Dec 3

How to Optimize a WordPress Site for Speed & Security

Socialize This Post!

    Optimizing WordPress for Speed and SecurityA lot of people are using WordPress to build their sites these days and there’s very good reason for that. For one thing, WordPress is one of the more stable CMS (Content Management System) solutions you can find and for another, it’s free, and most importantly, it is extremely simple for anyone to create a website with WordPress. That is probably a pretty good part of the reason that more than 75 million WordPress sites exist around the world today. It’s a solid option, it’s easy to use and it doesn’t cost you a dime for the software itself. For marketers, small businesses and even the solo entrepreneur, this is a great solution that can remove a lot of the hassle that would come from building a site from scratch. Plus, with all the plugins, themes, patches and upgrades that are regularly released, WordPress makes for a great tool you can use to build a blog or other type of site to reach out to your core audience. We use it and we recommend it, too.

    That said, just because you are using WordPress does not mean that it is performing as well as it could. All the best SEO techniques and strategies in the world won’t do you any good if your site is laggy and full of gaping security holes. The truth is that a lot of people have very slow WordPress sites and this actually hurts their business. Optimizing your site’s performance is becoming more and more important in today’s world because as technology improves and more people begin to use broadband, their expectations for how fast a site should be skyrockets. You also need to make sure that your site is not just fast, but that it is also secure. These are the two topics we want to discuss today. We are going to show you some things you can do right now to make WordPress an even better software tool for your business. We’ll cover several different approaches and let you decide which is the right way for you to go.

    Why Speed Matters When You Have a WordPress Site

    Studies have shown over and over again that the average site visitor expects sites to load very quickly, in 1 second or less. Even a bump to 2 seconds can make some people hit the Back button on their web browser and this is bad news for you. It means you are losing visitors if your site takes even a few seconds to load. This is certainly no way to build an authority site that rises in popularity over time and brings in solid profits – quite the opposite. In fact, it’s such an issue that Google itself has said they rank sites with slow loading times lower than those which are optimized so that they will load quickly. This means that you’re lagging site can also cost you search traffic and all of that is going to impact your profits in a negative way.

    What your users want, and what coincidentally Google also wants to make sure it is giving its users, is a smooth experience free of frustrations. When your site loads quickly, people will stay around and usually page views are going to go up. That means you are likely to see more engagement, more sales and more repeat visitors – overall, just more traffic. That’s a very good thing and it’s something that you may never notice until you have optimized your WordPress site for speed. A lot of people do not realize, for instance, that when a user performs a search and finds a site they want to visit, if they click on that site and it takes a while to load they will probably hit the back button – that ‘visit’ was not counted by Google Analytics because Google Analytics (or whatever visitor tracking software you use) didn’t have time to load. That means your bounce rate could be a whole lot higher than you realize right now. Until your site’s loading faster, you won’t even be able to track those bounces, but once it is fixed what would have been bounces could be converted to actual visits to your site.

    Making Your WordPress Site as Fast As Possible is Complex

    Now, you do need to understand that there is no one single perfect fix that is going to make your site 100% optimized for speed. There are many factors that come into play and in order to understand that, you have to know that web hosting itself is very complex. No single service can boast of 100% up time, there are always issues that crop up and a great deal to do. Even big name DNS (Domain Name Server) companies such as GoDaddy can and do go down. DNS servers are different from web servers, but they are all part of the web and include a lot of other networks that the Internet is built upon. Data centers, too, play their role and incidents at these facilities can lead to problems. So to expect a super fast site that never, ever has issues is really expecting too much. What you really want to do is make your site as fast as possible.

    To really understand the concept of optimizing your WordPress site, let’s make an analogy. Let’s say that you wanted to raise the fastest possible race horse. You don’t simply just buy a horse with great breeding and call it good. Instead, things such as the quality of veterinary care the horse receives, the quality of the training given to it, the skill of the jockey riding the horse when it races, the quality of its surrounding environment and the quality of the nutrition it receives – each of these things will play a role in how fast that horse can be when it races. Your WordPress is optimized in much the same way. There are lots of different things you can do to fine tune it, such as trying to use quick loading themes or avoiding an over reliance on too many plugins, for example. Each of the things you are about to learn about are going to play their own role in making your site faster.

