Summary 

If you’re looking to build a website for your business, a proven approach is to work with an agency and have them deliver the project for you. This could be a bespoke website design and development agency or solely a website or platform development agency.

Before you approach an agency, however, you’ll first need to reach a clear, detailed understanding of your requirements.

This article will provide an in-depth guide to help you through the briefing process and ensure your chosen agency delivers your project successfully, including a free template you can use to create your own brief.  This template can also be used for other types of development projects as well, including anything from an online portal to an internal training platform.

Where to Start 

Whether you need to design and develop a new website, or rebuild or migrate an existing site, a natural first step is to take your idea to an agency with a view to launching a web development project. 

However, it’s a common mistake to go to an agency too early with just a raw, under-developed concept. Rather than meeting with an agency prematurely, we strongly suggest going through the process of defining your specific requirements and creating a project brief first.

The first thing to do is hold a discussion with the relevant people internally. Talk through the idea, and try to define what it is you need and what you want to achieve with it. Get a clear picture of what that idea or a concept will turn into, but also think carefully about what it should do from the perspective of your end-users. 

Once you have a more tangible understanding of what you’re looking to build, you should begin creating a brief. 

This is a document outlining the key details and requirements for the project. It’s something you’ll need to take with you to your introductory meetings with the agencies you’re considering, as it will be a very useful tool in helping you explain your idea clearly. 

A brief doesn’t have to be complicated. It’s just a simple written document that lists everything you want at this early stage. However, while a brief can be simple, it’s important that it’s as specific as possible too. The more detail you provide for your agency, the more chance you’ll have the project delivered on time, within your budget, and meeting your expectations. 

Why Having a Brief is Crucial

There are some potential pitfalls to be aware of that could create challenges for you if you don’t create a thorough brief. 

Unfortunately, some agencies will be willing to work with you without a detailed brief, glossing over important details and keeping the expectations and requirements vague. This is a red flag to look out for, as it will likely result in one of several outcomes:

• You risk going through a long, expensive discovery and definition exercise that you could’ve done yourself internally for no cost. 

• You risk being given a quote that’s too expensive, or a project timeline that’s longer than necessary.

• You risk receiving a service from the agency that doesn’t align with your request or meet your expectations. In turn, you’ll then have to spend even more time and money on a new project to get your original idea developed. 

A brief is what gives you and the agency a mutual understanding of the work that needs to be done to successfully deliver the project. Without that specificity, you might end up disappointed. That’s why it’s always wise to put some time and effort in up front before taking your idea to an agency.  

Once you submit your brief, you may be invited to participate in a follow-up session to further explore the requirements you’ve listed. This is perfectly normal, and actually a good sign. Experienced agencies will want to talk through each of the elements of your brief with you to help determine the best possible way to deliver those in the project.

How to Create Your Brief 

When you begin to discuss and plan the requirements of your project between your team, we recommend thinking carefully about the following points. 
Please note: There are a lot of things that could go into a project brief, depending on how complex your requirements are, so we won’t include everything here in this article.

The Project’s Purpose and Goals 

Start by thinking about what the purpose of the project is. There’s no use speaking to an agency until you have a clear, specific understanding of exactly what you’re trying to achieve with this project. This should relate to your strategic business objectives, but it should also be designed to meet the needs of your end-users. 

Ask yourself how this will allow you to improve your end-users’ experience or solve a problem for them. Answering this might involve working on user personas or developing user stories, or potentially even working directly with some members of your target audience to gather their input. 

Project Timelines and Deadlines 

Timing is another important point to think about, particularly how much time you have to deliver the project. Deadlines can sometimes relate to certain dates that are out of your control, so it’s better to start as early as possible in those cases. If there’s any flexibility with the timeline for delivery, make a note of that as well. 

Project Stakeholders

Make a list of all the stakeholders involved. This is a good thing for the agency to be aware of early on, because the project becomes more complex with a higher number of stakeholders.

Depending on the size of your business, and the nature of your site, your project team will usually be some combination of: A marketing director or marketing manager, someone from your operations department, and someone from IT. 

However, if you also have people like someone from your IT team responsible for security, a content writer to provide all the written text, or any external consultants, that should be made clear in advance. If your site will need to integrate with other platforms, such as your CRM system, you may have an integration manager specifically in charge of overseeing that as well.

It’s useful to designate roles to certain stakeholders, such as project sponsors, product owners, administrators, and so on. This will help you understand who’s responsible for different aspects of the project internally. 

