Nowadays, one of the first steps when you create a website is to adopt a CMS. It allows to save time, so you can deploy a website quickly. According to wappalyzer, more than 60% of the websites using a CMS are powered by WordPress (source: http://wappalyzer.com/categories/cms). We ourselves have decided to use WordPress for its simplicity (exceptionally, web performance was not our major criterion!)
Once you have installed a proper version, there are some optimizations to do in terms of security, performance and SEO. That’s what we will see in this post.
Performance and SEO
The first thing to do and the fastest way to speed up your WordPress is to install a cache plugin. It allows you to serve static files to users instead of generate it each time they are requested. This will reduce the loading processing on the server. There are three majors plugins doing this job with WordPress:
The last one, WPRocket, offers more features to optimize your WordPress than just a simple caching tool.
CDN (Content Delivery Network) allows to serve static contents to users with high availability and great performance. For instance, instead of hosting your libraries (e.g., jQuery) or images files, you should use a CDN to host them. By this way, a visitor from USA will retrieve those resources from an American server, and a visitor from India will retrieve it from an Asian server.
It will provide several benefits:
- it reduces the amount of bandwidth used by your server
- it can increase parallelism download
- it increases the chances that a user has already loaded the content in cache
This will speed up your pages load time. That’s possible to use a CDN in different ways with WordPress, like editing source files or by using a plugin.
We have chosen to use the Use Google Libraries plugin, because the Google’s CDN is one of the most used, so a significant part of the users might already have downloaded the required files.
If you have to handle a lot of data, you’ll certainly be faced to some performance issues.
Keep in mind that all operations computed on the server side should not exceed 200ms. An optimization effort should be done beyond this threshold.
Several WordPress plugins help you to optimize your database, removing useless data like stale post revision or spam comments. They can also optimize the disk used by your database. All these improvements will result in a decrease of the database size and the load/treatment time.
Plugins like wp-optimize or wp-dbmanager do the job effectively. I suggest you to backup your database before install them, to prevent bad surprises. Of course, note that you can do these improvements manually with PhpMyAdmin or with MySQL itself.
Meta tag description
The meta tag description allows you to briefly describe what your page is talking about. It is used in a Search Engine Results Page (SERP). Search engines truncate the description beyond about 155 characters. By default, WordPress does not have this meta tag. It is very simple to add it manually (edit the
header.php template file in your WordPress Theme). Otherwise, you can use a plugin like Add Meta Tags.
Security through obscurity
This part can be discussed, because it will not really protect your system but it can help against script kiddie and robots (see more information).
You should think to remove the default “admin” user after having created another one. The reason is simple: if someone tries to access the administration panel, he will just have to brute force your password with the default “admin” username. If you have another username for the admin user, there is one more information that the hacker needs to find.
If you are not running on the latest version of WordPress, you should think to hide the version used. Each new update can fix security issues. If someone knows which version you are using, he is able to quickly find vulnerabilities. By the way, I strongly encourage you to be up to date.
There are some files that nobody should be able to access, because they can give critical informations, like database credentials in
wp-config.php. You can use a .htaccess on the root of your server to forbid the access of the file:
<files wp-config.php> Order allow,deny Deny from all </files>
100% efficiency is impossible to reach, in terms of security. This implies that you have to backup your data regularly. By this way, when your system is compromised, you still have safe data and you can correct or re-install your system, fix the issues that lead to the intrusion, and then import your old data.
WordPress itself have a tool and there are a lot of plugins to backup/restore your WordPress. But not all of them do export all your data (page/post/database/comments) . (see available plugins).
At DareBoost, we have chosen to use the free version of updraftplus and the export function of WordPress. Two backups are better than 0. ;)
I hope this short post will help you to improve your WordPress, and don’t forget to use DareBoost.com to get a before/after and to find more informations about optimization.