    Static content is one thing you’ll need to deal with. This is your CSS (Cascading Style Sheets), images, text and so forth that make up your site and which do not often change. These are rather small elements so there are quite a few ways to serve them to your users more quickly including services you can use, plugins and so forth. However, you also need to make sure your homepage, the other pages of your site and recent posts get served up quickly, as well. Dynamic content can be even harder to get to your audience in a timely way, but it, too, needs to be handled in an efficient way to make sure everyone visiting your site experiences a rapid loading time. Sometimes, you will need to remove certain plugins or find alternatives for them. However, over time you will find that learning what works and what slows your site down is not as difficult as it might sound. This is just something site owners have to do.

    Considering Paid Ways to Speed Up Your Site

    One thing that you can consider if you want to speed up your site is a managed hosting solution. With this approach, a lot of the work you would otherwise need to do can be simplified greatly. Managed hosting is different from typical shared hosting which is usually very inexpensive. In a shared hosting situation, however, keeping your site at optimal speed is not going to be the host’s primary concern. Managed hosting solutions are about exactly that and one we use ourselves and recommend for anyone using WordPress is WP Engine. This particular provider boasts speed increases on average of 4x what sites experienced before switching to them so it’s definitely bound to make a difference in how fast your site loads. WP Engine is also focused on WordPress sites and has an extensive technical support team that is large enough to deal with the clients one on one if problems occur. Even if your site experiences a massive boom in traffic, their solutions (and solutions from similar providers) are scalable. That means you shouldn’t have to see your site go down simply because a piece of content when viral and brought in a huge amount of visitors.

    A CDN (Content Delivery Network) is another way to consider going if you want to speed your site up. This can get expensive, but these networks usually have a lot of servers in a lot of different data centers where they will store cached copies of your site so that it serves quickly to users in a specific geographic area. They are set up so that when a user requests your site, the CDN sends them the information itself, thus lowering the amount of bandwidth you have to pay for. They also try to send that data from the server that’s closest to the user so that it arrives fast. In addition, since they have copies of your data, if your site ever goes down you could recover it from their servers – or at least part of your site – which is a nice sense of safety in case something goes terribly wrong. But in reality, the reason most website owners will use CDN is for the performance enhancements. If using a Managed WordPress hosting company like WP Engine as mentioned above, they will handle the CDN for you depending on which hosting option you choose, this is a plus for those that don’t want to deal with the technical stuff.

    Remember, even for the most technically inclined site owners, doing everything possible to fully optimize your WordPress is going to take serious time. Running your own server and dealing with all of the issues that come with that is also expensive. This is why paid solutions are often chosen by site owners who have at least a modest budget for their business and who want to be able to offer a fast, efficient site for their users. It’s not your only option, but if you can afford it then it is definitely a smart way to go.

    Free and Low Cost Alternatives to Speed Up Your Site

    For some small businesses, professionals with a web presence or solo entrepreneurs, a solution that requires a budget might not be within their grasp. We want to mention now a few solutions for cases like that. If you are worried about costs and you simply can’t spend much, there are some plugins for WordPress that you could use to help speed your site up. One of these is W3 Total Cache and another is WP Super Cache, we recommend W3. Both of these can cache dynamic content which is the slowest part of your site. That could make a big difference in your loading time and both of these plugins have a good reputation so they are not likely to cause you any grief, either. You might also consider WP Minify. These plugins will take your CSS sheets and your Java scripts, combine them into one file instead of several (in addition to compressing them so that their size is smaller) and make it a lot faster for a user to load your site. It’s a good way to go and it does not cost you anything to use these plugins.

    Before you make any big changes to your site, though, we recommend that you try out WebPageTest.org to get an analysis of the speed of loading for your site. This will tell you if you are slow or fast already and it allows you to see how much of an improvement the plugins mentioned above (or other optimization you do) have given your site after you installed them. This is very important because you do need to know as much as possible about the speed of your site and keep an eye on it once in a while. Remember, though, that too many plugins (even those that claim they are optimizing your site’s speed) can end up slowing your site down or creating security gaps. Be careful and do your homework before installing things.

    Another tool to try that can help you keep your images loading quickly is Yahoo Smush It. This will shrink your images to a better size for faster transfer speeds. All you have to do with this tool is upload your site’s images, “smush” them and then re-upload the new, smaller versions to your site. This is a permanent solution that you should not have to do frequently and that can be a nice advantage for many site owners. Image compression can make quite a difference in your load times, particularly if you have a site that makes heavy use of graphics and you have not already optimized those graphics.

    If you want to try out a free CDN then you might think about CloudFlare, and we also like MaxCDN but they don’t have a free option. Both of these providers have good reputations and offer a considerable value. They both have low-cost plans that can help you optimize your site to even faster speeds and a higher level of availability. This might be a way to go if you are wanting to have your site load faster and you don’t have the budget to select a managed hosting plan. In the end, the right way to go will depend upon your budget, your site’s current loading times and, of course, the needs of your audience.

