How to blog on your business website

Blogging on your business website can bring all kinds of benefits – especially to your bottom line – but getting going is easier said than done.

This post is for you if you’ve wondered whether you should blog, have been told you should, or if you’ve always intended to, but never got going.

Read more

Is your WordPress site vulnerable to hackers? Test it for free

How to check if your website is vulnerable to hackers

Outdated software is the number one reason WordPress sites get hacked, but if you don’t know much about WordPress, how can you tell if you’re up to date?

Site check showing outdated WordPress version
Your WordPress site is vulnerable to hackers

There’s no need to track down your developer and ask, or go and look through code. All you have to do is visit the Sucuri website, type in your web address and you can find out straight away.

The tool doesn’t just test WordPress websites, it checks whatever you have, as other systems like Joomla! can also be vulnerable, especially if out of date.

We have written several times before about how out of date WordPress software and plug ins can make your site vulnerable to all kinds of hacking nastiness, including pharma hacks, malware or complete loss of your website.

Google blacklists (on average) 10,000 websites per day, many of which will be hacked WordPress sites. If your software is out of date and your site hasn’t been attacked, you’re not safe, you’re lucky.

90 per cent of hacks are opportunistic and automated. Hackers run automatic programmes that try known weaknesses on thousands of sites at a time and if they get in, there goes your website.

If you’re not up to date, it’s not a question of whether, but when.

Test your WordPress site now

Follow this link to the Sucuri website and test your own site by putting the domain name into the box. The link opens in a new tab and you can return to this page afterwards.

If you get the all clear, then great.

If your site is vulnerable

If your site is marked as vulnerable through out of date WordPress, then do yourself a favour and come and talk to us. We can put it right for the price of an hour or two’s work.

Sitecheck showing clean WordPress site
Congratulations: Your site is secure

We can also check over your site’s security and other common ways in, such as insecure usernames and passwords, the second most common reason for hacks.

Contact us for more information.

WordPress is not the problem

WordPress is popular – it’s now 20 per cent of websites – and that’s what makes it a target for hackers who know some people will always leave their websites to go out of date, often because they don’t know any better.

As it happens the WordPress development team works hard to ensure the software is as secure as it can be, which is one reason why it is updated relatively often.

It could be argued they are getting better and better at it.

Last week the latest version of WordPress – 3.7 – came out and includes the ability to do security updates automatically, which is a big step forward. But there are still lots of sites that are running old and vulnerable versions, just sitting there waiting to be hacked.

Don’t let that happen to your website. Check your site now!

Update your WordPress now!

WordPress logo

Have you updated your WordPress website yet? If not you need to do it now.

Last week a new version was launched – we’re now on WordPress 3.5.2 – and it’s a maintenance and security release. This version is plugging seven security holes that exist in all previous versions of WordPress, so this is not an update you can ignore.

[caption id="attachment_543" align="alignright" width="405"]Wordpress logo WordPress logo[/caption]

It’s also making other security improvements to keep ahead of the hackers who like to try and take over your WordPress website, bring it down or the other things hackers do.

Why do I have to update WordPress?

Here at Moghill Towers we’re often going on about how if you have WordPress you must keep its software up to date – not just the core WordPress software but also any plug-ins you are using for extra things like forms or online shops.

Why? Because of the sheer number of business websites we see who are using out of date (and therefore vulnerable) versions of WordPress. Not just WordPress but another piece of free software that is often left to go out of date and become vulnerable: Joomla.

And why is this happening? It’s usually not the fault of the business concerned, more that the business has been badly advised by whoever built their website.

Some website companies are happy to just sell businesses a website on a free software platform like WordPress without warning them that it needs to be maintained. Some web designers don’t even realise that updates are necessary.

But that’s like buying a car you never have to service: It would be a nice idea but it doesn’t really happen in the real world.

Hacking danger

WordPress in particular is the most popular software for building websites in the world. It’s free at the point of use, can be extended to do whatever you want it to and made to look however you want it to.

We make no secret that we love WordPress and what it can do. We even like its cousin Joomla, too, which is also free but not as versatile.

But with that popularity means it’s attractive to hackers, and that means you must keep it up to date. Only in April there was a massive automated attack on WordPress websites around the world. If you were clued up on your security you were okay, but many sites fell victim.

