WordPress has been successfully used as a blog or business website by millions of users. It has been around since 2003 and has evolved from a simple blog platform to a fully-fledged CMS for extensive (business) websites.

The best part is that it has been freely available for years! It is released under the GPL (General Public License) and can be used by individuals and businesses without limitations.

However, there are many misconceptions about WordPress that are not accurate, and WPbeveiligen has listed the top 5 misconceptions:

1. WordPress is a blogging system and not suitable for business websites. Fortunately, WordPress is highly flexible. Many paid themes offer the option to remove the “blog elements” so that it looks and functions like a professional website.
2. WordPress is complicated for many, and its features are too extensive. This may be the initial impression when you look at the WordPress admin panel. However, most of the features are not used by bloggers/writers, so the web builder only needs to set it up once and then never worry about it again!
3. You have to use WordPress from WordPress.com, making you dependent on their service. WordPress is software that you can freely download and install on your own server or hosting package. You are not dependent on anyone and can be sure that your blog or business website will still be online in the future.
4. WordPress is not suitable for search engines. Out-of-the-box, WordPress is not 100% optimized. You will need to set up the permalinks yourself and add an SEO plugin that places meta tags in the header and allows you to customize them per page.
5. WordPress is not secure.Similar to the popular operating system Windows, WordPress has a large number of users, and therefore, hackers try to take advantage of it. Out-of-the-box, WordPress is secure, and it receives regular updates to fix any security vulnerabilities that are found.The additional third-party plugins are the ones that may have security issues.For this reason, you need a good security plugin to protect your WordPress website from hackers and brute-force attacks.

That’s the top 5! There are many other misconceptions and tips you can read on WPbeveiligen in our news section.

A Permalink structure? This term may not be immediately clear to many.

The Permalink is an enhancement of the link structure so that search engines like Google and others can better index the website. Properly preparing the Permalink Structure is of great importance for visitor numbers!

The Permalink structure of WordPress is not well-configured by default! It looks like this:

How to properly set up the permalink structure

To do this, go to your WordPress admin panel > Settings > Permalinks.

Right after installing a new WordPress website, you will see the permalink structure set to “Default.”

It’s best to change this to “Post name” or to a “Custom Structure” where you can add a specific addition.

As you can see on your own website or in the image above, the link in the navigation bar has now changed to a proper title instead of a number. The title improves your visitor numbers via Google, while the numbers that were there previously hold no meaning for the search engine.

A clean title is not only beneficial for search engines like Google but also enhances the overall appearance of your website. And as you can see, it’s a quick and easy change to make!

Creating a Good WordPress Website on Your Own

If you want to create a good WordPress website on your own, it’s essential to keep the following points in mind:

1. Know Your Target Audience: Determine your target audience and tailor your website accordingly. For the business market, opt for a sleek and professional design with concise information. If targeting the average consumer, use an informative layout with eye-catching colors and images. For younger audiences, focus on visuals as they have shorter attention spans.

2. Brand Yourself: Consider how you want your target audience to perceive your brand. A professional image is crucial for businesses, while sympathy and approachability are essential for consumer-focused websites. Building a positive connection with your audience can increase the “gun” factor, encouraging consumers to choose your products or services.

3. Promote Your Website: Creating a website and waiting for visitors is like opening a shop in an obscure alley. You need to ensure people can find your website. Some methods include offering a unique product that generates word-of-mouth, using Google Ads for visibility, optimizing your content for search engines, distributing flyers and business cards, or sponsoring other companies for advertisement exchange.

4. Design and Style: Choose a style based on your target audience. Colors evoke specific emotions and moods. Warm colors create a different atmosphere than cool colors. For instance, commercials on TV often use cool colors when presenting problems and warm colors when showcasing their solutions. Consider the effects of different colors on your audience’s perception and emotions when designing your website and promotional material.

5. Showcase Your Product or Service: Clearly present your product or service on the website and provide sufficient information. Make sure visitors don’t have to search or guess what you offer.

Finally, after successfully creating your WordPress website, take measures to protect it from hackers and scripts that might use your website for their own advertising purposes. Secure your hard work and make sure your website stays safe and functional for your visitors.

What an old saying! Is “cheap is expensive” still valid nowadays?

**Is everything free to download on the internet?**

Yes, everything can be downloaded for free on the internet. Think of WordPress and all the information related to it. Setting up a WordPress website is just a matter of investing time and energy.

And yes, even illegal plugins are “free” to download. But in this case, the saying holds true: “cheap is expensive.”

