Summary
Despite being the most popular content management system in the world, many large businesses and organisations in strictly regulated industries are still asking, “Is WordPress secure enough for us?”
This article will give you a detailed explanation of how WordPress can provide enterprise-grade security, to help you make your own decision about whether it’s secure enough for your own business. We’ll also share some helpful tips to enhance the platform’s security and reduce its risks even further.
As technology has become more pervasive in our daily lives, cyber security concerns have intensified, especially in the workplace. Each year, we read about more high-profile cases of global brands becoming victims of malicious cyber attacks, most often with sensitive data being the real target.
As a business, you should be increasingly careful and vigilant about the technology solutions you deploy today. This is even more important for large businesses and organisations in industries with strict regulations, where the consequences of security issues can be catastrophic.
When you’re choosing a content management system (CMS) to build critical digital assets like your website, security must therefore be a top priority.
Despite being the most popular CMSs in the world today – powering almost 45% of the world’s websites – WordPress is still seen by some as the platform for smaller organisations. You’d think its popularity alone would be sufficient evidence that WordPress is secure, especially as a large fraction of that user base includes enterprises across both the public and private sectors. However, when it comes to WordPress security, there are still some question marks.
So, is WordPress secure?
Yes, absolutely.
But there are certain factors and potential pitfalls you should be aware of if you’re considering WordPress as your CMS of choice.
Understanding Security in a CMS
As business challenges with cyber security and data protection continue to grow, selecting a platform that offers robust security is crucial. But how does that work, exactly?
Ultimately, a CMS like WordPress is just a piece of software, and all software can be vulnerable to security issues in a variety of ways.
The most obvious of these is a cyber security attack, either by hackers, a virus, or malicious software (malware). Any CMS used in a business environment needs to be built to withstand these attacks on a daily basis, and WordPress is definitely capable of doing so.
Another significant risk is when software has accidental weaknesses, issues, or vulnerabilities – known as bugs – built into its code. Bugs are common in software, and they can manifest as anything from a box appearing in the wrong place on your website to a platform vulnerability that leaks mission-critical data to cyber criminals.
Bugs aren’t difficult to fix, and we’ll explain later in this article why WordPress users can be confident that these kinds of risks are minimal with the platform.
However, when it comes to a CMS’s security, it’s important to understand the following point:
The biggest security risks, and the greatest opportunities for cyber criminals, are unsafe user behaviour, lack of best practices, insufficient maintenance, and poorly built sites. Not the platform itself.
Your behaviour, and the behaviour of your end-users, is an area that can be exploited or cause problems if you don’t prioritise security. That’s why it’s necessary to take a proactive, rather than reactive, approach to protecting your data. The rest of this article will help you do that, and remove any concerns you still have about WordPress security.
Is WordPress Secure?
The misconception that WordPress isn’t secure enough for large businesses still lingers, but why? Well, the main reason is because the platform is free-to-use, and so it was initially most popular among B2C blogs and smaller independent businesses.
Today, however, this couldn’t be further from the truth. Industry-leading enterprises such as private equity advisory firm Rede Partners LLP, global investment firm Coller Capital, and global research and advisory leader Forrester use WordPress for their CMS, just to name a few. This goes a long way to proving the apprehension towards WordPress security is unnecessary.
So, let’s explore the WordPress platform in more detail to understand why these global enterprises have full confidence in the security of their data, as well as the data of their clients and partners.
WordPress is already a secure, stable platform out-of-the-box.. You can rest assured its core code is highly secure, because it’s overseen by a team of security experts who thoroughly test and quality-check it on a continual basis. They regularly release updates and reinforce any potential weaknesses before they’re exploited to protect you against any new-found threats.
A team of security analysts study the ever-changing cyber security landscape and respond to it with speed and precision.
While WordPress may be seen by some as a CMS for small businesses, the speed at which security updates are implemented is arguably the best in the world when compared to other platforms.
WordPress is also open-source software, which means all the code it’s built on is available to the public. Anyone from outside the WordPress team can view it, download it, and make adjustments to it. Users often suggest their own changes and updates to the code by submitting them to the WordPress moderator team for approval. If improvements are made to the WordPress code, these updates will be released to the global user base.
