• Stop being a LURKER - join our dealer community and get involved. Sign up and start a conversation.

Held Hostage By Dealer Fire

nickb

Full Sticker
Feb 23, 2015
14
1
First Name
Nick
Alright, I do not know where I am going to begin but I will try to keep it as short as possible. (if its too long skip to paragraph three to help me)

A few years back I came to you guys for help on building a great performing site. Something responsive that converts and helps sell cars. I found Dealer Fire and they nailed it and created exactly what I wanted. I had SEO set up and pumping out content. Back office I was able to see everything coming in and grew my traffic from 150 users to 450 users in one year. Granted most of them landed on blog posts that never converted, although I still had people landing on my site. All in all I was happy with what they made me and happy with the price.

Cut to the last six months, towards beginning of winter I asked if they would shut off all of my SEO and just keep my site active. Winter really killed me last year losing some big money. On top of that my baby brother who worked here at my dealership passed away and I took a leave for a few months. He was twenty four, hospital accident, long story... Come to find out they never backed down my package. Also for some reason they didn't charge me for a bit and I built up this large balance, maybe because of the dealer socket acquire. I spent countless hours on the phone explaining and showing them emails about the billing error. I forwarded emails where I blatantly told my rep I wanted my package lowered to bare minimum. After trying to plea my case about my over charge I ended up giving up on these guys. Now I was forced to switch back to my crappy old converting site.

I learned a huge lesson throughout this crazy experience. All the SEO money in the world will still be lost if you switch providers. All the traffic and all the hard work we put in to create a strong site is gone. I did pay for content SEO and specialty topics that made us unique and now its wasted. Its all gone because we want to switch providers over a billing error. I want all my efforts to be mine in the future and do not want to spend thousands of dollars for something that can be taken away at anytime. I want to own my WordPress site so no one can ever steal away the content and built up traffic that I paid for. Is it possible to have a site that I own that is built out like dealefire did. How can I have my own wordpress that's mine and have a one time build out by someone. I want to have my inventory built into the site along with a credit app page. I would like to to link to homenet or something similar. I want to go on my own, is this too much to ask?
 
I want to own my WordPress site so no one can ever steal away the content and built up traffic that I paid for. Is it possible to have a site that I own that is built out like dealefire did. How can I have my own wordpress that's mine and have a one time build out by someone. I want to have my inventory built into the site along with a credit app page. I would like to to link to homenet or something similar. I want to go on my own, is this too much to ask?

Hey Nick,

I'm disappointed to hear things went sideways like that - that's a tough spot to be in.

You can certainly get a Wordpress setup going that you own and it's pretty simple to do.
Getting the inventory in place is typically the hardest part to do "properly" and can often be the bottleneck in design and efficiency.
That said, I've heard some good things about http://cardealerpress.com/ and a fair number of dealers are using it.

IMHO, your best bet with Wordpress is to use a custom developer and get it done right once. (second best bet is to never use Wordpress :)
Wordpress is plagued with ongoing issues and a terrible code base, so finding a good developer can be tricky.
If you find a good one, they can build a custom inventory manager and a Homenet feed parser as well.

What you would need:
- monthly hosting (can be had for $4 a month, I recommend something mid range though)
- Wordpress install (most hosts offer 1 click install now)
- Wordpress theme (find something close to what you want and have it customized or pay for something from scratch)
- Inventory plugin (custom or use CarDealerPress or something similar)
- Great lead forms - I see this sacrificed alot on Wordpress installs
- SEO plugins and content (they help alot, especially when built on Wordpress)
- Focus on offsite SEO - you can't lose offsite SEO as easily as you lose onsite SEO. Make sure all your local presences are up to par

@Ed Brooks should chime in - he was going on about some local SEO this weekend and he had a great report I read.
 
  • Like
Reactions: Chris Leslie
Nick, sorry to hear you're going through this.

I had written an article years ago (never published it) on why dealers should be careful when spending a ton of money with on-going SEO programs/services on a dealer website they don't really own.

@craigh feel free to step in and correct me if my advice it's on par or excluding some technicalities that need reinforcement.

No matter what website provider you're using, isn't there a way to scrape/back-up any main static content page(s) to a remote space? Obviously you wouldn't save dynamic pages such a VDPs, SRPs and Specials but anything outside of that - especially pages optimized for search would be saved all way down to the URL. This would allow your new website provider re-create and match the pages, titles, descriptions and URL.

