Updating WordPress

There are a lot of things that I really like about WordPress. One of the things at the top of that list, is how easy it is to keep it updated. We recently took over hosting for a client who hadn’t updated their site for many years. We ran all the updates for the core system, plugins, and themes. All those updates were done in about 3 mouse clicks. And best of all, the site worked after all the updates were done. This is by no means saying that updating your WordPress site isn’t important – IT IS BEYOND IMPORTANT. There were obvious security issues with the old site, but updating to the newest versions was fairly simple. Before making a big update like that, however, there are a few things to do.

The first thing that should be done, is to make sure you have a backup of the site. The more recent – the better. We had a site we updated recently, and while there was a backup of that site from a week earlier,  just to be safe, I made a backup from that day. If anything were to go wrong in the updates, I could simply upload that backup and have the site up and running very quickly. It can’t be stated enough how important backing up a site is. Whether it is to your server, local systems, or a remote option (such as AWS), there is considerable security and peace of mind with knowing there are backups available. 

Another step to take before running a big update, whether you have backups or not, is to document important things like your Google Analytics code and what pages are on the main navigation. Yes, it’s rare, but updates can go wrong Elements, such as the Google Analytics code, can sometimes be erased. While that code would be in your backup, if you save a copy of that code, you can simply copy the code from a backup file (like a Microsoft Word file) and paste it back into your site coe. Some updates can cause site navigation to get deleted or changed as well. So documenting the order that pages were listed in the main navigation, can save you the time of having to reload the backup.

Ideally, when doing any big or significant updates like this, especially if you’re not sure of how they’ll go, move a copy of the site to a testing environment. By doing this, you’ll be able to run all the updates, confirm that the site works well, and then move the site back to the live environment. You’ll also be able to fix any issues that came up, before moving the site live. At Full Scope Creative, when we take over the hosting of a website, we first launch the site in a test environment, and perform any needed updates there. By doing that we can be sure that the site will be up to date when it is launched, and that the client experiences as little downtime as possible. 

When running updates on your site, especially any significant updates, it is always helpful to make a backup of the site and copy any important code. If possible, move the site to a testing or development environment before running any updates as well. Running updates in WordPress is fairly easy to do. Adding in these couple steps can make the process that much easier. While other content management systems can be difficult to update, updates to WordPress can be done in just a few clicks. And that’s one of the main reasons we use WordPress.

Why use a Child Theme?

Selecting a great theme for your WordPress site is one of the first steps to putting a great site together. Any good theme will have updates available at any time, and we don’t want to add any headaches when running those updates. To avoid these issues, use a child theme on your site. 

A child theme is simply another theme to be installed in a WordPress site to provide functionality to the site. A child theme will assume its core functionality from the parent theme. Because of this, the parent theme will be considerably large in file size and number of files. With a child theme, you can customize the parent theme while keeping the parent theme ready for updates when they are available. Without a child theme, you would risk losing any and all customizations when installing a new update to the parent theme. For this reason, when building a WordPress site, any of the countless customizations you will want to do should all be done through the child theme. 

One of the great things about using a child theme is it doesn’t take much for the browser to load. The reason for this is that the only files in a child theme will be the files you are updating and adding customizations to. Files such as CSS pages, template pages for headers and footers, and some javascript are the main files that will be in the child theme. You’ll also likely upload different images that are specific to the site to the child theme. 

When you are searching for the theme to use for your WordPress site, if it doesn’t support the use of a child theme – yes, there are some that don’t – I would highly recommend leaving that theme alone. Child themes, and the functionality and adaptability they provide, are one of the greatest strengths of WordPress.

While it may be an extra step to take in the WordPress site development process, it is one that will pay off time and time again. Each time there is an update to the parent theme, and each time you need to make different customizations, you’ll be thankful you have that child theme in place. 


Elementor is a page builder plugin for WordPress that makes it simple to create very detailed, unique site designs that are easy to revise. Users don’t need to know any coding whatsoever to utilize its drag and drop tools to create and update pages. It comes with a wide array of elements, or widgets, that allow users to organize the content on a page simply. Its ease of use and professional-looking layout are two of the things I like most about the plugin.

When we are designing a site for a client, especially the home page, we often want a little more detail in the layout with various boxes to highlight certain information or full width rows for images to help breakup the content. We’ve always been able to do this in WordPress, but in the past, it would often mean needing to utilize HTML or other programming languages to make updates.

