount of traffic passing through it – WordPress won’t have any problem managing that load.

Scalability is one of its most prominent advantages for large businesses, because it’s also agile enough to easily evolve and grow alongside your changing requirements.

The platform is more robust than most realise as well, with enterprise-grade performance and speed. This great performance also means user adoption and retention will always be high, helping you drive strong return on investment (ROI) on all the digital products you build.

2 – Flexibility and Customisation

WordPress is equally renowned for its flexibility and customisation, which are particularly useful for complex or bespoke development projects. You can use its flexibility to build bespoke features and functionality into your website or create an entirely unique system from scratch.

In large organisations where company-specific processes and workflows are common within your sites, this makes WordPress a highly beneficial option.

3 – Fast Time-to-Market

Thanks to its simplicity and intuitive usability, WordPress is a very efficient platform to build with. That gives you the advantage of delivering development projects with a very fast time-to-market. This is a significant benefit of any CMS, as it helps you save time, reduce costs, and provides more opportunity to test, iterate, and innovate.

4 – Integration

WordPress is very easy to integrate with other systems. Because most large enterprises have a lot of legacy technology to consider when implementing new systems, this is a huge benefit WordPress has over more cumbersome CMSs.

WordPress also integrates very well with back-end systems that are vital to your daily operations, such as HubSpot, Salesforce, PowerBi, and so on. This minimises disruption to your business while integrating WordPress into your existing tech stack.

5 – Low TCO and Strong ROI 

WordPress comes with a very low total cost of ownership (TCO) when compared to other options. Unlike most CMSs, you won’t need to invest heavily in adding new features or capabilities, and you won’t need to worry about expensive extra work to manage upgrades or updates from the platform.

Because WordPress is so agile and rich with dynamic capabilities and features, it’s also proven to deliver strong ROI in both the short and long-term.

From a long-term value perspective, your initial projects won’t just stop at initial implementation, either. As your project or requirements evolve and your business grows, WordPress can seamlessly adapt and grow with you.  

Other Points to Consider

It’s important to remember that every business, and every project, is different. While the benefits listed here do make WordPress an excellent CMS, you should still carefully evaluate how well it aligns with your specific objectives, requirements, budget, and other needs.

It’s also important to understand that most businesses will need the support of an agency with platform-specific skills and expertise to help you leverage a CMS to its full potential. As is the case with all platforms, it will be vastly easier to achieve your objectives and gain greater ROI, if you have the support of an experienced specialist partner to guide you.

If you’d like to learn more about WordPress, or need help deciding whether it’s a suitable option for your own requirements, we have a comprehensive guide to evaluating and selecting the enterprise options for a CMS here.