Penetration testing, often abbreviated as pen testing, is an essential process to ensure you maintain a safe and secure website. But what exactly does pen testing involve, and how can you rest assured your agency partner is covering all potential vulnerabilities for you?
This article will provide a detailed guide to penetration testing, helping you minimise your security risks and ensure your website is fully protected.
In a recent series of articles published in our resource library, we provided an in-depth explanation of the end-to-end process of building a high-performance, enterprise-grade website. (If you’d like to read that series first before learning about pen testing, you can start here).
After you’ve worked with your agency partner to successfully build your website, you’ll also need to ensure your site is protected from cyber security threats. With that in mind, you should understand the important role that pen testing plays in effective website security and maintenance.
What is Penetration Testing?
Penetration testing is a form of website testing that’s used to identify security vulnerabilities When conducting pen testing on your site, your agency will simulate a range of cyber attacks that could be used by cyber criminals or malicious software (malware).
The purpose of this is to identify security weaknesses within your site and take action to prevent them from being exploited in the real world. This approach goes beyond basic tests, as it doesn’t just list the vulnerabilities, it examines how they could be exploited and helps to prevent that from happening.
Why is it Crucial for an Agency to Conduct Penetration Testing?
Website security is critical in today’s digital business landscape. Cyber security threats have become highly intelligent and sophisticated, now capable of penetrating even the strongest security networks.
For instance, global technology giant Acer was the victim of a cyber security attack that demanded a ransom of $50 million USD in recent years.
The outcomes of a cyber attack on your website could be catastrophic, either through sensitive data being stolen, lengthy losses of business continuity, or even reputational damage.
Remember, your site’s security isn’t just vital to you as a business, it’s also something your clients need assurance with when they agree to work with you. You should be taking as many proactive steps as possible to ensure your security measures are rigorous enough to match high levels of risk.
Covering All Bases for Robust Security (in WordPress)
It’s useful to be conscious of the common security weaknesses and pitfalls cyber criminals typically aim to take advantage of.
Security vulnerabilities can be created when your website is running on outdated versions of your platform, or if something hasn’t been configured or integrated properly. Other common pitfalls include weak authentication measures and insufficient protection from the perspective of your users.
With platforms like WordPress, there are some areas in which less experienced agencies could allow security vulnerabilities to creep in as well. For instance:
- Auto-updates – When your platform’s software is automatically updated, changes in the code can cause new security weaknesses to arise.
- Plugins – Using WordPress plugins from untrustworthy sources, or neglecting to update and maintain your plugins properly, can also cause security issues.
This is one of many reasons why it’s important to work with an experienced agency partner who has proven platform-specific knowledge and expertise. Your agency should know your CMS of choice inside out, and should therefore be well aware of all the most common security pitfalls and targets for cyber attacks.
What Does Effective Penetration Testing Involve?
To conduct pen testing, your agency’s security experts will run through a process that attempts to penetrate your site’s security measures.
This is usually done in stages, as follows:
1 – Planning and Preparation
- Review the results and analysis of any previous tests (if there are any)
- Define the scope of the testing, including which tests will be performed
- Gather all necessary data and information on the system to conduct the testing
- Determine the criteria of success or failure for the tests.
2 – Running the Tests
- Use automated tools to scan for vulnerabilities and identify weaknesses
- Attempt to exploit the identified weaknesses
- Repeat the tests with different types of user roles and permissions
- Measure the outcomes against criteria for success or failure
- Create a report on the outcomes and results of the tests.
3 – Post-Testing
- Review the reports and analyse the results
- Remediate and resolve the vulnerabilities that were able to be exploited
- Re-test the vulnerabilities to ensure remediation was successful.
The Benefits of Thorough Penetration Testing
Working with an agency partner who can support you with ongoing pen testing is a necessary step towards gaining enterprise-grade security for your website.