If you plan to work with external agencies for things like SEO or branding, it’s important to note that in your brief. This is necessary for the development agency to be aware of as early as possible, because collaborating with other third-parties at different stages of the project requires a lot of coordination. 

Certain processes may also have to run differently if other third-party agencies want to be more hands-on or handle some parts of the site themselves. The earlier this is made clear, the more smoothly the project will run. 

Technology Preferences 

If you have any preference of technology platform or any requirements related to your existing tech stack, that will be something you’ll need to decide early on. For example, would you prefer to use WordPress due to its scalability, or do you have any existing investment in any other platforms? 

Think about any preference you have for the various technology choices available, why they’re important to you, and whether your agency will have to tailor their approach to accommodate that.

If you need help understanding and evaluating your options for technology platforms, check out our helpful guide here.  

Budget 

Try to determine a minimum and maximum budget for your project, even if it’s just a loose range for now. It will help you evaluate agencies, and will also help you prioritise the various aspects of the project as “must have” or “nice to have” in many cases. 

Design Look and Feel

This is where your company’s brand comes into play. You’ll want your site to reflect your brand and that will come through in the design. Bring any brand guidelines to the table, and think about what sort of tone or experience you want to convey to your end-users. 

If you don’t have any recent brand guidelines and want help updating them, or need to go through a rebranding process, mention that in your brief as well. Design and development agencies will often be able to help you in these areas too, or at least refer you to a trusted partner who can. 

User Interface (UI) 

How your end-users will interact with your site, and what kind of experience they’ll have, is largely determined by the user interface. When it comes to design and UI, simplicity is usually the best approach. However, depending on the function you’re providing, you might have some specific or bespoke UI requirements. 

Consider your target audience carefully here as well. For example, if most of your users will be accessing your site from a mobile device, it’s probably wise to opt for a mobile-first design.

Some other important things to think about here include how you’d like your sitemap to be structured, especially if you have an existing site that you’re already happy with. 

If your project will involve rebuilding or migrating an existing site or platform, it will be helpful to gather any existing data sources, such as Google Analytics, that will provide insight into your current site.

Non-Functional Requirements

Non-functional requirements are all the aspects of your site that happen behind the scenes. These are things that allow your site to do its job properly for your end-users, but won’t be evident to those people while they’re using it.

There’s a lot of things to consider with non-functional requirements, so we won’t cover everything here.

Hosting

If you have any specific hosting requirements, such as a preference for a certain cloud-based platform, or a particularly secure data centre, those will be important to identify as early as possible. 

Say, for instance, that sustainability is a core value for your business, this could also have an influence on how and where your hosting is managed.

If you have an internal IT team that will be contributing towards the hosting decision, make sure you involve them in the discussion.

Security and Compliance

Security is a growing concern for all businesses today. It’s crucial to think about security as a core component of any web development project, to minimise any potential risks for your business.

If you have someone in your team responsible for security, they should begin to think about issues such as: 

• How will you be backing up the site’s data? 
• What level of data encryption do you need? 
• How will users’ personal details be stored and protected? 
• Will you have two-factor authentication?
• What password recovery process will there be for users? 

Robust security also involves keeping compliant with any specific security or industry regulations that may affect your business. Of course, compliance with things like GDPR should be planned for at this stage too.

Some other common non-functional requirements include things like session management capabilities to track and things like log-in time, session length, pages visited, and so on. Search engine optimisation (SEO) tools, analytics, or other capabilities might need to be built into your site as well. 

Accessibility, Usability, and Responsive Design

When it comes to aspects that will make your users’ experience as seamless as possible, such as accessibility, a good agency will ensure all these things are taken care of for you. This is also the case for ensuring all major web browsers, operating systems, and devices are fully supported and compatible. Development should always be compliant with industry standards, taking into account optimum accessibility and usability.

However, if you have any additional or bespoke requirements for any of these things, those will be useful to note early on.

Functional Requirements 

The term ‘functional requirements’ refers to everything that your site will be able to do for its users, in terms of its features, functionality, and capabilities. 

As mentioned earlier, one of the first things you discussed was what the site will help your end-users achieve. From the perspective of building something your target audience can use, you should start to get a feel for what functionality is required to ensure they can achieve that.

Features 

Your features are the things your site will allow your users to do. These can be very simple, or very sophisticated, depending on what you’re aiming to provide for them. 

