[Tech Tip] 10 Steps To Improve The Speed, Security, and Functionality Of Your WordPress Blog

Before getting started, I know this is a really looooong post, and I apologize in advance. I considered breaking this up into ten separate posts because there truly is enough content to justify each topic having its own post. In the end, I decided to create this post as the overview of each topic and an introduction.

Eventually, I will be writing full, in-depth posts on each topic, but wanted to get things going with these tips. In the meantime, go grab a cup of coffee or tea and settle in. I hope this is an especially valuable post for anyone running a WordPress blog. 

–Sean

As more and more new sites hit the Web on a daily basis, the adoption of WordPress as a content management system seems to keep on growing. WordPress has come a long way since it was launched in 2003 and the volume of complimentary plugins and themes is growing at a staggering pace.

via GIPHY

Whether you are just getting started with WordPress or are a seasoned vet looking to speed up your site and reduce administration headaches, there are often decisions that have to be made to ensure the smooth operation of your site. Balancing speed with functionality, ease-of-use with security, and automation with stability are all decisions that constantly need to be evaluated.

Whether from my clients, friends, or other WordPress fans, I often hear questions like:

  • How do I speed up WordPress while still using plugins for functionality?
  • Are there best practices for securing my WordPress instance?
  • Do good plugins really slow down my site?
  • If my WordPress site is slow, is it my host, my plugins, or my theme?
  • What tips do you have to make WordPress administration easier?

If these are questions you have about your WordPress site, read on. After more than 12 years working with WordPress, I have been through some trials and tribulations, including having my site hacked, so I hope these will help you in your decision-making process.

To get you started on the right track, I have put together 10 ways to make the management of your WordPress website/blog back-end a bit easier. If you would like to skip forward to a specific tip, just click any of the links in the table-of-contents.

WordPress Optimization Tips – Table Of Contents

Tip #1 – Minimize Plugins

[Level of Difficulty: 2 out of 5]

When it comes to speed and optimization of WordPress, less is definitely more. This mantra definitely applies to WordPress plugins.

There is such a thing as too many WordPress plugins, and they can slow your site down69 active plugins might be a few too many and all these plugins could be causing conflicts and slowdowns.

While plugins are little bits of code magic that help us do everything from create contact forms to speed up our sites through caching, each one also adds a little bit of overhead to our sites, slowing them down. Even the most efficiently-coded plugins still can cause a drag on the server.

Poorly-coded plugins can causes errors, slowdowns, conflicts with other plugins, and even shut down your site completely.

So, to make your life easier and reduce the time you spend troubleshooting issues with plugins, resolve to keep them to a minimum. Do a deep-dive analysis of each of your plugins and ask yourself the following questions:

  1. Do I really need this plugin?
  2. If I really need the functionality, could I replace it with a widget or some HTML?
  3. if I really need the functionality, is there a better plugin that is more lightweight and is better supported by the developer?
  4. If I don’t need the plugin, how soon can I turn it off and remove it?

As an example of how I implemented this process, I was using a “popular posts” plugin to track which posts were receiving the most traffic and then displaying those popular posts in the footer of my site. The plugin tracked the data for the last 90 days and then always showed the top nine posts from the last 90 days. 

My related posts widget no longer uses a plugin, but simple htmlMy Related Posts widget now is just a custom HTML widget with the links to my most popular posts that I gather from Google Analytics. One less plugin causing overhead issues and waiting to break.

After doing an audit, I just decided that I could get that data from Google Analytics and then create a custom HTML widget and populate the content using HTML. Takes me 15 minutes to update every 90 days and reduces the overhead caused by a popular posts plugin.

TIP: If you decided that you really want to keep a plugin, but you only use it periodically, consider deactivating the plugin when you’re not using it. When a plugin is deactivated, WordPress won’t load any of its files on the front-end of your site. This means that even though it’s installed, it won’t have any impact on your site speed.

When you need the plugin again, just re-activate it.

