A List Of WordPress And WooCommerce Plugins For a Variety of Uses

WordPress came to life on May 2003 and few technological inventions in the internet age have become as ubiquitous as WordPress when it comes to website Content Management Systems (CMS).


This is what the WordPress home page looked like back then:

Old WordPress home page screen shot


And this is what it looks like now:


current wordpress home page screen shot


The rise of WordPress and WooCommerce as a CMS has mainly been due to 2 main factors: ease of use and scalability.


As a CMS, WordPress is an extremely versatile and easy to use CMS with a learning curve that is much less steep than say Joomla and esp. Magento.


Scalability has been made relatively easy due to the myriad number of plugins that have been built for it by WordPress and third parties around the world.


If you have a WordPress site there’s a good chance you have at least a few plugins installed already. However, the list of available plugins and their potential uses are almost too vast to count thus making WordPress even more functional and scalable.


In this post, Diffusion Digital will talk you through some of our favourite plugins for a shipping and SEO. Bookmark this page as we’ll be updating it with more plugins next month!

WooCommerce plugins for Shipping


Flexible Shipping for WooCommerce


Flexible Shipping for Woocommmerce


Download: 20,000+


First up, we have the Flexibility Shipping for WooCommerce which claims to be the most advanced shipping plugin for WooCommerce and whilst we’re not sure we believe in that claim, it does offer quite a wide range of features and customization options to choose from.


There isn’t much that the plugin can’t do and is an ideal solution for WooCommerce sites in the medium to high competition sectors where offering a wide range of delivery options is a must.


In addition to allowing the calculation of shipping costs based on cart total, you could also do so based on weight. Plus, it also offers COD (Cash On Delivery) shipping options which is something most other shipping plugins do not.


Additionally, you have options to integrate insurance options which again, could be a way to add a USP to your WooCommerce site.


The plugin comes in 2 flavours: the free version which gives you the tools that should be sufficient for most small retailer and a paid option for more advanced Ecommerce businesses.


For a full list of features and the differences between the free and paid version, check out their official site.


WooCommerce Delivery Time Picker for Shipping


WooCommerce Delivery Options

Next up, we have the WooCommerce Delivery Time Picker which is a good option to consider if your WooCommerce store offers shipping based on time slots.


Successful Ecommerce stores know that one of the ways you can increase sales is by reducing the amount of ‘friction’ between the user and the buying process and it is usually a good idea to offer as many shipping options as is possible.


This plugin is more like an ‘add-on’ to your existing setup, adding the functionality of allowing users to select when to receive their purchase, giving control to the user on both, the day as well as the time.


Of course, not all courier companies offer this feature so it’s a good idea to check that yours does.

WooCommerce Weight Based Shipping




No. of downloads: 20,000+


Being able to calculate shipping charges based on weight isn’t exactly a unique feature by any means but the WooCommerce Weight Based Shipping does have a super-useful way of offering this option.


There’s a section for adding multiple shipping rules and you can set further conditions based on when certain rules should or shouldn’t apply.

You can also configure your shipping rates based on total order weight, price or a combination of the 2 and although most companies will probably end up using either one it’s a good feature to have.


WordPress Plugins for SEO


Search Engine Optimisation (SEO) is to a website what the engine is to your car. Without it, no matter how amazing your product is, no one is going to see it.


The popularity of SEO has meant that this is area of plugin development is one of the most popular for WordPress which means there’s literally thousands of WordPress SEO plugins to choose from.


A thing to bear in mind is that no matter how good the plugin, they only offer you the tools to have the basic on-page SEO in place. If you’re hoping to attract a wide audience for your WordPress website, you will also need to undertake an off-page SEO campaign that encompasses important traffic-driving techniques such as link building and content marketing.


Yoast SEO


Yoast - SEO for everyone


No. of downloads: 5+ million


First up, we have the Yoast SEO plugin which is by far, the most popular SEO

plugin for WordPress around.


Yoast SEO comes in 2 flavours: the free option which offers you the basic functionality around keyword optimisation, page previews and duplicate content checks whilst the premium (paid) option offers you all of that and much more.


Here’s a snapshot of the comparison but for more on this head over to https://yoast.com/wordpress/plugins/seo/.


Yoast price guidelines


At the time of this writing, the paid plugin costs £79 plus VAT.


If you’re asking “is the premium (paid) Yoast plugin worth it?” then our answer is going to be annoying yet inevitable: it depends.


For small WordPress sites in non-competitive sectors and where you don’t need to drive a ton of traffic to the site, the free option might be just fine. Or, if you have a professional SEO company who is looking after your site, both on-page and off-page as well.


However, if you want to do it all yourself and don’t plan on a link building and content generation campaign or traffic isn’t all that important, you may find the paid plugin adds a little bit of value.


All In One SEO Pack


All in One SEO


No. of downloads: 3+ million


The All In One SEO Pack is another WordPress plugin for SEO and just about as useful as Yoast.


All In One has a useful XML sitemap submission feature for those who don’t know how to work with Google Search Console or Bing (or simply aren’t inclined to).