When putting your brief together, think of any and all features and functionality that might benefit your users. Your agency will then work with you to explore these and find the best way to turn that into intuitive, user-friendly features for you. 

What to Do Next 

Once your team has been through the process of talking through all the points listed above, you should have a very thorough, useful brief to work with. The next step is to take that brief to any introductory meetings you have with agencies and ask them what they think of the project initially. 

It’s normal for an agency to ask lots of questions at that stage and really dive into the ‘WHY’ behind all the things you’ve put into your brief. A good agency will even challenge you on certain decisions, to help you determine the best possible way to build what you need. 

Once you’ve discussed your brief with an agency, determine which one feels like the best fit. Choosing the right agency is crucial, as it will have a huge influence on whether or not your project is successful. 

As mentioned earlier, some agencies will agree to launch into a project without a brief, and that can be extremely problematic. While the main purpose of a brief is to help you and your agency understand exactly what you need, it should also be used as a way to spot partners who may not be sufficiently thorough or conscientious.

Whichever agency you choose, a detailed brief will help you ensure you’re given a fair quote, realistic timelines for completion, and a finished product that meets your requirements and expectations.

More Helpful Resources 

If you’re considering a bespoke development project, our related article provides useful guidance to help you choose the right technology platform for your specific needs: 

Understanding and Evaluating Enterprise Options for Bespoke Web Development

Large businesses and enterprises in need of a content management system (CMS) today are spoilt for choice, because there are plenty of excellent platforms available. From WordPress to Sitecore to Drupal, the technology currently on offer is highly intelligent and intuitive. 

But so much choice can make the task of finding the right CMS for your own specific business complicated and time-consuming.  

Selecting a CMS is an important decision that requires a lot of research, followed by careful evaluation of all the various options. Of course, those processes can be very time-consuming. When you’re already extremely busy juggling dozens of other priorities, it’s challenging to give this the attention and effort it deserves. 

To solve that challenge, we’ve done the bulk of the hard work for you. In a new series of articles, we’ll provide you with direct, objective comparisons between some of the leading options for CMSs, helping you relieve the headache of researching and evaluating them yourself. 

In the first article of this series, we’ll be looking at the comparison between Sitecore and WordPress.

How Does the Security Compare for Both Platforms?

As we face ever-increasing concerns with cyber security, data protection, and various other digital challenges, finding a platform with robust security should be a top priority. 

Sitecore Security

Sitecore has a reputation of being the leading CMS for large businesses, guaranteeing an enterprise-grade experience that includes a high level of security.

Sitecore’s security is also strengthened by the vast range of in-built features within the platform, which we’ll discuss in more detail later. There’s no need to purchase more third-party software or plug-ins to enhance its functionality, which means you won’t be creating any additional vulnerabilities or risks. The platform also receives frequent security updates which bolster your protection even further.

If security is a concern for your business, Sitecore should be high on your list of potential candidates for a CMS. 

WordPress Security

For a long time, many people believed the misconception that WordPress isn’t secure enough for large businesses. However, industry leaders such as global investment firm Blackstone, the NHS in England, global research and advisory leader Forrester, and multinational bank Standard Chartered now use WordPress for their CMS. This goes a long way to proving that wrong. 

In fact, WordPress is already a secure, stable platform out-of-the-box. So, where did this myth come from? 

Well, vulnerabilities can arise in certain scenarios. Firstly, strong security with any technology is dependent on a well-managed hosting environment. If you have WordPress hosted in a secure environment from an experienced provider, with proactive security measures in place, your risk will be extremely low.

Secondly, plugins are something to be cautious of when it comes to security, both in terms of where they come from and keeping them properly maintained. Security threats will be minimised if you only use plugins from trusted sources. You should also ensure you always keep them tested and updated, ideally working alongside security-specific plugins like WordFence.

We appreciate this may sound like a lot of work. That’s why all the examples of the businesses succeeding with WordPress have the support of an agency partner who ensures all these things are taken care of during the development stage. It’s worth noting, though, that this will also be the case when adopting any CMS in a business setting.

Which Platform is More Scalable? 

One of the most important aspects of a CMS is its scalability. A CMS is a long-term investment, and this is one of the most influential factors in determining whether that investment will be successful or not.

You’ll need to ensure your site can evolve as your business grows and your needs change over time. This will require an infrastructure that can quickly and easily scale with more pages, additional functionality, and perhaps even more sites, without the burden of hefty costs for more development work.

