Get in Touch Today

Email us at admin@pismoweb.com. We aim to respond to your inquiry within 24 hours.

Case Studies

We have three case studies to share on this page. At the forefront of our findings, 2 of the 3 cases center around Wordpress. Many owners and leaders have Wordpress sites with plug-ins, but many business owners and organizations don't have the time to ensure that plug-ins are properly updated. Unfortunately, Wordpress sites are also really prone to get hacked by malware. Pismo Web has helped businesses update their plug-ins, add Google Analytics tracking and manage their content. Furthermore, Pismo Web helped an organization's website with removing the "Harmful Software Warning" red alert for their domain/hosting server in November 2025. There were 2 malicious files added by an unknown entity that had to be removed on the root level. We were able to get it back to safety measures.

If you encountered the same issue with your Wordpress site, scroll down to read our Case Study #2 below to learn how to resolve it.

Pismo Web Case Study #1

Yola CMS vs. Wordpress CMS

Which one is better?

I've managed websites that are hosted by Yola CMS and websites that are hosted by Wordpress CMS. Which do I think is better? It depends on your main purpose. If you just want a simple website without any blog entries, I suggest using Yola CMS as it's super easy to manage and it's very easy to use, as well as most cost-effective. This website: www.pismoweb.com that you're currently on was built with Yola.

However, if you'd like a blog centric website with a plan to blog very regularly and give other people the ability to blog as well but without allowing certain people all access to the main skeleton of your website, Wordpress is the answer. We've created a demo site called www.tastingshare.com that uses Wordpress' built in blog features and added some plug-ins to create an Event listing page and a Directory page, but you have to be careful that when you use these plug-ins, an outdated or hacked plug-in can burn your website to the ground and then, if that happens, no one could accesss your website. Furthermore, not all plug-ins are free so your monthly cost could add up! Wordpress sites are much more prone to hacks, which you can read more about in our Case Study #2 below.

Pismo Web Case Study #2:

Wordpress "Harmful Software Warning" from Google Browser

Also Known As Malicious Threat on Wordpress

On November 5, 2025, an organization's Wordpress website that an organization hired overseas to create got hacked by malware and all users had trouble entering the website without seeing the "Harmful Software Warning" that Google browser would show first. It created a very unpleasant experience and risk to all involved. After 10 days, Pismo Web was able to find the root of the issue that was infected on their Wordpress website.

How we fixed it in 5 steps:

We needed access to the Wordpress main dashboard log-in and where Wordpress was being hosted (their server). In this case, their hosting was served by Godaddy. So, the client had to provide access to two different places for access. Sometimes this is harder to get than expected as the clients often don't remember where they store their website log-in information.
After getting access, we had to remove the malicious lines of code from two files: the functions.php file and the header.php file using the organization's Wordpress log-in.
Then, we had to log-in to their Godaddy server via SSH terminal connection to find and delete two malicious files that were maliciously added within the last 2 weeks under their Wordpress root directories. This took a couple of hours to narrow down because we want to be sure which files are the right ones to delete. Godaddy has integrated an amazing Al chat tool on their website that is, in my opinion, better than ChatGPT and Gemini for Godaddy servers. This makes sense though.
Afterwards, I checked the user list in the Wordpress and saw a suspicious user called "wordpresslicensed" and deleted that backdoor access. This is a known and common issue with Wordpress and this threat typically uses that username to trick Wordpress site owners and continue to hack.
After doing all of those things, on Nov 15, 2025, we were able to get their Wordpress website back in order and Google passed our safety check when we submitted a final request to Google Search Console. It is imperative to have Google Search Console connecting with your website as soon you have your website live in order to connect directly with Google in this way. It was a good day when we were able help them out!

Pismo Web Case Study #3:

No Response on Contact Forms

Client thought there was not enough traffic.