AMP (Accelerated Mobile Pages) is becoming increasingly common-place on the mobile web and All In One has integration and monitoring capabilities for those 2.


Which is better, Yoast SEO or All In One?


The differences between the 2 are subtle and in many cases, comes down to your personal preference.


For example, whereas the various functions of Yoast are laid out on different tabs, All In One has then all listed on a single page (think of a multi-step checkout process compared to one where you enter all your info on the same page).


Another example is Social Media – Yoast does tend to offer a few more options for Social Media monitoring and integration than All In One.


WordPress Plugins for Marketing


Welcome back to part 2 of our list of essential plugins for your WordPress or WooCommerce website.


This month, we’ll be taking a closer look at some of the best plugins around to help you super-charge your marketing efforts.


The popularity of WordPress has meant that there are thousands of developers around the world building plugins for it for pretty much anything you can think of.


From a marketing perspective, WordPress is designed for small to medium sized growing businesses which means no matter what your skill set when it comes to marketing, there’s sure to be a plugin that is right for you.




No. of downloads: 10,000+


First up on our list is the CAOS plugin built to make the task of Google Analytics integration easier.


If you’ve got a website, you’ve most likely have an analytics programme installed too which gives you data about how many people visit your website, where they come from, actions they take and so on.


Google Analytics (GA) is one such platform and perhaps the most popular one for most small to medium sized websites.

If you’re considering adding GA to your site, you should know that GA only works once you’ve added the GA code to all pages of the site and often you will need to get your web developer to do it.


This is where CAOS comes in. it is a plugin for Google Analytics which allows to you connect to it without the need for any outside help.


The plugin is natively compatible with WordPress which means that installing it on your site is going to be seamless and hassle-free.


What’s more, once you have this in place, it can also show you the basic info from GA right into your WordPress dashboard saving you a lot of time and clicks having to bounce around from once platform to another.


MailChimp for WordPress


No. of downloads: 100,000+


Mailchimp is for email newsletters what Google Analytics is for website analytics so it’s no wonder that we have a bespoke plugin for MailChimp available.


MailChimp is one of the most popular newsletter software around and until the arrival of this plugin, it wouldn’t be too uncommon to find your email subscriber data separate from the signups from your website which means each time you had someone signing up to your newsletter via your website, you will have to manually add them to your MailChimp database.


With the MailChimp for WordPress plugin however, all of that is history.


Once installed and connected, not only can you automatically sync your newsletter and website subscribers but you can also carry out some advanced functions such as offering the ability of people who make an enquiry via your site to sign up to your newsletter directly via opt-in checkboxes.


This is not only a great time saver but will also go a long way in enhancing the size and quality of your subscriber list.






No. of downloads: 800,000+


Speaking of increasing your email subscriber list, another tool that is designed precisely for that is the OptinMonster plugin for WordPress.


Your website’s conversion rate is one of the most important Key Performance Indicators (KPIs) and offering multiple ways for a conversion (aka call-to-action) to occur is a must.


For example, even though your most important call-to-action is going to a sale if you’re selling something or an enquiry if you’re a service business, secondary call-to-action such as a newsletter signup or to download a white-paper or brochure can also be very valuable in the long run.


OptinMonster offers the ability to create several different types of forms such as popups and light boxes and even ‘exit-intent’ light boxes which can help you increase the number of page/views, increase conversions and ultimately make your website work better.


Drip Marketing Automation plugin for WordPress



No. of downloads: 9,000+



If your website’s subscriber count is in the triple digits, you need to have a marketing automation CRM in place if you don’t have one already and Drip is one such option.


In addition to collating all your signups and subscriber info from a variety of signup sources, a software like Drip can also automate certain marketing tasks that you carry out on a routine basis.


For example, Drip will allow you to send out an automated email notification to a a visitor who signs up via your blog each time you publish a new blog post which is not only a great time saver but also helps you improve your return visit levels.


Or, you can create lead nurturing emails which are designed to gradually move your user from the ‘cold’ to ‘hot’ stage of the buying funnel. In the long run, this can mean more sales for relatively less effort.

Getting your website ready for a Google Ads campaign

“You can't improve what you can't measure”

Those words were uttered by the famous Peter Drucker during the direct marketing days and well before digital marketing became omnipresent. However, his quote is perhaps now even more relevant (anyone try to measure the success of a leaflet drop campaign?).

Google Ads can be an invaluable Pay Per Click (PPC) tool to help your business generate more leads and sales and one of the reason for its ubiquitous presence is just how well it can work when you know what you’re doing.

However, the very reason that has made it so popular is also the same reason it has made it an incredibly competitive digital marketing channel and a very easy way to lose money if you can’t accurately track how well your PPC campaign is paying off.


Enter conversion tracking.


google ads overarching goals sub goals KPIs performance targets diagramConversion tracking is the section of Google Ads which allows you to create goals and events which basically tracks every possible conversion action on your website.