How Scalable is Sitecore? 

Sitecore is designed specifically for large businesses, so its scalability is up there with the very best. Sitecore is a robust platform that allows your digital presence to grow seamlessly as your business grows, even if you need to build multiple sites to serve different groups of users in different languages. 

How Scalable is WordPress? 

WordPress is another highly scalable platform. Despite some still mistakenly believing that WordPress is suited to smaller businesses, you can use the CMS to build sophisticated, industry-leading sites. Like Sitecore, WordPress is agile and scalable enough to grow alongside your business and adapt to your changing requirements. 

How Capable are these Content Management Systems?

The main purpose of a CMS is to provide a software-based infrastructure upon which you can build and manage websites and applications. While most CMSs are similar on the surface, with the same fundamental functionality, they each have unique features and capabilities that differentiate them

For example, one critical indication of quality for a CMS is how easy it is to use. Once you’ve adopted a platform, you and your colleagues will need to feel immediately comfortable using it on a daily basis. If a CMS can’t provide good usability, it’s probably one you should avoid.

Sitecore as a Content Management System

Sitecore is actually considered a fully managed ‘digital experience platform’ that comes with more capabilities than the average CMS. 

Most of its best features are readily available as soon as you begin using Sitecore. That allows you to get a high quality site live very quickly without additional work within the platform.

However, Sitecore typically provides quite hierarchical, complex workflows that might be frustrating for small or agile teams. This can also create longer development cycles than usual, giving you a slower time-to-market than more intuitive systems like WordPress.

WordPress as a Content Management System

WordPress is easily the most popular CMS in the world right now, with around 45% of all websites built on the platform. One of the main reasons for that is its ease-of-use, with simple and efficient content management

This usability allows you to get up-to-speed quickly and share responsibilities across several members of your team, even if they have no previous content management experience.

WordPress also makes it convenient to edit content on a page-by-page basis, saving you valuable time, with its block-based design an ideal method for customisation and site management.

How Much Personalisation do they Provide?

The ability to customise and tailor your site’s content to your target audiences is more important today than ever before, with so much of modern business now taking place online. Therefore, this is another important point to consider when choosing between your various CMS options. 

Personalisation in Sitecore 

When compared with other platforms, Sitecore’s personalisation is excellent. Sitecore will provide you with a great deal of control over the structure and design of your pages, allowing you to tailor your user experience and drive greater performance for your site. 

This is particularly useful for larger businesses with high volumes of potential site visitors, delivering competitive differentiation and driving increased conversion rates.

Personalisation in WordPress 

WordPress is also highly customisable. You can use its flexibility to get creative with your design, and build bespoke features and functionality to better engage with your audience.

There’s not much to separate Sitecore and WordPress in this area. The gap in personalisation becomes even smaller if you find an experienced agency with WordPress-specific expertise to help develop your site and improve your customer experience.

Integrating with Other Systems 

Before your business invests in any digital platform, it’s important to ensure that technology can integrate easily with your existing software. Whether it’s your customer relationship management (CRM) or any other marketing systems, any digital tools you currently have should ideally be compatible with your new CMS.

How Sitecore Integrates with Other Systems

Sitecore integrates well with other systems. It allows you to achieve out-of-the-box integration with most of the leading CRM software, and plenty of other digital tools and platforms.

How WordPress Integrates with Other Systems

WordPress tends to be the easiest platform to integrate with your existing systems, because most brands and other SaaS products have already made themselves compatible.

This means you can deploy WordPress with minimal disruption, regardless of whether you’re building a new site from scratch or migrating your current site from a different CMS.

Total Cost of Ownership (TCO) 

Of course, you’ll also want to ensure you’re getting a solution that will deliver good value for money. With a CMS, the total cost of ownership (TCO) can vary greatly from one platform to another, due to factors like licensing fees and update-driven maintenance. 

Sitecore Initial Investment and Ongoing Costs 

Sitecore is an expensive option, even if you have a large budget to work with. You’ll be required to purchase licences for the platform with an ongoing renewal fee each year. These licenses come in tiers, so if you want to access the full range of benefits from Sitecore you’ll have to opt for the most expensive offering.

On top of that, you’ll also need to account for development costs with an agency, hosting costs, maintenance and support fees, and various other expenses that give Sitecore a very hefty total cost of ownership (TCO).