Technology changes so quickly today. Your platform receives updates regularly, your site is always growing, and cyber criminals are constantly finding new ways to breach your defences and gain access to your data. Penetration testing allows you to keep the pace with new emerging vulnerabilities.
Conducting regular pen testing can also help improve client relationships and create competitive advantages as well. In certain industries, a demonstrable commitment to security will be greatly appreciated by your target audience. This can help to differentiate you from the competition and provide the trust required to attract more prospective clients to work with you.
Website Security is a Never-Ending Battle
While every business with a website faces tremendous security risks today, this is a proven process that can help to minimise that risk and give you the confidence you need in your site’s security.
Any agency partner you work with should have the knowledge and expertise to understand the importance of pen testing, and should insist on making this an integral, ongoing part of your site’s maintenance.
Would you like these insights straight to your mailbox?
- Plugins
- Bespoke development.
- Does it have a large number of positive reviews?
- Is it built by an author with a good reputation?
- How active and trusted is the author in the WordPress community?
- When was the last date the plugin was updated?
- Has it been updated regularly enough in the past?
- Does the code quality meet our standards?
- Does the code align with modern WordPress development best practices?
- Is the plugin compatible with the WordPress block editor?
Digital Business
2 March, 2023
Harnessing Your New Website’s Full Potential by Taking a Block-Based Approach With WordPress
Did you know you can use a block-based approach with your WordPress website to gain more value from the platform, with significant advantages in flexibility, scalability, and ease-of-use?
In this article, we’ll explain what blocks are, how they work, and how you can use them to build enterprise-grade websites quickly and efficiently, without compromising on quality.
—
WordPress is the most popular content management system (CMS) in the world right now, and it has been for a while. Unfortunately, though, some people still have the wrong impression that it is a CMS that can only be used to build more simple websites that do not have any real complex functionality or integrations, but this couldn’t be further from the truth.
In fact, WordPress is far more intuitive and robust than most realise. The fact that around 45% of all websites online today are built on the platform goes a long way to prove that. WordPress also provides more scalable, agile capabilities that are perfectly suited to building enterprise-grade websites if leveraged in the right way.
There are intelligent – but still very straightforward – ways to use WordPress that can unlock more value from the CMS. If done with the right guidance, this can make WordPress a far better option than the more traditional, rigid approach of building websites.
This is an opportunity most large businesses are currently missing out on. In this article, we’ll show you how using blocks is a more flexible approach that can provide you with a wealth of benefits.
Understanding How Using Blocks In Your Website Backend works
In 2018, WordPress released a new block-based design and editing user interface (UI), known as Gutenberg. Instead of the typical page creation and editing functionality of a CMS, where you’d input text and images into a rich text editor, you can now build your site by creating and using a set of components. Components are blocks of code which have pre-defined style and input types.
Each component is named, to denote what it is from the perspective of the front-end of your site on the web page.
Note: Some agencies only provide a list of block names, but here at SoBold we also provide screenshots of each block so you can see it first. This makes the process much easier and saves you a great deal of time.
Each part of each web page is made up of these components, as pictured below.

However, taking a bespoke approach, you can design and construct unique blocks that are entirely your own. Blocks or components can be built for you by your agency so they’re bespoke to you, your style guidelines, your design preferences, and so on. And, when building your site, you can go into your pre-built components and edit things, like changing background colours, adding images, adding text, and so on.

This can be set up for you by your agency, so you have everything you need to create, edit, and publish new pages with your pre-built blocks. Anytime you need to create a new page, you just have to pick the appropriate components and place them in the correct position to quickly and easily build the page.
The Business Benefits of Using a Component-Based Approach
Scalability
Scalability is one of the greatest benefits of using these blocks, especially if you are wanting to continue to build out your sitemap and build out the content.
This scalability is where WordPress really shines, enabling simple, rapid, virtually limitless scaling of your website with a high level of accuracy. This is a cost-effective way of growing without having to compromise on the quality of your design.