Ultimately you want to track not just the obvious conversion action such as a sale but also secondary call-to-actions such as enquiries, downloading a promo code, newsletter signups and others applicable to your business as many times, secondary/sub goals could, in fact, turn into your primary one(s).

  The benefits of having conversion tracking in place should be self-explanatory but here are a few to motivate you:


Get qualitative data


Conversion tracking allows you to deep-dive into your campaign data and get various insights which you could use for other marketing efforts. For example, once you know which keywords are driving leads and sales and which ones simply result in tire-kickers, you can use this valuable piece of information when formulating your SEO strategy.

As importantly, you can begin fine-tuning your campaign, lowering your bids or pausing nonperforming keywords altogether focusing as much as possible on the keywords likely to positively impact your bottom line.

Another example is getting to understand your audience and buying habits better. For example, by looking at your conversions on a device-level, you can get insights such as what device your customers use to buy from and then lowering your bids on devices that are least profitable.


google ads best and worst table


Sell more! Ultimately, the purpose of a Google Ads campaign for most small businesses is going to be sales (not brand awareness).

If you find that your Google Ads is working relatively well (think good Quality Scores, high click-through rates, low Cost Per Clicks) but it isn’t resulting in the expected ROI, there’s a good chance that your website or landing pages are the bottleneck.

By making improvements to the pages to which you’re directing your traffic, not only can you ultimately sell more but it would also have a positive long-term impact on all other digital marketing channels where you’re using the same landing pages.


Improve your marketing ROI


Whilst Google Ads is an incredibly effective source of lead-generation, your return from your ad spend will vary greatly depending on myriad factors such as how competitive your industry is, the quality and buyer-intent of your chosen keywords, how well your campaign is set up and much more.

By looking at your lead and sales acquisition costs on a channel basis, you can decide where your marketing budget is best spent and tweak your allocation accordingly.

Not only will it enable you to find out exactly how much you’re spending to acquire each customer through your Google Ads campaign but also help you make strategic decisions when deploying multiple marketing channels such as which one is more cost-effective and therefore to focus on more.

Hopefully, now that you’re convinced about the importance of conversion tracking here’s how to get started…..


Setting up Conversion Tracking


Ultimately, the Conversions view on your Google Ads should look like this, with multiple goals and events having been configured.


google ads conversion actions table


You’ll find an informative guide on how to set it up on Google Ads’s official resource but here’s an overview:

  1. Head over to the Conversions section of your Google Ads


google ads settings options


  1. You’ll be presented with a range of options for setting up conversions. Unless you’re selling a mobile app, you will want to select the other ones.

If you already have goals set up in Google Analytics then click on the Import option and you will be able to import your GA goals into Google Ads without having to set them up again

For new installs, select the Website option and you will be able to all configure conversion actions that apply.


google ads track conversions icons


The Phone Calls tracking is an incredibly important and useful feature which allows you to track conversions that originated via the phone. Whilst this may be less important for eCommerce websites, it is a good idea to have all of these in place.

Head over to this guide on the official Google Ads website for more on how to set up conversion tracking via phone calls

Here’s a simple guide on what to enter as values when defining each conversion:


google ads enter values conversions


If you’re using an eCommerce website powered by Shopify, WordPress WooCommerce or another popular shopping cart plugin, it is fairly easy to setup conversion tracking for your primary call-to-actions via Google Analytics.


Head over to the eCommerce section on the admin section of your GA profile and enable eCommerce tracking.


google ads enable ecommerce status setup


In most cases, you won’t need to do much else and once you import these goals into your Google Ads campaign, you can even see exactly which products you sold, their total value, how much spent to generate that sale and a host of other KPIs.


google ads campaign


TIP: Whilst you’re in GA, it’s a good idea to switch on eCommerce search tracking so you can also see what products your users are searching for.

For advanced marketers and eCommerce businesses, there are some other KPIs you may wish to track to get a more insightful view into your campaign performance and ROI:


  1. Conversion by traffic source: Where are your converting customers coming from? Once you combine this with the cost per acquisition of each sale, you can use this data to determine where you should be investing in driving traffic
  2. Conversion of new vs. returning visitors: Segment conversions of new visitors vs. returning visitors. Conversions for returning visitors are traditionally higher.
  3. Secondary conversion to first: By looking at conversions by each call-to-actions, you can determine how valuable secondary conversion actions are (e.g. what % of newsletter signups convert into a sale ultimately)
  4. Profit: What remains after you subtract the cost of running the store and all marketing expenses (don’t forget to take into account what you pay your eCommerce marketing agency)?


And, that sums up how to set up conversion tracking.

As always, if you need help at any stage or want to know how to setup Google Adss or conversion tracking for your own site, feel free to get in touch with Diffusion Digital and we’ll be happy to help.



Steps to Take if your WordPress Website has been Hacked

keep wordpress secure

If you’re like most businesses, your website is an important cog in your lead and sales generation machine and there are fewer things more harrowing and downright disruptive than to visit your website one fine day and find that it has been a victim of a hack or malware injection.