With Elementor, we can create those layouts without infringing on our clients’ needs to easily go in and make updates any HTML knowledge. Elementor features a very easy to use editor that breaks page layout into smaller, editable sections. Elementor comes with a variety of pre-made sections for things such as text blocks, headings, and images, but also more advanced features like easy to embed Google maps, photo galleries, FAQs, and more. The professional version of Elementor has even more options available as well. 

By allowing our clients to make those updates on their own, it helps us provide a better website experience to the businesses and nonprofits we work with. Our clients can log into WordPress and make many of these changes on their own, when they need to, and don’t need to hire us to do that work or learn any website programming to get their changes made. 

Remember when Uncle Ben told Peter Parker (Spiderman), “With great power, comes great responsibility…” ? While Elementor does provide our clients with a great power to be able to easily make updates to their site, there can also be a great responsibility that could come with it. Elementor basically makes WordPress function like many of the other What You See Is What You Get (WYSIWYG) editors. However, with Elementor, we can control many of those design aesthetics (font, color, background color, etc.) through the CSS still, maintaining the integrity of the site design all the way through on each page.

To put it simply, Elementor makes it easy for our clients to login and make text updates to their sites on their own. This plugin is a tool that we at Full Scope Creative are proud to employ as it speaks to one of the driving factors that got our company started: a sincere desire to provide businesses and nonprofits with a better website and marketing experience.

Search Bar on Site

While WordPress has a lot of great features built in, one feature that isn’t quite as top notch is the built in search options for the whole site for users to find the info they are looking for. Thankfully, as with most things on WordPress, there are a couple of great plugins that can be used to achieve this goal. When adding a search bar to your site, there are a few things to keep in mind. 

As is always the case with WordPress, make sure you are only installing reputable plugins. There are a few plugins for adding better search functionality that I’ve looked into, and my favorite is Ivory Search. The main thing I really like about Ivory Search is – get this – it works really well. While the plugin doesn’t have quite as many active users as I’d normally like to see, it does have fairly regular updates that give me the peace of mind needed to use the plugin.

Extra search functionality on a site is a great tool to add in, but from a visual or design standpoint, things can get a little tricky. Oftentimes, having the full search bar on the page can look dated or it can be tough to visually fit it into the design. A great way to avoid this issue is to use the built in functionality of Ivory Search to use a search icon (often a magnifying glass) that, once clicked upon, will expand out the full search bar. By using this technique, search functionality can easily be added to almost any page or navigation while simultaneously maintaining the integrity of the site design and providing the search feature to users. 

We don’t add a search bar feature to every site we build at Full Scope Creative, but if we are building a particularly large site, we’ll often times look to add in the search bar and functionality. When we look to add in a search bar, Ivory Search is often our go-to plugin to use. 

How to evaluate plugins

WordPress is a great content management system (CMS) and one of the things that helps make it so great is the fact that there are thousands and thousands of additional plugins that can be added to your site to make it work just the way you need. With those thousands of plugins available, it can be a daunting task to find the right plugin for what you need. I’ve used countless plugins over the years and have found a few ways to help make sure I choose reliable and safe plugins.

One of the first things I check for in a plugin is how recent it is – when the plugin was last updated. As I’ve mentioned before, one of the biggest keys to keeping your WordPress site secure is keeping it as updated as possible. Plugins are often one of the areas a hacker can exploit to get into your site. If a plugin hasn’t been updated in more than 2 years, WordPress will notify you of that and they may even remove the ability to download that plugin. Realistically, if I’m looking at a plugin that hasn’t been updated in 6 months, I’m not very likely to use that plugin. I’ll keep looking around for a while yet. If a plugin was just updated in the past few weeks or the past couple of months and I can see that the developer of the plugin has a good track record of making updates regularly, then I’ll start looking at the next criteria.

The next thing I look at is the number of active installs. If a plugin has a million+ active users, that’s a pretty good sign that it is working well for others is likely a good plugin. There’s no clear cut rule that says a plugin must have so many users to be safe, but in general, I want to see 100,000+ active users. If there are only 20 active users, for example, I’m not as convinced that a plugin has the resources to make it secure. That doesn’t mean I won’t use the plugin, but I will be extra cautious. One plugin I used that has 20 active users was built by another developer who I had worked with in the past and knew that they always had regular updates for the other plugin.

Also, I oftentimes check the reviews for a plugin to see what the community thinks of it. I’ll see if I can find reviews from another developer who tried to use it to achieve the same objective that I am working toward with the current project. I usually take negative reviews with a grain of salt, but if there are multiple negative reviews speaking to a certain aspect of the plugin, I will pay attention to those.

