WordPress website optimisation: how to maintain & improve your WordPress site [ultimate guide]
It’s hard to keep your WordPress website performing optimally.
It’s a balance between conflicting priorities – with new technologies, search engine developments, rapidly-updating analytics data, variable markets and many other digital changes providing constant challenges. What’s more, all of this has to be managed alongside the day-to-day tasks involved in running your business or organisation.
But you’re not alone – we’re here to help! In this ultimate WordPress website optimisation guide, we share everything we know about how to improve and maintain your WordPress website, using our two decades of experience as a specialist WordPress agency.
Read on to learn how to:
- Schedule and perform the most important WordPress maintenance tasks
- Undertake a complete audit of your WordPress site
- Update your site, plugins and themes to the latest versions
- Make regular website backups so you can reinstate your site in case of a problem
- Optimise images and content for maximum website performance
- Sky-rocket your website’s speed
- Protect your site against hacking, cyber-attacks and viruses
- Maximise search engine performance and increase organic traffic
- Improve user experience and conversions
- Understand WordPress hosting options and select the right one for you
- Collect and analyse key data about your WordPress site and users
- Ensure compatibility and performance on different browsers and devices
- Fix the most common WordPress errors
- Understand the latest WordPress best practices for optimal site performance
- Choose the right WordPress management agency to support you
Whether you’re just new to WordPress or are an experienced WordPress developer, we know you’ll find something useful in this guide to get your WordPress website performing better than ever.
contents
- WordPress optimisation basics
- WordPress web maintenance checklist
- Updating WordPress
- How to backup a WordPress site
- Optimising WordPress images & content
- How to add Google Analytics to WordPress
- How to improve WordPress SEO
- WordPress speed optimisation
- Optimising WordPress for mobile
- Maximising WordPress security
- Choosing reliable WordPress hosting
- Fixing WordPress errors
WordPress optimisation basics
Before we dive into how to optimise your WordPress site to maximise digital results, we cover some of the general questions we’re often asked. These include whether you need to optimise your site, and how to choose the right WordPress management agency to support you.
what is WordPress?
WordPress is a brilliant content management system (CMS) used by millions of websites including CNN, Vogue and PlayStation. In fact, it’s the world’s most popular CMS with around 35% of global websites using it.
WordPress is an open source platform, which means that anyone can utilise it to create a blog or website for free. Because of its relatively simple structure, WordPress websites can often be produced more quickly and at a lower cost than with other CMSs.
WordPress can be used for a wide variety of websites, including informational sites, blogs, jobs boards, e-commerce stores, forums and directories. There are thousands of WordPress themes and plugins that can be used to customise your website for the exact functionality and design that you need.
For all of these reasons, we’re big fans of WordPress and love being a specialist WordPress agency! It’s a highly-adaptable and cost-effective CMS that almost anyone can use effectively.
do I need to optimise my WordPress site?
With thousands of new websites popping up every day, the internet is an increasingly competitive marketplace.
To ensure people select your website above other sites providing similar services or information, you need to optimise your WordPress site. This means improving things like speed, functionality, security and search engine performance so that users can both find your site and choose to stay on it.
Having a website is a bit like having a car – it also needs regular MOTs, servicing and maintenance to stay safe and running effectively.
But how do you optimise your site? With countless blogs and videos suggesting how to improve things, it can feel impossible to know where to start.
That’s why we’ve put all of the key information and latest developments for optimising WordPress into this ultimate 2020 guide. Keep reading to find out exactly how to get your site in tip-top shape, or please get in touch if you’d like assistance.
how to choose a WordPress agency
Whilst many people choose to create a WordPress site themselves, it can be hugely beneficial to work with a WordPress web design agency to help customise, optimise and manage your site.
When choosing a WordPress agency, we believe the three key factors to consider are expertise, value and transparency.
Expertise: Does the agency specialise in WordPress and have relevant case studies? At Pedalo, we’ve got two decades of experience and provide expert WordPress services for a wide range of businesses, charities and organisations including Ten Health and Fitness, Anti-Slavery International, Joseph Rowntree Reform Trust and many others.
Value: This covers cost, value for money and the value of peace of mind. Whilst charging more per hour, an experienced agency is likely to perform work more quickly and anticipate potential problems in advance, thus saving time, money and energy in the long-run.
Transparency: How does the agency share work in progress, timelines and costs? At Pedalo, we give clients access to Trello software to log all site issues and requirements, and we regularly respond and update on progress; this means clients always have a clear understanding of work taking place, timescales, and how their budget is being spent.
Finally, it’s worth thinking about chemistry – how does the agency respond to your questions, and do they seem passionate about your organisation’s website? A good WordPress agency will be able to chat through your needs, explain their suggestions and provide expert, recommendations to improve your site.
For further information about our WordPress support services, give us a call on 020 8747 3274 – we’re always happy to chat.
WordPress web maintenance checklist
To keep your website up to date and performing optimally, it’s vital to undertake regular site maintenance.
We’ve gathered together all of the most important tasks needed, and put them into a web maintenance checklist you can schedule in your diary.
Of course, feel free to adjust our suggested maintenance checks to meet your needs. Doing certain things more or less often may work better for your unique organisation and website.
Whilst this list may seem overwhelming, our golden advice is to do little and often! Even making small improvements once a week or once a month will help improve both your website performance and digital results.
regular WordPress optimisation
In this section, we highlight the things you should be doing on a regular/ongoing basis to maintain your WordPress site and optimise performance.
1. Update software
The WordPress core, themes and plugins are regularly updated to fix issues, optimise performance and patch security vulnerabilities.
You can apply automatic updates for small WordPress releases, but will need to manually install any major updates. Plugins and themes should also be updated either manually or automatically as soon as updates are available.
Look out for update messages on your WordPress dashboard, and read the ‘Updating WordPress’ section below for more information. Don’t forget to backup your site before making updates!
2. Publish new content
By adding content regularly, you signal to both users and search engines that your website is active and relevant.
Content should target your main keywords, be of interest to your target audience, and be optimised for SEO (see the ‘How to improve WordPress SEO’ section). Also, make sure to check your spelling and grammar before publishing!
3. Backup
It’s vital to backup your website regularly, so that if you get hacked or encounter any other major problem, you can get your site online again quickly. The more regularly you backup, the less data you’ll lose if you ever need to revert to a backup version.
Check your backups are being made and stored securely via your WordPress agency, hosting provider or backup plugin. Backups should be scheduled for low-traffic periods, when they will have least impact on your website’s speed and user experience. We explain more in the ‘How to back up a WordPress site’ section of this guide.
4. Optimise images
Images are a major cause of poor (and slow) website performance, so make sure to optimise as you add them to your site. This means uploading images in the smallest possible size and correct format, using a tool such as Photoshop or Pixlr.
You should also include keyword-rich alt text to help users and search engines understand your images. Find out more in the ‘Optimising WordPress images & content’ section below.
5. Monitor security
We explain all about website security later in this guide, but once you’ve got your security plugin and/or other protection measures in place, make sure to check regularly for security notifications. If there are any breaches or issues, take action to remedy them and re-secure your site.
6. Moderate comments
Whenever a user adds a comment on your website, it’s automatically held in moderation. Make sure to check the ‘Comments’ section of your WordPress dashboard regularly to publish useful comments, reply to questions and delete any spam.
monthly WordPress maintenance checklist
We now consider the more detailed website maintenance tasks you should schedule every one or two months. Most only take a few minutes to complete and are well worth doing!
These are the general checks needed to keep on top of your site’s speed, functionality and other key areas of performance.
1. Conduct a security scan
Make sure to give your site a full security scan every month to check for malware, viruses and suspicious code.
If using the recommended Wordfence plugin, this can be done by going to Wordfence > Scan and clicking ‘Start new scan’. If there are any issues, Wordfence will suggest how to fix them and get your site secure again.
2. Check site speed
Having a fast-loading website is vital in today’s rapidly-moving digital world. You can check your site speed with GTmetrix, which includes PageSpeed and YSlow scores as well as detailed recommendations to improve things.
It’s well worth creating a free account with GTmetrix so you can see how your site speed changes over time. We explain more in the ‘WordPress speed optimisation’ section below.
3. Verify backups
Considering how essential site backups are if disaster ever happens (and it always does at some point!), it’s a good idea to check and verify them from time to time.
You should make sure that all of your website data is being stored, that backup copies are being saved in different locations, and that files are not corrupted. This will ensure you have the best chance of being able to reinstate your site when the worst happens.
4. Check uptime
Uptime is the time that your website is online and available for users, expressed as a percentage of the total time available.
Uptime should ideally be at 100%, meaning that your site is available every minute of every day. When it falls below this, it’s usually a server problem, meaning it’s worth contacting your hosting provider. You can check your website’s uptime on isitwp.
5. Perform a visual and functionality inspection
Finally, give your website a once-over – by looking and checking any key functionality, for example by testing contact form submissions.
This will highlight if there are any code, formatting, design or operational issues that need to be investigated further. We show how to overcome common problems in the ‘Fixing WordPress errors’ section of this guide.
maintenance checks every 3-6 months
Here are the essential WordPress site checks worth scheduling a few times a year…
1. Review analytics
Collecting information about website traffic and user behaviour enables you to make data-driven decisions to optimise performance.
If you’ve installed a Google Analytics plugin such as MonsterInsights, you can go to Insights > Reports to see your site data. If you’re using tracking code instead, you’ll find your stats on your Google Analytics dashboard.
Consider what’s working well and what isn’t and make informed edits to maximise website results. In particular, it’s often worth updating and republishing popular blogs.
2. Check mobile compatibility
There are two great tests you can use to check how your site functions across different screen sizes and devices – the Responsive Test and Google’s Mobile-Friendly Test. Together, these give a great insight into how your appears on smaller screen sizes and whether you’re meeting mobile browsers’ needs.
If needed, you can improve your site’s mobile compatibility using the advice in the ‘Optimising WordPress for mobile’ section below.
3. Change passwords
Keep your site super-secure against hacking by changing your login details regularly. Strong passwords involve a random combination of letters, numbers and other characters.
As well as updating your WordPress back-end password, it’s also worth changing passwords for other website-related accounts, such as your custom email address and FTP account.
4. Optimise your media library
Clearing out your Media Library and deleting old and duplicate image files is a great way to speed up your website. It’s also a good idea to go through the images you’re keeping to check they’re the optimal size and include relevant alt text data.
5. Remove users
WordPress allows you to add different types of users to your site, each with different permissions. As user profiles can pose a security risk to your site, it’s a good idea to review your site users regularly and check that people have only the level of permissions required.
You should also delete any profiles that are no longer needed. This can all be done in the ‘Users’ section of your WordPress dashboard.
6. Clean your database
The more you update your WordPress site, the more your database becomes clogged-up with old content, deleted comments, surplus files and more. As this slows your site down, it’s worth giving your database a regular clean-up.
Database clean-ups can be scheduled automatically with a plugin such as WP-Sweep. But if you’re not using a plugin, make sure to check through and remove unneeded files in phpMyAdmin every few months.
WordPress SEO maintenance checklist
We now move onto the maintenance checks that are important for your site’s search engine performance.
How often you schedule these will depend on how much you rely on organic traffic to your website, and how competitive you want to be in search engine results. We recommend performing these between every couple of weeks and every six months, depending on your priorities.