The good news (if we can call it that) is that WordPress websites getting hacked is far more common than you might imagine so don’t beat yourself too much over it. What is important at this stage is limit the damage, to take the necessary measures to get your site cleaned up and running again.

In this article, we will look into how to spot whether your WordPress website has been compromised as well as taking a deep-dive into the methods you can use to recover it and get going again.


How to Spot if your Website has Been Hacked

cyber criminals

When it comes to hacking, you need to keep in mind that WordPress isn’t very different than sites that have been built using other platforms. Anything that is connected to the internet is prone to cyber criminals and even other, less popular platforms like Magento, Drupal or Joomla are prone to hacking too.


Here are a few common signs of a hacked WordPress site:


  1. Your security plugin sends you a warning: if you are like the vast majority and you are using one of many security plugins available, then chances are you will be notified as soon as your site gets compromised. As far as WordPress hacks are concerned, this is the best-case scenario, as it enables you to react immediately.
  2. The site redirects to another one: another sign that your site has been compromised is when you are trying to access your site, but you are redirected to another website and these are often adult and gambling sites. If this happens, you can bet that someone has got unauthorised access to your server and is ready to wreak havoc for their own traffic-gain benefits.
  3. You cannot log into the admin panel: probably the most common way cyber criminals hack their way into your system is by stealing the login information. Once they’re in, they will hijack your admin account so that you will no longer have access to your site and in some cases may even ask for a ransom (should this happen, never give in to their demands). In many cases, they will ask for a ransom. In case it happens, never comply with their terms. Here is why you should not give into ransomware demands:
  4. Google marks your site as insecure: if Google detects suspicious activity, they will mark a site as insecure in search results. Of course, they might also remove your site from SERPs altogether. In Google Search Console, you will be notified when your site has been marked as non-secure or has been removed from search results and Chrome and other browsers may also display a warning.
  5. Warnings from your browser: most browsers are now equipped with built-in security warnings when they detect phishing attacks, malware, cross-referencing or other malicious elements on a WordPress site. If you get a warning from your browser, you know you’ve been the victim of a hack.
  6. Sudden traffic spikes: a sudden traffic spike doesn’t always mean great marketing! Hackers will sometimes use hacked WordPress sites as their hub of distribution. In other words, they can use your site to send malware and viruses to other platforms. To avoid spam detection, they will link to your domain and then redirect visitors to another site. If you see some unexplained traffic spikes, consider running a malware scan.
  7. Your site displays strange links: another alternative that hackers may use to sending visitors to other sites is to place spammy links right on your site. This method enables them to remain hidden to run things from behind the curtain. If you notice that your site has weird links on it, make sure to take the steps presented in the section below.


Practical Steps to Take if your WordPress Site has been Hacked


  1. Keep your Calm

First things first: Relax! Rather than panicking remind yourself a fix may not be very difficult.

Being angry or stressed won’t help and just delays the process of you working towards getting the issue resolved, either by yourself or getting someone else to do it.

Important thing is to get to work right away.


  1. Locate the Actual Hack


In order to get the problem solved, you first need to locate the actual hack. Here is a quick list of questions we advise you to go through in order to locate the real problem:


  • Are you able to successfully log into your admin panel?hacked vs fixed
  • Does your WordPress site contain any illegal links?
  • Is your site redirecting to a third-party website?
  • Has Google marked your website as insecure?
  • Do you see on your browser a security alert concerning your website?


After you have answered the above questions with yes/no/maybe, follow the steps below.


  1. Contact your Hosting Company


At this point, you need to start acting. The best thing you can do is to contact your hosting company ASAP. Most professional hosting companies will gladly help you with this situation. The ones with more experienced staff have already dealt with hackers before, so they know how to navigate the shallow waters of WordPress hacking.

Before taking any steps yourself, it is wise to contact your hosting company. In case your website is hosted on a server, the hosting company can immediately see if the cybercriminal got access to your WordPress site through another site hosted on their platform. Moreover, there is a good chance that they might tell you how the hackers accessed your site and where the backdoor is located.

Hopefully, your hosting company is professional enough to detect the problem and to clean up your site after an attack. If not, there are other options you have at hand.


  1. Backup your data

data backup button on keyboard

While it may sound counter-intuitive, backing up your data after your site has been breached is a vital step in ensuring that you minimise the damage done. You should do this step at the same time you are contacting your hosting company. Keep in mind that some hosting providers might delete all the data on a site that has been compromised. Since you don’t want to lose all your precious data, it is always a great idea to keep a copy around.

Salvage whatever you can using your an effective WordPress backup solution or do a backup by yourself.


  1. Perform a Full Computer Scan


You can do this in parallel with data backing. And, why should you scan your local machine?

In many cases, the actual hack can trigger on the local computer associated with your WordPress account. If a cyber criminal has managed to compromise your computer, it is possible that they can extend their reach to the websites you frequently log into. Using a key-logger, the hacker can get free access to your WordPress site.