WordPress Tip: If you only use a plugin occasionally, you can disable it and it won't impact your front-end load times. When you need it, again, re-enable it. Click To Tweet

Tip #2 – Choose A Light-Weight, Mobile Friendly Theme

[Level of Difficulty: 3 out of 5]

Much like plugins, WordPress themes can run the gamut when it comes to usability and performance. Super lightweight themes like Twenty Sixteen are mobile responsive and load in the browser really quickly, but they aren’t really sexy in their appearance.

Other, beautifully-styled themes can be bloated and even abandoned by their creators. Take the Groesy WordPress theme, as an example. Nice looking theme, built using the Visual Composer editor, and is completely abandoned by its creator.

Beware of any WordPress theme that is not supported by the developerWhile this theme might appear sexy and feature-rich, the fact that is not supported by the developer should be a GIANT red flag.

Sure, the creator of the theme will still take your $59, but there is no support from the developer and they haven’t updated the theme in years. In fact, it’s only certified by the developer to work up to WordPress version 4.6.

Probably one of the most popular questions I get when I present at conferences is “What theme or themes do you recommend”. It’s kind of like a trick question that WordPress developers like to ask each other. It signals what is important to us in our site design.

Answer with something like “Avada” (one of the most popular WordPress themes in use) and you get dinged for liking a theme that some consider overly-used, bloated, and slow.

Answer with something like “Twenty Sixteen” and you get dinged for liking a theme that is over-simplistic and not very sleek and stylish.

My answer is two-fold:

  • For fast, minimalist designs I like the Genesis framework. SocMedSean.com is built on Genesis and it works really well for me. It’s easy to customize, has plenty of code hooks that can be used instead of plugins, and is well supported by the developers.
  • For corporate Websites, I prefer the Bridge theme by Qode. The theme is well-supported and allows my team to design sites that all look different, but are built on a stable, easy-to-maintain platform.

Choose something with good support that won’t be abandoned.

NOTE: The reason I give this a 3 out of 5 when it comes to difficulty is because you really have to know what you want your site to look like before you choose a theme. Then, after you have implemented your theme and design, we often changes themes over time as our sites evolve and our audience needs change. Theme selection is an on-going decision…and is often one of the hardest parts of building WordPress sites.

One of the most important parts of choosing a WordPress theme is to ensure that you select one that will be updated and supported by the developer on an ongoing basis. Click To Tweet

Tip # 3 – Minify Your JavaScript And Cascading Style Sheets

[Level of Difficulty: 3 out of 5]

No, code minification does not have anything to do with Minions. While they are cute and adorable helpers in the movie “Despicable Me”, they can’t help us administer our WordPress sites (yet <G>).

via GIPHY

Code minification refers to the aggregation of various JavaScript scripts and style sheets into fewer files and then shrinking them in size by performing operations like removing whitespace, shortening variable names, removing duplicate variables, and even replacing long, poorly-coded functions with shorter, more efficient ones.

The process of minifying your JavaScript and CSS can speed up your site significantly, because the browser will need to process fewer lines of code. Sounds great, right? Right!

The problem is that minification can also really screw up the look and feel of your site if the code minifications don’t play well with your theme or plugins. Again, another reason to reduce the number of plugins to those that are necessary and well-supported.

But don’t let the potential of some issues scare you away from minifying the code on your site. The benefits far outweight the time it will take you to set it up and there is a great plugin that can do most of the heavy lifting for you.

If you’re ready to start minifying your site, here are the steps I recommend:

  1. Backup your site – I shouldn’t have to tell you this, but either use the backup tool that your host provides or use a plugin like Updraft to backup the site.
  2. Install and activate Autoptimize – It’s the best, fully-supported theme out there and I have used it across dozens of different themes and have always been able to get it working at some level.
  3. Configure Autoptimize to work with your site – I highly recommend this guide, put together by the MediaVine team on how to use Autoptimize.

NOTE: If you follow the guide above and Autoptimize messes up your site, don’t panic an uninstall it. Just go back to the admin console and uncheck one box and then save and empty the cache. Do this until you find the checkbox that is messing up your site.

