Need help with marketing? Get your personalised Marketing Support Pack.

IMC50: WordPress Health Check

To watch the full video and get access to all previous videos and resources join my Marketing Club - Get free access for 30 days

Ben guides us through a checklist he uses on our client sites to make sure they are fast, secure and ready for action.

Notes

A checklist to make sure your WordPress site is fast, secure and ready for action

1. Site has an active backup setup

  • Weekly at least. Daily recommended
  • Easy to install plugins
  • External services

The Benefits of keeping your site healthy

  • Takes time to rebuild site from a hack
  • Reputation damage
  • Data loss and privacy issues

Updraft

  • Manual backup
  • Paid version ( 33/yr) has scheduling
  • Save to Dropbox, Google Drive or FTP
  • https://wordpress.org/plugins/updraftplus/

CodeGuard

  • Automated remote backup
  • Set and forget
  • 48/yr for 5GB
  • https://www.codeguard.com

CPanel

  • Comes with hosting
  • Runs on the server
  • Automated, little configuration
  • https://docs.cpanel.net/cpanel/files/backup-forcpanel/

SiteSucker

  • Not a real backup
  • HTML snapshot of your site
  • Handy reference
  • https://ricks-apps.com/osx/sitesucker/index.html

3-2-1 Backup Strategy

  • Three copies of your data
  • One original. Two on other storage types
  • Hosting – Rsync local – Encrypted remote backup

2. Core, theme and plugins updated

  • WordPress updates
  • Site Health

Site Health is good

  • Tools > Site Health
  • Highlights any potential issues
  • Running PHP version 7.4 and above

Update WordPress Plugins & themes

  • Best protection against hacks
  • Manage updates (Dashboard > Updates)
  • Enable auto-updates for plugins (Plugins)
  • https://wordpress.org/support/article/configuringautomatic-background-updates/

3. Site runs on HTTPS

  • Protects data sent and received from the server
  • Stops fake sites pretending to be a trusted brand
  • Many browsers show non HTTP sites as ‘Not secure’
  • Many hosts offer free SSL certificates with auto install

4. No unneccessary plugins

  • Deactivate and delete unnecessary plugins
  • Remove vulnerabilities
  • Can speed up the site

5. No unneccessary users

  • Users > Administrator tab
  • Remove users who no longer need access
  • Set role to none if not sure
  • Delete admin user ID 1

Use strong passwords

  • Use a passphrase. Four random words
  • More secure than random password
  • Easier to remember
  • https://www.correcthorsebatterystaple.net/
  • Store passwords securely https://www.lastpass.com

6. No malware or hacks present

  • Site check with Sucuri

Passes Sucuri SiteCheck

  • External security test
  • WordPress plugin. Site hardening guidance
  • https://sitecheck.sucuri.net
  • https://transparencyreport.google.com/safebrowsing/search

Hack Prevention

  • Install a firewall to limit attack area
    • Limit login attempts. Prevent brute force
    • Random database Username / Password
    • Disable Directory Indexing and Browsing
    • Change WordPress Database Prefix
    • Update WordPress hash
    • Remove version number

Wordfence

  • Firewall
  • Brute force protection – IP blocking
  • Malware scanner
  • Login security / Two-factor authentication
  • https://wordpress.org/plugins/wordfence/

Sucuri

  • Malware scanner
  • Effective Security Hardening
  • Security Notifications
  • Firewall (Premium plan)
  • https://wordpress.org/plugins/sucuri-scanner/

iThemes Security

  • Brute force protection
  • Login security / Two-factor authentication
  • User banning
  • Malware scanner
  • Lots of security tweaks
  • https://wordpress.org/plugins/better-wp-security/

7. Site loads in less than 2 seconds

  • Pingdom speed test
  • Compress images
  • Page caching
  • CDN – Cloudflare

Pingdom Speed Test

  • Free site speed test
  • Aim for 2 seconds or less
  • File size, requests and response time
  • https://tools.pingdom.com

Reduce image size

  • No larger than twice the pixel size on screen
  • Compress to remove meta data
  • Saves on server space
  • Quicker to upload images
  • https://imageoptim.com/mac (Mac)
  • https://tinyjpg.com (web)

Smush

  • Compress uploaded images
  • Lazy load images
  • https://wordpress.org/plugins/wpsmushit/

Hummingbird

  • Minify (compress) page content
  • Enable server caching
  • Combine files to reduce requests
  • Can break your site if not careful
  • https://wordpress.org/plugins/hummingbird-performance/

Cloudflare page caching

  • Free plan works for most sites
  • Massive speed improvements
  • Improve uptime if your server goes down
  • Must host your DNS
  • https://cloudflare.com