Flexibility
Blocks provide you with a great deal of flexibility in building, editing, and structuring of pages as well. The ability to customise all your components, along with the intuitive drag and drop functionality, allows you to effortlessly adapt and expand on your website.
Efficiency
Building components, and repurposing them repeatedly across your website, is a highly efficient way of growing your site. It also makes it very difficult to make mistakes or take a wrong turn.
This efficiency of reusing blocks across your website will free up time for you to develop innovative new features, or focus on improving the service and experience you provide your clients.
Ease-of-Use
If you have non-technical members of your team who would benefit from using WordPress, blocks will almost certainly improve the usability of the CMS for those people.
An easier design and editing function helps more members of your team create web pages within clear, pre-set brand guidelines. That’s another aspect that frees up more time and resources to focus on higher value tasks.
If you’re working with a design and development agency, this also makes it much easier for them to be able to train you and enable you to use the platform to manage your site.
Faster Time-to-Market
All this efficiency and ease-of-use will enable you to achieve a faster time-to-market for new web pages, extensions of your site, or even entirely new websites.
That can, in turn, create competitive advantages for your business, particularly if your competitors are working with CMSs that are slower and harder to use.
Whether it’s you or your agency handling this, you can create and publish new web pages quicker than you could with any other approach.
Lower Costs and TCO
As a result of all of the above, you can reduce costs on development and design, and achieve a much better total cost of ownership (TCO) with the WordPress platform.
Something that takes an inexperienced agency days to complete with the classic design approach can be done in hours using bespoke blocks. This drastically reduces development costs and gives you a lower TCO in the long-term.
The Importance of Finding a Capable Agency Partner
As mentioned earlier, bespoke blocks provide you with a proven way to unlock more potential with WordPress and gain greater value from the platform. However, in order to do that, it’s important to find the right agency partner. You’ll need an agency with enterprise-grade expertise and a certain level of skill to guide and support you through this process.
Taking this approach to building WordPress websites is nothing new, but the real value here comes in creating blocks that are completely unique and specific to you, then enabling your team to use those to scale your site.
Many WordPress agencies may lean on the generic block editor. But to get this right, you should push beyond that to find a partner who can educate you on the opportunities of using a bespoke design system to build a high-performance website that’s effortless to manage and edit.
A great partner will also facilitate this for you in a way that ensures you have control, removing the risk of any users making mistakes with the flexibility of this system. You won’t need to worry about the integrity or quality of your site being spoiled because all your components will be built specifically to prevent that.
You’ll gain tremendous value from receiving an intuitive, quality website that you can easily grow at will, but one that’s also managed and supported by an experienced partner. Sticking to these blocks helps you stay within brand guidelines, adhere to best practices, and keep your site consistent.
You then have the choice to manage, edit, and expand your site yourself, or rely on your partner to do it for you quicker, easier, and more efficiently than they would with a traditional CMS.
Making the Most of Your WordPress Platform
Modern businesses today require a powerful, sophisticated CMS that can deliver great websites at scale with enterprise-grade performance. WordPress is a platform that’s built to provide all those qualities and more. Embracing this block-based approach is the most effective and efficient way to achieve that.
With a skilled agency partner to help you maximise the value your business gains from the platform, you’ll quickly realise just how well WordPress can deliver agile, intuitive websites.
If you’re in the process of evaluating platforms to deliver a bespoke web development project, check our comprehensive guide to assessing and selecting the right CMS here
Would you like these insights straight to your mailbox?
Announcement
30 October, 2022
Transport for London renew Cookie Management Contract with SoBold
SoBold is pleased to announce that they have renewed their contract with Transport for London to manage and support a bespoke Cookie Consent Management Tool for use across TfL’s portfolio of websites which includes 30 domains.
SoBold recently became only the 3rd Platinum Certified Cookiebot Partner in the UK having been an authorised Reseller of Cookiebot since the new General Data Protection Regulation (GDPR) came into place on 24 May 2018.
