Online! EP11 How to Make your WordPress Website Faster and more Secure

Online! EP11 How to Make your WordPress Website Faster and more Secure

This Podcast is available at your favorite Podcast/Streaming network including Spotify, Google Podcasts and iTunes.

Episode 11 – Christmas 2020 and new Year holiday special. – In this episode, we focus on doing a full tune-up for your WordPress website (much like the oil change and engine tune-up you do for your car)

Links Mentioned in this Episode:

  1. The Full Site Tuneup PDF Download: http://bit.ly/speedupmywp
  2. Professional Website Care Plans: https://bit.ly/wordpressoilchange
  3. Professional WordPress website optimization service: https://bit.ly/SpeedMySite
  4. Step by step tutorial – how to speed up WordPress 2020 using Litespeed and make your website load faster https://youtu.be/uxlAHvG2EpE
  5. How to select the best & most suitable hosting plan for your WordPress/Divi website http://bit.ly/ultimatehostingguide
▬ Episode Contents  ▬▬▬▬▬▬▬▬▬▬

0:00 Intro
02:02 The need for WordPress Maintenance
03:05 Getting rid of website bloat
03:40 Do you need to hire a professional?
04:15 How building a website is like building a house – Foundation, Frame, and Interior Design
05:37 How to update & upgrade your website’s foundation
07:28 The first step towards speeding up your WordPress
09:39 What PHP extensions do you need to select (in your hosting Cpanel)
10:28 WordPress speedup tweak number 2
12:04 Hosting on a Litespeed server
19:35 First step towards securing WordPress
21:31 Speeding up WordPress’s front-end
22:51 Checking your Site’s Health in the WordPress Dashboard
25:58 Improving your website’s security
26:20 How to get help with your website tuneup
35:54 The WordPress “Oil Change” service

▬ End of Contents ▬▬▬▬▬▬▬▬▬▬

 

– Need help with your website? Book a free consultation here: https://meetings.hubspot.com/amr6

Transcription

SUMMARY KEYWORDS

wordpress, plugins, website, lightspeed, called, themes, php, delete, divi, hosting, user, log, faster, admin, posts, step, running, check, premium plugin, username

SPEAKERS

announcer, Amr The Internet Guy

announcer  

online with amor, the internet guy streaming today on your favorite podcast platforms. This podcast focuses on entrepreneurs and business owners helping them become more successful and conducting their business on the web

 