These people are part of a global community of dedicated, passionate users who work hard to ensure the platform is always developing into the best version of itself possible. Anything WordPress’s own team misses, the developer community will catch. This means users are often fixing bugs and shutting down potential opportunities for cyber criminals, keeping the platform safe for everyone else.
WordPress Security Vulnerabilities
While WordPress does have the support of some of the brightest developers in the world, who keep it as secure as possible, they can’t take care of everything for you. As mentioned earlier, your biggest security risks will probably lie within your own business, regardless of what CMS you’re using.
Additional security vulnerabilities can arise in certain scenarios, often caused by ignoring best practices or failing to take responsibility for simple maintenance of the platform.
Web Hosting
Your hosting environment is an important factor that can influence how secure and protected your data will be. Your WordPress websites will be hosted in a server that stores your files and data in a data centre.
WordPress, like any platform, should be hosted in a secure environment, with an experienced provider who prioritises security as part of their services. This should include putting proactive security measures in place for scenarios like unplanned down-time or even natural disasters.
Secure hosting should also involve automated monitoring for malicious activity and vulnerabilities in your servers and software, as well as incident response.
Before choosing your hosting service, be sure to carry out some due diligence and look into the security best practices of your host. In many cases, it’s wise to work with an agency partner who will help you with this, but more on that later.
Plugins
While the WordPress community is one of the platform’s greatest strengths, interacting with unsafe additions to the software can also be its downfall for some businesses. It’s important to be cautious of the constant stream of new features, updates, and plugins being made available, because some of them could create issues for you.
To avoid these problems, you shouldn’t download plugins unless they come from recognised, credible sources. Furthermore, you should always ensure all your plugins are correctly tested, maintained, and updated.
We appreciate this may sound complicated. For that reason, you should entrust this responsibility to a partner. When using WordPress to build and manage websites, a good agency should help you ensure everything is secure and up-to-date.
Software Updates
When you’re running a website or application on WordPress, you’ll regularly receive software updates from the platform. Any time an update comes through, it’s because certain bugs have been fixed or some improvements have been made.
It’s crucial that you keep up with WordPress updates because they’re there to keep your site secure. By leaving your site running on outdated versions, you’re at risk of a known issue being exploited by cyber attacks. Again, this should be taken care of by your agency partner so you don’t need to worry about keeping your web platform up-to-date.
Tips to Strengthen WordPress Security
If you still have doubts, there are some simple steps you can take to further strengthen the security of the WordPress CMS. Some of these more general tips can also be applied to most website platforms and other software software products in general as well.
Use a managed hosting service that offers enterprise-grade security.
You wouldn’t rent an office in a building that leaves its doors unlocked at night. Why would you place your sensitive data in a data centre that isn’t fully secure?
Some things you should consider non-negotiable for a web hosting provider to offer include:
- 24/7 support
- Back-up and disaster recovery
- Fully-managed service
- Automated monitoring and alerts
- 99.99% up-time
- 100% pass-rate for data centre audits.
Put back-up and disaster recovery services in place to ensure you’re protected from all potential risks.
To build on the above point, ensure your hosting service has measures in place for back-up and disaster recovery. This fail-safe measure will give you a way to save and recover all your data in the event of any losses.
Do not use, or allow your agency to use, any plugins from unrecognised sources.
As mentioned earlier, only use plugins from sources you trust. You should also keep all plugins and additions to the platform up-to-date, and make sure they’re rigorously tested – or, rather, make sure you can rely on your agency partner to do this for you behind the scenes.
Use plugins alongside security-specific enhancements.
You can further bolster the security of the WordPress platform by leveraging security-specific plugins such as WordFence, Sucuri, and Defender Pro. These can inform you of potential vulnerabilities or incidents so you can respond quickly before they have an impact on your business.
Don’t use tools that enable direct access to your site database from within the dashboard.
Some digital tools or extensions give direct access to your site’s database or files from within the dashboard, to make managing your website easier. This is something to avoid, because they’re often a major security risk.
Enable SSL
Enabling SSL (Secure Sockets Layer) introduces a protocol which encrypts the transfer of data between your website and your users’ browsers. This makes it more difficult for cyber criminals to steal information and data online.
Encourage your users to follow security best practices.