Transport for London’s desire to extend its relationship with SoBold for a further year, highlights the importance of the work SoBold are doing to manage its bespoke Cookie Consent Management solution across its portfolio of website which have missions of visitors per month. The contract renewal cements SoBold’s position as one of the leading Cookiebot resellers.
For more information on SoBold’s work to date with Transport for London, see their case study.
SoBold Technical Director, Sam Phillips said:
It is great to see Transport for London renew its cookie management contract with SoBold for a fifth successive year. Over the last year we have continued to evolve their bespoke solution adding in full IAB TCF support as well updating the design to reflect TFL’s updated guidelines. We’re looking forward to continuing to support TfL over the next 12 months.
Would you like these insights straight to your mailbox?
Development
9 June, 2023
Exploring the End-to-End Process of Website Development
Approaching a website development project can be daunting if you’re unfamiliar with the process and unsure what to expect. In this article, we’ll provide a detailed overview of the web development process to help you understand what’s involved, making it easier for you to approach a project yourself and avoid any pitfalls.
Your Role as the Client
If you read our recent series of in-depth guides through the end-to-end process of web design, you’ll know that process will usually involve a lot of collaboration between you, your team members, and the agency you’re working with.
Once you’ve been through that process and your design is complete, you’ll need to move to the development stage of the project to bring your designs to life.
You’ll likely have less involvement in the development stage, and less collaboration will be required, so your role will primarily be to sit back and relax while a team of skilled developers do their thing.
Depending on the project size, complexity and project management approach, you may have some touch-points with your agency partner throughout the process. If you are taking an Agile approach, this may include sprint retrospective meetings, or if you are working in a different way, this may just include short demonstrations, walk-throughs of certain pieces of bespoke functionality, or it could just be allowing you to start familiarising yourself with different features as they’re being built.
A Smooth Handover from Design to Development
One of our core qualities here at SoBold is ensuring the design and development processes work closely together. That’s achieved by not only having a very integrated design and development team in the office, but also ensuring we hold a thorough, detailed handover meeting between the designers and the developers at this stage. This serves as a key aspect of every project we work on.
The purpose of this is to give the developers a full understanding of the website or platform they need to build before any work begins, reducing the risk of error and accelerating the delivery time.
Every agency will have their own approach to this. It should usually involve the project designer(s) and project manager(s) walking the development team through everything that took place during the design process and explaining the thought process behind the decisions they’ve made. They’ll also give suggestions and guidance for how the design might be best approached from a development point of view.
Any questions the developers have about their task at hand can be answered during the handover meeting, and at any time throughout the development process, allowing the development work to flow efficiently and effectively.
The Benefits of Working with a Full-Service Web Design and Development Agency
It’s so important to align your web designers and developers, because, more often than not, there are fundamental differences in how they think and approach their work. If you decide to work with an out-and-out web design agency to design your site, with a separate development agency building it, you may encounter gaps in understanding between the two processes.
Working with an agency partner that has specialist expertise for both disciplines in-house will ensure your website is delivered on time, within budget, and directly aligned with your requirements. Having designers and developers in the same team who can share knowledge throughout the processes will almost always result in the delivery of a higher quality project too.
Building Your Website
With the handover complete, the developers will begin building your website.
Most development agencies will likely start with setting up the base. This involves setting up the base styles of the site which includes and is not limited to default colours, typography styles and global components – including button and link styles.
Once the base is set up, your developers would typically move onto the navigation and footer set up before moving onto building out all the page templates and blocks in the design should they be taking a block based approach.
Part of this process will often involve integrating certain components of your site with other systems you use within your business.
Peer Reviews and Testing to Maintain High-Performance Standards
It’s important for your agency to review and test internally all the elements that have been built, so any bugs are identified and rectified as early as possible.