Furthermore, Sitecore requires ongoing management and maintenance to handle regular large-scale updates to the platform. When updates occur, new versions of the software come with a big price tag and may cause you to pay for additional development work to get your site up-to-speed. 

However, this could be a worthwhile investment if Sitecore’s features and capabilities are necessary for your specific requirements. If you’re looking for a quality, trustworthy enterprise-grade platform, Sitecore can justify the cost. 

WordPress TCO and Value

Conversely, WordPress is a much more cost-effective solution with a drastically lower TCO. Licenses for WordPress come at no cost and the software is entirely open-source. That means your implementation costs would be limited to just hosting, agency fees, and post-deployment support. 

If you decide to use any plugins or extensions of the platform, these will be licensed and paid for separately. However, businesses rarely need to bolt on many new tools or capabilities because WordPress is such a feature-rich platform already.

When WordPress is updated, unlike Sitecore, managing and testing your site can be done in just a few hours at a much lower cost.

A Word on Agency Partners 

One thing both Sitecore and WordPress have in common is the small selection of platform-specific agencies who can build high performance sites for large businesses using this technology.  

A CMS becomes far easier to use, and easier to drive strong return on investment (ROI), if you have a specialist partner supporting you. 

Finding an agency with the necessary experience and expertise to help you leverage these platforms to their full potential should be another important influence on your choice. From integration, to development, to maintenance, all the benefits and advantages of the platforms will require an agency to help you fully unlock them. 

How to Make Your Decision 

So, with all that information, how can you decide between the two? 

Both of these platforms are excellent options that would serve most businesses extremely well. After all, there’s plenty of good reasons why some of the biggest companies in the world use Sitecore and WordPress. 

Ultimately, when looking for a CMS that’s the right fit for your specific business, you should make a detailed assessment of your strategic objectives, unique requirements, budget, users, and other important factors. Use that to determine which solution is most capable of meeting those needs.

If you still need more help working through this process, read our comprehensive guide to understanding and evaluating the enterprise options for large businesses here.

Cyber security and data protection should be top priorities for your business right now. Of course, this is particularly important for large businesses, and those in strictly regulated industries like financial services, where the outcome of a cyber attack or data breach can be catastrophic. 

As these security concerns continue to intensify, you must be increasingly careful and vigilant about the technology solutions you use. You should also take more proactive steps to ensure everything in your tech stack is built and managed in a way that minimises your risks.

When it comes to WordPress, there’s a common misconception that the platform isn’t secure enough for large businesses. This misunderstanding tends to come from the fact that it’s free-to-use, so it was originally more popular among smaller independent businesses and B2C blogs. 

Today, however, WordPress is the world’s most popular content management system (CMS), and for good reason. Considering a significant percentage of that user base includes global enterprises, you’d think such popularity would be enough proof that it’s a secure platform. 

On the contrary, large businesses still ask us on a regular basis, “Is WordPress secure enough for us?” 

Is WordPress Secure? 

The answer to that question is, yes, WordPress is a secure, stable platform, even in its “out-of-the-box” state. WordPress’s core code is thoroughly tested and quality-checked by a team of security experts continuously. Not only that, but the same team regularly releases security updates and reinforces any potential weaknesses before they can be capitalised on by cyber criminals.

In fact, the speed at which security updates are implemented in WordPress is arguably the fastest in the world today when compared with other CMSs.

Additionally, WordPress is open-source software, meaning all its code is available to the public. Users are constantly suggesting changes and updates, often to fix bugs in the code and minimise opportunities for cyber criminals. This keeps the platform safe and secure for everyone else. 

But while WordPress does have the ongoing support of some of the most talented and devoted developers in the world, it’s not immune to security vulnerabilities. No software is, unfortunately. 

That’s why it’s important to be aware of, and work with, some fundamental best practices for security. Listed below are some steps you can take to further strengthen the security of the WordPress CMS.

Best Practices to Strengthen WordPress Security 

1 – Secure Hosting

The hosting service you choose for your platform will determine how secure and well protected your data will be. 

It goes without saying that WordPress should be hosted in a secure environment, overseen by an experienced provider who prioritises security within their services. 

Some things you should consider essential for a hosting provider include: 

• A fully-managed service with 24/7 support
• Automated monitoring and alerts
• Back-up and disaster recovery
• 99.99% up-time
• 100% pass-rate for data centre audits.