You can put all the security measures and data protection possible in place, but they could all be for nothing if a weak password or bad behaviour compromises your website.
Some security best practices every business can easily implement include making strong passwords compulsory among all users and introducing additional measures like two-factor authentication.
Rely on an Expert to Minimise Your Security Risks
As touched on throughout this article, another factor which will determine how secure your WordPress platform is will be which agency you decide to work with.
While deciding whether to invest in WordPress is a big decision, don’t underestimate the importance of finding the right agency partner to support you with your CMS, especially when it comes to WordPress security.
Ultimately, you should understand that:
- WordPress by itself, out-of-the-box, is secure enough for most businesses to use.
- WordPress in the hands of an inexperienced or negligent agency will create significant security risks.
- WordPress is the hands of a dedicated, specialist partner is a platform you can trust and rely on without any concerns.
Your data will be fully protected if you work with an agency who takes security seriously and prioritises it at the core of every development task they deliver for you.
That means they should be capable of handling secure architecture, testing, monitoring, updates, and ongoing support for you as part of your service. You should always take the time and care to find a specialist agency partner who has a proven track record of building robust, reliable sites, to ensure you’re minimising your risk.
WordPress is a Suitable Platform for the Enterprise
Cyber security and data protection are critical for businesses of all sizes, across all industries. But it can’t be denied that large businesses often face more severe consequences by falling victim to a cyber attack or data breach.
Choosing a platform that you have total confidence in is a necessary factor in the process of evaluating your options for a CMS.
When you have your own role and responsibilities to focus on, the last thing you want is to be constantly worrying about the security of your site. Following the advice and best practices listed in this article will provide you with a highly resilient WordPress platform with enterprise-grade security. That will allow you to spend more of your time creating an outstanding website that differentiates you from your competitors and drives business growth.
If you need more help understanding and evaluating platforms to deliver a web design and development project, read our comprehensive guide to selecting the right solution here.
Would you like these insights straight to your mailbox?
- Demographics
- Goals
- Challenges
- Motivations
- Preferences
- Frustrations.
- Design look and feel
- Structure and navigation
- Features and functionality
- User experience
- Content and layout
- Calls-to-action
- Speed and performance
- And anything else relevant to your project.
Latest from agency
19 May, 2023
WebFlow vs WordPress: Which Platform is Right for You?
Finding a content management system (CMS) that is secure, cost-effective, and capable of delivering a website that meets all your requirements can be challenging.
As we’ve discussed in a previous article, there are lots of excellent CMSs available today, and it’s difficult to know which one will be the best fit for your specific business.
While most CMSs appear similar on the surface, with the same fundamental functionality, popular platforms like Webflow and WordPress have unique features and capabilities that differentiate them from each other.
So, selecting between these two different platforms is an important process that requires careful consideration. After all, your CMS is a long-term investment, and you need to know exactly what you’re getting before you make your decision.
To ease this challenge for you, this article will provide a direct, objective comparison between the Webflow and WordPress platforms.
An Overview of Each Platform
You want a CMS that will enable you to build sophisticated, high-performance websites, tailored to your business, with a set of tools that are simple and easy-to-use.
Webflow and WordPress can both give you exactly that in their own distinctive styles. Both platforms allow you to build and manage complex websites without deep technical knowledge, but they each take slightly different approaches.
Webflow
Webflow is a software-as-a-service product, not a typical CMS. That means it doesn’t require any hosting and is primarily delivered via Amazon Web Services (AWS) cloud servers.
As it’s a complete, mostly self-contained SaaS application, with everything built-in to it from the start, you can get up and running with your Webflow website quickly and easily.
You can use Webflow as a basic no-code website builder straight away. However, as you’ll certainly want to create a more dynamic, engaging website with a high volume of content, you’ll have to enable its CMS functionality to get up and running properly.
WordPress
WordPress, on the other hand, is a more traditional CMS, intended to build highly scalable, dynamic websites full of rich content. The platform will need to be downloaded on to hosting servers, which can all be taken care of for you if you’re going to be working with an agency partner.
WordPress is also a free, open-source platform, which means all users have access to its code. That allows talented developers to contribute to improving the platform with innovative new additions and enhancements on a near-constant basis.
