Author: possipro-adminer7

  • Never Buy a “Custom CMS”

    Never Buy a “Custom CMS”

    cms

    A client of mine bought a “custom CMS” from another company.  It was based on WordPress, so I didn’t worry too much about it. I thought that it being based on WordPress would mean I could fix whatever problems might remain when they turned it over to me.  Boy was I wrong!

    Sure it was based on WordPress, but because it had been outfitted with software intended to help add custom database entries that don’t conform to WP standards, it was stuck frozen in time.  I couldn’t update the wordpress core or any of the plugins.  Sure, I expected a custom theme that couldn’t be updated, but I was expecting to be able to add new plugins and update old ones.  Without that capability, they’ve removed everything that makes WordPress awesome.  Everything that makes a WP site last much longer than sites based on other CMS’s.  So basically, my client got a great looking, outdated, broken WP site.  And since I was told it was WordPress, I didn’t think to tell the client that he should insist on a security plugin and a SEO plugin. Once it was delivered, and launched, I set about to add precisely those plugins, which caused the whole site to crash.  I had to remove those plugins immediately and break the news to the client.  We couldn’t add those basic plugins, or any others.  The site was stuck as it was; based on a year old version of WP.

    A year  and a half later, we have been lucky with some simple IP blocking to prevent access to the backend.  This is the entirety of the security that keeps the site from being hacked.  Thankfully, the site is not interactive enough to require users to login or create accounts.

    When Google announced their requirement for mobile compatibility, we couldn’t use any simple plugins (Yes, I tried them.), so I had to hand code the CSS files to make the site work and look good on mobile devices.

    I also managed to hack a couple of simple plugins to that add some minor functionality improvements.  (One for social sharing and another to toggle some content on the home page.)  Now I live in fear that Google will come out with new rules or the client will discover some other new gizmo that would be easy to add, if it were a real WordPress site, but require serious hacking on this site.  Or worse, the site might get hacked and crash and burn.  

    I worry that 3-5 years down the road, barring any unforeseen website tragedies, that the client will need a new site and we won’t be able to transfer the data correctly to a new WordPress (or whatever) site.

    The worst part was learning how much the client paid for the “Custom CMS” and realizing I could have done better for less than half that price.

    The lesson here, is to trust your web guy.  If he’s not delivering, Ok, then look elsewhere, but beware of the really high priced “custom” alternatives.  In this day and age, if it can’t be updated and if you can’t add new plugins, or modules, or whatever, then eventually you will have to replace the entire site all over again.  Unless your business is to push the envelope of the Internet, stick with the tried and true and easily updated.  It’ll last a whole lot longer.  It’s much easier and cheaper to buy a new theme every few years than to replace your whole site.

  • Don’t Ignore ICANN Notices

    Don’t Ignore ICANN Notices

    Recently a client of mine had her website go down.  She called on a Saturday morning, frantic and confused.  She thought I had taken the site down, since she had just launched a brand new one.  I hadn’t touched it.  But it was an older out-dated site, so I checked to make sure it hadn’t been hacked. Sure enough, the site was down.  I checked and the server was running fine,  All the files were still there and hadn’t been changed. Naturally, I checked the Domain, thinking she must have let it expire by accident.  But it wasn’t expired.  In fact it had more than a year left until it would need renewal.  The domain status was “ClientHold.”  I was stumped, so I shot off a support request to my hosting company asking if they had any idea. I had an out of town conference to attend, so I told the client  to call the company she had registered the the domain through.

    Later that afternoon she contacted me and said that after 3 hours on the phone with their customer support, they finally figured out that she hadn’t responded to their email asking her to confirm the ICANN required contact info.  She ripped them a new one, saying she han’t received such an email (nevermind that she was using an old juno.com email address that she almost never checked on her domain registration.  Eventually, she was able to convince them that she was indeed the registrant of record and they updated her status, and presto her site was back online… late the next morning.

    Meanwhile, my hosting guys took one look at the domain status and said the ICANN info was out of date.

    Bottom line: Always make sure you use a current email address with your domain registration, and update it when you change that address.  There’s really no need for this kind of thing to happen.

    There’s some good reasons why ICANN insists on current contact info.  ICANN says it’s for “Transparency” but nobody really seems to know that that means. Without confirmation, spammers/phishers/malware suppliers/scammers/identity thieves can register a domain using fake contact info and then use the domain for nefarious purposes without fear of anyone finding out who they are.  Clearly that’s been going on for a very long time. With these new regulations, failure to provide presumably legitimate contact info. will result in the domain going down in 15 days.  Sure it’s not that hard to set up a fake online persona, but it’s one more step the bad guys have to take, and if they screw up, they’ll lose their domains or get caught  (presumably).

    Also, there’s probably a lot of domains out there tied up with old contact info, so until they expire, nobody would be able to put them to new (presumably good) use.  This speeds up that process.

    I feel so much safer knowing that if Terrorist Drug Dealing Identity Thieves take over my website, the authorities, after a lot of red tape, will be able to send them an email telling them to please stop.

  • A true story about how our WordPress Management service saved a site.

    A true story about how our WordPress Management service saved a site.

    wordpress management

    For all our WP Management clients we check their sites once week to make sure all the plugins, themes, etc. are up to date.  We then update anything that needs it and move along to the next site.  

    This week we were checking a site and noticed that it was down.  Thinking maybe it had been hacked we checked the server and discovered that there were no files there at all.  Worried, we contacted the site’s owner, hoping they had moved the site on purpose or something along those lines.  They were surprised and alarmed to discover that the site was down at all.

    We advised them to contact the hosting company (because we didn’t have access to their hosting credentials – or we would have done it ourselves).  They discovered that the servers had been upgraded and were told to change the DNS info to point to the new servers.

    We logged into their domain registration account, updated the DNS info., and got the site back online.

    What might have been a costly downtime of perhaps days or even weeks, was resolved in a few hours.

    Just one more reason to make sure someone competent and trustworthy is checking all your sites on a regular basis.

    Sign up for WordPress Management service here

    Please enable JavaScript in your browser to complete this form.
    Full Name