    Security for Your WordPress Site and Why It Matters

    WordPress is, generally speaking, a fairly secure platform in and of itself. It is usually patched quickly thanks to a large development team whenever exploits are found within its code. Upgrades also tend to focus on making it more secure, but the fact is, hackers are often motivated to try to find their way into sites anyway and since there are so many WordPress sites out there, if they find a problem such as that you have not updated your site in a long time, they may be able to exploit a hole in your site’s security and take over.

    One of the things that site owners don’t always understand is that a small site which sells something innocuous such as, for example, socks, is not any less attractive to motivated hackers than a popular site. In fact, smaller sites often have weaker security because their owners don’t believe anyone wants to take over their site. In a way, those site owners are correct – the hackers are not after the sock site because it’s glamorous. What they want is to be able to get into your server and send spam emails or use it for to hide their identity while they try to hack a bigger site they are after so it will look as if the attack came from your server. So just because you do not think your site would be the apple of a hacker’s eye does not mean you shouldn’t protect – in fact, you should probably protect it even more. Hackers have been known to create code that can crawl the web and troll for vulnerable sites so they don’t have to do this by hand. Protect your site or you could be in for some major challenges.

    Investing in Security for Your Site

    If you have at least a small budget, then you might want to think about investing in security measures for your site. One of the best is, again, WP Engine. They fix hacking problems without charging an extra fee and since their people are familiar with WordPress, this is generally very good tech support, even telling you if it is plugins that are causing the problem. Instead of having to constantly upgrade your site to make it more secure, managed hosting like this gives you the advantage of having others who are experts looking out for your site. If you decide to go this route then you should have relatively few headaches and plenty of help available to you if you need it.

    Even though paying for security might sound as if it will be expensive, when you factor in the amount of time and energy you save that you can then devote to your core business tasks, you end up winning. No service can protect you constantly, of course. If even Amazon can have portions of its service go down, then any service can experience weaknesses from time to time. That’s a reality of being online today. Still, having protection is an investment that is often well worth it.

    Free and Low Cost Things You Can Do to Improve Site Security

    Plugins and themes are often a problem when it comes to security because most hacks are not due to problems with WordPress nor with a web host. Usually, the problem will be that a plugin or theme which does not have quite as large of a development team gets hacked and, if this happens, hackers can quickly locate sites online using that plugin or theme. One of the ways you can protect yourself for free is to try to use as few plugins as possible. You should also try to stick to plugins and themes which are very well-known because that way if an exploit is found it could be patched and, in any case, it will be a big enough deal to a large enough number of people who you will probably hear about it and be able to fix it. In general, just be careful and try not to get too crazy with plugins whenever possible so you leave as few possible ways for a hacker to get in as you can.

    Another way you could consider protecting your site is to use a CDN like Cloud Flare which comes with some security features. This is a small step towards higher security, but it when it comes to security every little bit you can do helps and it all adds up in the end. You could also limit the number of login attempts allowed for your site so that hackers don’t try to guess user names and passwords, especially for your admin account. When using passwords, by the way, it is a good idea to make sure they are long and that they include numbers, letters and punctuation marks whenever possible. This makes them that much more difficult to crack.

    To boost security for logins, consider adding the free plugin Login Lockdown. This will help lock out people if they try to guess user names or passwords too many times. A temporary ban will go into effect and you will be notified that multiple attempts have been made to compromise your site. To go even further you might try what is called double authentication or two factor authentication. Google offers this and it is a smart way to beef up security. In order to authenticate identity, a code is sent to your cellphone and then you enter that code to authenticate that it’s you. This ties a phone number to your login and should make things much more secure.

    WordPress Sites Continue to Offer Marketers an Effective Solution

    WordPress definitely has a very strong future according to many experts in the field. As time goes on, more and more security features are being added and load times are being reduced. It’s becoming an even more robust CMS and adding things like shopping carts and so forth will become easier to do with time. The cloud is also making things easier and better strategies are allowing us to serve up both static and dynamic content to our users at faster and faster rates as hardware continues to get cheaper. While you could try to do all of things that a good managed hosting partner can do for you on your own, it makes more sense for business owners to focus on bringing in profits rather than adjusting the tech side of their sites. Even those with a great deal of experience and a lot of skill usually will not find it cost-effective to spend the kind of time optimizing their site to the level that a quality managed host does as part of their core business. As a former Cisco consultant, this CDN, caching, routing stuff sometimes gets me reliving my techie, geeky days, but in reality, I am happier not having to handle these types of things any more. What you’re after is speed of content delivery for your users and security for your site. Whichever way you decide to go, investing in a solution or working with free tools, speed needs to be your core focus.