As WordPress is used to build almost half the websites online today, it also has a global community made up of millions of users who offer support, collaboration, knowledge sharing, events, and much more.
Approachability and Ease-of-Use
A shared benefit of both Webflow and WordPress over certain other CMSs is their ease-of-use.
Both these platforms are approachable with low barriers for entry, even if you don’t have any existing coding or content management experience.
Webflow’s Usability
As a low-code or no-code SaaS tool, almost anyone can use Webflow to build a website.
It provides a visual drag-and-drop builder with an emphasis on enabling users to create websites quickly and easily.
When using the CMS functionality to add more content to your website, like blog posts, the CMS is simple, allowing you to publish and manage the pages of your site with great efficiency. This is in the style of a classic content editor, which will probably be familiar to you.
WordPress’s Usability
Almost anyone can use WordPress as well, even if you have no previous content management experience, hence its global popularity. In fact, simplicity and usability are arguably some of WordPress’s greatest strengths.
Almost everything you’ll need to set up and manage your website will be readily available when you first start using WordPress, making it very approachable. The platform provides you with an intuitive user interface (UI) that allows quick and easy publishing, management, and editing of content.
This is made even more efficient thanks to WordPress’s block-based editor. This is a method of building websites that offers significant advantages in flexibility, scalability, and ease-of-use.
Particularly for large-scale websites that are likely to grow and evolve, this can save your developers valuable time and money, while also reducing your time-to-market.
You can learn all about the advantages of the WordPress block-based editor in our related article here.
Their Features and Functionality
For your investment in your CMS to be successful, it will need to have a range of features and functionality which allow you to create a website that delivers on your business objectives.
Webflow’s Features
As touched on earlier, Webflow is a SaaS application in which almost everything you need is included as standard.
The core Webflow platform is all you need to build your site, although your agency will be able to add extra features for you by embedding code snippets from other services if you need them.
For example, if you want to create the ability for your visitors to subscribe to your site as members, you could take code from another platform that facilitates subscriptions and use that to integrate the functionality.
This is where the platforms start to deviate in approach. Webflow’s self-contained nature perhaps makes it a simpler platform because it doesn’t require many plugins, but that also makes it a lot more limited than WordPress.
Because Webflow doesn’t offer any plugins, you won’t be able to add many extensions that work directly in the Webflow interface. This prevents you from having one unified approach to your website management and marketing.
WordPress’s Features
Most of the things you require to publish content and manage your website on a daily basis come readily available on the WordPress platform. WordPress’s sophisticated, dynamic features that come “out-of-the-box” are a great point of value.
However, if you do need to go beyond the standard functionality of WordPress, that can also be done with relative ease. Working with an agency with WordPress-specific expertise means that you can develop bespoke features and functionality unique to your website with almost no limitations.
This allows you to tailor your CMS to meet your specific needs, and working with an agency to achieve this can still be very cost-effective.
Not only that, but passionate members of the global community are always working hard to create new features and extensions that continue to improve the capabilities of the platform for free.
How Well do they Integrate with Other Systems?
Beyond features, extensions, and plugins, your platform of choice should also be able to integrate easily with other tools and systems that are already present within your business.
Integrating with your customer relationship management (CRM) platform, your email marketing system, and other software products is an important quality for a CMS to have.
Integrating with Webflow
While Webflow can integrate with some third-party tools, this is another area where the platform is somewhat limited. You can integrate your Webflow site with other tools, but there aren’t many native integrations available. Your agency partner will need to use more code embeds to achieve this, and you’ll have to use separate interfaces in many situations.
For example, using a lead generation form from your CRM on a Webflow site will require you to build the form in the CRM first, then add it to your web page using the embed code.
Not only does this approach create inconvenience for you and your team, but the extra time spent by your agency on more complex integrations will increase the overall long-term cost of the platform.
Integrating with WordPress
Thanks to WordPress’s vast popularity, and the work of the global community, there are native plugins that can seamlessly integrate your WordPress site with almost any other tool or system.
Simply add a plugin for any third-party tool to create the ability to access that tool’s functionality directly within your WordPress CMS.
Even for more advanced requirements that need some bespoke development, like cross-platform automation, it’s usually an easier job for your development agency than it would be with most other platforms.
