WordPress may be just one of many content management systems, but it’s widely accepted as one of the best blogging platforms and has some the widest distribution among CMS platforms. 48% of Technorati’s Top 100 Blogs are managed with WordPress, and more than 74 million sites utilize WordPress, accounting for more than 26.4% of ALL self-hosted sites on the web.
By default, most WordPress sites aren’t optimized to run at peak performance, and changes you make naturally can create security issues, problems and performance concerns. As we understand, the best part about WordPress is that it is loved by the non-techies and the techies alike and there is room for both the groups to exploit the benefits out of it. Sometimes though, people miss out on the simplest of things and smallest of fixes that can actually make huge impacts.
Here’s a list of just few fixes that come under our regular WordPress Maintenance Service, that can be done with very little or no cost to you in order to dramatically improve the security, performance, and usability.
1. Reduce Load Time with Cached Pages
WordPress serves up content dynamically as it pulls content from your database. That means the PHP scripts are running every time a visitor hits your site even if they’ve visited before. This adds to the time it takes to load your content, from individual pages to blog posts, portfolios, galleries, etc.
Visitors will typically bounce from a site if it takes too long to load. Data shows that most visitors will only wait around 8 seconds before abandoning a page, and that even a 1 second delay in page response can result in a 7% drop in conversions. Reducing load time is crucial to keeping your audience engaged.
W3 Total Cache is a plugin designed to reduce page load speed for WordPress sites. When we’ve configured this plugin for clients in the past it takes very little time and the results can be seen almost immediately. By reducing content download times your overall site performance will increase and is a crucial addition if you intend to grow your audience.
2. Optimize Your Plugin Load
Some fixes that enhance the performance of your site don’t require anything new to be installed or configured. If you have a growing list of plugins you need to roll up your sleeves and get ready to do some cleaning.
Just deactivating plugins isn’t always enough. Sometimes even inactive plugins can throw errors and cause functional issues in a website. We’ve helped countless clients reduce load times by fixing plugin bloat, and consolidating outdated or extra plugins with more appropriate choices based on their needs. Not everyone knows about all the plugins and whether they are appropriate for your website or not. Sometimes even coders have no idea about certain plugins, and you can’t blame them as there are so many of these plugins out there.
We also recommend setting plugins to update automatically with our clients. WordPress isn’t perfect, and being open source means there are security breaches. The recent Panama Papers Leak, the largest data breach in history, occurred as a result of a site not running the latest version of the Slider Revolution Plugin.
3. Eliminate Error Reporting to Boost Security
Error reporting is a great way to know if anything is wrong with your code. However, we recommend eliminating PHP error reporting on your live website. If a plugin or theme stops working on your site it may be scripted to generate an error report for you.
This is great for troubleshooting but there’s a caveat: error reporting can contain the complete server path for your site.
A knowledgeable hacker could take that server path information and use it maliciously. Error reporting might be handy but in most cases it’s best to just disable it. Code snippets can be added to your wp-config.php file to disable security holes like PHP error reports from being displayed publicly.
4. Closely Monitor Dashboard Activity
WordPress already has native error and activity logging, but accessing this information isn’t exactly a streamlined process. You can use a plugin to organize the data so it’s much easier to see if any changes you made were the cause of errors on your site.
Taking this approach is also a good idea if you have more than one user on your site so you can track their activity. While you may not suspect anyone of doing anything wrong, a single mistake can cause your entire site or certain elements to break. Logging dashboard activity lets you easily retrace steps to the source of a problem.
From a security standpoint, you can use this data to find the correlation between a specific action and reaction. For example, if a file that is uploaded to your site creates an unwanted reaction you could trace it back to malicious code.
Security upgrades are one of the most frequently requested changes from our clients, typically revolving around WordPress updates. Thanks to existing plugins they’re often easy to configure and don’t cost much to deploy.
5. Wordfence Security Plugin
When you want to keep your website completely secure, we highly recommend using a plugin like Wordfence Security. This is one of the most common plugins requested by our clients and provides a wealth of protection that helps prevent site hacks that originate from loopholes in core or plugin programming.
In the event that your site is compromised, or comes under attack from hackers, this plugin notifies you immediately and logs those attempts. Wordfence actively utilizes the built in web application firewall to prevent hack attempts while also offering a comprehensive set of security enhancing tools.
6. Organize Your WordPress Admin Menus
The customizability of WordPress is one of the reasons it is a go-to CMS for site owners. Unfortunately, as you add plugins and much-needed functionality you have virtually no control over how your admin menu changes. It can get tiresome and frustrating trying to remember where elements and options are added in your menus.
Admin Menu Manager is a simple plugin we recommend to clients to streamline your experience so you spend less time clicking around your menus. We’ve helped countless WordPress clients customize their dashboard menus to make administration far easier with the drag and drop interface.
7. Add SSL to Bump Security and Boost SEO
An SSL certificate can be issued for your site as a means of identification. It tells the browser (and search engines) that your site is secure, so any information being passed is encrypted. This is an absolute must for ecommerce sites but it can benefit any site and is highly recommended for boosting WordPress security.
Google knows that users prefer to know their connections are secure, which is why they announced that HTTPS and SSL were added as ranking factors (though a lightweight one) for SEO purposes.
The process is simple; you just need to purchase an SSL certification. A certificate isn’t expensive, ranging anywhere from $50 to $200 depending on the source – your web host likely acts as a reseller. If not you can buy SSL certificates from sites like GoDaddy and RapidSSL.
Navigating this process can be difficult as you’re often communicating with several different sources. We can help you with the purchase of your SSL as well working with your web hosting company to get the SSL certification installed correctly for your domain.
Need to boost site performance or concerned about security? Our WordPress Maintenance Service and Performance Upgrade improve your site through actions like those we recommend here.