We explore search engine optimisation in much more detail in the ‘How to improve WordPress SEO’ section below, but this gives a good overview of the regular SEO tasks you should put in your diary.
1. Check general SEO health
You should give your site a general SEO once-over at least monthly, using the free Ubersuggest SEO analyser (or another similar tool).
On Ubersuggest, simply type in your web address, select the relevant language/country and click ‘Search’. A report will be generated showing your monthly organic traffic, domain score and number of organic keywords – it’s worth recording this information and trying to improve your stats over time.
If you also go to the ‘Site Audit’ section in the left-hand menu, you’ll then see a more detailed SEO health-check for your site. This includes a list of SEO issues needing attention, rated in order of difficulty and SEO impact. For example, pages with a low word-count or poorly-formatted URL may be highlighted.
We recommend checking your general SEO site health and fixing any issues regularly to maximise organic performance.
2. Optimise content
We recommend installing the free Yoast plugin which allows you to optimise posts and pages for particular SEO keywords.
Once installed, you can go to Pages > All Pages (or Posts > All Posts), and check the coloured dots in the SEO column on the right-hand side. Any red or grey dots should be addressed by clicking on the relevant item and scrolling down to the Yoast SEO toolbox underneath the page’s text.
There, you can enter a focus keyphrase, see and edit the search engine results pages data, and view Yoast’s other tips for SEO improvements. Aim for green dots (meaning good SEO) for every page and post.
3. Check Google Search Console
Google Search Console is a free set of tools and reports provided to help you measure and improve your website’s performance in Google’s search results. It’s worth checking this regularly to benchmark your site’s SEO, understand which keywords are being used to find your site, and highlight errors.
You may also want to check your site’s Google’s Crawl Stats Report, which shows Googlebot activity on your site for the last 90 days.
4. Fix broken links
A broken link is a link to a webpage that doesn’t work. It acts as a negative signal to search engines.
You should check regularly for broken links with an online tool such as Dr Link Check. If you have any, you can then go to the relevant page and update or remove the link.
5. Seek backlinks
Backlinks are links to your site from other websites; they signal to search engines that your content is high-quality and worth displaying in search results.
Share your latest posts and ask for backlinks to your website regularly, particularly from other sites that are trustworthy, relevant and have high domain authority.
6. Check keywords
Keywords are the main topics, words and/or phrases that people are searching for to reach your website.
It’s a good idea to check and refresh your keywords from time to time, using tools such as Moz’s Keyword Explorer or Google’s Keyword Planner. This will help ensure the keywords you use on your website are up to date with current user behaviour and search trends.
how to audit your WordPress site (annually)
Finally, we explain how to conduct a full audit of your website. This should be done annually, including all of the above tasks as well as those suggested below.
It’s often worth getting an expert opinion on this, by asking your WordPress web design agency to conduct a full site audit for you. Here are the areas we recommend considering…
WordPress theme: Are you using the most appropriate theme for your site? The more unnecessary features your theme has, the more it will slow down your page loading speed.
It’s worth checking your theme is as fast and light-weight as possible, and disabling any scripts and functions that are not needed.
Hosting provider: Most hosting packages renew annually, so it’s a good idea to review whether your current hosting provider is reliable, rapid and secure enough for your site.
We explain more in the ‘Choosing reliable WordPress hosting’ section below. It may also be worth setting-up a CDN to improve loading speeds in other locations.
HTML & code hygiene: We recommend removing unnecessary code to reduce site complexity and maximise website speed. Code errors should also be fixed to ensure search engines can understand your content.
You can check your site’s code using FTP or shell access, although it’s often advisable to ask a WordPress expert to provide a more detailed technical audit. It’s also worth checking your site for HTML errors using validator.w3.org.
Brand mentions: Are all brand mentions up to date with how you’re describing your organisation? This part of the audit includes checking your contact details, footer, about us page and any other brand information on your site, as well as updating external listings if necessary.
Plugins: Make sure to go through your plugins (in ‘Plugins’ on your WordPress dashboard) and delete any that you’re not using or are slowing down your site. There may be more appropriate or better performing alternatives on WordPress.org plugins. We explore plugins and how they affect site speed in our ‘WordPress speed optimisation’ section below.
Domain renewal: You usually need to renew your domain name annually, so make sure to include this on your audit checklist. Domain renewal can be done either directly with your domain provider or by contacting your WordPress support agency.
Design & UX: Great websites are attractive and easy to navigate so that users can find everything they need and complete desired actions.
Make sure to give your WordPress web design and user experience (UX) an impartial review as part of your annual audit, and consider how you could make things even more appealing and clearer. If possible, conducting user testing is an even better way to get feedback about and improve your site.
Accessibility: With more than 20% of the UK population experiencing long-term disability and the law stating that services (including websites) must be accessible for everyone, it’s vital to check your site’s accessibility. You can evaluate accessibility and get suggestions for improvements using Wave or other similar online tools.
404 page: A 404 error message is shown to users when the URL they’re trying to reach can’t be found on your site. A warm, friendly and humorous page will keep users happy and encourage them to continue browsing. Check your 404 page is functioning as part of your annual site audit, or create a new 404 page with the 404page plugin.
Legal requirements: Are any legal changes imminent, such as data protection or e-commerce regulations? It’s a good idea to check that your site is meeting all local and international laws, such as the 2018 GDPR legislation.
Disaster recovery: A disaster recovery plan details exactly what you would do if your site crashes or encounters a security problem. We explain what it should include in the ‘Maximising WordPress security’ section below, but we also recommend checking and updating your plan annually.
SSL certificate: To keep your site secure, your SSL (Secure Sockets Layer) certificate needs to be renewed every two years. This can be done free through Let’s Encrypt.
updating WordPress
It’s vital that you always update your website to the latest version of WordPress to ensure everything is secure and functioning correctly. In fact, the vast majority of WordPress sites that are hacked have outdated software.
WordPress (and WordPress plugins) are maintained and updated by developers all around the world. They are constantly working to fix issues, add features and patch security weaknesses. They release regular updates to improve security and performance. You can see the regularity of releases and find out which is the latest version on WordPress.org.
People who are new to WordPress often worry that updating their software or plugins will ‘break’ their website. But updates can be actually made without too much stress or difficulty.
automatic updates
As long as you have WordPress 3.7 or later, you can apply automatic updates for small releases. This means that these updates are made in the background as needed, without you having to do anything at all.
By default, all WordPress sites have automatic updates enabled for minor core releases. Alternatively, automatic updates can be configured by defining constants in wp-config.php.
To do this, simply go to the WP_AUTO_UPDATE_CORE constant and select a value of ‘minor’, to enable all minor updates:
define( ‘WP_AUTO_UPDATE_CORE’, minor );
As updates will not work automatically for major releases, you’ll still need to make these updates manually. This is beneficial as it ensures that you’re aware when your site undergoes major updates and can therefore check your site is still working afterwards (as risks of problems are far more likely with larger updates).
manual updates
Before making any major/manual updates to WordPress core, make sure to back up your site. This means that you’ll be able to reinstate your website if case there are any problems. We explain more about how to back up your WordPress site below.
When a new version of WordPress is available and manual updating is required, you’ll see an update message on your WordPress dashboard. To update WordPress, just click the link in this message, or go to ‘Updates’ in the left hand menu.
WordPress offers a one-click update system. Once you are on the ‘Update WordPress’ page, just click the ‘Update Now’ button. Your site will still be functional for users/visitors while the update is taking place, but you won’t be able to install any new plugins or themes.
When the WordPress update is complete, you’ll usually be directed to a welcome screen, and you may be given information about the features and benefits of the new release. We also recommend you give your site a quick check-over to make sure everything is working correctly.
One-click updates work for most websites. But if this fails, or if you just want to get more involved in the technical nitty-gritty, then you can follow this two-stage manual update process:
1. Replacing your WordPress files
Firstly, get the latest WordPress version software as a zip file. Then deactivate all of your plugins.
Next, you’ll need to remove the old wp-includes and wp-admin directories, and then replace these with the new wp-includes and wp-admin directories. This can be done using FTP or shell access.
Then, upload the individual files from the new wp-content folder to your existing wp-content folder, allowing them to overwrite any old/duplicate files. Make sure NOT to delete your existing wp-content folder or non-updated files – you are NOT replacing your entire wp-content directory but rather just overwriting the specific software files that have been updated.
Next, upload all new loose files from the new version’s root directory to your existing WordPress root directory. It may also be worth looking at the wp-config-sample.php file, to see if there are any new settings that you want to implement in your current wp-config.php.
Finally for this stage, you’ll need to remove the .maintenance file from your WordPress directory using FTP.
2. Updating your website
Now it’s time to go to your WordPress dashboard (at /wp-admin). If a database upgrade is necessary at this point, WordPress will detect it and give you a button to click (‘Update WordPress Database’) with specific instructions to follow.
This will update your database and ensure it’s compatible with the latest WordPress version. After this, clear your cache to make all changes go live. Lastly, reactivate your plugins.
Finally, you can celebrate! Your WordPress site has now been updated.
We recommend you give your website a good check-over to make sure everything is working correctly. If you have issues logging in or displaying your updated site, try clearing your browser cookies.
updating WordPress plugins & themes
Just as WordPress core software needs regular updates to stay secure and performing optimally, so too do all of your plugins and themes.
When a new plugin or theme update is available, you’ll see a message on your WordPress dashboard. To update, just click the message button, or go to ‘updates’ in the left hand menu.
All of your plugins and themes with available updates will be listed. Select the ones you want to update (ideally all of them!) and then click the ‘Update Plugins’ and/or ‘Update Themes’ button.
If it’s a major update, you’re updating a very old version of a plugin, or you’re updating the parent theme when a child theme has been implemented, it’s advisable to backup your site before updating. We explain all about backing up below. You should also check your site is still working correctly after making any updates.
As some plugins and themes have very frequent updates, it’s often worth setting up automatic updates so that you don’t have to keep checking and manually installing.
To do this, add the following code to your theme’s functions.php file:
add_filter( ‘auto_update_plugin’, ‘__return_true’ );
Similarly, to automatically update your themes, add the following code:
add_filter( ‘auto_update_theme’, ‘__return_true’ );
Alternatively, you can install and activate the Automatic Plugin Updates plugin. In that plugin’s settings, you can select which of your other plugins you want to be updated automatically.
Finally, it’s worth noting that if you update plugins/themes before updating the WordPress core, you might find that further updates become available once you’ve updated WordPress. This is because some plugin and theme updates are only available with a specific (newer) version of WordPress software.
how to backup a WordPress site
Remember that horrible feeling when a Word document crashes right before you saved your work? Imagine that happening with your whole website! Making sure a backup is in place means you can get your site up online again if disaster ever happens.
It’s vital to backup your WordPress website regularly, and always before making an upgrade or adding anything new (such as a plugin) to your site. This means making and storing a copy of your site’s files, content and information.
Then, if you get hacked, infected with a virus or encounter any kind of problem that causes your site to stop working, you can reinstate the backup version.
Site backups are essential because often problems are outside of your control or unexpected – and they inevitably happen at some point. Without a backup, you could potentially lose everything you have ever written, added or designed on your site.
how often to backup on WordPress
There’s no hard and fast rule about how often you should backup your WordPress site. It depends on how often you make changes, such as adding blogs or updating content.
The more regularly you backup then generally the less data you’ll lose if your site ever crashes or gets infected. If you have to reinstate your website from a backup, you’ll lose any changes/additions since the backup was made.