In January 2026, a client was worried that their organic listing had fallen to the wayside and that their website was not indexed properly as before because they were not getting any responses on their 'Contact Us' forms for a while. Many websites have a form on their website that gives users a way to contact them. Usually, the business owner of the website gets an email notification on any real-time submission. The client thought that they were dropped on SEO ranking and that their website was not getting enough traffic because they were not getting an alert for a while from their website's form. After we reviewed their Brevo account, which is what they use to receive email alerts about a 'Contact Us' form submission, we found out that the email they used to get submission forms (which was a gmail account, by the way), was not subscribed to get "transactional" emails. After I checked that box to allow this gmail account that they use to get alerts about any submission to their Contact Us form on their website, they started getting submission alerts right away! So, what you may think is not enough traffic, maybe something that you need to look further into under "settings", if you're using Brevo or even MailChimp, to send and receive email submissions from any form.

In my opinion, if you're using a CMS, you can use the default form that is included in your hosting plan, without having to pay extra for Brevo or MailChimp if you have no use for online email campaigning and is just interested in getting alerts for someone trying to contact you via a form. See my SEO tips if you're interested in finding ways to help your website rank higher in Google, organically.

DMARC and DKIM

Once we toggled that on for the client, there was a "hallelujah" moment and something as simple as a toggle "on" could fix an important concern like this one. The backlogged emails came flooding. However, that toggle "on" button won't stick unless you also create proper DMARC and DKIM records under your DNS to stay compliant for Brevo; so that your email domain continually receives these without issues. Fortunately, there are many documentations on the internet on how to do that so that any marketing manager can look up on how to fix this. Pismo Web LLC would also be happy to assist you at our consulting rate.

Website Advice in San Luis Obispo County — Our Recommendation After Publishing Your Website Live

Connect your website with Google Search Console so that threats to your website, no matter which company is hosting it, can be properly diagnosed quickly. When you create a site, Google Search Console will give you options on how ensure it is reading your website and connecting with you as the main owner.

Collaboration with Social Media in SLO — Important Free Tools for Any Website

**Google Analytics** - This is to track how many visitors your website has and save reports.
Google Search Console - This is to ensure your website is properly indexed, find out which keywords were used by users to find your website, and keep your website healthy with direct connection to Google.
Google Business Listing - This is so the address tied to your business and the name of your business are searchable and linked on the search engine.

Find out more

Contact Pismo Web

Additional Pismo Web Case Studies

Case Study # 4: Using Let's Encrypt for SSL Cert Implementation

On May 10, 2026, a client informed me that they were getting a Warning message whenever someone went on their website and their 2 sub-domains. "Your connection is not private" was shown immediately when someone attempted to visit their website or log-in into their software tools that used their sub-domains. This caused an alarm for the client and an inconvenience to their agents and clients. After they contacted me, I checked their domain and clicked on that icon on the top, in the URL bar, and saw that their SSL Certificate had expired. It expired on May 8, 2026, just two days prior! Immediately, I checked their Godaddy dashboard to look for an SSL Certificate under their account, but it was not one of their products so my thought was perhaps, the overseas company that they had hired to build their website must have managed this on their end when they built it the prior year. After entering various terminal command via SSH, I was able to get verification that that the agency they hired had implemented an SSL Certificate in the hosting account when they built and pushed the website live, so that is why I didn't see it as a standalone product in the client's dashboard. Fortunately, I didn't have to buy a new certificate as Godaddy offers a "Let's Encrypt" solution which doesn't cost the client extra money. However, the client has informed me that they have been adamant about not wanting to use this agency's services anymore as they've been very non-responsive for new requests and give a high quote for every new change. Nonetheless, I've found a great solution for them that I implemented and was able to bring the website back live in secure order within 3 hours. Read more about this Case Study #4 via this link.
Upcoming Case Study

TBD

Get your domain name for $5

Website Builder

Subscribe to receive emails from Pismo Web LLC

Get Connected With Pismo Web LLC

Please enter your email info below.

Name

E-mail

Message or Question About Case Study or Services

I would like to subscribe to receive email newsletters from Pismo Web LLC

Yes

Submit