Amr The Internet Guy  

without being stuck with technology. Hey guys, and welcome to another episode of the podcast. First, let me say Merry Christmas, Happy Holiday Season everyone. Happy New Year. And hopefully 2021 is way better than 2020. So today, I’m not interviewing anyone, I’m just talking about how to conduct a full website tune up, making it faster and more secure. And specifically, I’m talking about WordPress. So the stuff that I’m going to be telling you about today, you, once you get it done, like once you implement it on your website, your website will be a lot safer, more secure. And we’ll be working a lot faster. Think of it, think of it like the car maintenance, you know, every six months or a number of kilometers or miles, you go to the mechanic or the garriage, or wherever, whatever you call it, like you go to get your oil changed and your oil filter, change. And sometimes even go and do a full service like, you know, the expensive one. I think it’s once every two years or once a year or whatever, depending on your car. And all this is actually designed to keep your car running at its optimum level, so that the car doesn’t break down on you somewhere or, you know, doesn’t lose a lot of its value as well. Because in general, anything that you have running over time, the value decreases, you get a little bit of depreciation. But if it’s well maintained, it doesn’t depreciate as much as something that wasn’t well maintained. Well guess what, your website is also the same, it needs to be maintained, especially if you have plugins. And you know, over the time, some of these plugins have, sometimes I’m not saying all of the plugins, but some of the plugins over the time, have security issues or develop security issues. So the maker of the plugin would issue an update. And then you have to go and implement or do that update on the website. Now, things would be so much easier if you just had one theme, and one plugin. Reality is, we do all use one theme because you can’t have more than one active theme. But you may have installed some other themes in order to choose the one that you’re working with right now. And then even those themes that are inactive, do need to be updated. And in most cases, it’s way better to actually delete the themes and the plugins that you’re not using. And we will actually get to it today during this conversation. So we’ve established that your website needs active or proactive maintenance, much like your car. And the best thing is to have a professional doing it for you. So if you’re a web developer or web designer yourself, and you’ve done that before, of course, you wouldn’t need a third party. But if you’re a business owner, who is looking after their own website, that specific part has more hosting and back end work, then what you used to do on WordPress. And of course, during this conversation Also, I’m going to tell you why it’s not a good idea to leave everything on auto update. So before we start, I also wanted to give you another analogy, not just the car maintenance one. But the website in general the website analogy, I always say that a website is like building a website is like building a house, you’ve got three things that you have to get three. You’ve got three things that you have to look at. The first one is the foundation. The second one is the frame. The third one is your interior. So like for a house, its foundation frame interior, for a website is the same thing. The foundation is the hosting the technology that you’re using, right. So if you’re using WordPress, of course your technology is PHP. So if your hosting environment, the server that is actually housing, your website, and the PHP As the technology that’s your foundation, then the frame or the framework would be WordPress. So the framework that you’re using is WordPress. And then the last thing is your interior, which in a website will become your design, the look and feel of your website. So these are the three things. So when we talk about a website tune up or website maintenance, we’re going to touch on all the three areas of this. So let’s get in. The first thing that you want to look at is your foundation, your PHP. So right now, as we speak, PHP, the latest version of PHP is 7.4 point something, hopefully, it’s going to be 7.5 sometime soon. And many of you would be still running PHP version 7.3 or earlier. So if you’re still running PHP, version 7.3, or anything earlier, even five point something that’s not good, you have an outdated version that’s no longer supported. And specifically, anything below seven, you may have a security issue. So you do need to update your PHP to 7.4, or whatever the latest PHP is now, at the time when you’re listening for this podcast. And to do that, you need to log into your hosting dashboard, or control panel c panel and go to Select PHP, you’ll if you’re using C panel, it is called select PHP, and it’s got like a blue icon over there. And then you click on it, and you go and you select the latest PHP version. While you’re there. Another thing that has to do with the foundation, you’ve got PHP extensions, in there. So if you’re in that specific area of cPanel, select PHP. Once you’ve selected 7.4 point something, which is the latest that you’ll see on that list, and you click OK. let it do its thing, it takes a few seconds, then go back and look at the tab right next to the selection. There’s a tab that has a lot of the other options, scroll down, go to memory, and then make sure that you’re giving PHP as much memory, as you can see in this area. So you go and you go for memory. And whatever you can see in there, in most cases, for shared hosting, you see either 512 megabytes, or 256, or one Giga. If you have one gig, that will be great. Select one Giga if the only thing that you can see is 512. That’s also good. WordPress doesn’t need more than this to run properly. The more the better. Of course, like if you if it, it runs well on 256. But if you give it 512, it will be faster if you give it one gig, it will be faster. And especially if you use Divi and the front end builder needs a little bit more memory. So the more you give it, the better it is. And this is the area where you can also have your upload size. Do you remember when you were trying to upload a new theme or a new plug in and you couldn’t, because there’s a limit on it. This is the area where you control that limit. So while you’re there, this is where you can select your upload limit. And your post limit. The post limit is not a big deal like I you know, posts are not normally that big unless you put the video in a post. And the video is also hosted on WordPress, which is something that I will never recommend. You should always be hosting your videos on a video hosting network, and