While your site is being backed-up, your site speed is likely to be reduced (see our section on ‘WordPress speed optimisation’ below). So you should schedule backups to take place during low-traffic periods, such as at 3am, to reduce any impact on user experience.
It’s a good idea to keep at least three recent backups and store them in different locations (such as on the server, different computers, cloud accounts or hard drives). This provides the added security of ensuring your site can still be reinstated even if one of your backups becomes corrupted or fails.
backing-up your WordPress site
Please note that these are guidelines only, as how to backup your site depends on the type of hosting you have. We recommend speaking to your hosting provider before getting started.
Backing-up your WordPress site means backing-up both your website files and your database. We’ll explain both.
Your WordPress site files consist of WordPress core, plugins, themes, images, code files (such as JavaScript), and any additional files. These elements are always used – in varied combinations – to create the look, design and layout of your website.
On the other hand, your database contains all the information, blog posts and other content that is unique to your site. Both website files and database are essential components of your site, and both need to be backed-up.
1. Backing-up WordPress files
There are a two main options for backing-up your WordPress website files. You can:
- Copy files directly to your computer using FTP or shell access – make sure to store them in different locations (such as on your desktop / external hard drive)
- Or, get a copy of your files from your hosting provider via Camel or whatever interface your hosting company uses
2. Backing-up your database
To backup your WordPress site database, the easiest method is by accessing phpMyAdmin. This can be done through your hosting provider, or through a control panel / web tool.
Plesk: Go to the ‘Websites & Domains’ section and then click the ‘Open’ button next to the correct wp_database. Alternatively, you may need to choose ‘Select Existing Database’ if your database is not already configured.
Ensim: Click the MySQL Admin logo and then choose ‘MySQL Administration Tool’ under ‘Configuration’.
cPanel: Find the MySQL logo on your main control panel, and click through to MySQL Databases. Once there, you’ll find a phpMyAdmin link.
Direct Admin: find the ‘MySQL Management’ button on your account page and click it to access phpMyAdmin.
vDeck: Select ‘Host Manager’ and then ‘Databases’ in your control panel. In the next window, select ‘Admin’, and you will be directed to phpMyAdmin.
Once you’ve reached phpMyAdmin, click on ‘Databases’. Find the database that holds your WordPress data (the one you created when installing WordPress) and click on it. This will take you to the ‘Structure’ tab.
Next, click ‘Export’. If you choose the ‘Custom’ option, make sure to select all tables. Finally, click ‘Go’ to save the database to your computer. Once again, make sure you store copies of your database in different locations, such as on different computers or cloud accounts.
automatic backups
If you’d prefer not to have to remember to backup your website, there are lots of ways to make the process automatic. You can still choose how often backups are made, for example, every evening, once a week or monthly.
Firstly, speak to your WordPress web development agency – does their service include backups? A good agency should be able to ensure you have regular website backups and help you reinstate your site quickly from a backup if the worst ever happens.
Secondly, try contacting your hosting provider. Many hosting companies complete full, daily backups of WordPress sites. The only problem can be that it sometimes takes time to request a backup copy of your site. So if this is ever needed, you might be left temporarily without a website.
Finally, you can manage automatic backups of your WordPress database yourself with a backup plugin. There are numerous options but we recommend UpdraftPlus as a free, reliable and highly-rated plugin.
With UpdraftPlus, you can schedule backups as often as every four hours. Data is saved automatically to a wide range of location options, including Dropbox and Google Drive. You can also make a backup manually using the plugin whenever you like, as well as quickly and easily restore your site from a backup.
optimising WordPress images & content
The whole of this guide is about optimising your WordPress website – and that’s simply not possible without optimising your images and content too!
Optimising WordPress content and imagery has benefits for countless other areas of website performance, including improving speed, boosting search engine rankings, giving visitors the best possible user experience, and improving mobile friendliness.
So read on and we’ll explain exactly how to get your imagery and other content in tip-top shape. We’ll also explore caching, which allows your content to be ‘remembered’ so that your website loads more quickly.
how to optimise WordPress images, videos & multimedia
We’ve focused our advice here on optimising imagery, but most of it will apply to videos, audio files and other multimedia too. Follow the below steps to optimise your WordPress website.
1. Edit size & format before uploading
Different images on your site will display in different shapes and sizes – some are likely to be wide and/or detailed, whereas others might be tiny icons.
It’s a good idea to work out where you’ll be using your image, and how it will be displayed, before uploading it to your site. Knowing this means you can edit your image to suit its setting.
Generally, the smaller the file size, the better – as this means less loading time for users. Images and other multimedia are often created in large, high-grade sizes by default, but they can be compressed substantially for the web without noticeable loss of quality.
It’s a good idea to use a tool such as Photoshop, Pixlr or Resize Image to crop, edit and shrink your images. It’s also worth considering, and sometimes changing, what file type you use. For example, a jpg image is typically smaller than a png, but jpgs can’t support transparent backgrounds.
If you’re using an online photo library, it’s often possible to select which size and format of image you need before downloading. We recommend Pixabay, which has loads of free pictures and videos available in a range of sizes.
2. Add image optimisation plugins
To compress images further – and maximise your site’s speed further – you can install an image optimisation plugin, such as Smush.
As well as compressing images, Smush has several other handy image optimisation features. For example, it allows you to locate specific images that are slowing down your site, and has a lazy loading feature which delays the loading of images below your website’s ‘fold’ until users scroll down.
For mobile image optimisation, we also recommend adding the WebP Express plugin. This re-encodes images into webp versions which load super-rapidly on most mobile browsers. We explain more in our ‘Optimising WordPress for mobile’ section below.
3. Update alt text
Your image’s alt text is key in terms of both SEO and web accessibility. Make sure to use descriptive language and include keywords, where relevant, to help users and search engines understand your images.
You can add alt text to existing images by going to your Media Library. This is accessed via your WordPress dashboard, in Media > Library. Once there, simply click on any image, and fill out the ‘Alternative Text’ box with a description of what’s in the image. The alt text box also appears and should be filled in whenever you upload an image.
4. Use CSS Sprites
Another handy tool, where you have decorative images, is CSS Sprites. This can be used to combine multiple images into a single image, thus making your website simpler and quicker to load.
Bear in mind that CSS Sprites is only useful for images that are not important for brand or SEO purposes, as you lose the individual image files and alt tags when combining images.
You can create CSS Sprites images for free using this CSS Sprite generator. These images then need to be added to your site as CSS background images.
4. Check your logo & favicon
Have you checked the quality and size of your website’s logo and favicon? These images are important parts of your brand and website identity.
First, check your website logo – is it displaying correctly on your homepage and across the rest of your WordPress site? Is it the right size and shape? Does it work well across different screen sizes and browser types?
Secondly, have a look at your favicon. This is the small, iconic image that represents your website in web browser tabs and bookmark lists (like the multicoloured G for Google below).
Your favicon should be a square version of either your logo or another image that works in small format to represent your site. It needs to be at least 512 x 512 pixels in size.
You can check and update your favicon by going to Appearance > Customise and then selecting ‘General Settings’ and ‘Site Identity’.
6. Clear out your WordPress Media Library
Whenever you upload an image or file to your Media Library, WordPress makes several copies for different purposes. Certain plugins or themes may also duplicate image or media files for their functions.
As your Media Library grows, so too does the size of your site – meaning that it takes up more space on your server, may be slower to load for users, and will take longer to backup.
Having a clear-out of your Media Library, to get rid of any duplicate and unused image files, is therefore a great idea and we recommend doing it periodically. But before you do this, make sure to backup your site – just in case you accidentally delete anything important!
From the WordPress dashboard, go to your Media Library. To delete a single image, click it and then select the ‘Delete Permanently’ option in red at the bottom of the screen. You’ll also need to click ‘OK’ in the popup message.
Alternatively, you can delete images in bulk. This is a quicker option if there are a lot of items you don’t need.
To do this, click ‘Bulk Select’ at the top of the Media Library page. Then tick any images you’d like to remove, and click ‘Delete Selected’. Once again, you’ll need to select ‘OK’ in the popup to complete the process.
7. Check for unoptimised images
Finally, if you check your site’s performance with GTmetrix, you’ll be able to see if there are any unoptimised images still remaining on your site. We explain more about GTmetrix and how to improve your site’s speed below.
If you find any unoptimised images, try resizing, reuploading and optimising them using the steps above.
how to optimise WordPress text content
In this section, we focus on how to optimise your written WordPress content, such as blogs and webpages. Here are our top tips…
Add keywords: Make sure your text includes keywords and phrases that are relevant to your content and will help users find your site on search engines. See our SEO section below for more information.
Include links: Keep users reading and engaged by directing them to other relevant sources of information. You can do this by linking to your social media profiles or other blogs/pages on your site.
You may also choose to add links to external website resources and articles, but bear in mind that these should be used sparingly as they direct people away from your site.
Publish regularly: Producing relevant content not only keeps your existing audience engaged, but also enables you to reach new people and enhance your company’s search engine profile.
By adding content regularly, you signal to both users and search engines that your website is ‘alive’, current and fresh. It can be helpful to make a content plan and schedule blog posts in advance.
Display beautifully: High-quality written content needs to be laid out effectively to maximise engagement. Choosing clear language, using headings, having short paragraphs and adding imagery are all great ways to help people skim your content and find what’s relevant and useful for them.
Don’t be afraid to go bright and bold – researchers have found that coloured visuals increase people’s willingness to read by a massive 80%! Check how your content is displayed – are you using white space, headings and imagery effectively to maximise appeal and readability?
Monitor comments: Most WordPress themes allow your site visitors to add their own written responses to your blog posts and web pages. Whenever such a comment is submitted, it’s held in moderation for you to check and approve or delete.
You should check the ‘Comments’ section of your WordPress dashboard regularly to delete any spam and publish and reply to useful comments or feedback.
Check analytics: Finally, keep an eye on your analytics data (see our section on adding Google Analytics to your website below). You can use this data to find out which blogs and pages on your site are most popular, and then create similar content to encourage further engagement.
the importance of caching
In simple terms, caching means storing your website data in a temporary storage space called a cache. This involves creating a snapshot of your website pages and files when they are displayed for the first time, and then caching this locally so it can be used again on the next visit.
This process is all about speeding up the loading time of your website. By ‘remembering’ what was displayed on your website last time, your site’s files and information don’t have to be downloaded again from your server. Thus, your site is displayed more quickly to users.
The main type of caching is browser caching. This is where a browser, such as Internet Explorer or Google Chrome, holds the most recently downloaded webpages in its cache.
To enable browser caching on your site, the easiest way is to install a plugin such as W3 Total Cache or Cache Enabler. You can select the type of caching, and which webpages are cached, in the plugin’s setting.
For very high traffic sites, enabling server caching is also a good idea. Speak to your hosting provider for more information about this.
how to add Google Analytics to WordPress
Tracking users is vital to understand who visits your site, how your website is navigated/used and what is (and isn’t) working. This information helps you appreciate your users’ behaviours and needs, and enables you to optimise your website and boost results.
We’ll explain exactly why you should add Google Analytics (and/or Google Tag Manager) to your WordPress site, and show how to do it – either with or without a plugin. All you need to do is make sure that you set up a Google Analytics account first.
why add Google Analytics
With website analytics, you can base decisions about updating and improving your website on real data, thus maximising your chances of success.