How Secure Are these Platforms?
Security should be a top priority when selecting a CMS. Concerns over cyber security and data protection are ever-increasing for businesses, so you need to ensure something as important as your website is fully secure.
Webflow’s Security
Webflow is mostly based on AWS, an industry leader in secure hosting, so you can rest assured your platform will be highly secure. Webflow also has additional protective measures in place to bolster the security of all the data on the platform.
Again, because it’s a SaaS product, this all comes out-the-box and doesn’t require you to take any steps yourself to secure your site.
However, that does mean you’re entirely reliant on Webflow to ensure that security is continually updated and reinforced. Neither you nor your agency partner have any control over the security of your site, which some businesses see as a negative.
WordPress’s Security
Your agency partner will typically be responsible for the hosting, maintenance, and security of your WordPress platform. We mention hosting and maintenance here because these things are influential towards ensuring your platform, and your website, are kept secure.
WordPress is already a very secure platform out-of-the-box, though. There’s no need to think that WordPress’s protection is not robust enough for a large business, even in today’s volatile security landscape. Evidence of this security can be found in the number of global enterprise businesses that have chosen WordPress as their CMS.
Of course, there are vulnerabilities that can arise in certain scenarios, like if your platform isn’t kept fully updated on a constant basis. For this reason, it’s crucial to work with an agency partner who you can trust and rely on when it comes to security, including enterprise-grade hosting and continual platform maintenance.
You can learn more about the security of the WordPress platform in our in-depth guide here.
You can also discover 10 useful tips to further improve WordPress security and minimise your risks here.
The Overall Cost and CTO
As mentioned earlier, your CMS is not only a big investment, it’s also a long-term one. You ideally need to find a platform that offers good value for money, and a low total cost of ownership (TCO), in order to achieve a strong return on investment (ROI).
Your TCO will be determined by combining everything from your hosting costs, license fees, work with your agency, maintenance, bespoke development, and more.
Webflow
In terms of costs and plans, Webflow is more expensive than WordPress. This SaaS product offers two different types of plans, a site plan and a workplace plan.
The average enterprise business with a dynamic website will be looking at costs of between £300 and £500 with Webflow. This makes it a far more cost-effective alternative than large-scale CSMs like Sitecore.
As discussed throughout this article, though, Webflow’s lack of native plugins and integrations will also make bespoke development work more difficult and time-consuming for your agency. This will inevitably drive up the platform’s TCO, and that’s something you should carefully consider when evaluating your options.
WordPress
WordPress is a more cost-effective platform, with a generally low TCO for most businesses. Its open-source nature means it’s free to use, limiting your initial costs to just hosting, agency fees, and post-deployment support. Any plugins or extensions of the platform will be licensed and paid for separately.
Since WordPress is such an intuitive and easy-to-use platform, any bespoke development work you need your agency partner to complete will still come at a reasonable cost. Similarly, whenever the WordPress platform is updated, testing and maintaining your site can be done in just a few hours. This creates a significantly lower TCO than you’d have with almost all other enterprise CMSs.
Make the Right Choice for Your Business
Webflow and WordPress are both good platforms in their own right, with plenty of value to offer. The key thing to understand when making this comparison is that your CMS of choice needs to align with your business’s unique requirements and specific objectives.
For instance, Webflow might be a suitable choice for one of your smaller competitors, but that doesn’t mean it will necessarily be a good fit for you if you need more advanced features and functionality.
Whether you’re developing a bespoke website from scratch, or migrating your existing site to a new platform, you must ensure your CMS can deliver on your needs both now and as your business grows over time.
If you need further help selecting a CMS for your website project, read our comprehensive guide to understanding and evaluating the options for large businesses here.
Would you like these insights straight to your mailbox?
Announcement
4 June, 2024
SoBold and Kapow Primary shortlisted for the B2B Website of the Year at the UK Digital Growth Awards
SoBold are thrilled to announce that they have been shortlisted for the B2B Website of the Year at the UK Digital Growth Awards.
SoBold and Kapow Primary have been working closely together since 2019 to provide teachers with rich lesson plans and engaging experiences for their classrooms.
This nomination is a proud moment for everyone at SoBold & Kapow Primary, highlighting their hard work and dedication.