hopefully not on YouTube. So you’ve got Vimeo, Wistia and some other players out there. That where you can host your videos you don’t you will need to host your videos on the WordPress itself, because it’s going to make it so big and it’s going to make it slow. So we’re in the PHP, you’ve got your next tab that has your PHP extensions, memory and so on. And then you’ve got the tab where you have selected your PHP version. And if you scroll down on that specific page, you also have some PHP extensions. So this is some functionality, some added functionality that is added there to your PHP technology, or it’s a programming language. And these extensions are essential for your WordPress to run smoothly. Some of them would be selected by default, you don’t need to change anything. So if you scroll down, look for one extension called imagick. If it’s not selected, it should be selected by default. But it’s not. If it’s not click that to make sure it’s selected. You don’t need to do anything. Once you click the checkbox, the setting is saved automatically for you. So look for this one, there’s another extension called zip. Also look for that one. If it’s not checked, check it. And there are two extensions, or three extensions that are very important that will help you run your website faster or make your website run faster. One is called mem cached. So look for it usually is not selected by default, you have to go and check that box. The next one is called Redis, R e di s Redis. Check that one as well. And then if you see op cache, op cache, right, it’s op CA, CH a, go and click that one. And you’re done. So if you have zip, Redis, memcached, op, cached and imagick selected. That’s all what you need in there. Once you’ve done that part, you’re good to go with the foundation, part of your website tuneup. So we said we have the foundation. And then we have the framework. And we have the design part or the front end part. So this covers the foundation. Let’s move on to our part, the other part of the checklist, which is your back end. So first thing after you’ve just updated everything on your hosting part, you do need to actually look in your hosting account in your cPanel and check if your hosting server is lightspeed or not. If it’s lightspeed, That’s way better. So if you’re using a lightspeed server on your hosting, it’s way better than any other web server because it’s a little bit faster. If you do, you need to go and check the settings of the lightspeed. So you will be in your C panel area and you’re looking for something called lightspeed. If you see it, click, and then just make sure that it’s enabled, that’s all you need to do there. Nothing else. If you don’t, it’s not a big deal. Other web servers are working, I mean, your current hosting, and your current websites are working now, right. So there’s no need to change anything or do anything drastic there. But if you do, just make sure it’s if you find it there, just make sure it’s enabled. The reason for that is that instead of using a premium plugin, to cache and minify and make your optimize your page loading speed. And as you know, premium plugins are a little expensive, they’re not very expensive, but you still have to pay somewhere around maybe $100 to purchase a premium plugin. But if you have a lightspeed server, you can use lightspeed free plugin, and it works magnificently. With the lightspeed server, it still works on any other types of any other type of servers. And it would still make your website a little bit faster. But it’s way better. If on the back end, you also have a lightspeed web server. So by the way, let me remind everybody that I’m gonna, I have all this already written in a nicely PDF downloadable document. So I’m going to post the link for you to download that document and follow this step by step guide. I’m going to post the link below in the podcast and the video description. So you don’t have to worry. If you’re just listening to me and you don’t see what I’m talking about. You don’t have to worry about it. You can download this as a PDF document and follow it step by step. Let me actually share my screen for those of you who are following this on YouTube. You could see what I’m talking about. So here we go. So there’s the document I’m talking about. It’s a step by step checklist. And I started our conversation today with the foundation. But the document is done the other way around. It goes to the front end first. And then it goes to the back end. Last, but it doesn’t matter which order you follow. When I wrote the document, I did it the other way, I did the front end first and then the back end last. And the only reason I’ve done it like this and document is that the front end part is the part that you can access from your WordPress login. So many business owners who have websites don’t use the back end or the hosting dashboard or cPanel. Don’t even go there. And they do everything from WordPress. So for them, they could get the front end checklist done from WordPress, and then the back end part, they can give it to their web designer or web developer to do. But if you want to do both, and you follow the instructions in this document, point by point you wouldn’t need especially for this June up, you may need a professional to do your proactive meant maintenance month to month. But if you’re just doing a one time tune up, it’s perfectly fine to do it yourself if you’re not scared to play around a little bit in your hosting background in your hosting dashboard. So this is the back end checklist. We’ve done that we’ve upgraded the PHP with chosen our PHP extensions. We’ve done everything. Now, while I’m already logged into my back end, and the hosting, go to the file that there’s a file menu there that you click and then it shows you all the folders and the files so click on the File menu and then go to your default directory where WordPress is installed. Usually it’s called public HTML or ht docs. It depends on which hosting you’re using. It’s either going to be public HTML or HD docs and when you click on that folder, how you know that this is the folder where WordPress is installed. Inside you’ll see the other famous WordPress folder folders like the WP admin and so on. So while you’re there, you need to go to your WordPress so yeah guys I was talking about the WordPress default folders. And once you go to your web servers default folder How would you know that this is the folder where WordPress is installed is by looking there you will find WP admin WP includes and WP content. So this tells you that this is where your WordPress installation is. What you need to do is to go to WP content, click on it, then click on themes. Now usually, you’d see three or four or more themes in there, you know which one you’re using. In