The end result of not updating WordPress is your company website gets hacked, and if even if the reputation of your business is not damaged, you have to spend a lot of time restoring what you had, or re-building it completely.

And don’t think it doesn’t happen – in the last few weeks alone we have helped a couple of companies update and secure vulnerable web software that had been hacked.

That’s why we’ve taken it upon ourselves to spread the word and raise awareness of the problem.

Let us help with Your WordPress site

We keep the website software of all our customers up to date – WordPress and plug ins in particular – as part of our managed hosting package. Our sites were updated to WordPress 3.5.2 this morning.

We also offer a service where we can bring your WordPress software up to date for you if you don’t host your site with us – and we can also update Joomla websites to the latest version.

If you need help with updating your WordPress site then contact us for a chat.

Further information

Why we love WordPress

WordPress logo

We are specialists in using the WordPress content management system because it allows us to build great websites at an affordable price.

[caption id="attachment_543" align="alignright" width="300"]Wordpress logo We love it! And so should you.[/caption]

But we are also experts at getting the best out of WordPress for you and your business and many of our customers come to us with WordPress sites that have been sadly neglected.

We can fix that for you and give your a site a complete makeover using the system you already have.

Why WordPress?

WordPress is one of the most popular ways to build a website in the world – never mind Shropshire – and with good reason.

  • It’s free to install with no licence fee to pay
  • It’s future proof as it updates to keep up with the web – your site can grow with you
  • It’s easy to extend and customise, meaning your site can do whatever you want it to
  • Google loves WordPress and gives your site a strong SEO basis to build on
  • WordPress lends itself to displaying on mobile phones, especially responsive sites

The possibilities with WordPress are endless. We can use it for:

  • Blog-based sites
  • Simple brochure sites to more advanced sites with hundreds of pages
  • Web shops
  • Directory sites
  • Online learning sites

It keeps us honest!

Another factor is that WordPress does not tie you to a particular host or web design company.

That means that if you want to move to a new provider you don’t have to start from scratch with a new site.

We see that as a good thing because web companies like us have to pay more attention to customer service and not hold customers to ransome.

Moghill and WordPress

When we start to plan a new website, usually we only need to consider WordPress as our solution for how to build it.

We pride ourselves on not being geeks but in the case of WordPress we’ll make an exception: We love Wordpress!

But now we’ve got that out of the way we also work with Joomla and Magento! If we have to.

Keep your WordPress software up to date – unless you like nasty surprises

Out of date plug ins

Recently we’ve been asked to look at a few sites built in WordPress, and have been surprised to find the software is years – yes, years – out of date.

Allowing  your WordPress website to drift like this is a bad move that can leave your site open to hackers who could bring it down or worse.

Your site could be taken off search results, your reputation could be damaged but most of all it will take a lot of time to clean up the mess.

Wordpress is the most popular website platform in most of the world with good reason.

It’s free for a start, but also it can be extended with the help of plug ins, which allow custom functions like photo galleries or forums – just about anything you want.

[caption id="attachment_526" align="alignright" width="300"]Update WordPress now! WordPress gives you plenty of warnings about updates to itself and its plug ins[/caption]

Another reason for its success is that WordPress is constantly moving forward, with a new version featuring improvements released every three to four months  – the latest (3.5) was just last week – and sub versions to fix bugs and security issues in between.

Every major update also means the plug ins have to change, too.

That popularity means lots of people who like to hack websites devote a lot of time to finding holes in WordPress. Hackers share information and once they find a hole they will tell lots of other hackers.

When this has happened in the past the WordPress community has been quick to close the security hole by rolling out a new update that fixes the problem.

Asking for trouble

But if you don’t apply the update your site is basically sitting there waiting to be hacked. And the hackers will be looking for you.

Now we are not trying to scare you, or put you off using Wordpress, but if you or your web designer ignore this aspect of using WordPress then you are asking for trouble.

Wordpress itself does its best to warn users of new versions, but it’s amazing how many people ignore the warnings.

Even Google started warning website owners if they were running out of date Wordpress versions, and there were plenty of examples of people being caught out who should have known better.

For example the Reuters blog, which was hacked earlier this year and found to be running a version of WordPress that was two years out of date.


