Nothing about site ownership is set it and forget it. My recommendations have changed considerably throughout 2015. With site audits, I’ve helped a lot of clients recover from following bad tech advice from gurus with groupies too. Here’s a quick checklist of what’s changed and my top recommendations to ensure your site is secure and performing at peak for the new year.
I relied on BackupBuddy as my primary backup service for years. But it has been terribly unstable for all of 2015.
And hosts have lowered their resource ceilings so much that I can’t even get it to run on some shared hosting.
I’ve switched all of my sites, and those of my VIP site management clients, to VaultPress.
We’re all on the VaultPress Lite plan, which is only $5/mo or $55/year. That’s some super cheap peace of mind.
I still use BackupBuddy on a few smaller sites. And I still use it for site migration and such.
Whatever backup solution you use, check it against this list:
- You are 100% positive you know how to restore your site from the backup.
- You are 100% positive that the backup contains all the files from your site.
- The frequency of your backups matches the frequency of changes on your site (maybe you blog more or less than you used to now)
- Your backup files are stored off your hosting.
SEO has undergone radical changes in 2015. Google has moved the cheese several times, and more moves are on the way.
The biggest change is the accumulated effect of semantic search improvements. Google’s algorithm is getting smarter by the day. What makes for authority on topic and a good web page for both Google and readers is getting to be the same thing, finally.
That’s crazy important!
You need to ensure that your site and your content are on top of these changes.
- Check your SEO plugin. If you have the Yoast SEO plugin installed, but don’t have it fully configured, it may be doing more SEO harm than good. See my post on the Top Misconfigured Plugin that Kills Your Site. And if all you use is the on-page analysis tool, you’re way behind, like by two years! See my post Why Green Dot SEO Fails for more. You can also take my SEO Course that has 13 video tutorials on the Yoast SEO plugin, plus on-page SEO, and way more.
- Check your theme for HTML5 compatibility. Schema markup has been supported in WordPress for at least two years now. But, your theme has to support it too. See my series of posts on the MicroData and Genesis series. Even if you don’t use the Genesis framework, you’ll still want to read Part 2 on how to check your theme.
- Write for Authority on Topic. This IS the new SEO and it’s what you should strive for now.
- Refresh and revamp your content. Make all of your posts work better for you. See my Blabs with David Kutcher and Mike Allton on Extending Your Content Life Cycle. And then see my Blab with Mark Traphagen about Dates on Posts and SEO.
Thankfully, in 2015 we did not see as many hosts get completely overwhelmed with DDoS attacks as we did in the previous two years.
That’s for three reasons.
First, most reputable hosts have invested in DDoS mitigation services.
Second, they have taken proactive steps to shore up security on sites where the owners have done nothing to secure the sites themselves. This one is a bit of a problem, and I’ll touch on it more in the Hosting section.
Third, attack vectors have changed. And you need to keep up with securing your site because of it.
- Keep your site updated, including WordPress, plugins, and themes. This is the #1 way hackers break into your site
- Use a super strong password for your login, and rotate it at least once a year. Ensure it is at least 12 characters and full of special characters, capital letters, and numbers, in that order of priority. Here’s my favorite password generator. Services like LastPass are a super option.
- Delete all extra Users that don’t actually need access to your site and/or rotate their passwords to super strong ones. Don’t leave this for them to do. YOU create the password and send it to them.
- Protect your login from a brute force attack with a plugin like Login Lockdown (or check the security plugin you may already be using to see if it has that feature.
- Decrease bad/spam bot hits on your site by using a CDN like CloudFare and plugins like GM Block Bots.
- Create a robots.txt file to keep bots out of sensitive areas. See this quick MaAnna Minute video for more. (Google may not like some of the directives. But Google is not the only one sending bots to crawl your site. The directives I show in the video will pass Google’s test.)
- Install security directives in your .htaccess file. Again, this is to restrict access sensitive areas of your site.
- Turn off XML-RPC all the way. See this post for ways to do that.
- Get your email off your hosting. Security is just one reason you need to do this.
- Don’t rely on a big security plugin alone. It is giving you a false sense of security. And if you don’t configure it properly, it is a big resource hog too. And, it may even introduce its own security issues, including the very ones that it is supposed to be protecting your site from.
There are a LOT of factors that play into how well your site performs. And, there may a few performance hog plugins that you HAVE to use, like recipes or such. So, it’s crazy important that you find and fix all other performance hindering elements on your site.
There are a few common performance issues I see in site audits all the time that can easily be fixed.
- Test a typical blog post using a free, online performance tester. (If you’re a content marketer, most folks come to your blog instead of your home page.) My favorite is WebPage Test but non-geeks may prefer GTMetrix. FYI, Pingdom is the least accurate and Google PageSpeed Insight is okay, but it really doesn’t do a good job of pinpointing the exact causes of the issues.