most cases if you for example, if you’re using Divi as your main theme from Elegant Themes, then this will be the one that’s active on your website. And again, if you want to check log into your WordPress go to themes and check which one is active. So if you go WordPress, click on that menu, click on appearance, and then you go on and check your themes. It will tell you what active theme you have and then it will show you some of the other themes that you have there that are not active. So in the back end where you are where you’re looking inside WP content themes. You know that you’ve got your active theme, for example as Divi and then you’ll see some of the other default themes that come with WordPress, like 2020 2019 2017 2016, whatever they’re usually numbered, or named. After a year, I think it was the year of their release as a theme. Delete all the other directories leaving only one so you need you always need the backup theme in case your active theme. misbehaves. Right. So if I’m using Divi, I would like to keep 2021 because the latest version of WordPress now, version 5.6 has a theme called 2021. So two directories or two folders there I will not touch Divi or Elegant Themes folder, as well as 2021 everything else I can delete 2017 2016 whatever. So do that. You can do the same thing with your plugins. So in there in WP content, there is a directory called themes. And then there’s another one called plugins. This is where all your plugins are. If you have some other plugins that are inactive, and you know that you’ll never use them again, you don’t need them. For example, I don’t use contact form seven, because I like to use something else, like I use Divi forms. And then if things get too complicated, and I can build the form that I want to build, from Divi, directly, I would use Gravity Forms. But I don’t use contact form seven. So if if there’s a directory there, that’s called contact form seven, I will delete it because I’m not going to use that right, it will be a plugin that I don’t, that I don’t need. If you’re scared to do this, get a professional, get your web developer to do it for you. Right, you can leave it alone, but then it will, to a certain extent, I mean, the inactive plugins, they don’t load when you load your page, so they’re not slowing down your website. But if they are there, and they’re not updated, they might have a risk involved. And you don’t want your WordPress installation. to just keep growing. With the stuff that you’re not using. It doesn’t make sense, just get rid of it. It makes things cleaner better. And it makes WordPress run faster for you. And if you’re gonna back it up, because you always need to have a daily backup in case something happens to your website. So if you’re going to back it up, the size of this backup is not going to be humongous, because you don’t have 40 plugins that you are not using. Right. So that’s the thing. Let me go back to sharing my screen with you. Okay, so here, we’ve done this, the back end with deleted all the themes that we are not using. We can delete the old cache file. That’s a little bit technical. So if you’re not a web designer or developer, just forget about this step is not a big deal. Okay, I spoke already about the lightspeed, the lightspeed caching on the back end if you have a lightspeed server. So now that we’ve done that, we are ready to install the lightspeed caching plugin. So we are ready to move to the front end part to your interior design part of the house. So he’s just login to WordPress, you can log out of your hosting right now and then just log into WordPress. And go to your regular WordPress dashboard. go to plugins, add new search for light speed, I think I might have spelled it wrong. Or maybe the auto correction kicked in, because the spelling of the plugin is Li T is lightspeed is not light as in the lights. But anyway, it’s lightspeed. And then I have a full tutorial for you taking you step by step on how to install it, and how to configure it in order to make your website faster. Once you’ve installed it, if you followed and again, the link to the tutorial will be posted in the description of the podcast. So once you’ve installed it and followed the steps to configure it correctly, you need to test your site. And then you will see that your site is actually working way faster. So now was the second part that you need to look at. So generally, in order to do a proper tune up, okay, so from your WordPress back end, if you scroll down here, tools, and then you see it’s a site health. This gives you like a snapshot of your WordPress sites health. And then as you can see, I’ve got zero critical issues, which means this is the most important part of it, where the critical issues maybe these are the things that you need to fix as soon as you can. The the other stuff is recommendations to make things better and to make WordPress run faster. And as you can see, I’m giving you the exact example that you may see on your own back end of on your own WordPress dashboard. You see, for example, the inactive themes here, I may have a few of them, like two of them that I need to delete, and maybe some inactive plugins. And then as you can see here, it’s saying, This site is running an older version of PHP 7.3. point five have already covered that a little while ago in this conversation. And we need to upgrade this to the latest one. And then it may tell you if there’s a module missing, like imagick, the one that we’ve actually covered, and that’s it. But in general, again, if you’re scared to touch these back end things, call your web designer or web developer and let them do it for you. It’s important, you wouldn’t believe guys how better how much better your website will be running. And you will thank me for this. And yeah, before you start playing around, it may be a good idea to run tests on your website, like the before and after thorough thing. So you could go and you could actually, Gt metrics.com, let it run a test before you touch anything. And then when you’re done, you can do another test at the end. Okay, now, improving security. Two things you could do. One of them is pretty technical. So again, if you’re, if you’re not a web designer, or developer, you can skip that part, which is changing the WordPress salts. I’m not going to go into it now because it’s too techie. And I don’t want to confuse people. So if you don’t know what I’m talking about, just skip that part. The next thing is, you need a proper security plugin configured, I would recommend wordfence because the free version of wordfence plugin is more than enough for a good website. So you don’t need anything else. You just need wordfence. And please make sure that you don’t have two or three or more security plugins installed and active at the