Author: Joe Stanton | Date Posted: Feb 9, 2019
Here are 10 easy tasks you can do to help improve and secure your client’s WordPress website. These items require only a basic knowledge of WordPress and shouldn’t require the assistance of a developer:
Running daily or weekly backups of your clients website is crucial.
What if your clients site gets hacked?
What if an easy update goes poorly and the whole website crashes?
What if the client brings down their own website?
This is weekly occurrence in the Ignitro world. You can use plugins to backup your website (such an backupwordpress or WP Migrate DB Pro) or a lot of hosting companies offer automated backups. Be the hero and always have a current backup ready to go.
There are over 40,000 plugin to choose from. That does not mean you should be using all 40,000. Be picky about the plugins you add to your websites. Plugins cause code bloat and will often slow a website down. On average, one of our websites will launch with 4 plugins. When large functionality pieces of a website are handled by plugins you are risking failure. The plugins will, at times, stop being supported by the developers. Which means that WP updates can cause whole sections of your site to stop working properly.
Always choose plugins that are highly vetted and have a bunch of great reviews. Go through your active plugin list often and deactivate plugins that are not crucial to your website. We recommend having somewhere in the range of 3 to 8 plugins active.
Now that we have our website backed up and the plugins are up to date, it’s time to update to the latest version of WordPress and update all your plugins. Plugins and WordPress are constantly being update to fight security risks, so you’ll want to stay on top of this. Just a friendly heads up, when updating to WordPress 5.0+, we recommend installing the classic editor plugin since WordPress has now switched over to the new Gutenburg editor. The new editor is great, but if your theme was built using the classic editor, it may not play nicely once updated. Trust us, take a moment, create a backup, add the classic editor, activate it, and THEN upgrade to the newest version.
This is a crucial piece that most clients overlook. An image does not need to be 4000 pixels wide and 4MB. Scale down to 1800 pixels in width and run it through an image optimizer such as Optimizilla or tinypng. Use JPEGS unless you need an image that has a transparent background in which case you are forced to use .png format. You shouldn’t have an image on your website that exceeds 200 KB. Speed is crucial for analytics and image size is low hanging fruit.
Think about your content before publishing. Prepare all your content with SEO in mind. We recommend using SEO Yoast. This is by far the most popular SEO plugin and will help guide you to use the best SEO practices. SEO Yoast is so powerful and we can easily write an entire blog article on its capabilities but we recommend just starting with the basics.
I know it is a very easy thing to do but try not to use the username “admin” or generic passwords. Use a strong password generator for all your passwords.
We recommend using a hosting company that specializes in WordPress such as WP Engine or Pantheon. Traditionally, these hosting companies will cost more than your low level GoDaddy plan but I assure you, they are worth every penny. WP Engine has great support, offers free SSL (you’ll pay $50 per year on GoDaddy), daily backups, one click restores, one click staging websites and much more. These companies specialize in WordPress and stay ahead of any major updates security risks. We often see large increases in site speed reporting when moving a client to a WordPress hosting platform.
If you want to add some structured data to your page we recommend using Schema for this. This structured data helps google understand the content on your page. Here are some insights into how googles structured data works: https://developers.google.com/
Google Analytics is the standard to track visitors, bounce rates and much more. You can even take as far as installing a 3rd party, such as Hotjar, that will allow you to view heat maps, user recordings, conversion rates, etc..All this data is crucial so you can fine tune your website and bump your conversion rates.
Once your team has been practicing the things listed above, monthly maintenance should be fairly easy. Set a reminder every week or once a month to go in and update plugins and WordPress. Go in and randomly test some form submissions. Run site speed reports, make sure your backups are still working, etc..
Your website is like owning a car or growing a garden, if you don’t provide maintenance and care, your site will fall apart, cause downtime and expensive repairs. It is way more cost effective to spend time each week than hiring a development team to get your site back in working order in an emergent situation.