The result: Your website can be home to nasty software, advertising dodgy online drugs, hosting one of those fake banking/phishing sites or just taken over by someone else. In most cases you may not even know anything is wrong.

This can get your website blacklisted and removed from search results and the damage to your reputation can be immense.

[caption id="attachment_527" align="alignright" width="197"]Out of date plug ins That’s a lot of out of date plug ins[/caption]

Sometimes the fault here lies with web companies themselves who sell a website to a customer but don’t explain that the software it runs on must be kept up to date.

One company we know of even told a customer to ignore the prompts to update the plug ins and Wordpress version – and warned them that if they updated and things went wrong they would be on their own.

In this case it seems the web company involved simply didn’t understand how to keep WordPress up to date – or the importance of doing so.

A Stitch in Time Saves Nine

Some customers are put off by the idea their website will need to be maintained that there will be a small cost associated with this but skipping this is a false economy.

After all doing the necessary back-ups and keeping everything up to date is a finite task that shouldn’t take long if done regularly.

Fixing a hacked website can be a long and involved process that could cost a lot – in time and money – to put right.

Or to put it another way, keeping Wordpress and your plug-ins up to date is the equivalent of taking your vitamins, but putting a hack attack right is open heart surgery.

Ask your web company

So if you already have a WordPress site find out what your web company is doing about back-ups and software updates. If you look after your own site then don’t ignore the warnings.

And if you’re thinking about having a WordPress site built for you, ask your web company what they are going to do about updating it and its plug-ins. If they don’t have an answer, then you might be better going somewhere else.

Otherwise there could be a lot of time and expense waiting for you down the road.

More information

How to Keep WordPress Secure by Matt Mullenweg, co-founding developer of WordPress

WordPress Security: Seven Ways I Could Hack Into Your WordPress Site – Mark Maunder

Reuters was using old WordPress version when it was hacked –

NRG Direct Mail – Website overhaul

NRG Direct Mail logo

The Project

NRG Direct Mail had a WordPress website that had been built by another company several years before, but it did not address the needs of the company’s customers or the company itself.

It also emerged that the website was running an out of date – and vulnerable – version of WordPress and all its plug ins were also out of date and the site was not being backed up.

[caption id="attachment_1048" align="alignright" width="450"]NRG Direct Mail's responsive design website built by Moghill Web Services NRG Direct Mail’s new responsive design website[/caption]

The company had been considering running a Search Engine Optimisation campaign but we successfully argued that the same results could be achieved by

  • Targeting the site better towards the needs of customers
  • Making it more concise, focussed and to the point
  • Implementing a new responsive design, which re-sizes itself to display better on mobile phones and tablet PCs, such as iPads.

What Moghill did

We set about overhauling the current website design, content and SEO completely: An illustration of what can be done within WordPress without changing the website platform.

NRG Direct Mail had already implemented Google Analytics statistics on their website, which meant we already had a wealth of statistical information to draw on about how people were using the website and finding it on web searches. This established that most visitors to the site were not new customers.

[caption id="attachment_1051" align="alignright" width="450"]NRG Direct Mail website before Original NRG Direct Mail website homepage[/caption]

We also looked at the major search terms appropriate for the company’s services and the competitors for those terms.

We interviewed staff about the number of enquiries received via the website and general customer response to it.

Finally we looked at the content and structure of the website as was and produced completely new content much better suited to customers and what they would be looking for.

We also added calls to action and quick contact forms which made it easy for customers to get in touch with the company and a new blog.

We were able to build the new version of the site in a test area while the old site ticked along and until the company was happy with it. Then we moved everything across over a weekend when web traffic was at its lightest.

We then handed over the website, providing training on how to use it and on web writing. We now maintain the site software so that Wordpress and plug-in versions remain up to date and secure and run regular back-ups of the site.

View the site at

What the customer said

Nick Chavasse, NRG Direct Mail Managing Director said: “Patrick and Fiona are a great team and have empathy with their clients.

“I liked the fact that they took the trouble to understand our business and then blend the creative aspects and appropriate web text with the Search Engine Optimisation work.

“An excellent result and already on Page One of Google. You cannot ask for more than that!”

[button link="" bg_color="#ba2e24"]See more website case studies[/button]