If a blog is part of your SEO strategy, wouldn't it be beneficial is have a it hosted on a sub-domain that you control? At the very least, if it were WordPress you could export all your pages, data and content and then re-upload everything back with the new provider (or taking that opportunity to move your sub-domain hosted blog away from any outside vendor.) @craigh would this be possible to do with a blog hosted on the main domain VS a sub-domain?

dealerblog.dealerwebsite.com VS dealerwebsite/blog/dealerblog
 
No matter what website provider you're using, isn't there a way to scrape/back-up any main static content page(s) to a remote space? Obviously you wouldn't save dynamic pages such a VDPs, SRPs and Specials but anything outside of that - especially pages optimized for search would be saved all way down to the URL. This would allow your new website provider re-create and match the pages, titles, descriptions and URL.
There are a few ways to do this, but most Dealers have their next vendor before they cancel their current site, so they can reference the live site.
That said, if you need one I used to use ScrapBook for Firefox - it downloads all assets and front-end required to have a full offsite version of every page. It's messy, but aside from functionality you'll have everything. https://addons.mozilla.org/en-US/firefox/addon/scrapbook/
New website vendors essentially have 2 SEO-friendly options:
  1. Match all the previous URLs with pages of the same content. Content can certainly change (Google encourages fresh content), but the important aspect is that the main content remains similar. SEO guys can chime in on the expert angle of this, but my understanding is that as long as the "authority" of the page remains similar / same you should not lose any traction.

  2. Create 301 redirects for each of the previous URLs to make sure they match the new ones. This tends to be a one time opportunity, so going live without it is very risky if the page URLs have changed. Either way, sitemap helps Google navigate this and they're not as simple as we make them seem - when they re-scan the site they're going to make small adjustments but I rarely see then make a major adjustment in one go unless pages start having 404 Not Found errors.
If a blog is part of your SEO strategy, wouldn't it be beneficial is have a it hosted on a sub-domain that you control? At the very least, if it were WordPress you could export all your pages, data and content and then re-upload everything back with the new provider (or taking that opportunity to move your sub-domain hosted blog away from any outside vendor.) @craigh would this be possible to do with a blog hosted on the main domain VS a sub-domain?

dealerblog.dealerwebsite.com VS dealerwebsite/blog/dealerblog
Blogs still have value in SEO and it's often debated whether it makes sense to build it as an offsite authority or as an onsite content builder.
I won't pretend to be an expert on this one, but my personal opinion/experience is that onsite/same domain offers more SEO benefits. With either option the entire site can be exported to an XML file and re-imported to a new site. The only issue is losing assets if the old site goes offline, since the XML importer tries to download them from the old site.

Either way, I don't think DealerFire uses Wordpress so your options were very limited. Using Wordpress moving forward will solve this for you, but unfortunately won't solve the problem overnight. If you can find an archive of your old site online you can try and rebuild the pages to gain the authority back (if they worked before, they should work again).
 
If a blog is part of your SEO strategy, wouldn't it be beneficial is have a it hosted on a sub-domain that you control? At the very least, if it were WordPress you could export all your pages, data and content and then re-upload everything back with the new provider (or taking that opportunity to move your sub-domain hosted blog away from any outside vendor.) @craigh would this be possible to do with a blog hosted on the main domain VS a sub-domain?

If I have absolute control I would elect to have all my content posted on the root domain (dealersite.com). But when it comes to content marketing and integrating with template dealer sites, the best decision is to create a sub domain (blog.dealersite.com). It's very easy to allow the content to "travel" with the root domain, no matter which template/company you are using. All it takes is updating the DNS.

We use this strategy very effectively with all our digital clients, for this very reason. Once you pay for search optimization and content marketing you should own the content.

Additionally, if you do decide to use another provider, it's recommended and really easy to either create your own, or get the provider to send you an html file for every custom page they build for you.

Craig - Respectfully, I'll disagree with you on your opinion of WordPress :) - I think you could make similar complaints about any content management system. There is no perfect solution, but we find WordPress to work very well for us.

Nick - We have built custom dealer websites using WordPress, and would be happy to help you in any way I could. Send me a DM and I'll show you some examples, tell you about some hurdles, maybe help point you in the right direction.
 
Craig - Respectfully, I'll disagree with you on your opinion of WordPress :) - I think you could make similar complaints about any content management system. There is no perfect solution, but we find WordPress to work very well for us.

I can tell you definitively, Wordpress is not an ideal platform for many reasons.
  • insecure plugin architecture
  • insecure file system management
  • terribly low quality codebase (I've worked on it personally)
  • insecure backwards compatability (ie: any password can be overwritten with a basic MD5 hash and it allows login with that password, no salt needed)
  • many easy to get site scanners will identify hundreds of wordpress sites with vulnerabilities. Every plugin is a potential liability.
  • no quality control on the plugin repository - there are hundreds of plugins in there today that are incredibly insecure
  • plenty of core code is susceptible to injection attacks, CSRF attacks, etc
  • fundamentally, I can get the source code of your website for the right price. $59 on ThemeForest (https://themeforest.net/item/marble-flat-responsive-creative-wordpress-theme/5896650) and I have all your themes files and can check them line by line for the inevitable vulnerabilities, then exploit them on your live site.
Don't take it from me, take it from the guy who founded Wordpress and hired a CEO to address the fact that "the technological foundations of the past decade weren’t strong enough for the demands of next one."