Leonardo Esposito, Senior Back End WordPress Developer at SoBold.
“When Kapow started, I was just a few months in with SoBold, and I’ve been one of the main developers on the project ever since. It’s incredible how both the project and I have grown. As I became more experienced as a developer, learning new concepts and understanding new things, Kapow was evolving as a platform. The project is now very challenging as there’s more at stake, and it’s so rewarding to see any new feature released successfully, making both Kapow and our customers happy”.
Our Story
How it began
Our journey with kapowprimary.com began in 2019. At that time, Kapow Primary was in its nascent stages, serving 20 schools. Since then, they have grown into a comprehensive online platform, offering lesson plans, resources, and interactive features for primary school foundation subjects.
We joined forces, collaborated and actively contributed to the website design, development and SEO strategy to improve and enhance the website, ensuring it met the needs of teachers.
The dedicated Kapow Primary team at SoBold
What we achieved ⭐
Fast forward to 2024, and Kapow Primary has grown exponentially, now serving over 6,700 primary schools!
This growth is a testament to the website’s value and the dedication of our teams. We’re excited about what the future holds as we continue to expand and grow. 👀
Here are some key highlights from the past 18 months:
Interactive History Timeline
This feature lets teachers and pupils explore historical periods interactively. It’s a fun way to engage with history, allowing simultaneous exploration of different periods and making historical events more vivid and memorable.
Presentation Mode
We developed a presentation view that streamlines lesson plans. This feature enhances the learning experience for students and saves teachers valuable preparation time, allowing them to focus more on teaching and less on admin.
Curriculum Hub – Coming soon!
The national curriculum can be quite overwhelming! To help with this, we developed a hub that houses national curriculum resources in one place and shows how they align with Kapow Primary’s lesson plans, taking the headache away!
At the heart of everything we do is the commitment to giving teachers the best experience possible. We have a dedicated team to make this happen. Each new addition is crafted with this in mind, ensuring that Kapow Primary remains a trusted educational resource.
Final thoughts
Being nominated for this award means a lot to our team. It’s a recognition of the hard work, dedication, and passion that everyone at SoBold and Kapow Primary has put into this. We are deeply invested in the continuous improvement and growth of Kapow Primary.
Winning this award would be an incredible achievement and well-deserved recognition for everyone involved.
Would you like these insights straight to your mailbox?
Announcement
10 September, 2022
SoBold achieve ISO 9001 Certification in Quality Management
SoBold are delighted to announce that they have been awarded the world’s most recognised Quality Management System Standard, ISO 9001.
SoBold have worked incredibly hard over the past few years to set and follow processes and procedures as a company that ensure they are providing quality work to their clients.
As the number of enterprise clients grows, SoBold’s ISO 9001 certification will be able to give their clients the assurances they need around SoBold’s consistency and quality services in the work they produce.
ISO 9001 is one of the most commonly used management system across the world and SoBold believes this is going to open up considerably more opportunities with winning tenders and contracts to ensure SoBold continues to be one of the leading WordPress Website Design and Development Agencies in the UK.
As SoBold continue to scale as a business, the need for efficiency has never been greater. It is absolutely essential that all internal communication works to the same processes and agenda and the ISO 9001 certification allows this to be possible.
In order to achieve our ISO 9001 certification, SoBold worked closely with QMS International, who provide expert consultancy to businesses looking to achieve their certification. QMS have a team of over 50 consultants and auditors and they ensure the experience they provide is streamlined and uncomplicated.
SoBold Technical Director, Sam Phillips said:
We are delighted to have been issued with our ISO 9001 certification, recognising our commitment to quality. Over the past 12 months we’ve spent a great deal of time improving and documenting our internal processes to help streamline delivery of projects and ensure we continue to deliver on the high standards we set for ourselves. Achieving this certification is a reflection of all this work.
Would you like these insights straight to your mailbox?
UI Design
18 April, 2023
Understanding the Important Role of Research and Planning When Designing a New Website
Before you begin working on the design elements of a website project, it’s important to begin with, what we at SoBold call, a research and planning phase.
The purpose of a research and planning phase is to ensure that every single decision you make about your design will result in a more effective website, both in terms of your business goals and your users’ needs.