For that reason, install and run a full virus/malware scan on your computer. Additionally, ensure that your OS is up to date. By doing this, you can make sure that the problem didn’t originate from your computer and reduce the risk of being reinfected after cleaning up the mess on your WordPress site.


  1. Hire a Professional


If your website has experienced a strong attack and your hosting company is unable to help you, we recommend that hire a WordPress agency. Keep in mind that a vulnerable website only gets worse as time goes on, so the faster you can get the issue fixed, the safer your website will be.

Hiring a professional might come at extra costs, but you get the peace of mind that your website is up and running ASAP and the probability of a repeat hack is less.


  1. Restore a Previous Version


Now, if you’ve developed the good habit of backing up your site regularly, you might be lucky enough to get rid of the hack by simply restoring your site to a previous version. The only downside to this is that when restoring your site to a previous point in time, all the changes you’ve made since then will be lost.

Now that you’ve restored the old version of your site and minimised the damages, add extra security functions to ensure that you site will be able to avoid future malicious activity.

In case you can’t restore your site to a previous version or you don’t want to do to avoid losing data, you may be able to manually clean up the code.


  1. Scan for Malware

warning - visiting risky site


After you update the plugins and the theme, it is imperative to scan for malware. A good WordPress security plugin will automatically scan for malware and will scan your cores files for integrity. Moreover, it will tell you if whether your site has been blacklisted by Google.

Scanning for malware allows you to remove any undesirable penalisations by Google so that you can retain your SEO (Search Engine Optimization) ranking.


  1. Replace Any Compromised Files


In case malicious code is found on any files, the best thing you can do is to delete those files and replace them with the original, uninfected version.

For instance, you can replace the core version of your WordPress site with a fresh version without ruining your site. As long as the wp-content section remains intact, you can modify everything else.

In fact, the simplest way to do that is to just go and re-install WordPress from inside the dashboard. Also do that for plugins and themes.


    10. Change your Password and Secret Keys


Another step you can take if your WordPress site has been hacked is to change the password again. Do not change just one password, but change them all, including backend credentials, MySQL passcode, FTP login and admin email address password.

Another important password you need to change is the SALTs. WordPress SALTs are secret keys used to encrypt important information. SALTs allow the hacker who has accessed your account to be able to remain hidden thanks to cookies. By changing the SALTs, you ensure that any access from the outside is deleted, and the hacker won’t be able to access your account anymore using the password stored in the cookies.


Rebuilding your Site


Now that the attack has been dealt with and your site is clean, it is time to get everything back. Get all the blog posts, themes or plugins back to their normal state from the backup files on your WP site or from your computer.

The last step of the process is to harden your WordPress site security to ensure this won’t happen all over again. Here is a blog post with just the right security measures: https://diffusion.digital/wordpress-website-security-bulletproof/.


How to choose a website design agency

The website design and development racket is a tricky field to navigate.

If you find yourself in search of web design agencies, it’s sometimes hard to tell the wood from the trees in terms of differentiating between the good and the bad.

The aim of this blog is to give you a few pointers on why it’s worth your while getting professionals to design and develop your website.


#1 How hard can it be? I’ll do it myself for a fraction of the price


Don’t get me wrong many people have successfully designed, developed and launched their own websites using one of the well-known platforms such as WordPress or Wix.

But, have they created something that truly reflects their brand or business? Well I’d bet that 99% of ‘self-built’ websites entirely misrepresent their brand/business or simply don’t do it justice.

A website is often the first place a prospective new client will look – the importance of making a good first impression is essential in building trust, driving conversion and encouraging advocacy.



#2 Due-diligence whether it’s a new business or an upgrade – don’t go rogue


So, you’ve made the right choice and realised what’s best for your business.

You must be careful though. As in every industry, especially overcrowded ones, there are those who have your best interests at heart, and then there are the crooks.

Owing to how diluted the industry is, the web design and development space is littered with people trying to exploit other peoples ignorance and make a quick buck and whilst most agencies in question provide a similar service offering to one-another, it’s up to you to differentiate between them all.

It’s important to try and choose an agency that will take as much pride in the client’s business and brand, as the client themselves.

This is obviously easier said than done but finding a team with enthusiasm for not only their work, but also their clients, will ensure a positive outcome further down the line.

An obvious place you can check this is in their case studies. If there aren’t beautiful examples of past work proudly placed on a pedestal on the agency’s website, alarm bells should be ringing.

Another easy way of finding reputable agencies is through industry related publications and the annual awards given out to leading website design agencies in London and globally.


#3 Pay Peanuts, Get Monkeys


Monkey selfieWhen it comes to costs, if it sounds too good to be true, then it probably is and somewhere down the line you’ll end up in losing out either financially or being lumped with a mediocre, under-whelming website.

Always bear in mind the number of different elements it takes to build a good website – design, UX, development and SEO. Each are very specific skills that people spend years honing and as such you expect to pay!

So, save your time and don’t engage with any company who quote significantly less than all the other quotes that you have received.

