SitePoint Sponsor

User Tag List

Results 1 to 7 of 7
  1. #1
    SitePoint Wizard
    Join Date
    Oct 2005
    Posts
    1,832
    Mentioned
    5 Post(s)
    Tagged
    1 Thread(s)

    Giving A Client More Information Than They Ask For

    I have a question I've been wondering about for some time. It's a little bit of a moral dilemma of sorts.

    Let's say you are approached by a potential client. This client has an existing static website and wants to convert to using Wordpress as a CMS. The client is pretty set on using Wordpress because of what he has read and wants you to design a new theme, install the site on the server, and maybe install some plugins for him.

    Someone unfamiliar with websites or using Wordpress as a CMS might not know a few critical details. Such as the fact that Wordpress has to be updated whenever updates are released or it can possibly be vulnerable to hackers. Or the fact that plugins can possibly be hacked such as with the TimThumb plugin.

    I had been in the habit of checking every day for Wordpress updates then for a period of four or five days I neglected to check when one had been released and my hosting account was hacked. The hacker uploaded some IRC scripts or something to the server and my host suspended the account until I contacted them to fix the situation. Even though I have no direct evidence Wordpress was the method the hackers used to gain access to my folders, I am pretty confident it was as I have had no problems since. Wordpress has to be checked every day almost to see if updates are available. A website owner using Wordpress has to babysit it.

    Do you tell your potential client this even though he did not ask? If you tell him, you could turn him off on using Wordpress and lose a sale, a sale you might really need to make. On the other hand, it is pretty important information that any website owner using Wordpress (or any other CMS) should know. Does a developer have the moral obligation to make sure his potential client knows all the important information before proceeding? Not from a legal standpoint so much as a moral one.

    What would you do?

  2. #2
    It's all Geek to me silver trophybronze trophy
    ralph.m's Avatar
    Join Date
    Mar 2009
    Location
    Melbourne, AU
    Posts
    24,114
    Mentioned
    448 Post(s)
    Tagged
    8 Thread(s)
    Quote Originally Posted by cheesedude View Post
    it is pretty important information that any website owner using Wordpress (or any other CMS) should know. Does a developer have the moral obligation to make sure his potential client knows all the important information before proceeding?
    Well, it's probably better to mention it beforehand than have to say something after the site has been hacked. But given what you've said, I would use such information to convince the client to use a better CMS that is more secure and needs less updating.
    Facebook | Google+ | Twitter | Web Design Tips | Free Contact Form

    Forum Usage: Tips on posting code samples, images and more

    Forrest Gump: "IE is like a box of chocolates: you never know what you're gonna get."

  3. #3
    SitePoint Enthusiast
    Join Date
    Dec 2005
    Posts
    90
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You should know what you are talking about before giving advice. Any website can be hacked, even a static one, especially if it's on a shared server. Anyone using a static website these days cannot use their website to its potential. The problem is not so much with the CMS, it's the 3rd party extensions, the server, and passwords that are too soft.

  4. #4
    SitePoint Member
    Join Date
    Feb 2012
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    In my opinion there are only two ways of doing business the right way and the right way. The only way to build sustainable business relationships is by building trust between both parties. In every relationship there will be multiple sales and the onle in which you lost the least is the good relationship.

    It is always required that you tell your customer what is right and good for his business because the longer he stays in business so will you

  5. #5
    SitePoint Member
    Join Date
    Feb 2012
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi,

    I guess you should approach him politely. Then give good ideas and outcomes when using CMS. Get his interest on the topic. Then gradually introduce what you want to offer him. By that you prospect would not get intimidated by you

    regards
    Last edited by Stevie D; Feb 15, 2012 at 09:28. Reason: Fake signature deleted

  6. #6
    SitePoint Wizard
    Join Date
    Oct 2005
    Posts
    1,832
    Mentioned
    5 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by donmarvin View Post
    Any website can be hacked, even a static one, especially if it's on a shared server. Anyone using a static website these days cannot use their website to its potential. The problem is not so much with the CMS, it's the 3rd party extensions, the server, and passwords that are too soft.
    Server security is the responsibility of the web host. Choosing a strong password is the responsibility of the website owner. Both of those are beyond the control of the person who designs a site using Wordpress. I'm referring not to those possible weaknesses, but to any possible vulnerability that could be in the CMS code such as Wordpress. And there have been quite a few.

  7. #7
    Life is short. Be happy today! silver trophybronze trophy Sagewing's Avatar
    Join Date
    Apr 2003
    Location
    Denver, Phang-Nga, Thailand
    Posts
    4,379
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by cheesedude View Post
    I have a question I've been wondering about for some time. It's a little bit of a moral dilemma of sorts.

    Let's say you are approached by a potential client. This client has an existing static website and wants to convert to using Wordpress as a CMS. The client is pretty set on using Wordpress because of what he has read and wants you to design a new theme, install the site on the server, and maybe install some plugins for him.

    Someone unfamiliar with websites or using Wordpress as a CMS might not know a few critical details. Such as the fact that Wordpress has to be updated whenever updates are released or it can possibly be vulnerable to hackers. Or the fact that plugins can possibly be hacked such as with the TimThumb plugin.

    I had been in the habit of checking every day for Wordpress updates then for a period of four or five days I neglected to check when one had been released and my hosting account was hacked. The hacker uploaded some IRC scripts or something to the server and my host suspended the account until I contacted them to fix the situation. Even though I have no direct evidence Wordpress was the method the hackers used to gain access to my folders, I am pretty confident it was as I have had no problems since. Wordpress has to be checked every day almost to see if updates are available. A website owner using Wordpress has to babysit it.

    Do you tell your potential client this even though he did not ask? If you tell him, you could turn him off on using Wordpress and lose a sale, a sale you might really need to make. On the other hand, it is pretty important information that any website owner using Wordpress (or any other CMS) should know. Does a developer have the moral obligation to make sure his potential client knows all the important information before proceeding? Not from a legal standpoint so much as a moral one.

    What would you do?
    I think the answer is somewhere in the middle.

    You need to advocate for your client, and give them the information that they need to make good decisions. However, you are also expert in the field and they are not, so you need to be wise about what recommendations you give them and why.

    It would be very appropriate to inform your client that wordpress sites need a bit of maintenance and to be updated from time to time. You should walk them through what this usually means, the perils of over customization vs. ease update, etc.

    But, you also need to be understanding of the client perspective. Wordpress is incredibly popular for a reason, which is that it's free/easy and works well. Like most things that are very popular, it's the target of many exploits but whether that is a real business risk is not up to you - it's up to them. If your client is handling sensitive data, or has valuable transactions going through their server then maybe wordpress isn't a secure enough choice. But if your client would like the value/price/ease/popularity/familiarly of wordpress even with some of the shortcomings, that is fine, too.

    I host my corporate site on wordpress and guess what, I got hacked last year and it was down for 3 days before I noticed. A little embarrassing, but only a little and I'm still on wordpress. It wasn't that big a deal, and my business is still profitable and humming along. I am not willing to invest in a 100% secure website, it's not worth it to me or for x million others.

    It's also true that the server hardness makes a difference, and really all the popular CMS's are vulnerable to some degree.
    The fewer our wants, the nearer we resemble the gods. Socrates

    SAGEWING LLC - QUALITY WEB AND MOBILE APPS. PREMIUM OUTSOURCING SERVICES.
    Twitter | LinkedIn | Facebook | Google+


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •