06 Apr Keeping Your WordPress Site Healthy
WordPress is a Blogging Tool and Content Management System used by over 74 million sites across the world. It is often used to make websites easier and more accessible, but sometimes this can come with risks.
What is your responsibility, as a site owner, to protect against these risks?
It is your responsibility to make sure your website remains a safe environment for your customers to access, uncompromised by viruses or malware that could affect both your customers and your staff, as well as your hosting account.
So what steps can you take to ensure that your site remains safe and healthy?
There are two types of updates that are available for WordPress sites. Core updates, and Plugin Updates.
The WordPress team provide regular core updates to the platform, to address any security concerns and bugs that have been made aware to them by the WordPress community.
Some features on WordPress sites are provided by third-party extensions, known as plugins. This functionality is also regularly updated by plugin providers to remain current, to protect against any vulnerabilities and to provide new features.
You can find out whether updates are available for your platform by logging into the WordPress Admin Dashboard and looking underneath the ‘Updates’ tab. WordPress also publishes updates to their blog, so it’s worth checking this occasionally. You can read their blog articles here: https://wordpress.org/news/
WordPress can automatically update itself to the latest version of the platform for you by clicking the update now button, however we highly recommend you back up your website before doing this.
Weak and common passwords are a high-security risk to any business. A password is often the only thing preventing a hacker from entering your website and making any changes that may compromise your site integrity and security.
We recommend using four steps to secure access to your WordPress platform:
1 – Choose a complicated password.
We recommend that you use a password that is long and complicated. More than 8 characters and using a combination of letters, symbols and numbers. These can be complicated to remember, but it’s essential to use something complicated so that it can’t be easily guessed.
2 – Don’t share your password with anyone.
If multiple people regularly edit your WordPress site, we recommend that you create separate accounts for them to do so. This way passwords cannot be compromised by sharing them between other people. You can create additional admin accounts by going to ‘Users’ in the Admin Dashboard.
3 – Don’t use your password elsewhere.
If the password for your WordPress account is also used for social media accounts for example, your password is at greater risk of being discovered. If the social media site is compromised your password could be revealed, making anywhere it has been used vulnerable to unwanted access. We highly recommend you use different passwords for different websites so you don’t have to worry whether you have been compromised or not.
4 – Regularly change your passwords.
We recommend that you change your passwords every 90 days. This is just good practice, ensuring that everything is up to date and that your passwords remain safe and unused in other areas. This isn’t as essential as some of the other points above, but is highly essential if a password is used in more than one place.
Plugins are created by third-party providers in order to add extra functionality to your website; such as contact forms and security tools, at the click of a button.
As WordPress is such a big platform, it is easy to become overwhelmed by the sheer amount of third-party plugins available and it can be very easy to become reliant on these third-party plugins despite the problems they can cause.
We recommend that if you do want to add plugins to your website, you consult the plugin rating system along with any user comments before doing so. It is also worth doing some testing before using a plugin on any live pages, so that it doesn’t conflict with anything else on the page.
When someone visits your website, does your page instantly return the information they need when they click on a link? Or is there a delay whilst it loads?
This has become less of an issue in the past couple of years for desktop browsers, but page speed is a very prominent part of a user’s experience; especially when loading web pages on the go on tablet or mobile devices.
So how can we fix this using WordPress and the plethora of plugins available at our fingertips?
We recommend three steps: Image Optimisation, Reviewing your Plugins and Page Caching.
If you’re regularly uploading images to your site and it uses images heavily, this can often cause issues with page speed. There’s a tricky balance between having a website that is beautiful and a website that is too slow to load.
We recommend that images are always below 2MB when uploading for the web. Images intended for web use don’t need to follow the same quality guidelines that they do for print output. Image formats such as JPEG allow images to be compressed but still retain the visual quality, even at a low file size.
There are plugins available for WordPress that allow you to optimise your images at any time. A favourite among a handful of our clients is WP Smush. This plugin provides one-click image optimisation across the whole site so you don’t have to worry about optimising them all manually.
For more information on this plugin, click here: https://en-gb.wordpress.org/plugins/wp-smushit/
Plugins are a great way of saving time in development and can be really easy ways of adding new functionality to an existing site, but too many of them can cause big issues.
Often, plugins will link to external resources which means that your page has to load something from a website outside of your control. If anything happens to this website, your page load time can be increased heavily, causing visitors to look elsewhere.
We recommend that any plugins not being used on your site are removed on a regular basis. We also recommend that you avoid plugins that link to external resources whenever possible. This should help prevent your site load times increasing and ensure that your website is always fast loading.
Page Caching is very important for larger WordPress sites. If you do not have caching and your page is being accessed by 500 visitors an hour, your website has to make 500 requests for the same content over and over again. Introducing a caching plugin enables these pages to be loaded on the fly, with little to no effort to retrieve content that has already been retrieved recently.
A plugin we have used in the past for caching, across multiple sites is called WP Super Cache. This is a plugin that has been made by the creators of WordPress itself and it has been tried and tested by thousands of sites across the world. Its easy configuration means that you can set up caching on your site and increase loading speeds with ease.
For more information on this plugin, click here: https://en-gb.wordpress.org/plugins/wp-super-cache/
SSL Certificates have spent a lot of time in the news lately, with Google recently publishing an update that considers a site’s security when deciding rankings. We covered this topic in more detail in our blog article last year: http://www.keyzo.co.uk/blog/security-seo-https-google-ranking-signal/
With any site that we host, we highly recommend the use of an SSL Certificate to protect any customer data that might be taken on the site whilst ensuring your SEO isn’t punished by Google’s update to its Search Engine Indexing.
How Keyzo Can Help
As part of our ongoing commitment to security across all of our servers we have recently been developing a WordPress Security Package which will cover the points mentioned above, and more.
Our process is simple; we talk to you about the current situation of your WordPress site and provide you with a health care report. This report indicates whether your site is up-to-date and from this, we can create a quote for you based on what work is required to bring your website back up-to-date and ensure it is performing well.
From then on, we include your site as part of our routine security checks to guarantee that when new updates are made available, you are notified and the changes are made. This way we can make sure that your site remains available with as little down time as possible. This routine is covered by a monthly Security Package Fee.
For more information about what we can do to protect your WordPress site, or if you have a digital project in mind that we could help you with, we would love to hear about it. Get in touch on 01472 269243 or drop us an email at firstname.lastname@example.org to speak to a member of our team.