Especially in regard to SMEs and start-ups, budgets can be restrictive, but, considering the importance of a website plays on client’s first impressions, every effort should be made to make them as well-crafted as they can be.

Websites are often more expensive than people think but when you take into account the expertise you are getting for your money, the juice is worth the squeeze.

75% of user judgment about your business’s credibility is based on your website’s design
University of Surrey

People are often taken aback by the costs of building a custom website. Whilst these costs are usually fair, the agency should provide fairly comprehensive breakdowns demonstrating how they are arriving at the forecasted costs, including an idea of additional development and post build costs should they be needed.

Getting several quotes from different agencies should give you a good idea of a ballpark figure you should expect to pay.

Whilst there are some very intuitive platforms out there that can walk you through every step to building an intuitive and responsive website for relatively little money, the chances of you creating a website that best reflects your business is hard with off the shelf templates. What’s more; by using the standard themes offered by the likes of WordPress and Shopify, it’s likely that your website will end up looking similar if not identical to someone else’s and correct me if I’m wrong, it’s in a businesses interest to stand out from the crowd, not mix about in it.


#4 Forming Lasting Relationships


Digital professionals helping ambitious brands thrive online.

This is the mantra at the core of Diffusion Digital’s ethos and fundamentally lays out our driving force, and, in danger of sounding self-righteous, it’s one that every digital agency should pursue.

people working happily

I say ‘pursue’ because – owing to evolving environments, demographics and products, to name but a few – this process is changes with the times and we must adapt with it. Having an agency aboard throughout will make your life easier in the long run.

Agencies should demonstrate that they take genuine pride in the websites they help craft. They should take the time to truly understand what the brand or business stands for and the client’s objectives or vision into the future, as well as Key Performance Indicators.

When a collection of brilliant minds, hearts, and talents come together… expect a masterpiece
John Ruskin


#5 Sit back and watch your business/brand evolve online


The beauty of using an agency is that you should expect all bases to be covered.

  • Appropriate platform

Magento, WordPress, Kentico, Salesforce, Shopify are just a few of the platforms that people host their websites on and which one to use depends on your business. Engaging the correct platform from the outset is critical to all businesses moving forward in terms of functionality abd scaling the business in the future.

  • SEO structure

It is essential to involve Search Engine Optimisation (SEO) from the earliest stages of a website build. Creating keyword optimised landing pages will help Google recognise what your business is and subsequently, with an ongoing content strategy, high quality organic traffic will be driven to your site.

  • Clever custom animations

Being able to customise apps and other integrations is essential to truly bringing a brand to life online. Agencies make it their mission to tweak existing apps to best fit the profile of the business they are working for. This allows entirely bespoke interactions that will truly enhance the appearance and performance of the site.

  • Seamless user experience

Creating a site that is easy to navigate, with intuitive integrations and that’s pleasing both visibly as well as practically is a crucial part of attracting engaging and retaining visitors to a site.

  • Responsive design

Increasingly people use a variety of devices to access the internet making it essential to develop a website that transitions seamlessly from one device to another.

#6 Key considerations


  • Does this agency have the right expertise?

Choosing an agency cartoonThe agency doesn’t necessarily have to be old but it is worth checking the experience of the team who is going to be working on your account. It has been known that experienced people will be in the discovery stages in order to win the brief and subsequently pass the account onto less able juniors. Whilst this is great in teaching other people skills, it might not be ideal in terms of building your website.

  • Does this agency offer all of the services I require?

Where possible find an agency where all departments — SEO, Development, UX, Copy Writing to name but a few — are housed under one roof. In terms of simplicity, efficiency and ease of communication this is far better than working with agencies who sub-contact elements out to people who might be based on the other side of the world

  • Is my business important to them?

Find people who care. If it is a small project don’t go to a big agency because they might not assign the same amount of time as they do to other projects.

  • How many people will be working on my account?

This will vary throughout the build. Expect all sections to be involved during the initial discovery stages but once designs and strategies have been laid down the teams will work individually on the sections that are relevant to them before passing it onto the next to complete theres.

  • Who will be my main contact?

Ensure clear lines of communication are set up and you know who you speak to directly should you need to

  • What am I paying for?

You are paying for a team of experts in their respective fields to help bring your business to life on line. In a world where digital is taking over a little more each day, it is essential that we keep up with the times and by creating a beautiful website you will extend your reach enormously.

  • Do you like and trust them?

This isn’t just an agency who you need to help you in the short term. These individuals are going to be dealing with something which is incredibly important to you and as such you need to not only to like them, but more importantly trust them. You need to be able to look at them and tell that they are going to treat your baby – so to speak – with the upmost respect. Essentially a website design agency becomes intimately involved in the development of your brand/business and as such you need to see that they care.

  • Are they asking the right questions?

The agency should develop a deep understanding of the business and how it works during the initial discovery stage, this should also look into key performance indicators and future targets.

  • Are they able to provide testimonials and examples of work?

Whilst the agency doesn’t necessarily have to be too old, it is important that at least a few of the people who work there have considerable experience working in the industry. This can be tested by looking at the testimonials on both the individual as well as the work they have done.