If I’m still not sure whether a plugin is safe to use or not, I’ll email the developer. If I get a reply quickly, it is at least an indication that the developer is actively involved in the plugin and responding to users in a timely manner. How well the developer can answer my questions often indicates if it is worth the time to test the plugin further.
Before using most plugins, I run them in a test environment and just to see how they work. I can then test the functionality of the plugin as well as see how it responds with the WordPress theme and other plugins that will be installed on the site. 

WordPress is so popular in part due to the number of plugins available there. Of course, the number of plugins available can make finding the right one to use a challenge. Following these simple steps can help save hours of searching and scratching your head and ultimately lead to a safer and more profitable site. 

Formidable Review

You’ve heard me say a time or two (or more) why I think WordPress is such a great content management system. One of those reasons is the number of great plugins that are readily available to use on websites. One plugin that we’ve been using on almost every site we’ve been doing lately is called Formidable – a contact form plugin. There are a couple of really great features to Formidable that make it one of my favorites.

One of the great things about Formidable is how easy to set up it is. While it’s true that the standard out-of-the-box form included has some odd parts to it (for example, there is a question asking what the subject of your contact form is and the name fields are only half width), those are easy to change or remove all together. Unlike other contact form plugins, such as Contact Form 7, adding new fields or questions to your contact form is really easy: it’s a simple drag and drop setup that allows you to create the question and its HTML elements all in one.

Even with no knowledge of HTML, you can easily create new questions, and getting those new questions to show up in the email that is sent to you is all done by default as well – again, making it super easy to use, especially for non programmers. As is the case with my contact form plugins for WordPress, Formidable is also really easy to connect with Google’s recaptcha to reduce and eliminate spam. You can easily set up various styles of recaptcha in order to best suit the needs of your website and the amount of spam you may be getting.
On a couple of the websites we’ve done, we’ve needed to do some more advanced features on the contact form. The premium version of Formidable has a lot of great options that can be used to take your contact form to a new level. However, if you only need standard forms and standard questions with no advanced conditional statements or things of that nature, the free version will work just fine.

Because of how easy to use the plugin is and how versatile it can be with the
premium version, Formidable is by far my favorite contact form plugin to use with WordPress. If your site isn’t using Formidable or you’re not getting the most out of your contact forms, contact us today. Visit https://fullscopecreative.com/contact/ – and yes, the contact form there, that’s Formidable.

WordPress and Basic SEO

At a recent business lunch event, I heard a competitor of mine make the claim that you can’t update key SEO elements of a page in WordPress. Because of that, they argued WordPress should be avoided. Unfortunately, I had already spoken and talked a bit about myself and my business at the meeting, or I would have corrected the point in my introduction. SEO elements like meta title and description CAN be easily updated in WordPress.

I’ve heard from other companies in my industry that WordPress is full of pitfalls and shortcomings. I agree with that point – it is full of them; but so is every content management system on the market. They’ve all got their pros and cons. The great thing about WordPress it that it is pretty easy to overcome any such issue.

The meta title and description tags, while not a huge factor in ranking, should be customized for each individual page on a site. With the out-of-the-box WordPress install, that’s not really doable. But by simply adding the Yoast SEO plugin, it’s easily taken care of. Plus, there are countless other benefits of using Yoast on a site. Heck, Yoast alone is reason enough to use WordPress.

Yes, there are security shortcomings, but again, it’s 2018 – ALL content managements systems and event straight HTML sites have security concerns. Again, with WordPress, we can install WordFence and those security issues are addressed.

If you’re worried about SEO or security limitations in WordPress, I can assure you, they are easily taken care of with a few simple plugins. I’ve played around with several content management systems and even built one internally (Blossom, RIP), and all pale in comparison to WordPress.

If you hear someone saying those things about WordPress, they probably haven’t spent a minute or two actually looking into the program to see just what is available. As an out-of-the-box system, it’s one thing, but with the addition of a few simple plugins, the content management system takes on a whole new life. If you’ve got any concerns about security or SEO in WordPress, feel free to reach out. We’d be happy to answer any questions you may have.

Security by Obscurity?

In 2018, security on your website is a big deal. One security measure you may have heard of is “security by obscurity” or SBO for short. While it may sound like a great idea, the results will likely leave you frustrated. Security by obscurity – while sounding logical – is actually a huge vulnerability.