During this phase, you’ll work alongside your chosen agency to define the full scope of your website and all its requirements. This phase will also involve looking closely at your target audience, trends in your market, your competitors, and any data available from your existing website.
This research is extremely useful in shaping the direction you take with your website and helping you to capitalise on certain trends that may align with your strategic objectives.
In this article, we’ll explain how a research and planning phase works to help you know what to expect when entering your own website design project.
If you’d first like to gain a better understanding of the full end-to-end process of web design, read our previous article here.
Website Strategy Workshop
A research and planning phase usually begins with a strategic workshop. This workshop will bring all the relevant stakeholders together, either in person or over a video call, to agree on the goals and parameters of the project.
A workshop is a great collaborative environment to help your agency become even more familiar with your brand, your target audience, and the outcomes you’re looking for from your new website.
Your agency should work closely with you to determine how the objectives you have for your new website feed into your wider business goals. That will be the key to finding the right approach to designing your website.
Once the workshop is completed, the research can begin.
Leveraging Data to Dictate User Experience (UX) Decisions
Every decision you make about your website’s design needs to be informed and justified by data.
As it’s becoming increasingly difficult to capture and retain your audience’s attention, nothing can be left to chance. It’s also negligent to overlook the vast range of valuable insights available to you within your data, and the data in the public domain.
Google Analytics
Your agency should begin by analysing the performance of your website in Google Analytics. This can help to help understand the current behaviours and trends from your website users.
Most businesses use Google Analytics, but few understand the right things to measure. For many businesses, Google Analytics is an untapped gold mine of data and insights that can help you improve site engagement, retain more visitors, and ultimately grow your business.
You can conduct a thorough analysis of things like:
1 – Your Audience Acquisition
Google Analytics can help you identify where your visitors have found you and accessed your website from.
Whether through organic search, social media, direct, or referral, you’ll learn how all your visitors are acquired. This information is vital, as it can allow you to tailor different parts of your website to certain visitors at various stages of their journey with you.
For example, if organic traffic is a key driver of your website traffic, it’s important for your agency to ensure that lots of the hierarchical structure of copy is maintained throughout the site.
This is also helpful in optimising your wider digital marketing strategy, by recognising what’s working well and what isn’t, from a web traffic perspective.
Bonus Tip – If you’re running Google Adwords, make sure your agency partner is aware of all the URLs that need to be redirected, and that this doesn’t affect your ad spend.
2 – Your Visitors’ Demographics
Google Analytics can provide detailed insights into your website’s visitors, with data covering everything from age, gender, location, language, and more. This helps you gain a clear, specific understanding of who’s coming to your website, and that can inform important decisions about your design.
It will also help you determine whether or not you’re attracting the right audience, which could alert you to a need for changes in your design and branding.
Bonus Tip – If you have a lot of visitors from other countries, you may need to talk to your agency about setting up a content delivery network (CDN) on the hosting server to deliver content from that location.
3 – Your Visitors’ Interests
You can use Google Analytics to view information about your visitors’ interests, past searches, and other online behaviour. This can help you identify what they’re looking for when they’re visiting your site. You can then tailor your design and content to match any unaddressed questions, challenges, or needs they might be looking to meet.
4 – Your Visitors’ Behaviour
Google Analytics can give you a graphical representation of your visitors’ behaviour when interacting with your site. This includes where they’ve entered your site, where they went next, what their whole journey through your site looks like, and where they eventually left.
This provides great opportunities to optimise certain pages that aren’t performing well enough. You can also learn what your visitors respond well to from pages that already have strong engagement.
Mapping your users’ journeys may also uncover insights to help you create links between certain services, hone in on special offers that will drive increased conversions, and many other ways to boost engagement.
5 – Your Conversions
Your conversions are a critical measurement of your site’s success. Whether you’re aiming for subscriptions, demo sign-ups, contact form submissions, downloads, or anything else, failing to achieve your conversion targets means something isn’t working.
You can use Google Analytics to set goals for conversions, monitor performance, and highlight areas where you need to improve.
Taking this analytical approach will ensure your website’s design is tailored to supporting your strategic objectives.
Bonus Tip – On July 1, 2023, for continued website measurement, you’ll need to migrate your original property settings to a Google Analytics 4 (GA4) property. Your agency partner should be on top of this though.