Ultimately what you ant to ask yourself is whether or not you will form a good relationship with the agency and especially the team who are going to be working on your account.

Contact with an agency rarely ends after the build is complete and usually an agency will offer retainer packages to manage a website into the future. Moreover finding an agency who offers on-going SEO and content marketing retainer strategies that will help drive high quality organic traffic to your site.


How to make your WordPress website security bulletproof



Tips and guidelines on increasing the security of your WordPress site

This article will cover the following:

  • Stronger logins
  • Two-Factor Authentication
  • Limiting the number of login attempts
  • Hosting & WP security
  • Be careful about who you trust
  • Have a backup plan

After putting all the hard work in to getting your WordPress site built, nothing quite compares to the feeling when you see it live online for the very first time.

WordPress is the most popular Content Management System (CMS) platform out there and the driving force behind millions of websites, many super-popular such as the Microsoft News Centre, TechCrunch, The New Yorker and even Usain Bolt’s personal website!

However, WordPress’s incredible success hasn’t come about without any downsides and the bad news is that WordPress is a prime target for website hackers across the globe. The fact that WordPress is open source means that without the right tools and security measures in place, an experienced hacker can gain control of your website without much difficulty.

The good news however, is that by following some very simple techniques to beef up your website’s security (most of which us folks at Diffusion Digital will take care of for you) the likelihood of your shiny new website falling pretty to an attack will be very unlikely.

So, without further ado, let’s delve right into the topic of increasing the security on your WordPress website:

1. Avoid Using Admin as Username

Perhaps, this is the most basic measure you can take when it comes to securing your WordPress website! It does not cost a thing, and the process is so easy to execute. For the most part, attackers tend to target the wp-login/wp-admin access points by combining admin and a particular password. These kinds of activities are referred to as Brute Force attacks. Removing admin is the first step to hardening your WordPress and if you succeed, you’ll be able to kill these attacks.

Yes, an attacker may still enumerate a User ID to create a new username and there are chances this can occur. However, when it comes to securing WordPress, you need to remember that security is not entirely about eliminating risks, but rather minimizing the chances of risks from occurring.

Therefore, for the types of attacks where a hacker utilizes trial-and-error technique to gain access to your site, getting rid of the default administrator or admin username can be significant as far as securing WordPress is concerned. By so doing, although you’ll not be able to completely prevent a threat, you’ll at least make it challenging for attackers to guess your username. To eliminate any confusion, admin in this case specifically implies your username and not your role as the administrator. To remove default admin:

  1. Create a New user at Users > New User in your WP
  2. Make the New User a user with rights as an administrator
  3. Delete the admin user

The pages and posts created by the admin user should not worry you. WordPress will ask what to do with the content the admin owned, and you can either choose to delete or assign the content to the new user.

2. Two-Factor Authentication

Brute Force attacks can still be problematic, irrespective of what techniques you use to generate your password. A two-Factor Authentication is one way to ensure these kinds of attacks are reduced if not eliminated. Utilizing a Two-Factor authentication technique may seem like a hassle and a waste of time, but this will come in handy when attackers want to gain access to your WordPress. The essence of this technique is just as its name implies – two types of authentication. Having this kind of buffer in your site is standard and crucial for enhancing security at your points of access. Already, you are utilizing this technique in your PayPal and Gmail, so what’s the harm in having it in your WordPress?

If you want what to know more about Two-Factor Authentication, you can read this article by Ipstenu.

3. Limit the Number of Login Attempts

As mentioned earlier, attacks such as the Brute Force attack usually target the form of your login. For WordPress security, there is an All in One WordPress & Firewall with the option of changing the default URL for a login form.

Apart from that, there are other options that you can use to limit login attempts from specific IP addresses. Number of WordPress plugins are available to protect you from a multitude of login attempts in certain IP addresses.

4. Hosting & WP Security

There are no rules for selecting a WordPress host. However, when it comes to WordPress security, the type of hosting company you choose to work with matters.

Every guide or article that is written on hosting companies emphasizes that the cheapest company is not the best partner to work with. In most cases, this is usually true. Cheaper hosting plans usually lack the support to assist you in case your site is hacked. These kinds of plans usually incorporate fewer aspects of security. For instance, shared hosting implies that the server that hosts your site is also utilized by other websites. In such case, if these websites encounter security issues, there are chances the security of your website may end up being affected as well.

In specialized WP hosting products, WP security is usually the main USPs being offered. For instance, WPEngine offers redundant firewalls, backups, DDoS protection, malware scanning, and automatic WP updates for affordable pricing. To learn why your site needs updating, click here.

You also need to be mindful of your host account. A common and major challenge for hosts lies in account configuration for owners of websites. As a website owner, you can configure various websites resulting in what is referred to as a soup kitchen environment. This aspect is problematic since it enhances the vulnerability of a website via what is known as the cross-site contamination.