SBO can be traced as far back as Alfred Charles Hobbs, who in 1851 (yes, 167 years ago) demonstrated and spoke of the issue as it applies to padlocks of the time. The idea behind SBO (again, yes logical) is that if the bad guys (hackers) don’t know how your systems are laid out, they’ll never be able to hack them. Many programmers, including yours truly, have used this technique only to see it fail… miserably. Hackers and spammers are just simply too good. Yes, SBO might keep the rookies out, but anyone who has been at it a while will still get through.

Thankfully, with WordPress (my content management system – CMS – of choice), there are a couple of great ways to provide security to your site. One way is with the plugin WordFence. We talked about WordFence in a recent blog about brute force attacks. You can easily install and set up the plugin to block unnecessary logins in and scan your site for vulnerabilities.

Another great feature of WordPress is that the core system (and themes and plugins) are updated fairly often; in fact, we just had another big update this week. While the hackers do have access to the new code, they will need to dig into it and start working up a new way to hack into sites all over again. Of course, this is only a benefit if you keep your site regularly updated. If you have Security Essentials Hosting from Full Scope Creative, no worries – we handle all those for you.

While it sounds logical, security by obscurity will eventually lead to headaches for your site. It’s been proven wrong for at least 167 years thanks to Alfred Charles Hobbs. Security is a big deal, obviously, for any website. Take the time and make sure you use the best security measures available for your site.

What to do with Unused Plugins

WordPress is an awesome Content Management System (CMS). Compared to many other leading CMS platforms (such as Drupal, Kentico, or Joomla), one of the great things about WordPress is how easy it is to keep the system updated and secure. Obviously, it is 2018 and there is no such thing as a “perfect” system – every CMS is vulnerable to attacks. Fortunately, there are several steps you can take to keep WordPress as safe and stable as possible. One area often overlooked is unused plugins.

One of the things that makes WordPress so amazing is how easy it is to install any of the countless plugins to expand your site’s offerings to fit your business needs. With just a few clicks, a new plugin can be installed and with just a few minutes of configuration, it can be ready to use. Once a good and stable plugin is selected and installed, keeping it updated regularly will help keep your site and that plugin safe and stable. However, it’s important to remember that when you’re done using that plugin or if you switch to a new plugin, you need to delete that plugin.

Alternatively, you can deactivate the plugin, but if you choose to go that route, the plugin’s code is still lying dormant on your site. The problem with unused plugins is that it can be easy to forget to update them. Kind of like an “out of sight – out of mind” sort of thing; if the plugin isn’t used, it’s easily overlooked during updates. So instead of just deactivating the plugin, be sure to go through and fully delete it.

There are some plugins, however, that for various reasons, you might not want to delete after you’re done with them. If that is the case, just be sure to always run the plugin updates as they become available. At Full Scope, we recommend checking for updates at least 3 times per week.

WordPress is a great CMS, partially because of the wide range of plugins available for use. That wide range of plugins, if left installed and forgotten, can also be a major undoing of WordPress. One of the best ways to keep your site safe and secure is to keep your plugins updated, and, if they aren’t being used, simply delete them.

Categories and Tags

When you start blogging and creating new posts in WordPress (which I highly recommend you do), you’ll see two options for organizing your posts: categories and tags. While both do the same basic things, organize and index your posts, they have two very distinct uses.


With WordPress, categories are generalized. Each blog post should only really fit into one (maybe two) categories. The categories will obviously be different from site to site and business to business. With the categories that you set up, think of the big picture and the broad topics. We’re not looking for specifics with categories, that comes later.

For example, when I was in high school and college I worked at a CD store. We had a couple of different categories to group CDs into: rock & pop, country, rap, soundtracks, oldies, and other; we didn’t get into any sub-genres of music. With the organization system, The Beatles would be categorized under the Rock & Pop section and Garth Brooks would be in the Country section. We didn’t break the basic sections up any further than that.


While categories are used for general organization and each post should only have one (or two at very most), tags are the complete opposite. Tags are used to drill down to the different sub-groupings of a category. Each post can have as many tags applied to it as makes sense.

I mentioned the store I use to work at and how we didn’t organize past broad genres (Rock, Country, Soundtracks, etc.); however, any of those bands could broken down into further sub-groups. For example, The Beatles could also have tags such as ’60’s Rock, English Rock, Bubblegum pop (they were at first), Psychedelic Rock (they certainly got there towards the end), and many more.

Why have both of them?

As mentioned, both categories and tags serve a purpose. When done correctly, they can help users (search engine or human) easily group posts together and can lead to a better search ranking. I would absolutely use the categories. You really need something to organize your blog posts by, and a general category works great for that. If you want to take more time and assign each post to certain tags, you’ll be that much better off.