It’s January, the time of year where resolutions are made (or not made). So aside from getting in shape, eating well and spending more time with your loved ones, why not take the time to assess the health of your WordPress website.
I’ve posed a few questions for you to consider when thinking about your own websites and if they can be improved this year. Your website, whether it’s a personal site, or you’re a small or large company, deserves a health check every once in a while to ensure you (or your business) is getting the most out of it.
So let’s dive in!
One issue a lot of WordPress website owners face is site speed. If you want your website to have a good user experience (UX) whilst performing well in search engine results pages (SERPs) then having a fast site is an absolute must.
Zhiheng Wang and Doantam Phan from Google explain how in 2018 site speed will become even more important as a ranking factor for mobile devices:
People want to be able to find answers to their questions as fast as possible — studies show that people really care about the speed of a page. Although speed has been used in ranking for some time, that signal was focused on desktop searches. Today we’re announcing that starting in July 2018, page speed will be a ranking factor for mobile searches.
If you feel that your site isn’t as fast as it used to be, or isn’t as fast as it should be, then you’re going to want to find out why.
Luckily there are plenty of tools out there to give you a brief overview of how your site speed and performance is being affected. Initally we would suggest running your site through tools such as Google Pagespeed Insights and GTmetrix.
These tools will give you a good overall view of your website and how the performance might have been affected with advice on how it can be improved. It’s important to take these results with a pinch of salt as you may see some false positives. We suggest using these tools to begin a conversation with your web developers and start planning some actions to get your site back up to warp speed.
Ok so let’s talk WordPress plugins. There’s over 53,000 of them and the chances are, you’re using a few on your own site.
WordPress plugins are a great method to extend the core functionality of WordPress allowing your site to integrate with other services or to provide helpful additional functionality. However, as part of a WordPress website health check, we’d recommend asking yourselves the following questions:
One thing we often see at Foundry are WordPress websites that rely on a huge number of plugins. There are exceptions where this might not be a problem. However, if your website is using a large number of plugins there could be room for improvement in your underlying theme.
Perhaps the functionality that many of your plugins provide could be implemented directly into your theme. This could allow the website to be more performant and rely less on third party developers who are not obligated to keep their plugins up to date to work with future versions of the WordPress core.
Asking yourself this question can be a very useful exercise. It’s important as it ties in to the security of your website, which we’ll talk about in more detail later.
For example let’s say that you have 15 plugins on your website and 5 are currently disabled or inactive. For each inactive plugin you’re still using up disk space, leaving data in your database and potentially introducing security vulnerabilities.
Our advice is: if you’re not using a plugin and haven’t been for some time then delete it*.
Note: Quite often, lower quality plugins, even once they’ve been deleted, can still leave data behind in your database. This can bloat your website over time and lead to performance issues. Therefore if you suspect this is the case get in touch with your web developers and let them manually remove these leftovers for you.
It’s important to ensure that you regularly keep your plugins updated to their latest versions. Plugin authors often update their WordPress plugins to fix security issues or introduce new features. Both of which are going to be of benefit to you as an end user.
However, when updating plugins we do recommend to always take a backup of your site first. If you’re not taking regular backups then please keep reading. You should also check that the plugin is compatible with your version of WordPress before updating.
You would be suprised how many WordPress websites out there are regularly backed up. We cannot stress enough that taking regular backups of your website is an absolute must.
This process gives peace of mind that you have a recent copy of the site which can be restored in the event of a disaster. Additional benefits include being able to continually update WordPress and its plugins safe in the knowledge that you have a safe copy of your data to fall back on.
WordPress plugins like UpdraftPlus, “The World’s Most Trusted WordPress Backup Plugin” can be set up in minutes. It even allows off-=site backups to other services like Amazon S3!
We can’t think of a single reason why this shouldn’t be set up and configured.
Every week there’s a new data breach or security concern in the news. However, don’t assume that the hackers responsible for these crimes are not targeting small and medium sized businesses instead of just global organisations.
WordPress security is vital for everyone, so what are you doing to keep your website secure? A good start is to ask the following questions:
WordPress plugins like WordFence and Surcuri are a great start to hardening your WordPress installation against common security flaws. These plugins can automate a lot of security best practices on your behalf such as setting correct file permissions, blocking traffic from sources known to be malicious and changing the WordPress admin url to something less easily discovered.
Do you know which users have access to your WordPress website? How about that freelancer you used for a bit of website work a year ago? Or the previous agency you worked with?
It’s important to check which users have access to your WordPress website and what permissions they have. Limiting your WordPress admin access to a limited number of people you know and trust is a great way to avoid potential security vulnerabilities in the future.
In September 2016, Google announced on its security blog that it was taking steps to move towards a more secure web. Here’s what they opened with:
To help users browse the web safely, Chrome indicates connection security with an icon in the address bar. Historically, Chrome has not explicitly labelled HTTP connections as non-secure. Beginning in January 2017 (Chrome 56), we’ll mark HTTP pages that collect passwords or credit cards as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure.
Google also has taken further steps since that post to include additional situations within ‘Incognito Mode’.
The long and short of this is that your site needs to be secure.
If your website is not currently using https, get in touch with your web developers and get this actioned as soon as possible. Google has been using https as a ranking signal for sometime and you’ll also get the benefit of increased trust from your website visitors.
Much like keeping your plugins up to date, you should also aim to update your WordPress version to the latest release as soon as possible. The updates often contain vital security patches to keep your data safe when new exploits and vulnerabilities are discovered.