Again, different agencies will have differing approaches to this. Here at SoBold, we leverage the size and experience of our team to conduct a thorough peer review process on every single component we build.
Following this internal review process, you’ll usually be given a link to your site in a staging environment.
All your content will have likely been carried over from your existing site and redirects should also be in place so that when you push the site live, any old redundant links will be redirected to the appropriate page on your new site.
If you have any live marketing campaigns running, it’s important to ensure your development agency and your marketing team (or agency) are in regular communication prior to this, so they can keep your campaigns updated in line with your new site’s launch.
Smooth Sailing Post-Launch
Once your new website is live, you’ll likely have a period of time whereby your agency will be on hand to fix any bugs that relate to the content on the new site. Here at SoBold we work with our clients for a period of 30 days following the launch of their sites, and any ongoing support beyond this 30-day bug-fix window will require a separate maintenance agreement.
Your agency should also go through the back-end of your platform with you, so you know exactly how to make changes to your website. For the most part, agencies will understand how important it is for you to be able to manage the site yourselves internally, and this is something we believe is crucial for you to be shown in detail at the end of the development process.
Would you like these insights straight to your mailbox?
Development
21 June, 2023
How to Determine When to Use WordPress Plugins and When to Use Bespoke Development
When developing a high-performance website with WordPress, certain requirements will demand that your agency partner goes beyond the “out-the-box” functionality of the platform.
There are two main ways your agency partner may work with you to build out custom functionality:
While plugins are the go-to option for many small and medium-sized businesses, it shouldn’t always be such a quick decision between those two options. If you’re working on an enterprise-grade website, your agency should always give careful consideration when determining the best approach in every scenario.
In this article, we’ll help you understand how to determine the right option between plugins and bespoke development for your own WordPress website.
Why Are WordPress Plugins so Popular?
Since WordPress is an open-source platform with a very active global community of web developers, there are tens of thousands of plugins readily available. For almost any use case you can think of, there’s almost certainly a plugin for it; probably even several.
Plugins serve so many businesses so well because they’re pre-built functionality that quite literally plugs into your platform.
One of the main reasons plugins are so popular, especially for smaller businesses, is because they’re usually free. This provides a great cost benefit over bespoke development, on top of the obvious benefits in the speed of attaining the new functionality as well.
Why You Should be Careful with Plugins
Despite their popularity, there are downsides to plugins too.
Relying on too many plugins, or using low quality plugins, may slow the speed of your site down significantly. A good WordPress development agency will try to keep the use of plugins at a minimum to ensure the speed and performance of your site isn’t compromised.
Poorly built plugins, or ones that aren’t maintained sufficiently, could also cause glitches and errors to occur with the functionality they’re adding to your site.
Security is another concern with certain plugins. If a plugin isn’t maintained and updated regularly, this will create vulnerabilities in your platform that could be exploited by malware or cyber security attacks. These vulnerabilities could also creep in if your plugins are auto-updated and left untested by your agency partner.
Some less experienced agencies often fall into the trap of using too many plugins, while others are simply unaware of the risks associated with plugins from untrusted sources. This has given a bad impression of plugins in some circles. The missing ingredient there, however, isn’t the value of plugins, it’s the agency’s best practices.
When to Use WordPress Plugins
If there’s a feature you need to add to your site that’s already been built perfectly in a trustworthy plugin, it’s worth considering that approach instead of building something from scratch.
However, here at SoBold, we ensure a strict set of best practices are followed, and due diligence conducted, every time we’re considering using a plugin.
We’ll always make thorough checks to ensure any plugin we use is best-in-class, aligned with our high-performance standards, and so should any other agency you work with.
This will include asking questions like:
Before implementing a plugin on your platform, your agency should also use it in a local testing environment to ensure it functions as expected.
The majority of plugins are reliable, offering a quicker and easier approach than building something bespoke. However, there are many cases where bespoke development is the more suitable option.