Before choosing your hosting provider, do plenty of research to ensure they’re able to provide these measures. Most businesses will work with a development agency partner for WordPress, and that agency should be able to help you with this process.

2 – Back-Up and Disaster Recovery 

Following on from the previous point, any good hosting provider should also offer back-up and disaster recovery services. These are like safety nets that will allow you to protect, save, and recover all your data in the event of any losses. 

3 – Be Careful with Plugins 

Plugins are a great way to enhance the WordPress platform with new capabilities and features. But you should only ever use plugins from reputable, credible sources, otherwise you could experience security problems.

It’s also important to keep all your plugins regularly tested, maintained, and updated. Again, this is an area where a WordPress agency partner will help you.

4 – Always Keep Your Platform Updated 

When you’ve built a website with WordPress, you’ll often receive software updates from the platform. Any time this happens, it’s because a bug has been fixed or some improvements have been made to the software.

Keeping up with these updates is so important from a security perspective, because they’re designed to keep your site secure. By letting your site run on an outdated version of the platform, you leave yourself at risk of a known issue being exploited by a cyber criminal or some malware. 

This is another thing that a good agency partner should take care of for you, so you don’t need to worry about keeping your platform up-to-date.

5 – Never Auto-Update Your Plugins 

You have the option to enable auto-updates within your WordPress platform. While this may seem like an easy way to keep your CMS up-to-date, doing so can create technical issues and security risks that simply aren’t worth the convenience. 

Each plugin you use will have its own button for you to turn auto-updates on or off. Any good agency will advise you to turn those auto-updates off and instead opt for a more secure approach to your updates, to maintain the resilience of your platform. 

6 – Use Security-Specific Plugins

Another way to reinforce the security of WordPress is by implementing security-specific plugins like WordFence, Sucuri, or Defender Pro. 

These handy tools will do a lot of the hard work for you, monitoring your platform and spotting potential vulnerabilities so you can fix them before they’re allowed to have any negative impact.

7 – Enable SSL 

A secure sockets layer (SSL) is a protocol which encrypts the transfer of data between your website and your users’ browsers. Enabling SSL makes it more difficult for cyber criminals to steal or compromise data online. Don’t worry, though, as this will be taken care of by your hosting provider as a standard practice. 

8 – Avoid Tools that Open Direct Access to Your Site Database from the Dashboard 

Some tools and plugins will enable direct access to your site’s database from within your CMS dashboard. While this can make certain aspects of website management easier for you, it also creates security vulnerabilities. This is something you should always avoid, because these additions are often severe security risks.

9 – Encourage Your Users to be Mindful of Security 

The biggest security risks, and many opportunities for cyber criminals, come from unsafe user behaviour, poor platform maintenance, and badly built sites.  

Your behaviour, and the behaviour of your end-users – and your agency – should always be mindful of security. If it’s not, sooner or later you’ll encounter problems. Some security best practices you can introduce include making strong passwords compulsory for all users and implementing measures like two-factor authentication.

10 – Find a Trustworthy Agency Partner to Support You 

We understand that following all these steps sounds like a lot of work. Of course, when you’ve got your own job to focus on, the last thing you need is to be spending time struggling through complex website security processes.  

That’s why it’s so valuable to find a reliable, trustworthy agency partner when using WordPress to build and manage websites. A good agency will ensure everything is secure and up-to-date for you, so you can spend more time providing outstanding services and experiences to your customers.

It’s always worth taking time to find an experienced agency with a strong track record of building robust, secure sites, to give you the peace of mind you deserve. That means they should handle your secure architecture, testing, monitoring, updates, and ongoing support for you as part of their services.

Being Truly Secure is an Ongoing Process 

When you’re selecting a content management system (CMS) to build critical digital assets like your website, security must be a top priority. It’s for that very reason more and more large businesses are looking to WordPress as their platform of choice. 

However, it’s equally important to choose an agency you can trust, and one that has these security best practices incorporated into their approach. This doesn’t just stop at the delivery of your website, either. True security is a constant ongoing process, and your agency partner should help you through that. 

Following the tips listed here will give you everything you need to build a resilient, secure website on WordPress, suitable for the enterprise. 

Interested in learning more about WordPress? Discover how a global enterprise achieved game-changing results by using WordPress to build a secure, innovative, bespoke solution. Check out the story of RedeWire from Rede Partners LLP here. 