Once you have identified the culprit, go back and enable all the boxes per the guide except the one you identified as a problem. Once you have as many of the check boxes set as possible, run some site speed tests. I’ll bet your site is performing better.

While minifying your WordPress JavaScript and CSS might sound daunting, it's actually fairly easy and can improve the performance of your blog. Click To Tweet

Tip #4 – Install The Duplicate Page Plugin

[Level of Difficulty: 1 out of 5]

Not every one of these tips is one focused on the technical aspects of running a WordPress site. This one is about making WordPress easier to use and getting your content published faster. Of all the plugins I use, the Duplicate Page plugin makes it easier to build the site and add content because I can just replicate a well-performing page and then adjust the content.

Once you have the plugin installed, you’ll see a “duplicate this” link under every page or post within your site. Just click that link and WordPress will create a duplicate version of the page/post in draft format. You can then easily modify the content to fit your needs.

Duplicate this link allows you to easily replicate a page or post from within the WordPress consoleThe “Duplicate This” link now allows you to easily and quickly replicate any page or post in your WordPress site.

NOTE: When the plugin creates a new duplicate version of the post or page, it’s going to use the original page slug and add a -2 to the end of it. BE SURE to create a new slug that is unique to the new page or post. If you simply edit the slug and empty it out, WordPress will create a new slug based on the page title when you first save or publish the new draft.

Tip #5 – Control Spam With A Light-Weight Plugin

[Level of Difficulty: 2 out of 5]

This one is pretty quick and easy. While Akismet is by far the most popular anti-spam plugin out there, it doesn’t mean it is the most lightweight and/or best one. If you have Akismet set up and running and your site does great on speed performance scores, then leave it alone and let it continue to do it’s thing.

If your page speed scores are solid, then keep Akismet running

If, however, Akismet isn’t catching all your spam or if you are looking to tune your site for extra speed, try using one of the two following alternatives:

  1. Anti-Spam Bee – My go-to Anti-spam plugin. Plenty of configuration options, but really works as “set it and forget it”.
  2. Anti-Spam – The lightweight version of the anti-spam plugins. Again, really good at what it does.

 Whichever anti-spam plugin you use, be sure you’re running one of them. Take the hassles out of managing comment spam and let the automated plugins do the work for you.

Tip #6 – Set Your Permalinks Up Properly

[Level of Difficulty: 1 out of 5]

Setting up your permalink structure is something you’re going to want to do early and do right.

If you are setting up a new instance of WordPress, take a moment to think through what you want your URL structure to look like. Do you want to include the month and year in your URL? Do you just want to include the post slug?

One thing I can tell you is you DO NOT want to use the default WordPress setting that displays the page ID. Bad for user experience, bad for SEO. This should be one of the first things you change when setting up your blog.

By default, WordPress has a terrible URL structure. Changing it can help with your traffic.

By default, WordPress has a terrible URL structure. Changing it should be one of the first settings you fix.

Whichever permalink structure you select, stick with it. Changing your permalink structure can have negative consequences on both your social-sharing counts and your search engine optimization.

NOTE: If you are in the troublesome position of having to change your permalink structure, continue on to tip #7, as you will have to set up redirects for your existing content to let Google and other search engines know where your content went.

Tip #7 – Set Up The Ability To Redirect Inbound Links

[Level of Difficulty: 3 out of 5]

I set this as a difficulty level of 3 because, depending on what you are using redirections for, this can be simple or this can be difficult.

If your have been combing through your Google Analytics or Search Console and you notice some inbound 404 links you can use a redirection plugin to re-point that traffic to the proper location of the post or page. This can happen when someone generously links to your site, but mis-types the URL in their hyperlink.  The end result is their reader clicks the link to come to your site and, instead of great content, they see a 404 page.

Grrrr….

The simple way to resolve this is to install the Redirection plugin and create a redirect that points the improper URL to the new URL.

Another, more complex situation that might require the use of a redirection plugin is the changing of your permalinks. As I mentioned in the last tip, changing permalink structure is not something you do on a whim. I know from experience because when I started SocMedSean.com (waaay back in 2009), I used a permalink structure that included the month and the year.