Or take it from Joost (the man who made the famous Yoast SEO plugin):
"I figured out that both the [Wordpress] Codex and the developer documentation on WordPress.org for these functions were missing the fact that you had to escape their output. In fact, the examples in them when copied would create exploitable code straight away."

Or take it from the list of 222 vulnerabilities that are public - http://www.cvedetails.com/vulnerability-list/vendor_id-2337/product_id-4096/
Or the catalogue of 4885 vulnerabilities here: https://wpvulndb.com/ - only 6 new ones last month :)
or from ars technica pointing out millions of sites were at risk due to vulnerabilities 2 months ago - http://arstechnica.com/security/201...wordpress-bug-puts-millions-of-sites-at-risk/

https://www.quora.com/Is-Wordpress-really-written-that-bad

I've been working with Wordpress longer than most people knew what it was.
It's a disaster. Can it be fixed? Sure.
Lots of vendors use it properly by locking everything down, changing the folder structure, removing the version indicators, hardening the password function and use custom table names.
 
Last edited:
To be fair, the same definitely applies to Joomla and Drupal, but doesn't apply to much smaller CMS with less functionality.
The more open your plugin and theme network is, the less secure your platform is.
Dealer Sites not built on Wordpress means avoiding all the security vulnerabilities of working with an open source platform.
 
@craigh, thanks for the CarDealerPress mention!

As with most software/processes/companies, there is never a one size fits all. @nickb, to respect the no-pitch policy please feel free to DM me if you would like to explore what we offer and see if there is a fit. We also have a page on our site for the plugins, themes, and hosting that we use that may be some help. These are what we have settled on after using WordPress in one form or another over the last 10 years.

There are also several automotive themes that have the inventory management baked in; Gorilla Themes is one that comes to mind.

@craigh, & @Gayle Rogers, Re: WordPress. From my experience dealing with developers over the years... most code sucks (when asking another developer especially). Just about every good developer will want to rewrite whatever it is they just finished the moment they finished it. This happens because there is always a better way to do something, especially after you have more experience. Then there are varying opinions on which programming language to use and why. Most of the software engineers that I have interacted with would prefer to avoid PHP in the first place, but also understand it's place in the ecosystem. WordPress' strength is its ability to empower non-coders to accomplish tasks that would normally be out of reach without spending a lot of money and it's immense ecosystem.
 
@craigh, & @Gayle Rogers, Re: WordPress. [...] WordPress' strength is its ability to empower non-coders to accomplish tasks that would normally be out of reach without spending a lot of money and it's immense ecosystem.

Completely agree with this point.
I encourage people to use Wordpress for non-vital websites, but I also encourage them in ways to secure the site.

I also give you great credit - CarDealerPress is solid and everytime I've seen it implemented it's done right.
What dealers choose to do with Wordpress is the scariest part - I can install it all proper, lock it down and make it essentially bulletproof, but as soon as they install a plugin it's game over on my strategy.
 
@craigh, thanks again for the positive feedback.

I think that your argument that WordPress isn't an ideal platform can be spun pretty easily though. As you mention Drupal and Joomla are vulnerable as well as a slew of online software. I would go so far as to say any web based software that can be accessed by a Windows computer can be vulnerable. Hell, the entire internet isn't secure. Just ask Target or any online banking site how well they are doing at staying secure. In my opinion, being hacked isn't a matter of if, it's when. Based on that WordPress then becomes the perfect solution since it is completely portable. You can have a new site up in a matter of minutes with the correct strategies in place.

That said, in the last 9 years of having car dealer sites on WordPress (easily over 1000) we have only seen a handful get hacked. In every instance these sites hadn't been updated in a year or more which was the fault of the site owner not the software. I have never experienced a site getting hacked because of a plugin personally, but we have settled on a well vetted group of plugins that we use too.

The one thing that I recommend to anyone that is starting a WordPress website is to pick the hosting and security strategy first. Here are a few steps to doing WordPress right.
  • If you don't know anything about WordPress or technology in general use a WordPress specific hosting company that offers security and backups like WPEngine. Even if you do know what you're doing, but would prefer to outsource the server side of things this is a good strategy (this is who we use btw).
  • If you have some knowledge and want to save some money use an inexpensive hosting company like SiteGround or Hostgator. Use a backup tool like Updraft (save scheduled backups off site and keep at least one base copy). Then use a free version of Cloudflare to manage your nameservers so you can block entire countries and repoint in seconds if needed.
  • Backup and update regularly. If you aren't going to do this manually it is possible to automate.
  • If you want to use a new plugin, test it on a sandbox site and do some basic research before putting it on a production site.
The reason WordPress gets a bad rap at all is it is running 70 million sites (or something like that) and probably half of those have been abandoned by the site owner. Because it's so easy to setup, it creates a problem where site owners don't take full responsibility for security. Take some time to do it right and WordPress can run sites doing a million plus hits per month just fine.