Approaching a website development project can be daunting if you’re unfamiliar with the process and unsure what to expect. In this article, we’ll provide a detailed overview of the web development process to help you understand what’s involved, making it easier for you to approach a project yourself and avoid any pitfalls.

Your Role as the Client 

If you read our recent series of in-depth guides through the end-to-end process of web design, you’ll know that process will usually involve a lot of collaboration between you, your team members, and the agency you’re working with. 

Once you’ve been through that process and your design is complete, you’ll need to move to the development stage of the project to bring your designs to life. 

You’ll likely have less involvement in the development stage, and less collaboration will be required, so your role will primarily be to sit back and relax while a team of skilled developers do their thing.

Depending on the project size, complexity and project management approach, you may have some touch-points with your agency partner throughout the process. If you are taking an Agile approach, this may include sprint retrospective meetings, or if you are working in a different way, this may just include short demonstrations, walk-throughs of certain pieces of bespoke functionality, or it could just be allowing you to start familiarising yourself with different features as they’re being built. 

A Smooth Handover from Design to Development 

One of our core qualities here at SoBold is ensuring the design and development processes work closely together. That’s achieved by not only having a very integrated design and development team in the office, but also ensuring we hold a thorough, detailed handover meeting between the designers and the developers at this stage. This serves as a key aspect of every project we work on. 

The purpose of this is to give the developers a full understanding of the website or platform they need to build before any work begins, reducing the risk of error and accelerating the delivery time.

Every agency will have their own approach to this. It should usually involve the project designer(s) and project manager(s) walking the development team through everything that took place during the design process and explaining the thought process behind the decisions they’ve made. They’ll also give suggestions and guidance for how the design might be best approached from a development point of view. 

Any questions the developers have about their task at hand can be answered during the handover meeting, and at any time throughout the development process, allowing the development work to flow efficiently and effectively. 

The Benefits of Working with a Full-Service Web Design and Development Agency 

It’s so important to align your web designers and developers, because, more often than not, there are fundamental differences in how they think and approach their work. If you decide to work with an out-and-out web design agency to design your site, with a separate development agency building it, you may encounter gaps in understanding between the two processes. 

Working with an agency partner that has specialist expertise for both disciplines in-house will ensure your website is delivered on time, within budget, and directly aligned with your requirements. Having designers and developers in the same team who can share knowledge throughout the processes will almost always result in the delivery of a higher quality project too.

Building Your Website

With the handover complete, the developers will begin building your website. 

Most development agencies will likely start with setting up the base. This involves setting up the base styles of the site which includes and is not limited to default colours, typography styles and global components – including button and link styles.

Once the base is set up, your developers would typically move onto the navigation and footer set up before moving onto building out all the page templates and blocks in the design should they be taking a block based approach. 

Part of this process will often involve integrating certain components of your site with other systems you use within your business. 

Peer Reviews and Testing to Maintain High-Performance Standards 

It’s important for your agency to review and test internally all the elements that have been built, so any bugs are identified and rectified as early as possible.

Again, different agencies will have differing approaches to this. Here at SoBold, we leverage the size and experience of our team to conduct a thorough peer review process on every single component we build.

Following this internal review process, you’ll usually be given a link to your site in a staging environment.

All your content will have likely been carried over from your existing site and redirects should also be in place so that when you push the site live, any old redundant links will be redirected to the appropriate page on your new site. 

If you have any live marketing campaigns running, it’s important to ensure your development agency and your marketing team (or agency) are in regular communication prior to this, so they can keep your campaigns updated in line with your new site’s launch. 

Smooth Sailing Post-Launch 

Once your new website is live, you’ll likely have a period of time whereby your agency will be on hand to fix any bugs that relate to the content on the new site. Here at SoBold we work with our clients for a period of 30 days following the launch of their sites, and any ongoing support beyond this 30-day bug-fix window will require a separate maintenance agreement. 

Your agency should also go through the back-end of your platform with you, so you know exactly how to make changes to your website. For the most part, agencies will understand how important it is for you to be able to manage the site yourselves internally, and this is something we believe is crucial for you to be shown in detail at the end of the development process.

Penetration testing, often abbreviated as pen testing, is an essential process to ensure you maintain a safe and secure website. But what exactly does pen testing involve, and how can you rest assured your agency partner is covering all potential vulnerabilities for you? 

This article will provide a detailed guide to penetration testing, helping you minimise your security risks and ensure your website is fully protected. 