Data Tracking
Next, if applicable, your agency should review any existing tracking resources you have in place on your website.
A successful website design is based on many different factors, each an important component in engaging your audience, converting them into clients, and growing your business.
This is why it’s useful to look into key metrics you may use to measure your success against, then use the related data and analytics to inform your design. Tailoring your UX based on your findings will ensure your website is designed specifically to optimise your user behaviours.
Bonus Tip – If you don’t have any additional tracking in place, both HotJar and Crazy Egg are great tools to use.
Analysing External Factors
Understanding Your Target Audience
One of the most important parts of building a new website is understanding the preferences of the audience you’re targeting. You know what your ideal customer profiles (ICP) look like, but do you understand how they behave when interacting with websites online?

Every decision about your website’s design must be made with consideration and empathy for your users. As touched on in the previous section, audience research will include a wide range of variables, including:
This part of the research will contribute towards building user personas and user journeys at a later stage of the design process.
A user persona is a fictional person that you can use to represent the target audience of your website. These personas will help you focus on the desired interactions between the ideal user and the website you’re building. Creating personas also helps to map the users’ needs to your goals for the project.
A user journey is a path that a user may take to reach their goal when using your website. Hypothetical user journeys are created at this stage, as they help to identify the different ways the site’s design needs to enable the user to achieve their goal as quickly and easily as possible.
With these, you can begin to paint a picture of how your target audience will interact with your website, allowing you to create a satisfying user experience.
Industry Landscape
Researching your industry landscape will reveal a great deal about what to do, and what not to do. An analysis of the wider market you operate in will help you benchmark yourself against industry leaders, and highlight mistakes being made by any businesses lagging behind. It’s useful to be aware of any industry trends or points of influence that may inform your website’s design as well.

Bonus Tip – You’re an expert in your industry. Your agency is not, but they are experts in web design and marketing trends. Work closely together by leveraging each other’s knowledge and expertise to paint the full picture of what makes modern websites successful from a design perspective.
Competitor Research
It’s also crucial to conduct a thorough competitor analysis to see what the benchmark is for a successful website in your industry. Conversely, some competitors may provide examples of bad design that can help you identify pitfalls to avoid with your own site.
Around five of your competitors is usually a good number to look into. To do this, your agency should work with you on assessing their websites in key areas such as:
This research will allow you to recognise opportunities, gaps in the market, important trends, and any other insights you can gather.
Making Data-Driven Decisions
Following all this research, your agency will work on developing a strategy for your website, recommending the optimum route through the rest of the design process.
Your agency will provide a report detailing all the findings from the strategy workshop and research. This should often include a sitemap document and a content framework for your site as well.
An agency should always provide the opportunity for feedback and iterations on crucial documents like this, so you should then be given time to review this and provide feedback.
Bonus Tip – Don’t be afraid to ask questions, challenge things you’re unsure about, or change your mind during this feedback and revision process. These are big decisions, and it’s important to be 100% sure about the direction your website’s design is being taken.
Once you’ve worked through this feedback with your agency and you’re happy with everything they’ve planned, you can then move into the phase of the project that focuses on the visual identity of your site.
Bringing it All Together in the Design
A thorough, well managed research and planning phase is an essential part of designing a successful website. By having a strategy backed up by tangible data in place, you’ll be able to work through the remaining phases of the overall design process in a more efficient and effective way.
It also helps anticipate any challenges or potential issues in the design process and allows you to mitigate them before they arise, saving you time and money in the long-run.
This phase is arguably the most important in ensuring your agency can meet your specific requirements and expectations, on time and within budget.
If you’d like to discover what’s involved in the next phase of a web design project, exploring the visual identity of your site, read our next article here.
Would you like these insights straight to your mailbox?
Latest from agency
8 December, 2022
Sam Phillips and Will Newland interviewed by Cloudways
Technical Director, Sam Phillips and Managing Director, Will Newland were interviewed by Brent Weaver at Cloudways.
SoBold has been working with Cloudways since 2019 to help host development environments for all of their clients.
You can learn more about Cloudways, Managed Cloud Hosting services by visiting their website here.
See what they had to say in the video below.