Need help with marketing? Get your personalised Marketing Support Pack.

IMC50: WordPress Health Check

To watch the full video and get access to all previous videos and resources join my Marketing Club - Get free access for 30 days

Ben guides us through a checklist he uses on our client sites to make sure they are fast, secure and ready for action.


A checklist to make sure your WordPress site is fast, secure and ready for action

1. Site has an active backup setup

  • Weekly at least. Daily recommended
  • Easy to install plugins
  • External services

The Benefits of keeping your site healthy

  • Takes time to rebuild site from a hack
  • Reputation damage
  • Data loss and privacy issues


  • Manual backup
  • Paid version ( 33/yr) has scheduling
  • Save to Dropbox, Google Drive or FTP


  • Automated remote backup
  • Set and forget
  • 48/yr for 5GB


  • Comes with hosting
  • Runs on the server
  • Automated, little configuration


  • Not a real backup
  • HTML snapshot of your site
  • Handy reference

3-2-1 Backup Strategy

  • Three copies of your data
  • One original. Two on other storage types
  • Hosting – Rsync local – Encrypted remote backup

2. Core, theme and plugins updated

  • WordPress updates
  • Site Health

Site Health is good

  • Tools > Site Health
  • Highlights any potential issues
  • Running PHP version 7.4 and above

Update WordPress Plugins & themes

  • Best protection against hacks
  • Manage updates (Dashboard > Updates)
  • Enable auto-updates for plugins (Plugins)

3. Site runs on HTTPS

  • Protects data sent and received from the server
  • Stops fake sites pretending to be a trusted brand
  • Many browsers show non HTTP sites as ‘Not secure’
  • Many hosts offer free SSL certificates with auto install

4. No unneccessary plugins

  • Deactivate and delete unnecessary plugins
  • Remove vulnerabilities
  • Can speed up the site

5. No unneccessary users

  • Users > Administrator tab
  • Remove users who no longer need access
  • Set role to none if not sure
  • Delete admin user ID 1

Use strong passwords

  • Use a passphrase. Four random words
  • More secure than random password
  • Easier to remember
  • Store passwords securely

6. No malware or hacks present

  • Site check with Sucuri

Passes Sucuri SiteCheck

  • External security test
  • WordPress plugin. Site hardening guidance

Hack Prevention

  • Install a firewall to limit attack area
    • Limit login attempts. Prevent brute force
    • Random database Username / Password
    • Disable Directory Indexing and Browsing
    • Change WordPress Database Prefix
    • Update WordPress hash
    • Remove version number


  • Firewall
  • Brute force protection – IP blocking
  • Malware scanner
  • Login security / Two-factor authentication


  • Malware scanner
  • Effective Security Hardening
  • Security Notifications
  • Firewall (Premium plan)

iThemes Security

  • Brute force protection
  • Login security / Two-factor authentication
  • User banning
  • Malware scanner
  • Lots of security tweaks

7. Site loads in less than 2 seconds

  • Pingdom speed test
  • Compress images
  • Page caching
  • CDN – Cloudflare

Pingdom Speed Test

  • Free site speed test
  • Aim for 2 seconds or less
  • File size, requests and response time

Reduce image size

  • No larger than twice the pixel size on screen
  • Compress to remove meta data
  • Saves on server space
  • Quicker to upload images
  • (Mac)
  • (web)


  • Compress uploaded images
  • Lazy load images


  • Minify (compress) page content
  • Enable server caching
  • Combine files to reduce requests
  • Can break your site if not careful

Cloudflare page caching

  • Free plan works for most sites
  • Massive speed improvements
  • Improve uptime if your server goes down
  • Must host your DNS