As the years progressed and SEO conventions changed, I decided to adjust my permalink structure to eliminate the month and the year and just show the post or page slug. To accomplish this, though, I had to tell Google and other search engines where to go to access the content. Also, I couldn’t just leave the old URLs hanging out there, because they would result in 404s.

So, to proactively fix the issue, I installed the Redirection plugin and manually created redirections for each of the posts.

Changing your WordPress permalink structure requires the use of a redirection plugin to avoid 404sUsing the Redirection plugin, I was able to redirect all the links from my old permalink structure to my new permalink structure.

Those are just a couple of examples of where a good redirection plugin can help you better administer your WordPress site. A few more situations might include:

  • You want to republish an old post and change the URL slug to something new. You can use the plugin to redirect the traffic from the old URL to the new one.
  • You want to unpublish an old post that is no longer relevant, but want to redirect the traffic to a more current post.
  • You want to shorten the slug of a published post and want to redirect the traffic to the old, longer slug to the new one. 

The options are pretty limitless.

NOTE: Going back to the earlier tip of minimizing plugins, if you don’t need a redirection plugin, don’t install one. There are a lot of redirections that can be performed in your .htaccess file. If you’re tech-savvy and don’t mind editing your .htaccess file, then by all means, save the overhead of the plugin an perform your redirects there.

Tip #8 – Configure A Custom 404 Error Page

Every person who has used the internet has encountered the very annoying 404 error.

The standard 404 offered by a browser is non-descript and just tells the user that the page cannot be found. Generally, the 404 page strands the user with nothing more than a link back to the home page and a Refresh button.

The default Internet Explorer 404 page is useless and strands the visitor

The default Internet Explorer 404 page is useless and strands the visitor

WordPress, as a content management system, however usually delivers a theme-based 404 that maintains the header and the footer of the site and displays a generic “page not found” message to the user.

If you really want to help your users and retain some of the traffic that may have occurred because of a broken link, then consider customizing your 404 and giving your users some options other than just clicking the back button or closing the tab.

Don't allow your blog visitors to be victims of a lame 404 page. Customize it and give them an alternative destination to read your content. And fix the broken link 😉 Click To Tweet

An effective 404 Error page should have a couple of things that will make it useful – it would not be any good to you to just put up a message that just says “we do apologize for wasting your time and screwing up badly.” Instead, consider adding some or all of the features below that would help your visitor find what they are looking for:

  •  The 404 page should look very much like the rest of your site; this way your visitors will know that they are still on a part of your website.
  • Explain the error that happened, and possibly describe the common causes of the error (outdated content, mis-typed URL etc). The language you use should be clear.
  • If your website has a search function that isn’t included in the navigation, simply add a search box and let them search for the content.
  • Provide links to alternative posts/pages that might be related to the search they are finding
  • Add an email link; this way, visitors will be able to report a problem – do not think that most of them will utilize this feature, but some will.

Remember, the last thing you want them to do is just close the browser and give up on your site. Basically, just ensure that you motivate your readers not to lose their faith in your site, and provide them with alternatives as to where they can go next.

My custom 404 page allows users to search, contact me, and provides links to alternative articlesMy custom 404 page allows users to search, provides a link to contact me, and gives readers access to alternative articles that the might have been looking for.

Tip #9 – Implement Strong Passwords And Hide The Admin URL

Generally, the front-end of your WordPress site is open to the public and there isn’t any authentication required to access the content. Other areas, like your admin console should be secured to keep people from prying into the administrative areas of your site.

By setting a username and password you can restrict access to just a few people who have the “secret combination”. I can’t emphasize how important it is to ensure that those who access your admin console use strong passwords that are difficult to crack. I can go on and on about how crappy passwords can cause real issues for your site security.

Regardless of whether your WordPress site is a personal blog or a corporate website, you need to ensure that your admin console is secure an the first step toward doing that is strong passwords. Change them quarterly, use combinations that are not able to be guessed. Take this seriously.