In a recent series of articles published in our resource library, we provided an in-depth explanation of the end-to-end process of building a high-performance, enterprise-grade website. (If you’d like to read that series first before learning about pen testing, you can start here). 

After you’ve worked with your agency partner to successfully build your website, you’ll also need to ensure your site is protected from cyber security threats.  With that in mind, you should understand the important role that pen testing plays in effective website security and maintenance. 

What is Penetration Testing? 

Penetration testing is a form of website testing that’s used to identify security vulnerabilities When conducting pen testing on your site, your agency will simulate a range of cyber attacks that could be used by cyber criminals or malicious software (malware). 

The purpose of this is to identify security weaknesses within your site and take action to prevent them from being exploited in the real world. This approach goes beyond basic tests, as it doesn’t just list the vulnerabilities, it examines how they could be exploited and helps to prevent that from happening. 

Why is it Crucial for an Agency to Conduct Penetration Testing? 

Website security is critical in today’s digital business landscape. Cyber security threats have become highly intelligent and sophisticated, now capable of penetrating even the strongest security networks. 

For instance, global technology giant Acer was the victim of a cyber security attack that demanded a ransom of $50 million USD in recent years. 

The outcomes of a cyber attack on your website could be catastrophic, either through sensitive data being stolen, lengthy losses of business continuity, or even reputational damage. 

Remember, your site’s security isn’t just vital to you as a business, it’s also something your clients need assurance with when they agree to work with you. You should be taking as many proactive steps as possible to ensure your security measures are rigorous enough to match high levels of risk. 

Covering All Bases for Robust Security (in WordPress)

It’s useful to be conscious of the common security weaknesses and pitfalls cyber criminals typically aim to take advantage of. 

Security vulnerabilities can be created when your website is running on outdated versions of your platform, or if something hasn’t been configured or integrated properly. Other common pitfalls include weak authentication measures and insufficient protection from the perspective of your users. 

With platforms like WordPress, there are some areas in which less experienced agencies could allow security vulnerabilities to creep in as well. For instance: 

• Auto-updates – When your platform’s software is automatically updated, changes in the code can cause new security weaknesses to arise. 
• Plugins – Using WordPress plugins from untrustworthy sources, or neglecting to update and maintain your plugins properly, can also cause security issues. 

This is one of many reasons why it’s important to work with an experienced agency partner who has proven platform-specific knowledge and expertise. Your agency should know your CMS of choice inside out, and should therefore be well aware of all the most common security pitfalls and targets for cyber attacks. 

What Does Effective Penetration Testing Involve? 

To conduct pen testing, your agency’s security experts will run through a process that attempts to penetrate your site’s security measures. 

This is usually done in stages, as follows: 

1 – Planning and Preparation

1. Review the results and analysis of any previous tests (if there are any)
2. Define the scope of the testing, including which tests will be performed
3. Gather all necessary data and information on the system to conduct the testing
4. Determine the criteria of success or failure for the tests.

2 – Running the Tests 

1. Use automated tools to scan for vulnerabilities and identify weaknesses 
2. Attempt to exploit the identified weaknesses 
3. Repeat the tests with different types of user roles and permissions
4. Measure the outcomes against criteria for success or failure 
5. Create a report on the outcomes and results of the tests. 

3 – Post-Testing 

1. Review the reports and analyse the results 
2. Remediate and resolve the vulnerabilities that were able to be exploited
3. Re-test the vulnerabilities to ensure remediation was successful.

The Benefits of Thorough Penetration Testing

Working with an agency partner who can support you with ongoing pen testing is a necessary step towards gaining enterprise-grade security for your website.

Technology changes so quickly today. Your platform receives updates regularly, your site is always growing, and cyber criminals are constantly finding new ways to breach your defences and gain access to your data. Penetration testing allows you to keep the pace with new emerging vulnerabilities. 

Conducting regular pen testing can also help improve client relationships and create competitive advantages as well. In certain industries, a demonstrable commitment to security will be greatly appreciated by your target audience. This can help to differentiate you from the competition and provide the trust required to attract more prospective clients to work with you.

Website Security is a Never-Ending Battle 

While every business with a website faces tremendous security risks today, this is a proven process that can help to minimise that risk and give you the confidence you need in your site’s security.

Any agency partner you work with should have the knowledge and expertise to understand the importance of pen testing, and should insist on making this an integral, ongoing part of your site’s maintenance.