Google Analytics collects and analyses an extensive range of website data – and it’s completely free!
Google Analytics provides you with information including:
- When people are visiting your site
- The most popular pages
- How long people spend on your site
- Which devices/browsers are used to view your site
- How your traffic varies over time
- Demographical information about your users
- How people find your site (eg. through social media, Google search or paid advertising)
Ultimately, collecting and using this information to make data-driven decisions gives you the best chance to increase your website’s traffic and engagement – and therefore to reach your digital goals.
adding Google Analytics with a plugin
Generally, the quickest and easiest way to track your WordPress website data with Google Analytics is by installing a plugin. This method also ensures data is always being collected, even if you change your site’s design or theme.
MonsterInsights is by far the most popular Google Analytics plugin, with more than a million websites using it. It’s free, with a paid version if you want additional features such as tracking e-commerce sales and monitoring paid ad conversions.
Remember, as always, to backup your site before installing a plugin. This will ensure you can reinstate your site easily in case of any problems.
Once you’ve installed MonsterInsights, you’ll find a new item, ‘Insights’, in your WordPress admin menu. Click on this to start the setup wizard, and then follow the instructions to connect MonsterInsights with your Google Analytics account. You’ll also need to select your preferred settings – the default option is suitable for most websites.
When this has been done, Google Analytics is installed on your website! You can go to Insights > Reports at any time to see your data, though bear in mind that it will take a while before any meaningful stats are collected.
adding Google Analytics without a plugin
If you prefer not to install a plugin, you can add Google Analytics tracking code manually to your website instead. Make sure to backup your site first – just in case you encounter any issues.
To set up manual Google Analytics tracking, you’ll need to log into your Google Analytics account. Once there, click on ‘Admin’, then ‘Tracking Info’, and then ‘Tracking Code’. Under ‘Website Tracking’, there will be a box containing your Global Site Tag (gtag.js) – just select and copy this code.
Now, return to your WordPress dashboard and go to your header.php file. Paste the tracking code immediately after the <body> tag, right before the closing </head> tag, and click ‘Update File’.
Google Analytics will now be tracking your website data. You can view this information at any time by going back to your Google Analytics dashboard.
adding Google Tag Manager to WordPress
If you’re happy with your Google Analytics installation as above, or you’re a WordPress beginner, then you might want to ignore this section. But if you’re a more advanced WordPress user or want to be able to track even more website data, then read on.
Google Tag Manager (GTM) is free Google software that allows you to install multiple code/tags on your WordPress site. These include Google Analytics tracking as well as a wide range of other tags, such as from Google Ads and other platforms.
Google Tag Manager enables you to add, store and manage all of these different tracking and analytical tags in a single dashboard. It also lets you test whether your tags are working correctly.
Please note that GTM is not a substitute for Google Analytics – it’s simply a different way of adding Google Analytics to your site.
To set things up, go to Google Tag Manager and sign up with the same account as you use for Google Analytics. You’ll then need to provide a name for your account and setup a ‘Container’, which should be your website address.
Once your GTM account is created, it’s time to choose a tag product. We’ll guide you through the process of adding Google Analytics, but of course you can always add additional or alternative items through GTM if desired.
Once you’ve chosen Google Analytics, you’ll need to select ‘Universal Analytics’. You’ll then need to add your tracking ID, which can be found in your Google Analytics account, under ‘Admin’, then ‘Tracking Info’, then ‘Tracking code’. Copy this ID and paste it into the relevant box back on GTM.
Next, select ‘Page View’ under ‘Track Type’ and click ‘Continue’. Select ‘All Pages’ and then ‘Create Tag’. GTM will now show you the Google Analytics tracking code that needs to be placed on your WordPress site.
Copy this code and add it into your website’s header.php file, after the <body> tag and before the </head> tag. Finally, click ‘Update File’ and you’re done!
WordPress analytics & GDPR compliance
In order to comply with General Data Protection Regulation (GDPR) laws, it’s important to ensure your WordPress site users agree to be tracked before any analytics code is loaded.
You can ask users for permission by installing a cookie notice plugin. We recommend Cookie Notice for GDPR & CCPA – it’s the plugin we use on the Pedalo site.
Your cookie notice plugin will produce a popup message linking to your privacy policy and asking users whether they consent to cookies. Google Analytics will then only be loaded if tracking permission is given.
how to improve WordPress SEO
Search Engine Optimisation (SEO) is the process of optimising your website so that it’s displayed higher up on search engine results pages.
WordPress is naturally well-optimised for search engines, so simply having a WordPress site is a great start. As long as your website has relevant and high-quality content, it’s likely to perform reasonably well in attracting organic traffic.
But of course, there’s much more you can do to get your site indexed and displayed ahead of the competition!
There are countless factors that impact on SEO, so we recommend following all the sections within this guide to optimise your site fully and maximise search engine performance. Here, however, we share some specific SEO tips and advice for WordPress.
why is SEO important?
Most people find online content through search engines like Google and Bing. They enter a search query, and then the search engine finds and displays a list of relevant webpages to match that query.
Ensuring your website is known to and displayed by search engines is therefore vital in attracting people to your website. Generally, the higher up your website is on the search engine results page, the more click-throughs and traffic you will get. Traffic coming to your site from search engines is called organic traffic.
Search engines use complex algorithms to understand and rank pages in their search results, using a wide range of factors to decide which content is most relevant and useful for a particular query.
You need to optimise your website for search engines to help them understand what your content is about and rank it as valuable and high-quality. This will ensure you appear as high-up as possible on search engine results pages and therefore maximise the chance of users seeing and clicking onto your website.
understanding & choosing keywords
Keywords are the main topics, words and/or phrases that your website is about. They should align with the things that your target audience is searching for on search engines. For example, if you run a cupcake bakery and want to sell cakes through your website, your keywords might include ‘cupcake bakery’ or ‘order cupcakes online’.
The keywords you choose to target will determine which search engine results pages you appear on, and therefore who comes to your site.
Many beginners just guess their keywords, but doing keyword research means you can find out exactly what words and phrases users are entering into search engines. It can also show which keywords are most popular and therefore most likely to bring more people to your site, although less popular keywords may also be useful to target as they generally have less competition.
There are loads of free (and paid) keyword research tools – we recommend Moz’s Keyword Explorer and Google’s Keyword Planner (you need a Google Ads account for this one).
To start with, think of a few simple words or phrases to describe your website and its purpose. Type these into your keyword research tool to find out their search volumes and discover other, similar phrases that users are searching for.
Ultimately, you should aim to create a list of 5-10 main keywords that your website is targeting. You should then prioritise these words and phrases in your content, metadata and other information used by search engines.
installing a WordPress SEO plugin
To optimise your WordPress site’s SEO, it’s imperative to install an SEO plugin.
We highly recommend Yoast, a free plugin (with paid premium version) which allows you to optimise your pages for particular keywords, write specific information for search engine results pages, and much more. You’ll need to have Yoast installed to action most of the rest of our WordPress SEO advice.
Once you’ve added Yoast, ‘SEO’ will appear as a menu item on the left-hand side of your WordPress dashboard. You’ll need to click on this, and then ‘General’, to get the plugin set-up and working correctly.
Firstly, make sure to complete the general configuration information for your website. Then go back to ‘SEO’ in the sidebar menu and select ‘Search Appearance’. Under the ‘General’ tab, add your organisation’s name and logo.
Next, go to the ‘Content Types’ tab to choose your default settings for SEO titles and meta descriptions. We explain more about this below, but basically, it’s the data that appears on search engine results pages.
For optimum results, you’ll need to create bespoke SEO titles and meta descriptions for every page and post on your site, but it’s a good idea to set a default option to ensure this information is always completed in case you ever forget.
For your default SEO title, it’s a good idea to have something like ‘Title + Separator + Site Title’. This will therefore display your webpage or post’s title, a separator (such as | or -) and your site’s overall name.
Your default meta description should also include the page title, embedded into a short sentence or two which entices people to click on your page. For example, your meta description could be ‘Our latest blog about ‘Title’. Contact us now for more information’. Make sure to complete these default details for posts, pages and any other content type you have listed in this tab.
Now that the Yoast basics have been set up, you can go back to your dashboard and view your pages (Pages > All Pages). You’ll see that your list has a new SEO column of coloured dots on the right-hand side. These dots indicate the SEO performance for each page:
- Red = poor SEO performance
- Green = good SEO performance
- Orange = room for SEO improvement
- Grey = no SEO information available (for example, where no keyword has been set)
Using these dots gives a clear indication of which pages you should prioritise and focus on for SEO improvements. You should also check the list of SEO dots for posts (Posts > All Posts) and any other content types you have.
To optimise SEO for the individual pages/posts, click on the relevant item and go to the Yoast SEO toolbox underneath the page’s text. There, you can enter a focus keyphrase for the page, see and edit the search engine results information, and view Yoast’s analysis of what is working well and what needs improvement.
We cover SEO improvements in more detail in our WordPress SEO best practices section below.
getting familiar with Google Search Console
Google Search Console is a set of free tools and reports provided by Google to help you measure and increase your website’s organic traffic and performance.
You can use Google Search Console to find out what search terms people are using to find your website, how often your pages are clicked and more. It also highlights and helps you fix website errors impacting SEO.
If you’re not already registered with Google Search Console, you’ll need to add and verify your site before you can see any data. To do this, create a Search Console account, enter the URL of your website and click ‘Add Property’.
Then go to your Search Console dashboard, select ‘Manage Property’, and ‘Verify this site’. To verify with Yoast, you’ll need to select the HTML tag option and copy the tag data.
Go back to your WordPress dashboard, go to SEO > General and then select the ‘Webmaster tools’ tab. In the Google verification code box, paste the HTML tag data, and click ‘Save changes’. You then just need to go back to Google Search Console and click ‘Verify’.
We recommend checking your Google Search Console profile regularly to gain insights and measure your SEO progress.
WordPress SEO best practices
Now that you’ve got an SEO plugin installed, Google Search Console set-up and your main keywords selected, it’s time to look at the specific actions you can take on your site to maximise search engine performance.
We share our top 12 tips below, but there are also four other SEO factors we haven’t included here, which are maximising your website’s speed, optimising imagery, having robust site security, and ensuring your site is mobile friendly.
These are so important for WordPress website optimisation that they all have their own sections in this guide. So, make sure to check out those sections after reading and following our advice below.
1. Check your visibility settings
WordPress gives you the choice about whether or not to make your site visible to search engines. You might want it to be hidden from search engines while you’re creating it, or if it’s just for sharing information with a small, specific group of people (such as a website showing match dates for local cricket team members).
But if you’re reading this, then we can safely assume you want your site to be indexed and displayed by search engines. So, it’s worth checking that your WordPress site visibility settings are correct.
To do this, go to Settings > Reading. Make sure that the ‘Discourage search engines from indexing this site’ box is NOT ticked. If you need to make any changes, such as unticking the box, make sure to click ‘Save Changes’.
2. Optimise URLs
Your webpage URLs are part of the information used by search engines to understand and rank your content. Effective URLs, containing keywords and/or other relevant words/phrases, give you a better chance of performing well in search results.
You can check your default URL structure in Settings > Permalinks. Make sure you have selected the ‘Post name’ option. This means that the words in the title of your posts and pages will be used to create your URLs, which is far more effective than having numbers or dates.