same time, you only need wordfence. So you just go to your WordPress dashboard, plugins, add the new one. Look for word fence, w o rd. FE NCAA, the security plugin added there, and it should be fine. That’s it. Now, another thing while you’re there in your WordPress dashboard, go to the settings and then ensure that your website is not open for registrations. So unless this is an e commerce website, where you want customers to create accounts and login, or it’s a membership website where you have active members, unless you have these two scenarios, you don’t need registrations to be open. Why would you want users to create account accounts on your website, if it’s a regular website that only you has access as a user to the WordPress dashboard, you don’t need anybody else to have access to the dashboard. So you need to make sure that registrations are not open to the public, then this is a very important one, it’s a very common one, make sure that your admin user is not called admin. So make sure that the username that you excuse me, the username that you use there to log in as the admin of the website is not called admin or administrator. This is a big security issue, if that’s what you have. Luckily, it’s so easy to fix it. You can’t rename a WordPress username from WordPress, there is a way to do it. But we’re not going to do that. So if your login username is admin, or administrator, all what you need to do is to create another admin account. So go there users, new user, make sure you’re actually selecting administration or admin rights. You know, that below there once you enter the user name and the user password and the user email down there, you can select what role you’re giving this user. So give this new user an admin role. Note, the password and the user name of course, and and you use a name is not going to be admin right? Like you’re not going to be doing that. And also make sure that your new admin username, the one you’re creating right now is not. guessable is not easily guessable. So, if my website for example, is Ammar, saline calm, my username should not be Mr. Slim, or amor, because it’s easily guessable. So I could say something else, like I don’t know, the Grinch, or something like that, choose something else as a username. Okay? Save, then log out, log in, again, using the new administrator user that you just created now. And then delete the admin user that is called admin. While you’re doing it, WordPress will ask you, what am I going to do with the posts and the pages that were created? With that all the username, the one that was called admin, you can say, a tribute, all these postings and all these pages to the current user, which is the new user, you’re logged in. Again, I’m not trying to confuse you guys. So let me just say this again, step by step. If you’ve discovered that your user name to your own WordPress website is called admin or administrator, you need to delete that, because you cannot delete it. While you’re while you’re logged in. With that same user, you will need to create a new user and give it an administrator role. Once you’ve done that, you log out, you log in as your new user with a new username and password you just created. You go to users, and you delete the user that is called admin. When you say delete, WordPress is going to automatically ask you what to do with the pages on the posts that were attributed to that user that you are deleting user say, link them to the new user, the one you’re logged in with right now, that’s it. Be careful, this step is very important. Because if you delete the old user, without that attribution of posts and pages, your posts and pages will be deleted, then your website will be in a problem. So this is an important one, please do that. Okay, once you’ve done that, the last step that you want to do is to delete any unused plugins that are inactive and not needed. I’ve already covered this in the first five minutes of this conversation. But here since you’re logged into WordPress itself, you could delete the plugin. So there there is no way to delete a WordPress theme from WordPress. But there is a way to delete the WordPress plugin from WordPress, you just go to plugins, you select the ones that you don’t want, and you delete them. Please, please make sure you’re only deleting inactive plugins that you will not activate in the future, you know that you don’t need them. Or you probably don’t know what they’re there for the just left there, you’ve never used them before. Chances are that you won’t use them. So they’re safe to be deleted. That’s it. The famous example, as I said earlier, there are many websites that have more than one form, login. So if you have Gravity Forms, you don’t need contact form seven, you don’t need simple forms or easy forms or, or whatever. So if you see so many forms, plugins, there, delete the ones that are not active. It’s as simple as that. And then that’s it. Once you’ve done that, you’re all good. One last thing before you leave before you log out and you go test that your WordPress is running way better. Now. You need to go to the settings permalinks leave them as they are just click and save. That’s it you’re just refreshing your permalinks. That’s all you need to do there, log out and redo your test. And hopefully, your WordPress site is running way faster than it was running before. So at the end of it. If you think that the steps that I’ve discussed with you here are too techie, too confusing. You need help, contact your web developer web designer. If you need one, or if you don’t have one. I’ll be happy to help you can contact me. I have my contacts below in the description. I do have maintenance, a monthly and an annual maintenance plan that you could outsource the whole thing to me and I’ll do it for you. And I also do have a one off tune up or a one off speed optimization. If you want to do it a one off, you don’t want it to be proactively done on a monthly and weekly basis for you. And that’s also available as a one off product. But I have to say even if you do the one off after a few months, WordPress is gonna become sluggish or a little bit sluggish. Again, that’s normal because of your posts and whatever. So you may need to do it maybe every six months, pretty much like your car so you could either have a one off every period of time or you could have the maintenance plan that covers you for the whole year. And you know there’s no contract you can start the one you like and and that one you like, it’s totally up to you at the end of it guys. I wish you all the best for a happy new year and I wish you all the best for your business and for maintaining your WordPress websites healthy, secure and fast. See you on the next episode. Bye

Other Resources

Pin It on Pinterest

Share This