In this case, a neighbouring website is used as a vector for attack. The best way to prevent cross-site contamination is to combine both the Functional Isolation and Account Isolation.

5. Be Careful about Who to Trust

Among the most amazing things about using WordPress is the availability of various third-party plugins you can download to improve the features and functionality of your site. The WordPress Plugin Directory indicates that there are more than 37,700 plugins you can install – that is quite a number!

However, the problems arise when you layer something on top of another platform as this could end up creating security holes and increasing vulnerabilities. For WordPress, most attacks occur as a result of the vulnerabilities present from the use of themes and plugins.

There are premium and free plugins. The choice of either of these options will depend on what you expect to get, but you also need to remember that each of these options works differently. Most people think that they are 100% safe with a paid plugin. While using a premium plugin can help prevent or fight attacks, it does not imply that you are eliminating an attack completely. Even when a known threat has been patched by the premium developer, you remain at risk until you have updated your plugin.

Before you can install a plugin on your site, here are a few pointers to have in mind:

  • You need to ask yourself whether the functionality of the plugin is absolutely significant in offering the best experience. If not, do not install the plugin.
  • Has it been recently updated? The WordPress Directory usually details a changelog for every plugin. A changelog refers to the list of alterations to plugins as well as the dates the changes are to take place. If it’s been a while since the plugin was last updated, then do not install it.
  • If you are considering a premium plugin, is there support from developers? How do other users rate it? Only go for plugins with high ratings and developer involvement.
  • Running fewer plugins is an excellent option if you want to minimize the chances of attacks. For that reason, you need to consider a plugin that can consolidate the features available in multiple plugins.
  • NEVER install a plugin from a source that is unknown…ever!

6. Have a Backup Plan

To make your site effective, it is important to make sure your WordPress is backed up appropriately. The aspects of your WordPress that need backing include website database and files connected to your site. It cannot be stressed enough how important it is to back up your website regularly. Depending on the graveness of the attack and how harmful it could be, a backup is often the only way out if you want to return your site to a semi-working state.

Hosting accounts usually have a way of backing up the files and databases of your sites. Apart from that, there are some plugins which are designed to back up the website files and database of your WordPress. Irrespective of how you choose to do it, you need to make sure your site is backed up on a regular basis.
Your host company may schedule for backups to take place daily, weekly, or even monthly. But the more these backups take place the better and secure your site is. However, you need to remember that websites backups usually take up space. Therefore, you may be limited to a certain number of backups depending on the amount of space you have paid for.

Another essential aspect you need to know is that a backup is not 100 percent guaranteed on your hosting server. If the server at your hosting company misbehaves, your backups can be lost. As a result, to avoid these incidents from happening, you need to ensure you have your databases and files backed up elsewhere on the local drive or via FTP so you are covered from any form of data loss.

Final Thoughts

While it is not possible to completely protect yourself from attacks, there are things you can consider combatting the probability of an attack from occurring on your site. It can be expensive and stressful to deal with an attack, and if you are not careful, you may end up losing your business. The security of WordPress is a serious matter, and with the presence of 82,000 malware threats each day, it is well worth your effort and time to implement these tips.

These pointers are not a full list of the steps you can take to secure your site. There are other aspects you can always consider that could improve the security of your WordPress. However, it is without a doubt that this article offers a practical list of the aspects to consider, as well as the steps you should take, to secure your first layer of defence when it comes to WordPress security. Remember, security is not absolute and it’s the responsibility of every webmaster to make it daunting for hackers to access their sites.

So, did you find this guide helpful? Are you looking to create a beautiful and secure WordPress website for your business? If so, do not hesitate to give Diffusion Digital a try.


Are you aware of GDPR? More importantly, are you GDPR compliant?

The General Data Protection Regulation (GDPR) is Europe’s new data protection law that is coming into force on the 25th May.



‘Anyone who processes personal data of European citizens’.

Essentially, any global business who targets European customers/audiences.

If you are a SME and use platforms such as Shopify or WordPress to host your site, don’t fall into the trap of thinking they are the ones responsible for data compliance because they are not, you are.

Do you need more information? Contact us now for expert advice on making your website compliant before the law goes live on 25th May.



Data is direct or indirect information on an individual by which they can be identified.

  • Permission must be sought to use/store it
  • Data must be stored securely and used responsibly
  • Clear opt out clauses in place should people wish to withdraw their permission
  • Old data must be reviewed and securely erased if necessary
  • At the customers request all their data must be, in its entirety, securely deleted  from the system
  • No sharing data with third parties without consent, even inadvertently.



Should a breach be detected that may ‘result in discrimination, damage to reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage’, it must reported to both the ICO (in the UK at least) and the data subject, within 72 hours.

There are devastating fines in place of up to €20 million or 4% of annual revenue which could be fatal to most SMEs.



For more info follow this link to a twelve step procedural plan set out by the ICO.

Complete these self-assessments and explainers to determine whether your website and practices are compliant with the new laws.

Alternatively, if you’re looking at designing and developing a new website then read more about both eCommerce and WordPress site but following their respective links.