You can also change individual page URLs to match your keywords by going into the back-end of each page, finding the ‘Permalink’ underneath the title box, and clicking ‘Edit’.
If you change any URLs, make sure to set up redirects so that users who click on the old URL are redirected to the new, correct URL. You can do this with the WordPress Redirection plugin.
Once you’ve installed the plugin, go to Tools > Redirection on your WordPress dashboard. Click ‘Add New’ and then fill out the Source URL box with the old weblink, and the Target URL box with the new link. You’ll need to do this individually for all changed URLs.
3. Check themes & plugins
Most modern WordPress themes and plugins are SEO-friendly, but it’s always worth checking. The three key things to consider in terms of search engine performance for themes and plugins are:
- Mobile-friendliness / responsivity: With Google increasingly prioritising mobile-friendly sites in its algorithms, having responsive and/or mobile-optimised themes and plugins is vital. In fact, mobile friendliness is so important for WordPress website optimisation that we’ve included a whole section about it below.
- Weight / usefulness: Are your plugins fit for purpose, or do they contain excess code and scripts that you don’t need? Are you using all of your plugins or do you have extra ones that could be deleted? The more plugins and theme code you have on your site, the slower your site will be to load. With speed an important SEO factor, it’s worth sticking to the most light-weight and useful plugins and themes and deleting anything that’s overly heavy or non-essential.
- Security: Check your plugins are up-to-date and patched for security weaknesses. If your website is deemed vulnerable to hacking or viruses, it will not be ranked as highly by search engines. We explain all about updating plugins and themes in the ‘Updating WordPress’ section above.
4. Enhance site structure
The structure of your website shows both users and search engines which webpages are the most important. These ‘important’ pages should be easy to find, with lots of links to them across your site – for example, in your menu, in your footer, from blog articles, and on your homepage.
To optimise site structure, think about how your website is organised and how content is grouped and presented. It’s advisable to have a limited number of main pages as ‘header’ items with other, related, less-important content nestled underneath. This may involve moving your pages around until you find a logical and strategic structure.
Having a great structure helps users navigate your site and also ensures search engines understand your content and prioritise the key pages. Our other tips below, on sitemaps, adding links, using blog categories and including breadcrumbs will also enhance how search engines understand and index your webpages.
5. Add an XML sitemap
An XML sitemap is a list of your website pages used by search engines to crawl your site. By giving an overview of your site content and structure, it helps search engines find and rank all of your pages.
With the Yoast plugin, an XML sitemap is automatically created for you. To find it, you just need to add /sitemap_index.xml to the end of your website’s URL eg. https://www.pedalo.co.uk/sitemap_index.xml.
To submit your sitemap to Google, go to your Google Search Console profile. Click on ‘Sitemaps’ in the left-hand menu and add the sitemap URLs for the different types of content as provided by Yoast. Then click on ‘Submit’.
Google will now check your sitemap and use it for indexing. After a few hours, you’ll be able to check your sitemap stats on your Search Console profile – these include the number of links in your sitemap and whether any errors have been found.
6. Create great, regular content
Producing high-quality, relevant content provides more pages for search engines to index and display in their search results. Adding content regularly is also an important SEO signal that your site is active and has new and interesting things to offer.
Every time you create a new piece of content (or even edit and update existing content), search engines visit and crawl your site, thereby giving you the chance to increase your SEO rankings and rank for more keywords. Google loves content – leading to many website-owners now saying that ‘content is king’ when it comes to SEO.
To maximise the SEO benefits of your content, we recommend the following:
- Write high-quality content that is relevant to your organisation and will interest your target audience
- Use punchy headlines to maximise appeal
- Make your content easy to read with short paragraphs, lists, bullet points and bold/italic fonts
- Use sub-headings (H1, H2 etc) to indicate the focus for different sections
- Include lots of keywords (and related phrases) that are relevant to your topic
- Avoid keyword-stuffing – in other words, don’t include irrelevant keywords and ensure keywords used don’t undermine readability
- Include imagery, infographics or other visuals
The better your content, the longer users will stay on your webpage, which is not only good for you and your organisation, but also yet another search engine ranking factor. So, it’s well worth investing in producing great content and publishing regularly.
7. Add SEO titles & meta descriptions
Search engines display a limited amount of information on their results pages – a bit like a ‘teaser’ for the webpage being listed. For example, here’s how Pedalo is listed on Google:
At the top is the SEO title, then the URL, and then the meta description for the page. This information should be optimised to explain what’s on your website and encourage people to click-through.
We’ve already covered setting default SEO titles and meta descriptions. But for maximum SEO benefit, you should write individual title tags and meta descriptions for every page and post on your site.
Your SEO title should explain what your page is about clearly and concisely. It should also include the main keyword you’re targeting for that page. Google is only able to display the first 50-60 characters for title tags, so try to stick to this limit.
Your meta description is a snippet of 150-160 characters which should summarise your page’s content and encourage people to click through. Again, this should include your main keyword and be clear and concise.
You can update both SEO title and meta description in the Yoast SEO toolbox, which is found underneath each page or post’s text in the back-end. Yoast also helpfully highlights when your SEO snippet is too long (or too short!) so you don’t have to count the characters yourself.
8. Use categories & tags
WordPress allows you to sort and organise your posts and pages with categories and tags. This is beneficial both for users to find relevant content and also for search engines to understand and index what’s on your website.
Categories should cover broad themes or groups of content, whereas tags should be used for more specific keywords related to individual posts or pages. For example, a blog reviewing a recent film might have ‘movie’ and ‘review’ as its categories, with the specific film title and lead actor names as tags.
It’s easy to add categories and tags to blog posts. Simply go to Posts > Categories in your WordPress dashboard to add a category. It’s also a good idea to set a ‘slug’, a URL-friendly version of the category name which will become the category’s unique weblink. Then, go to any blog posts you want to include in this category, and simply tick the relevant category box.
Tags are added in the same way by going to Posts > Tags. You can also add tags using the ‘Tags’ box in the back-end of individual blog posts.
To add categories and tags to your WordPress site pages, you’ll need to install a plugin such as Add Category to Pages. Once you’ve installed this, you’ll find the ‘Categories’ and ‘Tags’ menu options appear under ‘Pages’ in your WordPress dashboard. Categories and tags can then be added for pages in the same way as for blogs.
9. Add breadcrumbs
Remember Hansel and Gretel leaving a trail of breadcrumbs in the woods so they could find their way back home?
Breadcrumbs on websites have exactly the same function – showing the path that has been taken to get to a particular page. They also help users and search engines understand the structure of your site and navigate back to your homepage or a higher-level page as needed.
Breadcrumbs are certainly useful for SEO, but not everyone likes the aesthetics of displaying them on their website. If you do choose to activate them, the ‘path’ to get to a page will be visible – for example, for this article, the breadcrumbs would be Pedalo homepage > Latest > WordPress Website Optimisation [Ultimate 2020 Guide].
To activate breadcrumbs with Yoast, go to SEO > Search appearance on your WordPress dashboard. Select the ‘Breadcrumbs’ tab and click ‘Enabled’. You can then select how you’d like your breadcrumbs to appear by choosing a separator and homepage anchor text.
Bear in mind that in order for this to work, your WordPress theme will need to support breadcrumbs. If you find that breadcrumbs are still not activated after enabling them with Yoast, then contact your WordPress agency for assistance.
10. Include links
By including links to other webpages, not only do you keep users reading and engaged but you also help search engines find and understand your content.
There are two types of links you can include. Internal links are to other blogs or pages on your site, whereas external links are to other websites. Both types of links can be displayed in different ways – for example, as text, images or buttons.
Internal links connect your content and help users and search engines navigate around your site. They indicate to search engines which pages are most important, as they’ll have more internal links pointing towards them.
They also help keep users reading and enjoying your content, meaning they stay on your site for longer – and the more time people spend on your site, the better for SEO. So, whenever you’re creating content, you should make sure to add plenty of internal links to other relevant pages.
External (or outbound) links are helpful to direct users to other sources of relevant information, such as social media profiles or related articles.
They tell search engines that the external content is similar to yours and may also encourage other websites to link back to you (see tip 12 on backlinks below). But bear in mind that external links should be used sparingly as they direct users away from your site.
11. Repair broken links
A broken link is a link to a webpage that doesn’t work. If a user types in or clicks on the link, they will be directed to a 404 page or error message.
Links may be broken for a variety of reasons, but usually it’s because the URL has been changed or the webpage has been removed without a redirect being set up (redirects are explained in point 2 above).
Broken links cause frustration to website users who can’t find what they need, and they may then choose to exit your site. They also affect SEO – with broken links acting as a negative signal to search engines.
You can check your website for broken links with a multitude of free online tools, such as Dr Link Check. If you have any broken links, you should then go to the relevant page and update or remove the link. We recommend checking for broken links regularly.
It’s also advisable to set up a 404 error page, to be shown to users when the URL they’re trying to reach can’t be found. A friendly (or funny) 404 message helps reduce users’ frustration and encourages them to keep browsing your site. You can create a custom 404 page for your WordPress site with the 404page plugin.
12. Get backlinks
Finally, another key signal to search engines that your website is high-quality – and therefore worth showing high-up on results pages – is backlinks.
These are links to your site from other websites; they act like personal recommendations that your site is interesting and worth reading. The best backlinks are from websites that are trustworthy, relevant to your site, and themselves highly regarded by search engines.
There are countless ways to get backlinks and this is a whole specialised SEO area in itself. But the top way is simply by creating great content.
If you produce amazing, original content, other websites will want to share it with their users by linking to it. You just need to spread the word that your amazing content exists – by telling your existing audience, sharing on social media and maybe even emailing other sites that might find it interesting.
Other ways to get backlinks include writing guest blogs, adding your site to relevant directories, and getting news stories published about your organisation. For more information, we recommend reading Moz’s guide to link-building.
If you follow our advice and tips above, you’ll give your website the best possible chance of ranking well on search engines and gaining plenty of organic traffic.
optimising WordPress for local SEO
Lastly, we consider the importance of local SEO on your WordPress website. Local SEO is different to traditional SEO in that it aims to promote your organisation and website in terms of its physical location.
Local SEO is important if you want people to find your website when they’re searching “near me” or for a particular geographical location. Whilst all of what we’ve described above will help your local SEO, there are some additional things you can do:
Add your site to Google My Business: Google My Business is a free tool that lets you add your organisation to Google Maps and include useful information such as contact details and opening hours.
With users increasingly searching on maps and Google prioritising map listings in their search results, this is a vital way to ensure your organisation is indexed and displayed in local searches. Once you’re listed, you can optimise your profile for SEO by including keywords in your business description and asking people to leave a Google review.
Include local keywords and content: When you’re producing any website content, make sure to include local keywords, such as ‘London’ or ‘Westminster’. This will signal your location to search engines and help ensure you appear in relevant search results for these areas.
You may also want to write content tailored to your geographical area; for example, if you run a pet grooming salon in Pimlico, you could write a blog about the top places to walk dogs nearby.
Install a local SEO plugin: If you want to make things as simple as possible, you can install a plugin specifically for local SEO. This should optimise your website and Google My Business listing(s) for your location(s), so that your site is visible in relevant local search results. Yoast has a paid local SEO plugin which works well alongside the general Yoast SEO plugin.
WordPress speed optimisation
Having a fast-loading WordPress website is important for many, many reasons. Firstly, speed is an SEO ranking factor, with search engines like Google prioritising quicker sites.
