Why thinking about digital transformation is more important than ever in current circumstances
We’re working as usual during the current Covid-19 pandemic, offering on-demand digital services where you only pay for what you need, when you need it. Visit our services page or call us on 020 8747 3274 for more information.
With today’s users more impatient than ever and increasing digital competition, it’s vital to have a fast-loading WordPress website if you want to be successful. Read on, and we’ll explain how to check your site’s Google PageSpeed score and make seven simple but effective changes to boost WordPress speed.
what is Google PageSpeed?
Google PageSpeed is a set of free tools which evaluate how quickly your website loads. It also gives your website two speed scores of up to 100 – one for mobile and one for desktop.
You should aim for a score of 90 or above. A score under 50 is officially slow and needs urgent improvement. Luckily, we’ve got lots of recommendations to boost your WordPress site speed below.
You can check your website’s performance by going to the Google PageSpeed Insights page and simply typing in your URL. It’s worth checking your Google PageSpeed scores regularly and trying to improve them over time.
why is Google PageSpeed important?
Often WordPress beginners think that if their website loads rapidly for them, then it must be fast. However, because of caching, browser location and various other factors, your site often loads more quickly for you than for other users.
Having a quick WordPress website is vital in today’s fast-paced digital world. Users are generally extremely impatient and will exit sites that take too long to load. This means that If your site is slow, you could be losing a lot of website traffic.
Added to this, speed affects how users interact with and engage on your site. Ultimately, faster sites get more sales, sign-ups, donations and other conversions – so improving your site speed could improve your bottom line.
Finally, page speed is a search engine ranking factor. The more quickly your site loads, particularly on mobile, the higher up it will be displayed on search engine results pages.
In summary: faster site = more traffic + more engagement
7 ways to improve WordPress page speed
We now give our top tips to improve your Google PageSpeed score on WordPress…
1) Optimise your images
Oversized images are the most common cause of slow WordPress sites. The larger the picture files on your website, the longer your site takes to load.
Optimising your images is therefore a vital step to improve your website speed. Optimising involves resizing and compressing image files so that they can be retrieved and loaded more quickly.
Good image optimisation involves two stages. Firstly, make sure to edit your image before uploading it to your site.
To do this, you’ll need to decide where the image will be used and what size is needed. You can then use a tool such as Pixlr to crop and save the image in the smallest possible size. Sometimes even changing the file type can reduce size – for example, jpgs are usually smaller than png images.
Secondly, install an image optimisation plugin on your website – we recommend Smush (it’s what we use on the Pedalo site). This not only compresses images further after they are uploaded – thus boosting page speed – but also has various other image optimisation features, including lazy loading.
2) Enable caching
By enabling caching on your website, your site data can be stored locally in temporary storage spaces, called caches. This means that browsers can load your site files more easily and don’t have to re-download everything from your server every time your site is needed.
Caching thus makes your page loading speeds much faster, especially when people return to your site for a second or third time. It’s super-easy to enable on WordPress with a free plugin such as W3 Total Cache.
The easiest way to ensure fast mobile loading is with a responsive WordPress theme. This will ensure your site is adapted and displayed in the best possible way on smaller screens.
In addition, several plugins are great for optimising your WordPress site’s mobile speed. WebP Express converts your site images into super-fast webp versions which work on 80% of mobile browsers. Bear in mind, however, that this also requires adding image compression software on your server.
The WordPress AMP plugin is also recommended to boost mobile speed. It creates AMP versions of your webpages which load instantly on mobile and other devices.
4) Enable GZIP compression
With GZIP compression, your website files are transferred between your server and users’ browsers in lightweight compressed versions. This makes the process in which browsers retrieve and load your website much faster.
We recommend installing the WP-Optimize plugin, which has a GZIP compression option. This plugin will also be useful for our next point, when we come to minifying website files…
5) Minify CSS, HTML & JS files
If your Google PageSpeed score needs improving, minifying Cascading Style Sheet (CSS), HTML and JavaScript (JS) files will almost certainly be listed as a recommendation.