These so-called “free” plugins have been uploaded online by people who want to profit from them. They insert code into the plugin that allows them to receive your login information or gain control over your website.

What happens then? Your website starts displaying ads for a product, or it links to strange websites.

And that’s not all. I regularly encounter websites, which, thanks to hackers, appear in Google search results with descriptions like “Buy your v i a g r a here.”

This is something you definitely don’t want! Promoting a product you have nothing to do with can be troublesome. Especially if your business has built a reputation, you certainly don’t want to be associated with such junk.

Most “free” plugins operate surreptitiously, so they won’t be detected easily. They may stop functioning when you’re logged in or display information only twice to visitors, making it hard for administrators to notice anything suspicious after three visits.

But for every new visitor, it’s an unpleasant experience. With such ads, visitors lose interest in exploring your website.

Ultimately, downloading “free” paid plugins and setting up a WordPress business website can cost you a lot of money, and as you can guess, it becomes expensive in the end.

**What to do if your website is hacked?**

If your website displays content unrelated to your services and information, thoroughly check your website.

If you have an SEO plugin, review the meta description.

However, it’s more likely that there is code injection. In your WordPress admin, go to Appearance > Editor and check the files of your theme.

Popular theme locations where hackers often insert their ads and scripts include header.php, index.php, page.php, single.php, homepage, and front pages. But it could also be injected into the database. Since WordPress stores all content in the database, it becomes an attractive place for hackers to place their code.

**Prevention is better than cure**

Yes, there’s another old saying, but it’s very applicable, especially for business websites. Once a website is hacked, you not only suffer the consequences of the hack but also need to remove all malicious code and backdoors, which takes a lot of time.

Then, the website needs to be secured, which again takes time and money.

**Putting a WordPress website online without security**

Putting a WordPress website online without security is like buying a car without locks. It may be fine for a while, but sooner or later, the wrong person will find your car.

At the beginning, when your website is new, it won’t be easily found by hackers or scripts, and there won’t be a problem. However, after some time, it’s just a matter of time before your website attracts scripts that test it for exploits (vulnerabilities).

**What do you recommend then?**

From experience, I recommend securing every important website. Any website that generates revenue and is critical to your business should be secured to avoid unnecessary costs.

**So, you’re just trying to make money!**

Well, that’s my recommendation, but at the same time, I’m giving away all the information for free on my website! As a programmer, hoster, and web designer since 2007, I’m already quite busy. However, I receive requests weekly to repair hacked websites, and I can see how frustrating it is for website owners.

For me, diving into the code and fixing it is straightforward. I know where to look to clean up the code within 10-15 minutes, or I can restore a backup.

But I realize that many people who haven’t found me on the internet yet may find it very frustrating when their website shows strange ads. It can be a search before they find someone who has been doing this since 2007 and enjoys restoring and securing websites.

That’s why I hope that people will have their websites secured before they get infected.

**Do you offer a guarantee?**

Yes! When I secure your website, I’m so confident in the quality of my work that I offer 6 to 12 months of guarantee. If a script or hacker still manages to get through, I will make sure your website is as good as new. I’ll restore a backup, secure the website, and ensure it runs perfectly. And it’s free, that’s the guarantee!

With my experience in WordPress since 2007, I know how websites function and the hack scripts that circulate online, as well as the tricks that hackers use.

I will secure your website as well as possible, and if your website gets hacked, I’ll find all the backdoors and make sure hackers and scripts can’t access your website anymore.

An amazingly simple plugin with one purpose: to search for files that may contain code that doesn’t belong in WordPress.

You can find the plugin in the WordPress plugin library.

After installation and activation, the Exploit Scanner can be found under Tools.

As you can see in the image below, there aren’t many options. You have the option to disable “display: none,” which is common in certain themes.

You can also limit the scan to files that are not larger than 400 KB, and it is recommended to keep it that way. (although very occasionally, hackers may write very large files, in 99% of cases, scanning such large files is not necessary)

The third option you have is to limit the number of files scanned at once. It may be necessary to set this to a maximum of 100-150 if you have a hosting package with limited memory, and the pages freeze with a “memory error.”

Run the scan!!

Once you have enabled the scan, it may take a few minutes.

After that, you will get a long list of files that contain Eval commands, a list of “hidden” CSS codes, and more.

Is the Exploit Scanner a one-click solution?

With one click, you can see which code may be potentially dangerous and where the files are located.
However, it is still necessary to have deep knowledge of WordPress, code, and hacker code to determine whether a piece of code belongs in your website or not.

In short, it’s a useful tool for webmasters.