Secondly, today’s users are impatient and have short attention spans; your content needs to load rapidly, or people will exit your site. In fact, research shows that sites that take longer than two seconds to load lose around half of site visitors straightaway!
Thirdly, even if people do stay on your site, speed will affect their engagement. Faster sites tend to get more page views, conversions and sales – making speed a key factor affecting your bottom line.
Read on and we’ll explain how to check your WordPress website’s speed and make adjustments to improve loading times.
checking your website speed
It’s a common misconception amongst WordPress beginners that a website that seems to load fast is actually fast. However, users who have not visited your site before or who are located in a different region may be having a totally different – and slow – experience.
It’s a good idea to check your website’s speed score and then try to improve that score by following our steps below. We recommend using GTmetrix – it’s a free, comprehensive speed and performance tool.
On GTmetrix, type your homepage URL in the box and click ‘Test your site’. Your performance report will include a PageSpeed score and YSlow score; make a note of both for future reference.
Next, scroll down to the tabs for PageSpeed and YSlow to find detailed recommendations for improving your site’s speed. Click on the small black arrow for any recommendations with a grade below A (100); this will give full details of what needs to be changed on your site.
There’s also a column on the far right for ‘Priority’, which gives you an idea which speed improvement recommendations should be actioned first. We’ll be explaining how to complete most of these speed optimisation tasks below.
We recommend running additional reports on GTmetrix for different browser locations. It’s also worth checking the speed of other key pages within your site – particularly popular content, pages you’re pushing traffic to, or places you’re selling products or seeking contact form conversions.
You can create a free account with GTmetrix which allows you to benchmark speed and schedule regular site checks.
Another speed tool worth checking is Google PageSpeed. It also gives your website a speed score and provides recommendations for improvements, though it’s less detailed than GTmetrix.
However, Google PageSpeed has the useful feature of separate tabs for mobile and desktop speed performance. If your speed score is substantially lower for mobile devices, then make sure to follow the advice in our ‘Optimising WordPress for mobile’ section below.
how to improve WordPress speed
We now explain the main reasons for slow website loading times and provide guidance to fix these issues and optimise speed.
1. Inadequate hosting
Web hosting is simply the storing your website’s files on a server. When your URL is requested, browsers then request these files from the server and convert them into a viewable website.
How quickly your site is displayed therefore depends on how quickly your hosting provider can process browser requests and hand over your files. It also depends on geographical location – the further the distance between your server and your user, the longer your website will take to load.
We explain the different types of hosting and how to choose a great hosting provider below. However, if you have users across different countries, it may be also be worth setting up a Content Delivery Network (CDN).
A CDN is basically a network of servers located around the world, thus reducing the distance your website files need to travel to reach users in different locations. You can find out all about CDNs, how they reduce website loading times, and whether your site needs one in this GTmetrix article.
The free Cloudflare plugin is one of the most popular CDN providers for WordPress. It also includes a range of other speed optimisation tools, so it may be worth installing whether you use the CDN option or not.
2. Non-optimised images
The larger the files on your site, the longer everything takes to load. Oversized images, in particular, are often to blame for slow website performance.
Fortunately, images and other multimedia can easily be resized and compressed for the web without noticeable loss of quality.
One of the easiest ways to optimise images is by installing the Smush plugin. Read our ‘Optimising WordPress images & content’ section above for further tips and suggestions.
3. Caching not enabled
Basically, caching involves storing your website data in a temporary, local storage space. This means that browsers can ‘remember’ what’s been displayed before and therefore don’t have to re-download all your site files from the server every time your site is needed.
Without caching, websites load much more slowly. But caching is easy to enable – just install a plugin such as Cache Enabler or W3 Total Cache.
4. Slow WordPress theme
Choosing a WordPress theme that is fit for purpose is vital for site speed and performance.
Ideally, you should choose a fast and lightweight theme that includes only the features you require. The more unnecessary features your theme has, the more items will need to be loaded every time your site is launched.
Features that are often not needed include sliders, parallax scripts, galleries and Google Fonts. If your theme includes lots of these extra features, try switching to a lighter-weight theme or contact your WordPress support agency to ask about disabling the surplus scripts.
5. Excess JS, HTML & CSS files
Almost all website speed tests recommend minifying Cascading Style Sheet (CSS), HTML and JavaScript (JS) files to improve your site speed. These files are typically used by developers to mark-up and add comments to your website code.
Minification simply means reducing the size of CSS, JS and HTML files, and removing any unnecessary code. This reduces your website’s load time whilst preserving the key information needed to display your site correctly.
Again, this website speed improvement can be done easily with a free plugin – we recommend installing Autoptimize or WP-Optimize.
6. Poor plugin performance
Plugins can slow down your site in various ways. If you have surplus plugins or multiple plugins for the same purpose (for example, two image optimisation plugins), then this will increase your site loading time. Similarly, if plugins are out of date or poorly coded, this can also have a significant effect on website speed.
WordPress beginners often think that fewer plugins equal a quicker site. But it’s not about the quantity of plugins – it’s the quality and usefulness of plugins that is most important.
We recommend running speed tests before and after installing any new plugins. This will give a good indication of the impact the plugin is having on your site speed.
You can also see how your website speed is currently affected by particular plugins by deactivating each one individually in the ‘Plugins’ section of your WordPress dashboard, and then running a speed test.
You should uninstall any plugins that are not needed or are slowing down your site substantially. There may be more appropriate and better performing plugins you can install instead – just browse on WordPress.org plugins.
It’s worth bearing in mind that even when you uninstall a plugin, data is often left behind in your database, which can still slow down your site. Luckily this can be solved by installing another plugin to clean things up! We explain more in point 7 below.
7. Overloaded database
The more you use WordPress, the more your database gets filled with files and information. As time goes on, you can end up with a database overloaded with unnecessary information that slows down your website’s performance.
It’s therefore advisable to clean-up your database regularly. You can do this automatically with a free plugin such as WP-Sweep or Advanced Database Cleaner. These will remove old drafts and revisions of content, spam and deleted comments, old plugin files, duplicated meta data and much more.
Alternatively, if you prefer to be more hands on, you can always manually clean-up your database through phpMyAdmin.
8. No GZIP compression
Another great way to make your website more lightweight and faster-loading is by using GZIP compression.
Without this, your website files are transferred from your server to users’ browsers at their full (and slow) size. With GZIP compression, compressed files are sent to browsers for them to ‘unzip’, thus increasing your site’s speed.
GZIP compression is easy to enable. It’s one of the functions of the WP-Optimize plugin we mentioned for minifying CSS files above, or you can install a separate plugin such as PageSpeed Ninja.
Alternatively, you can add the following code to your .htaccess file to enable GZIP compression:
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
9. Non-optimised background processes
Your WordPress website has a variety of background processes taking place to keep everything working correctly.
These include making site backups, publishing scheduled posts and cron jobs (which we’ll discuss in point 11 below). Search engines will also be regularly crawling and indexing your content.
Whilst most of these have a minimal effect on your website speed, the more processes taking place, the more chance they’re slowing down your website.
Backups take a up a lot of site bandwidth, so you should make sure that these are scheduled to take place during quieter, low-traffic periods (for example, during the night). We explain all about site backups in our ‘How to backup a WordPress site’ section above.
For search engine crawling, it’s a good idea to keep an eye on your site’s Google’s Crawl Stats Report. If this or any other background processes are causing speed problems, ask your WordPress support agency for assistance.
10. Too many redirects
Redirecting changed or deleted URLs to correct, live pages is important both for website SEO and user experience.
However, whenever you redirect a page, this increases the loading time. This can have an impact if you have chains of redirects, where one redirect directs to another (or multiple) redirect(s).
Therefore, it’s a good idea to keep an eye on your redirects and update any that aren’t going straight to the correct page. You can check your redirects and find any redirect chains with various online tools, such as Screaming Frog.
11. Excess Cron jobs
Cron jobs (WP-Cron) are scheduled, background, repetitive tasks needed to keep your WordPress site running. However, over time the number of Cron jobs can build up and reduce site speed and performance.
To disable WP-Cron, you can add the following text to your wp-config.php file, immediately before the line saying ‘That’s all, stop editing!’:
define(‘DISABLE_WP_CRON’, true);
Once this is done, you’ll need to set WP-Cron to run through your server. To do this, speak to your hosting provider or read this StackExchange article for more information.
optimising WordPress for mobile
Optimising your WordPress website for mobile is more important than ever, with the vast majority of internet traffic now coming from mobile and tablet devices.
Mobile and tablet screens are much smaller than desktop ones, so a responsive or mobile-friendly website makes it easier for users to read and engage with content. If mobile users have to wait ages for things to load or keep zooming in or scrolling sideways to read site text, then you’ll be providing a poor user experience and increasing the likelihood that users will exit your site.
Mobile optimisation is also a key factor in search engine rankings, with Google prioritising mobile-friendly sites and ranking them higher on search results pages. In fact, Google primarily uses the mobile version of sites for indexing and ranking.
Optimising your WordPress site for mobile can seem complicated, but it doesn’t have to be. We’ll guide you through how to check your site’s mobile friendliness and then show the best ways to improve your site’s functioning on mobile.
how to check mobile friendliness
There are two great, free tools you can use to check your WordPress site’s mobile friendliness. This information can then be used as a baseline to check against once you’ve optimised your site for mobile.
Firstly, this responsive test shows how your site appears across different screen sizes. This gives you an insight into what mobile users are encountering when they visit your website, and indicates whether or not your site is user-friendly on different devices.
Secondly, Google’s Mobile-Friendly Test looks at specific page URLs on your site and rates whether or not they’re mobile friendly. It’s a good idea to check your homepage status, but you should also run tests on other pages, such as any donation or e-commerce pages, or pages containing important information.
Bear in mind that whilst optimising your site for mobile is important, you should always ensure that your site displays correctly on desktop too. This will keep visitors happy across all devices – and hopefully keep them engaging with your site.
optimising WordPress web design for mobile
The simplest way to ensure your website design is mobile friendly is to use a responsive WordPress theme.
A responsive theme adapts your site content for multiple screen sizes, ensuring it’s displayed in the most appropriate/friendly way for each device. Any edits you make in one version of the site (for example, on the desktop version) will be automatically applied across all screen sizes.
Most modern WordPress themes are responsive, but it’s always worth checking. If your theme is custom-made or non-responsive for any other reason, then it’s advisable to contact your WordPress web development agency. They should be able to add responsive features to your existing theme so that you can keep your site’s look and feel, whilst also ensuring mobile and tablet compatibility.
Alternatively, certain plugins can help you create a mobile-friendly version of your WordPress site. However, using a plugin to make your site mobile-compatible is disadvantageous for two reasons. Firstly, it restricts your design capabilities/options on mobile, and secondly, it could stop working at any time, particularly if and when the WordPress core is updated.
If you still want to add a mobile plugin, then we recommend WP Touch. It automatically adds a simple, mobile theme for your mobile visitors – and it’s free and regularly updated.
optimising imagery & content for mobile
We discuss the importance of optimising your WordPress website content in more detail above. But for mobile, there are several specific issues to address when it comes to optimising content.
1. Reducing image sizes
The larger your images, the longer your WordPress site takes to load. This is particularly important on mobile, as mobile-users often both have slower internet connections (such as 3G or 4G) AND expect quicker results.