- Optimize your images. Do this PRIOR to uploading them to your site. Plugins just don’t cut it. You get the biggest performance bang for your buck with this step. See this image optimization post from Mary Iannotti for more.
- Get bulk image optimization service. Once you learn how to properly optimize your images, get your old ones compressed too. It’s no brainer cheap to outsource, compared to you trying to do it. (And yes, I know folks who can do this for you.)
- Reduce resource hog plugins. You can use the P3 plugin to check, but it will give you false positives, like on the Yoast SEO plugin. The best way is to use the online testers mentioned above.
- Reduce the number of ads. These are, by far, the worst performance offenders. They can slow down page load speed from 6 seconds to 40 seconds. No kidding! Every one of my clients who reduced the number of ads they ran are actually making more money. Listen to them tell their site audit stories.
- Clean your database. You can use a plugin like WP-Optimize to do this, but it just can’t get too aggressive with the cleaning. No plugin can. And you don’t want them to. The plugin will definitely help, but a manual clean will get everything, including orphaned tables left behind by deleted plugins. FYI, your files are probably clogged up with orphans from deleted plugins that did not come out cleanly too.
- Stop revision buildup. Every time you create/edit a post or page, multiple revisions are auto saved. Those can really pile up in your database. The Revision Control plugin is my fave way to keep them from piling up. (You’ll need to configure how many revisions to save before overwrite. Find it in Settings.)
- Get on a CDN like CloudFlare. A Content Delivery Network mirrors your site in multiple locations so that the files can be delivered from a source closer to the viewer than your host may be. CloudFlare also offers minification and other speed enhancements that work! And it’s the only free CDN that offers a modicum of bad bot protection too.
- Consider local caching. You can do this via a plugin like W3TC. All such plugins are host environment specific. And, the more complex they may seem to configure, the better they work.
- Get a better host. Performance starts with the host. If you’re on a slow one, all of the steps above are just trying to make up the difference and you’re not getting as much speed as you could elsewhere.
So much about your site rides on your hosting. Shared hosting is the worst of it.
I understand all about budgets.
But think of it this way.
You’ve gone to considerable time and expense to build a great looking site.
And you’re housing it in the ghetto. And I don’t mean a typical big city ghetto. I mean third-world country ghetto with tin-roof lean to shacks and questionable electric lines running all over.
Maybe the inside of your shack looks great. But think about what danger you’re site is in because of the ‘hood where it resides.
That’s what shared hosting is like.
Or think about living in an apartment. You may have 15 security locks on your door. But if the folks beside you start a fire, then those locks do you no good.
- Test your site using one of the free performance checkers listed above. Look at the Waterfall. The very first line is a super indicator of how fast or slow your hosting is.
- Check your resource usage regularly. Hosts that have cPanel make this easy to do. You may be shocked to discover how often your site has been limited due to resource overages. Limited means that your site was not available for view for a period of time.
- Get an uptime monitor. My favorite is Uptime Robot. They have a free version that will ping your site every 5 minutes. FYI, Pingdom gives a LOT of false positives. And, pinging your site any more frequently on shared hosting may drive up resource usage.
- Check your account. Several hosts have become proactive about securing sites. That sounds good, until you see what they are doing. Some have radically lowered resource usage ceilings to force site owners, who are letting bots and plugins run wild, to upgrade to pricier packages. They are also installing “must use” or “mu” plugins that the site owner cannot see and without the site owner’s knowledge or consent. These are just three of the situations I regularly encounter with BlueHost. There are plenty of others.
Stop Following Bad Advice
One of the reasons I find so many common issues during site audits is because so many folks follow the same bad advice from non-tech gurus.
Many times those gurus have affiliate links on their sites for what they recommend. And they never test to see if it’s the best solution. Instead, they hide behind the “I’ve never had trouble with it” excuse.
I have a standing invitation to do a Gold level site audit for free for any guru who does this. The catch is, they have to make the results public in an interview with me, just as several of my site audit clients have done.
- Read my post The Worst Website Advice You’ll Ever Get for more details on the worst hosts and plugins that I see recommended by these gurus.
Put a set of qualified eyes on your site, including the files and database, and bunches of other stuff you can’t see from inside WordPress. That’s where most of the problems are.
See my Recommended Plugins List for the top plugins I won’t do a site without.
Read or listen to Tips Tuesday for my weekly roundup of site success tips and news.
Watch the WPblab show every Wednesday and get your site questions answered directly and see interviews with top industry pros.
Subscribe to BlogAid News and all blog posts so you never miss anything. And, get my free, 48 page ebook, What Every Site Owner Should Know.
Feel free to Contact Me directly for more help too. That’s what I’m here for!!!