When it’s Better to Use Bespoke Development
When it comes to sophisticated, dynamic websites, plugins may not be capable of delivering the required level of performance, security compliance, or functionality.
In these cases, your agency will turn to bespoke development to deliver what you need. This is often the necessary approach, because high-performance websites do require some complexity behind the scenes. And WordPress is arguably the best platform available today for bespoke web development.
Building out your platform by creating new features completely from scratch, tailored to your exact need, brings with it a wealth of advantages over using plugins.
This is particularly beneficial in terms of flexibility and customisation, giving you something entirely unique to your website. You’ll have complete control and ownership of your bespoke features, which provides greater security and seamless integrations with the rest of your technology systems.
Performance will almost always be superior with bespoke development, delivering a far greater user experience (UX) and improving your customer engagement as a result.
Bespoke development could even be more cost-effective in the long-run too, when compared to plugins that turn out to be problematic or aren’t updated past a certain point.
Rely on Your Agency’s Expertise
Determining whether to use a plugin or build something bespoke will be a decision your agency should guide you to make correctly.
Each website and each business are different, so the right option will be unique to your own requirements and circumstances. Therefore, it’s also worth mentioning that this must be specific to each individual requirement as well, rather than taking a blanket approach.
The decision shouldl be based on the most straightforward way to give you the capability you’re looking for. It will also involve ensuring that your site’s security, performance, and UX are maintained. Another important factor to consider are your circumstances, such as your budget, timeframes, the amount of traffic your website is likely to encounter, and so on.
For example, if your agency knows that one of your top priorities for your website is excellent performance, they’ll make different decisions in that case than they would if you were more concerned with the fastest possible time-to-market.
Some businesses even use plugins in the first phase of their website, then look to rebuild their plugin-based functionality with bespoke development when their business grows, or when they have more time and resources available.
It’s important to trust your agency partner with this decision and rely on their advice. This is why it’s so valuable to work with an experienced agency who understands your needs, so they can help you make the right choices and take the best possible option.
Finding the Right Balance for Your Website
Plugins can be very useful, and it must be said that many WordPress plugins are outstanding in their capability and quality. However, if your specific requirements demand more than a plugin can deliver, bespoke development will be the correct approach.
Regardless, it’s crucial to find the right balance to ensure your site’s performance, speed, and security are maintained.
Ultimately, your agency partner should always consider the specific requirements and circumstances of your project before deciding whether to use plugins or build bespoke functionality for your site. This makes it even more important to work with an experienced agency you can trust to guide you.
Discover more about the scalability and flexibility of the WordPress platform, and its ability to deliver complex requirements for enterprise websites, in our related article here: Just How Scalable is WordPress?
Would you like these insights straight to your mailbox?
Company Milestone
10 June, 2021
Clutch recognizes SoBold as a top web developer in the UK
As a web developer team, our responsibility is in providing support to other companies. We make sure that websites look and work well for the businesses that need them. Our team serves as an expert extension of our clients so they can focus on their actual operations.
We take pride in our work and it looks like our efforts are paying off. We’re very happy to announce that we’ve been given an award. SoBold was named as a top UK web developer by Clutch for the year 2021.
Clutch is a ratings and reviews company that uses a unique verification process that ensures all of the content on their platform comes from legitimate sources. They then leverage this information to create ranked lists of the best performers in every industry around the world. The best of the best then get an award.
The best part of all this award is that it’s not decided by a panel of faceless judges. It’s based on the reactions of the people that worked directly with us. They’re the people in the best position to judge or critique our work. In fact, here’s what our Director had to say when we got the news.
“We are absolutely delighted to be chosen as one of the leading WordPress Development agencies in the UK by Clutch and look forward to continued growth and development to fulfil our potential.” Will Newland, Managing Director, SoBold.
If you want to partner with a team that will provide expert support and service to ensure your website is the best it can be, give us a call. Fill out our contact form and we’ll set up an appointment as soon as possible.