In fact, research has shown that half of users will leave a website that takes longer than two seconds to load. Fortunately, WordPress is good at optimising images itself, and automatically finds and uses the smallest version of your site images that are available on your server.
But you can go further than this and speed up your mobile image-loading even more. You can add an image optimisation plugin, such as Smush, which will compress your images without reducing quality. You can also manually shrink your images using Photoshop, Pixlr or another similar tool before you upload them to your site.
In addition, we recommend adding a plugin like WebP Express to re-encode images into rapidly-loading webp versions for suitable mobile browsers. 80% of mobile browsers can display such webp images, and these are usually only half the file size of their traditional jpg counterparts (without any loss of quality).
However, please note that that this plugin requires image compression software on your server, so you may need to discuss this with your hosting company before installing.
2. Keep graphics simple
Of course, you want your website to be exciting and visually-appealing. But the fancier the graphics, pop-ups and other features on your site, the longer everything takes to load.
This can lead to frustration for mobile visitors, who typically have less time – and patience – for waiting.
Think about your website’s key purpose, message and goals. What are you trying to say and what do you want users to do? Keep your text and graphics focused on this, and avoid complicating your site with excess imagery, elaborate designs and information that isn’t necessary.
Where needed, CSS tricks are the most mobile-friendly way to create fancy graphics. To do this, it’s a good idea to get tailored advice from your WordPress support agency.
3. Enable AMP
The Accelerated Mobile Pages (AMP) project aims to load webpages instantly. Although it started off as a feature just for mobile, AMP now works to load pages quicker across all devices, including desktop.
Once you enable AMP, search engines can display special, fast-loading AMP versions of your pages to users. This fast-loading is particularly beneficial for mobile users.
To enable AMP, you just need to add the free WordPress AMP plugin. This will automatically create AMP versions for all of your website pages. You can then find and view the AMP versions of specific pages by adding /amp to the end of any URL.
However, using this method gives you limited capacity to change and optimise the AMP page versions. If you want more flexibility, you can also install the Glue for Yoast SEO & AMP plugin. This works alongside the AMP and Yoast SEO plugins we’ve already discussed.
With the Glue plugin, you can edit the design of your AMP pages. Just go to the ‘Design’ tab within the plugin and customise your AMP pages as desired. You can also add specific Google Analytics tracking code to your AMP pages.
A word of warning though – we’ve found that AMP plugins are often incompatible with other WordPress themes, plugins and custom developments and can therefore cause major website problems. So make double-sure to backup your site before installing, and do thorough testing afterwards to ensure your site is still working correctly.
maximising WordPress security
Having adequate security protection is vital to ensure your WordPress site isn’t hacked or infected with malware.
Poor WordPress security could have a serious impact on your organisation, in terms of both reputation and income. Security breaches undermine user trust, may cause data (and GDPR law) violations, and could even result in you losing your website entirely.
Having good website security protection is also a key SEO factor, with Google both prioritising secure websites in its algorithms and blacklisting thousands of hacked and infected websites every day.
In exactly the same way as shop owners lock up and secure their physical shopfronts, your website needs to be protected and secured. In this section, we’ll guide you through the best ways to keep your WordPress site safe.
installing a security plugin
To protect your WordPress website, it’s essential to install a high-quality security plugin.
This will include a firewall to block malicious traffic from accessing your website and a malware scanner that regularly checks all your core files, themes and plugins for suspicious code and viruses.
We recommend Wordfence – it’s free, with premium upgrade options. Once installed, you’ll find ‘Wordfence’ appears in the left-hand menu of your WordPress dashboard. Click on this area regularly to access the latest security notifications for your site.
It’s a good idea to start with a manual security scan of your website. Go to Wordfence > Scan and click the ‘Start new scan’ button. How long the scan takes depends on various factors including the size of your website and your server speed.
Once the scan has been completed, Wordfence will list any malware, corrupted files and suspicious code that has been found and provide suggestions to fix these issues. It’s vital that you action these suggestions as soon as possible to get your site secure.
You may then want to browse the other sections within the Wordfence area of your dashboard to check the plugin’s settings and select what notifications you’d like to receive. For most sites, the default settings will provide excellent security protection.
However, for added security, it’s worth considering enabling extended protection in your firewall. Please note that this is a premium (paid) plugin feature.
Usually, Wordfence loads alongside your other plugins, which means it’s able to respond to most website threats. However, some viruses are clever enough to attack websites before plugins are loaded.
By changing to extended firewall protection, Wordfence loads first, before any of your other website files. This increases your security protection but may also reduce how quickly your site is displayed to users.
To select the extended firewall option, go to Wordfence > Firewall. The plugin will update your .htaccess file so that it now starts running before your WordPress core files.
Another great security plugin, with a range of additional benefits, is Cloudflare. It’s offers a simple, one-click set-up of WordPress optimised settings to improve site security and performance.
WordPress security best practices
Now that you’ve installed a security plugin and scanned for malware, we consider other WordPress best practices to maximise your website’s security.
1. Keep WordPress core and plugins updated
Most WordPress sites that are hacked have outdated software. It’s therefore vital to install updates regularly for both WordPress core files and plugins.
Updates patch any security vulnerabilities and improve plugin and software functionality and performance. Follow our ‘Updating WordPress’ section above for full details on how to install updates.
2. Use secure login details
Another common way that WordPress sites are hacked is via insecure login details and passwords. To avoid this, make sure not to use an obvious username such as ‘admin’. If you already have ‘admin’ as your username, then follow these WPBeginner instructions to change it.
It’s equally crucial to use strong passwords. These should be a random combination of letters (both upper and lower case, not including any dictionary words), combined with numbers and symbols. The longer the better too – aim for 12-14 characters for a really strong password.
Choosing strong passwords applies not only to your WordPress dashboard login but also to your custom email address login, FTP account, hosting account and anything else website-related. If you’re worried you’ll forget your strong passwords, then try using a password manager.
3. Transfer your site to HTTPS
If you don’t have an HTTPS website, as well as increasing security risks, you’re likely to be losing significant website traffic with Google both deprioritising non-HTTPS sites in its search results and displaying a ‘not secure’ warning to users who reach your site.
Fortunately, it’s very simple to transfer your site to HTTPS – all you need is an SSL (Secure Sockets Layer) certificate. Just go to Let’s Encrypt to get your certificate; it’s absolutely free.
Once this is activated, your website will use HTTPS (instead of HTTP) and display a padlock sign next to your URL. This prevents hackers from interfering with communications between your website and users’ browsers.
4. Choose high-quality hosting
All high-quality hosting providers have security protection on their servers to ensure your website files and information don’t get infected or hacked.
We explain more about choosing a hosting provider below, but it’s also worth factoring in the hosting provider’s security policy, especially if your site stores sensitive data. In particular, there is an increased risk of security breaches with shared hosting plans, as hackers may use other sites on the same server to attack your website.
It’s worth checking with your hosting provider what security measures they have in place, how they keep their servers patched and up-to-date, and that they’re able to support sites using HTTPS (as discussed in point 3 above). You may also want to enquire about how they monitor security and respond to any breaches.
5. Make regular site backups
It’s vital to back-up your WordPress website regularly. This means making and storing a copy of your site’s files and database, so that these can be used to reinstate your website in case of any security (or other) issues.
The more frequently you backup your site, the less data you’ll lose if your site is ever hacked or infected. It’s also a good idea to keep multiple copies of backups and store them in different locations – such as on your server, in cloud accounts, or on hard drives. This provides the added security of protecting your site even if one backup fails.
We discuss backups in detail in the ‘How to back up a WordPress site’ section above. Many WordPress support agencies and hosting providers provide regular backups as part of their services. Alternatively, it’s quick and easy to install a plugin and schedule automatic site backups yourself.
6. Disable file editing and PHP file execution
WordPress has an in-built code editor which allows you to edit your site files using your WordPress dashboard. Whilst this is incredibly useful, it’s also advisable to turn it off when you’re not intentionally making any code edits, in order to reduce the potential security risk.
The code editor can be turned off by adding the following code into your wp-config.php file:
// Disallow file edit
define( ‘DISALLOW_FILE_EDIT’, true );
Similarly, it’s worth disabling PHP file execution in your /wp-content/uploads/ folders. To do this, simply open Notepad (or another text editor) and paste in the following code:
<Files *.php>
deny from all
</Files>
Save this file as .htaccess and upload it to the /wp-content/uploads/ folders on your website using FTP access. This will prevent hackers from making backdoor attacks on your PHP execution.
7. Make a disaster recovery plan
Finally, it’s a really good idea to make a disaster recovery plan for your website, detailing exactly what you would do if your site encountered a security problem.
It should include details such as: all usernames and passwords used to operate your website; estimated website downtime; steps to resolve particular types of issues (for example, natural disasters or cyber-attacks); how you would inform staff, users, suppliers and customers; and any legal implications or considerations.
It’s well-worth asking your WordPress management agency to draft this for you to ensure it’s technically robust and includes all of the key information. However, if you prefer to write one yourself, WP Security Basics has a great disaster recovery plan guide.
additional security measures for websites with multiple users
We now move onto a few extra steps you can take to maximise security. Whilst some are relevant if you’re a solo WordPress website owner, most are designed to protect websites with multiple users, editors or contributors accessing the back-end. Here are our additional suggestions:
1. Check user permissions
WordPress allows you to add different types of users to your site, each with different permissions and abilities to make website changes. The options (in decreasing order of capability/power) are Super Admin, Administrator, Editor, Author, Contributor and Subscriber.
The Super Admin is basically an Administrator with additional multi-site/network capabilities (see the WordPress.org network explanation for more information), so we’ll focus on Administrator as the most powerful role.
The Administrator has unlimited capability to make changes on your WordPress site, and is therefore of greatest concern in terms of hacking. Administrators have full control over your website, including the rights to add, amend and delete plugins, themes, site code, content and other user profiles.
The Administrator role should therefore be reserved only for the website owner and a limited number of essential, knowledgeable and trustworthy users. It’s also absolutely essential that all Administrators have strong passwords (as discussed above).
For other users – who are adding, editing or reading content – it’s best to assign other roles. These have fewer permissions and therefore cannot make such significant changes to your WordPress site. They therefore pose a less substantial risk if the profiles are hacked.
The other WordPress roles have the following permissions… Editors have full access to your website content; they can add, edit, publish and delete any posts, and moderate any comments. Authors can write, edit, publish and delete their own posts only. Contributors can add and edit their own posts but not publish. Subscribers just have permission to read your posts (this role is only needed if you require users to login to read your content).
You can see and amend user types in the ‘Users’ section on your WordPress dashboard. We recommend reviewing all users and checking that they each have only the level of permission required. You should also make sure to delete any profiles when people stop contributing to your site.
If you want to make more specific role capabilities, you can assign or remove specific permissions using the add_cap() and remove_cap() functions. WoordPress.org explains more in this article on roles and capabilities.
2. Limit login attempts
By default, WordPress allows users to attempt to login as many times as they want. This means that hackers can try to gain access by making multiple login attempts with different passwords/details.
Protection against such brute force attacks is enabled automatically with the Wordfence plugin, but you may want to amend the options. To do this, go to Wordfence > Firewall and then click the ‘Manage Brute Force Protection’ text.
It’s common for genuine users to forget their username and/or password and make around five login attempts while trying to remember. Wordfence therefore recommends setting the ‘Lock out after how many login failures’ and ‘Lock out after how many forgot password attempts’ to 20, but you may want to lower this number to increase your security protection.