CSS, HTML and JS files are used to add comments to your website code, for example to clarify formatting or style. Minification sounds complicated but it simply means reducing the size of these files and deleting unnecessary code.
Doing this is hugely beneficial as it will enable your site to load more rapidly, whilst retaining the key information needed in order for your site to display correctly. You can minify your JS, HTML and CSS files on WordPress quickly and easily with the free WP-Optimize plugin.
6) Update plugins
Plugins may be reducing your site speed in various ways. Poorly-designed plugins, plugins with outdated software, or surplus/duplicate plugins can all contribute to slow website loading.
It’s worth remembering that it’s not the quantity of plugins that generally causes a speed problem. (That is, unless you have lots of plugins which do the same thing or are not used – in which case the surplus ones should be deleted.) In general, it’s the quality and usefulness of plugins that affect page speed.
It’s a good idea to run a Google PageSpeed test both before and after installing any plugin. This will show the impact of the plugin on your site’s speed, so you can make an informed decision about whether the plugin’s functionality is worth any site slowing.
You can also check how your site speed is affected by your current plugins by deactivating each one in turn in the ‘Plugins’ section of your WordPress website back-end, and then running a PageSpeed test.
You should also make sure to update plugins as and when new software becomes available. Updates are always highlighted on your WordPress dashboard – simply check regularly and click on any update messages to action them.
7) Clean-up your database
Finally, you can speed up your website with a good old spring clean!
The more you use your WordPress site, the more your database becomes clogged-up with old and unnecessary files that slow down your performance. Cleaning your database therefore speeds everything up by removing the items that aren’t needed.
You can keep your WordPress website database tidy by installing a plugin such as WP-Sweep or Advanced Database Cleaner. These will work automatically in the background to keep your database up-to-date and maximise page speed.
For more great tips and advice, check out our ultimate WordPress optimisation guide, which covers all aspects of how to maintain and improve your WordPress website.
In today’s digital world, security is of huge importance for website owners and visitors alike. If you have a WordPress site and want to perform well online, it’s vital to maximise site security as part of your digital strategy.
In this guide, we share our key tips for how to secure WordPress and ensure your site is protected against viruses, malware and hacking.
why secure WordPress
Hacked or infected sites can cause massive problems for businesses, both in terms of reputation and income.
Security breaches may cause losses of website and user information (including passwords), violations of data protection laws, and dramatically-diminished user trust. Some hacking can even result in your site spreading malware to users’ devices.
In addition, security is a key SEO ranking factor with Google prioritising secure websites in its search results. Google also blacklists more than 10,000 websites everyday because of malware and security concerns.
Whilst it’s impossible to have a perfectly secure website, there are plenty of things you can do to reduce security risks. Follow our advice below to protect your WordPress site against hacking and malware infection. If you need any further support, you can always get in touch with your WordPress agency.
secure WordPress hosting
In a nutshell, web hosting is the provision of storage/infrastructure for websites. Hosting providers have remote computers called servers which hold your website files and allow browsers to access and display them.
All good hosting providers will include security as part of their packages. This protects your website files against hacking and malware while they are being stored on the host’s server.
There are three main types of hosting packages, and the level of security varies with each.
Shared hosting is generally the most popular type of hosting and is ideal for small sites. This is where one large server is used for hosting several different sites. Shared hosting is usually the most affordable hosting option. But it’s the least secure, as hackers may use other sites on the same server to attack your website.
With virtual private server hosting, each website has its own designated storage space within the server, although it still shares the actual server with other websites. It’s a mid-point option between shared and dedicated hosting.
Dedicated server hosting is where your website has a whole server to itself. This is ideal for large sites and is the most secure option.
Whichever option you choose, a WordPress hosting provider with robust security will:
Clarify which security features are included with your hosting
Manage and maintain the server security and software
Provide reliable backups and/or file recovery processes
Be happy to discuss security concerns and answer questions
It’s worth checking what security measures your hosting provider has in place, and asking how they keep their servers patched and monitor security issues. If you’re uncertain of your hosting provider’s security credentials, consider changing supplier.