The other aspect of securing your site has to do with securing your admin console itself. The great thing about WordPress is the hard work has been done for you through the development of the CMS admin console. The WordPress core contains an administrative area where you, as the admin, can add/remove plugins, themes, posts, pages, etc…

The WordPress Admin console is one of the best parts of WordPress

One downside of WordPress, though, is it uses the default /wp-admin/ URL to provide access to the admin console.

Unless changed, the admin console for every WordPress blog can be accessed by going to www.sitename.com/wp-admin. Hackers don’t even need to guess where your sensitive files are located. Once the know the address, they can start their hacking activities.

If you think about it, there are really three things a hacker needs to know in order to access your WordPress admin console:

  1. The URL of your admin console
  2. A username with administrator privileges
  3. The password that goes with that username

That’s just three things keeping hackers out of your site.

So….why would you give away one of those protection features to them for free?

To get that protection back, you need to hide the admin console URL by changing the URL from /wp-admin/ to something like /astrid93294/. That’s a URL that no hacker would possibly be able to guess. You’ll want to make it something only you will know, but make it something you can remember.

You can hide your admin URL by using a plugin like WPS Hide Login. This easy-to-use plugin allows you to change the location of your admin console simply by installing the plugin, typing a new destination, and saving the settings. Once you make the change, visiting /wp-admin/ will result in a “not found” message.

If you are adhering to my earlier advice and minimizing the number of plugins that you have installed, you can also accomplish this by editing your .htaccess file. There is a great overview of doing this here.

One more thing to consider, though. Just securing your admin console is only the first step. It’s up to you to make sure you’re rotating your passwords frequently and using complex passwords that can’t be easily hacked. Take all three elements seriously, and that’s a great start toward securing your site.

Tip #10 – Add A Firewall To Protect Against Brute Force Attacks

[Level of Difficulty: 4 out of 5]

The last tip I have for better administering your WordPress site is to ensure you are running a firewall plugin. Yes, I know I started the post by instructing you to minimize the number of plugins you run, but cutting corners by not having a firewall plugin isn’t something you should do.

Personally, I have three security plugins that I use for different reasons. The plugin I choose depends on the site, the budget, and the compatibility with various hosts. The ones I prefer are:

  • WordFence – A solid security plugin that allows you to configure brute force attack settings, receive alerts about plugins/themes that need attention, and ban/block users and IP addresses. The plugin is updated frequently with new definition files. There is also a paid version that adds additional features.
  • All In One WP Security & Firewall – Some hosts, like WP-Engine don’t like WordFence, so All In One is the solution I use on those hosts. Again, it’s a solid firewall with plenty of configurations. The bonus of this plugin is that it also has a built-in feature to hide your admin URL, so you won’t need an additional plugin for that feature if you go with this one.
  • Sucuri Scanner – Another solid entry into the firewall plugin arena. Easy to use, lots of configuration options.

Whichever solution you choose, take some time to really understand the options that area available, how they work, and what the ideal configuration settings are for your usage.

There you go! Ten tips that can help make sure your WordPress site is ready to maintain and ensures that your visitors are getting the information they need.

Have additional tips that need to be added? Feel free to leave your thoughts in a comment or send them my way via my contact form.  Looking forward to hearing your thoughts and suggestions.

Cheers!

–Sean


Share This Post With A Pin!

Tips to help you secure, speed up, and optimize your WordPress blog

Content So Good You Can Almost Taste It!

Subscribe to my email list and get updates in your inbox

Join my mailing list and get all of my social media tips, tricks, and comics in your inbox. Spam-free, guaranteed!





Comments And Reactions

  1. I thoroughly enjoyed reading this post. I loved the way you have written the whole article. Great blog, congrats!

  2. It’s possible that the database itself may need some fine-tuning for performance reasons.many BackEnd tool are available which provide better facility ,in that SQL Support a simple, but powerful condition and error-handling model.


Speak Your Mind, Share A Comment, Ask A Question

*