3. Add two-factor authentication
Two-factor authentication requires users to login in two stages. Firstly, they enter their username and password, and secondly, they must demonstrate authenticity using a one-time passcode delivered by SMS text, email or authenticator app.
This process is commonly used for banking and social media accounts. Put bluntly, it’s a bit of a faff – making it more time-consuming and difficult for users to get into their accounts. But this also makes it more difficult for hackers to gain access to your website.
Two-factor authentication can be enabled through Wordfence. For versions 7.3 and later, the plugin uses the authenticator app method.
Firstly, you need to choose an authenticator app to use. There are many options but we recommend Google Authenticator. Download this app onto your phone or another device – somewhere you’ll be able to access easily when you want to login to your website.
Then go to Wordfence > Login Security, and either scan the QR code or enter the key given into the authenticator app. The app will then give you a six-digit code.
Now, go back to the Login Security page and click ‘Download’ in section 2. This will download five recovery codes which can be used if you ever lose access to your authenticator app device. Make sure to store the downloaded file in a safe (and secure) place.
Finally, enter the six-digit code provided by the app and click ‘Activate’. Two-factor authentication is now enabled.
When you next try to login, a ‘2FA Code’ prompt will appear. Simply go to your authenticator app, collect your six-digit code, enter it and click ‘Log in’.
Please be aware that two-factor authentication is not compatible with all plugins, so make sure to back-up your site before enabling and speak to your WordPress management agency if you encounter any problems.
4. Logout inactive users
Logged-in users sometimes move onto other websites or even leave their computer/device entirely, thus posing a security risk. To avoid hackers accessing these profiles, you can automatically logout inactive users.
The easiest way to do this is with the Inactive Logout plugin. Once it’s installed, simply navigate to Settings > Inactive Logout to select the time duration before logging out and add a custom popup message.
choosing reliable WordPress hosting
Having high-quality and reliable WordPress hosting is a key part of your site’s performance and success. But with thousands of hosting providers available, it can be confusing and difficult to choose the right hosting for your site.
Put simply, web hosting is the provision of storage/infrastructure for websites. Hosting providers have remote computers called servers which hold all of your website files and allow access as needed.
In order to understand exactly how hosting works, it’s helpful to know how websites are displayed on the internet. In a nutshell, whenever a user clicks on or types in a website URL, the internet browser downloads the site’s files and content and then converts these into a viewable website.
To do this, it has to access all of the website’s unique files and information, which are stored on a server. A hosting provider is basically a server owner who rents out storage space and processing power on their server to website owners.
types of WordPress website hosting
There are several main types of WordPress hosting. The type you need depends on various factors, such as the size of your website, how much traffic you get, and whether you store sensitive data.
Shared hosting: This is generally the most popular type of hosting and is ideal for beginners and small sites.
Shared hosting is where a large server is used to store lots of different sites. This means that hosting providers can offer their services at a relatively low fee, but there will be usage and capacity restrictions. It’s like living in an apartment block – cheaper than owning a house, but you need to be considerate towards other residents and share communal resources.
Virtual Private Server (VPS): This is a mid-point option between having shared hosting and a dedicated server. In VPS hosting, each website has its own designated storage space within the server, although it still shares the actual server with other users.
VPS hosting gives website owners more customisation options and larger storage space than shared hosting, making it an ideal, cost-effective option for larger sites. However, site performance can still sometimes be affected by other sites on the server.
Dedicated server hosting: Having a dedicated server means that you ‘rent’ a whole server just for your website. It’s like having your own house, and gives you full control over server options such as security, operating system and hardware.
This makes dedicated server hosting a very reliable and customisable option for the largest and busiest websites, but, of course, it has a higher price-tag than shared or VPS hosting. Technical expertise is also required for the ongoing management of the server.
Cloud hosting: This is similar to VPS hosting, but instead of having a designated space inside a physical server, websites are stored across a much wider virtual server network. This means that if you need to increase your website’s storage space, you’re not limited by the physical capacity of your server – there’s unlimited room for expansion in the cloud!
If you choose cloud hosting, make sure to check with your hosting provider exactly what you’re getting, as some providers use the term to describe shared hosting rather than VPS.
how to choose a WordPress hosting provider
We recommend considering the following factors when choosing a WordPress hosting provider…
Reliability: Does the hosting provider have a track-record of providing secure, fast and reliable website hosting? It’s often a good idea to ask other customers about their experiences with the provider.
Expertise: Does the hosting provider specialise in WordPress? Many providers offer specific WordPress packages tailored to the needs of WordPress sites.
Support: How can you contact the hosting provider in case of questions or issues? Are they open during office hours only or 24 hours a day? For e-commerce or other large sites with high traffic levels outside of working hours, a hosting provider that can deal with problems at any time will be vital.
Security & compliance: Depending on the type of data you process, you may need to comply with GDPR or other data protection laws. It’s therefore worth checking whether your site hosting will be compliant, and whether encryption or other security measures can be provided if needed.
Location: Whilst this isn’t the most important factor, it’s worth considering. The smaller the distance between your server and your website’s target audience, the faster your site will be displayed on their computers. So if you have a UK-based audience, make sure to find a UK-based server.
Scalability: Can you customise/change your services as needed – for example, as your website traffic grows – or will you be restricted to a set package?
Software: Some sites require special software or libraries to be installed on the server, so it’s worth checking if your hosting provider can accommodate this. Your WordPress web development agency will be able to provide a list of any software needing installation.
Updates: Will the hosting provider take responsibility for updating and managing the server? Updates are usually provided automatically on shared and cloud hosting, but might not be for VPS or dedicated servers.
Value: Make sure to think not only about the cost, but also the value for money and the value of ensuring your website is always loading correctly. In many cases, it’s worth paying a little extra for a company that really cares about your website and wants to ensure great performance.
fixing WordPress errors
To complete our WordPress optimisation guide, we’re looking at common WordPress errors and how to fix them.
WordPress beginners often panic when encountering an error message or website malfunction, but most issues can be solved simply and easily. However, if you’re having any trouble getting your website working correctly or need more detailed analysis into the cause of a problem, then get in touch with your WordPress support agency.
It’s also worth reiterating what we said above about the importance of backing-up your WordPress site. By backing-up both regularly and before making any major changes, you’ll always be able to reinstate the backup version of your site if you encounter problems.
the WordPress ‘White Screen of Death’
If you’re experiencing a white or blank screen instead of your website, don’t worry! This is actually a common WordPress problem. In fact, it’s so common that it’s got its own special name – the White Screen of Death (WSOD).
Here are the most frequent causes of the WordPress WSOD…
Plugin compatibility issues: If you’ve just installed or updated a plugin, you can try deactivating it or reverting to your last site backup. Alternatively, you can deactivate all plugins and try reactivating them one at a time.
Plugins can be deactivated in the ‘Plugins’ section of your WordPress dashboard. But if you’re unable to access your website back-end, you can login via FTP, navigate to wp-content/plugins and temporarily move the plugin directory that is causing issues to outside the root directory.
Alternatively, you can deactivate all plugins in your database by using phpMyAdmin or similar software and navigating to the SQL tab. To do this, you’ll need to type:
UPDATE wp_options SET option_value = “WHERE option_name = ‘active_plugins’;
Then press ‘Go’. If using this option, make double sure to backup your database first!
Theme problems: This is usually the case when you’ve just activated either a new site or new theme. You can overcome any theme issues by activating the default WordPress theme (currently Twenty Twenty) in your WordPress dashboard.
If you’re not able to access your dashboard, you can use FTP access, navigating to the /wp-content/themes/ folder and either temporarily renaming the theme directory that is causing issues or moving it outside of the WordPress root directory.
Code errors: Certain mistakes in your WordPress site code, even just a wrong couple of characters, can cause the WSOD. If you’ve just been manually editing your code, revert to a backup to overcome the issue. Because of how easy it is to mistype and cause problems, we also recommend always making manual code edits on a test version of your site before going live.
Failed upgrade: Automatic WordPress software upgrades can fail due to file connection or permission issues or internet problems. If this is the cause of your WSOD, try manually updating your site following our advice in the ‘Updating WordPress’ section above.
Memory limit exceeded: When your PHP memory limit (usually set to 64MB as a default) has been exceeded, the WSOD will only appear occasionally or on specific site pages. You can overcome the issue by asking your hosting provider to update the PHP memory file on your server. Depending on your hosting plan, this may also require upgrading your server space.
other common WordPress errors
We now cover some of the other common WordPress errors you may encounter on your site.
1. Internal server error
An internal server error may be caused by any number of reasons but most often, it’s the result of a corrupted .htaccess file.
To overcome this, use FTP access to rename your .htaccess file to .htaccess_old. This will then automatically generate a new .htaccess file. Try loading your site again to see if the error message has cleared. If it has, you’ll also need to reset your links in Settings > Permalinks.
Alternatively, an internal server error may be caused by a plugin issue, theme problem, or lack of PHP memory. Follow our advice in the WSOD section above to solve these.
2. Error establishing database connection
Unsurprisingly, the ‘Error Establishing Database Connection’ message means that there’s a problem with your website’s connection to your database.
This may be caused by a variety of issues but the most common is an error in your wp-config.php file. To overcome this, go to your wp-config.php file (using FTP access) and check that your database name, username, password and host are correct. You may also need to reset your MySQL password.
3. Connection timed out
This error message occurs when your server is unable to keep up with the demands of your website. It is usually caused when sites are on a shared hosting package with restricted memory limit.
The simplest solution is to speak to your hosting provider about increasing your memory capacity. Alternatively, you can ask your hosting provider to increase your maximum execution time, which will mean your website has longer to load before timing out.
If this is not effective, then the error may be caused by a plugin or theme problem. See the WSOD section above for advice on solving these.
4. Maintenance mode
When WordPress is updated automatically, a .maintenance file is automatically installed (and usually automatically removed). If you’re getting a message saying your website is undergoing maintenance even after the update has been completed, it’s likely that the .maintenance file hasn’t been removed.
This error may also be caused if you’ve manually updated WordPress and forgotten to delete the .maintenance file afterwards. Either way, simply delete the .maintenance file from your WordPress directory to fix the problem.
5. Compromised website
A compromised website error may be caused by a wp-config.php problem, hosting issues or hacking. We recommend trying to solve the issue using the following steps – after each, you should check to see if the error message has been removed.
Firstly, use FTP access to check your wp-config.php file and make sure all the information is correct. Secondly, speak to your hosting provider to find out if there are any server/hosting problems.
Finally, scan your site with WordFence to check if it’s been hacked. If it has, you’ll need to reinstate a backup of your site and follow the hacking advice on WordPress.org. You’ll also need to run a full anti-virus/malware scan on your local machine and speak to your hosting provider.
If your site has been hacked, make sure to follow the guidance in our ‘Maximising WordPress security’ section above to avoid any further security breaches.
If you’ve got any errors with your WordPress site that we haven’t covered, then please get in touch with your WordPress support agency, contact us, or follow WordPress.org’s advice for specific errors.
thanks for reading
We hope you’ve found lots of useful tips and advice in this guide to get your WordPress site performing optimally.
For further expert, on-demand WordPress support and assistance, get in touch and we’ll be happy to help. Please also follow us on Twitter and LinkedIn for regular news, tips and updates.