    Resources Mentioned in this Post

    • What Is WordPress? – Not sure where to begin when setting up a site of your own? We think WordPress is a pretty great place to start and an efficient Content Management System that even experienced marketers should be taking advantage of. Discover what makes this a terrific choice for building a quality site right now.
    • What Is A WordPress Plugin? – As great as WordPress is, to really get the most from it you will need the right plugins. Discover how these handy components can help make your site one that visitors keep coming back to. You’ll learn all you need to know about plugins, how they work, what they can do and even how to earn by using them.
    • SEO- What Is Working Today – And How You Can Rank Too – Is SEO getting easier these days? Is it harder than it ever has been? Join Mike as he examines both points of view and gives you the scoop on what is working at this very moment in SEO that you can use to help your own sites reach their fullest potential on the web today.
    • Building Authority Sites with Mike & Troy – The path to success on the Internet for any website is different today and there’s a lot to learn if you want to build a serious business online. Let Mike and Troy teach you what it takes to make your vision a reality and build a lasting web enterprise that profits you and gives you real pride.
    • What Is Website Hosting? – Before your site can go live, pull in visitors and start earning for you, you really need to find the right web host. To do that, you need to understand what web hosting is and why free options aren’t usually the right choice. Join us as we take a deep look at these contemporary services and see what they offer.

    Socialize This Post!

      About Mike

      Mike Pereira is the founder and owner of MyWriters.com as well as a co-founder and regular contributor to blogs such as TopMarketingStrategies.com and ArticleSubmissionReview.com. Mike is best known for his affiliate marketing and ecommerce prowess and has an extensive Internet marketing background going back over 15 years. Follow Mike at Google+
      Posted in Website Performance | Tagged | Leave a reply

      5 Responses to How to Optimize a WordPress Site for Speed & Security

      1. Jon December 4, 2012 at 3:59 pm #

        Hey Guys, have you moved any sites over to WP Engine yet? Did you get any noticeable speed increases?

        Also, what is the best way to check your site speed, is there a free tool that will do this properly?

        Apologies for all the questions, have recently been looking at going with WP Engine.

        Cheers

        • Mike December 4, 2012 at 6:35 pm #

          Hi Jon,

          Well this site is running on WP Engine right now.

          It’s not fair to compare on this one for speed now vs speed before, as this site WAS runnning on a Hostgator Level 9 VPS, we were already doing caching and using Amazon Cloudfront for CDN etc, so we didn’t really notice much here from a speed difference.

          However, our ArticleSubmissionReview.com site was moved over to WPEngine as well, and that site used to be slow to load, the difference in that one has been night and day.

          WP ENgine is not just about the performance either. While they are fast, its also a managed service. They include the CDN on the larger packages, whereas we paid someone $500 to setup our CDN before. Sucuri malware security was included, whereas we paid a subscription to Sucuri for it before, and still do for other sites. We used to run our backups using BackupBuddy, WP Engine handles it for you and will also send your backups to S3 for you if you so wish. And the coup de grace for us, they have a staging area, where we can take a snapshot of our site with one click, and then test out themes, plugins, changes etc before we do it on our site.

          We personally use: http://tools.pingdom.com/fpt/ and http://www.webpagetest.org to test out page speeds and load time issues etc. These tools vary greatly depending on Internet weather, we have seen our page load time go from 1 second to 15 seconds – so it does vary.

          We are also working on WP Engine review and bonus coming soon, so keep on the lookout for that.

      2. Mike December 4, 2012 at 6:50 pm #

        One more item Jon, you asked us if we moved any sites to WP Engine yet, besides the two mentioned above, we have a total of 8 sites running on WP Engine at the moment, and have plans to move more over. Ideally we will have every single important WordPress site running on WP Engine in the near future.

      3. Rajeesh December 5, 2012 at 1:36 am #

        I have one wordpress site and implementing SEO tasks on that to make it more visible in google..The techniques you shared will surely help in that…Thanks for the share.

        • Mike December 5, 2012 at 7:09 pm #

          Thanks Rajeesh, we didn’t actually mention any SEO techniques in this post, but I am sure you meant my earlier post on SEO :)

      Leave a Reply