Everybody talks about optimizing your website, but what does that actually mean?
Optimization – it’s not just about SEO
When you read the word “optimization,” you probably think of Search Engine Optimization. The term has been almost branded by SEOs over the years, but optimization isn’t just about getting better rankings – it’s about giving visitors an optimal experience.
Regardless of the type of website you manage, optimization is as vital as air, water, and food. Your website can’t survive without it. Studies show that if a website takes more than a couple seconds to load, they’ll bounce.
There are two main categories of optimization – performance, and security.
Performance optimization
The following optimizations are necessary for top performance:
1. Cache your dynamic content
WordPress serves content dynamically. To construct each page, there must be an interaction with the database to piece it all together. This slows down a website’s performance. However, you can use a plugin to cache dynamic content so that it’s delivered to visitors as static content. To learn more about caching and how to implement it, read The Ultimate Guide to WordPress Caching from wpmudev.com. At Skylands Networks, we employ the LiteSpeed cache which is specially optimized to work with the LiteSpeed webserver. This gives our users the fastest caching option available.
2. Use load balancing
When your site gets popular or receives an unexpected surge in traffic, load balancing ensures your site doesn’t crash. A load balancer uses an algorithm to distribute incoming traffic as evenly as possible to a pool of servers, ensuring that one resource isn’t overworked.
3. Keep all plugins updated
Plugins should be updated frequently. You’ll receive a notification in your admin panel when updates are available. However, you’ll want to be aware of plugins that have been abandoned. Abandoned plugins are a security vulnerability. If you don’t remember updating a plugin recently, check to see when the last update was issued. If it’s been more than a year, you may want to find another plugin.
In addition to keeping your plugins updated, it’s equally important to avoid using plugins unless absolutely necessary. Too many plugins will slow down your site.
4. Don’t host videos on your own server
While you can upload video files through the media interface, any video you host on your own server will slow down your website. Hosted solutions like YouTube and Vimeo automatically compress videos as they’re uploaded, and provide a stable user experience.
If you don’t like the way hosted video players look, paid solutions like Wistia allow you to customize your player for a nominal fee.
5. Optimize your database and delete older post versions
Each time you update and save a page or post, WordPress stores a new copy of your page or post in the database. If you constantly save your content after minor updates, you’re accumulating extra content in the database, which will slow down your site over time.
Optimize Database after Deleting Revisions is a plugin that automatically deletes old revisions either on a set schedule or with a single click. You can also define how many post revisions you’d like to keep, and it will delete the rest. This plugin has been around for many years and is regularly updated.
Optimizing security measures
WordPress has an unjust reputation as being insecure. WordPress as a platform is secure, provided website owners manage it properly. The problem is, many website owners aren’t professional developers and therefore don’t fully understand security. They make innocent mistakes out of ignorance, and end up paying the price.
One-click installation tools don’t create a secure installation
If you build your WordPress website with a one-click installation tool, your site is at serious risk of being hacked and infected with malware that runs SQL injection scripts that are used in phishing scams. This is a serious problem because even the best password can’t protect you – hackers don’t always need your password.
Hackers can exploit weaknesses in the installation itself, or through plugins that are either insecure or haven’t been updated in a long time. Additionally, WordPress passwords are simply salted MD5 hashes, which is incredibly easy to hack with certain programs. Someone doesn’t even need to be a hacker to use these programs.
Change your authentication keys and salts
If you used a one-click installation tool inside of cPanel to install WordPress, chances are, your installation doesn’t have any authentication keys or salts. Years ago, the one-click installation program called Fantastico defined these cryptographic elements in every new WordPress installation. They weren’t unique, but at least they existed.
Today, the standard one-click installation tool in cPanel leaves your installation without any authentication keys, and you don’t get a notice about it, either. These installation tools provide the instant gratification of having a functioning website in minutes at the expense of your site’s security.
While it’s best to have your WordPress website professionally installed, if you’re willing to do a little bit of work, you don’t need to. However, you do need to have a basic understanding of how to use FTP or access your files within your file manager. If you’re not used to editing code, it’s best to use the file manager so you don’t accidentally open it in a word processor.
To set your authentication keys, navigate to the directory where you installed WordPress. Find the file named “wp-config.php” and open it in your file manager, preferably using the “code” view. Scroll down a little and see if the file contains the 8 lines of code shown in the first screenshot of this CodeSeekah article. The first line defines “AUTH_KEY” and the last defines “NONCE_SALT.”
If these 8 lines of code are absent, you’ll need to generate this code from WordPress directly. Each time you refresh the page, new keys will be generated. Copy and paste the generated code into the wp-config.php file exactly in the place it appears in the screenshot on CodeSeekah and save your file. If your config file already has these lines of code, replace them with the new code.
Optimizing your WordPress website requires patience
Website optimization isn’t just about speed, it’s about user experience. Setting a foundation of security and speed is only the first step. Building a solid foundation makes it easier to deliver the intended experience to your visitors. Everyone experiences breakdowns, but with an optimized foundation, you won’t be constantly running around putting out fires that could have been prevented.