WordPress security plugins
Another key way to secure your WordPress website is with a security plugin. There are two great ones that we recommend – Wordfence and Sucuri.
Both plugins are free (with paid premium options). They both include website security hardening, a firewall to block malicious traffic, and a scanner that checks for malware.
Once installed, make sure to start with a full security scan of your website. How long the scan will take depends on the size of your website, your server speed and various other factors. If any suspicious code, malware or other potential security problems are found, make sure to follow the plugin’s instructions to fix the issues and secure your site.
It’s a good idea to keep an eye on the security section of your WordPress dashboard. Your plugin should perform regular scans and provide notifications to highlight any security problems.
updating WordPress
Automated bots are constantly active across the internet searching for software weaknesses. Any ‘holes’, for example in your WordPress core, plugins or themes, can be used to hack your site. In fact, the vast majority of WordPress sites that experience security breaches have outdated software.
That’s why it’s vital to install software updates – to patch any security vulnerabilities as they are discovered.
For small WordPress core releases, updates take place automatically by default. However, major WordPress version updates need to be made manually by going to ‘Updates’ in the back-end of your site, and clicking ‘Update Now’.
When updates are available, these will also be highlighted on your main WordPress dashboard. Always backup your site before installing, as major updates run the risk of breaking your site.
Plugins and themes should also be updated regularly. You’ll receive notification of any updates on your WordPress dashboard, and can again go to ‘Updates’ in the left hand menu to install the new software.
Alternatively, you can install the Automatic Plugin Updates plugin, which enables you to activate automatic updates for your plugins.
enabling HTTPS on WordPress
Hypertext Transfer Protocol Secure (HTTPS) is a secure method of website communication. Having an HTTPS website means that communications between your site and users’ browsers are secure and protected against hacking or other interference.
Having HTTPS is important for SEO with Google prioritising secure sites in its search results. It can also improve user trust as a padlock sign is displayed next to your URL, showing site visitors that you care about security.
Most recent WordPress sites are HTTPS by default, but if yours is still HTTP, then it’s a simple process to upgrade. To transfer your site to HTTPS, you need an SSL (Secure Sockets Layer) certificate, which you can get free from Let’s Encrypt.
You will then need to ask your hosting provider to install the certificate for your site. Finally, add a plugin such as Really Simple SSL to activate HTTPS.
user login security
Another vital way to protect your WordPress site is with secure user logins.
WordPress allows you to add different user types to your site, depending on how much editorial control you want each to have.
Administrators have the most capabilities to make site changes – including being able to add plugins, update code and change content. For this reason, if an Administrator profile is hacked, it’s of greatest security concern. To maximise security, the Administrator role should be for the website-owner and only one or two other essential users.
It’s also absolutely essential to use strong passwords. This applies across all users, but especially for Administrators. Strong passwords should:
Include a random combination of letters, numbers and special characters
Not include names or dictionary words
Not be too short – aim for at least 12 characters
Ideally be totally different for different logins
You can keep on top of your user login security by regularly changing passwords and updating user profiles/permissions in the ‘Users’ section of your WordPress dashboard.
backing-up on WordPress
Finally, and possibly most importantly, it’s vital to back up your WordPress site regularly.
By backing-up, you’re creating an identical copy of your site’s files and database. This can then be used to reinstate your website if you ever encounter a security problem.
The more regularly you backup, the less data you’ll lose if you need to revert to a backup version. For maximum security, make daily or weekly backups and keep multiple copies of each in different locations (such as on your computer, server, and hard drive).
This will ensure you can always get a recent version of your site online again quickly.
Exactly how to backup your site depends on your hosting type – so speak to your hosting provider first. They may include regular backups as part of their service.
Alternatively, you can ask your WordPress support agency to provide backups, or install a backup plugin, such as UpdraftPlus.
For more expert tips, read our ultimate WordPress optimisation guide, in which we explain everything you need to know about how to improve and maintain your WordPress website.
Recent Comments