Tips Tuesday – DIY SEO, Hosting Tests, Speed Tests, Get a WAF

Hello Happy Site Owners and Webmasters!

Tips this week include:

• The speed tests are complete
• Reminder: the next DIY SEO live workshop is this Thursday
• A reminder to manually update to WordPress 4.9.4
• The best order to do your site updates and why
• WordPress.com has a new President and what that means for Automattic’s future
• Why you don’t need to worry about Gutenberg
• What’s in the 2018 hosting benchmark’s just released
• How the huge drop in the Google crawl budget will affect you
• Predictions from Cloudflare about what’s in store for sites in 2018
• Why you must get a Web Application Firewall now

Listen to the Podcast

Podcast: Play in new window | Download

Subscribe: RSS

Join me Live to Discuss Tips Tuesday

I hope you’ll join me live tonight around 8pm ish ET for the party and an interactive Tips Tuesday recap and breaking news discussion on the BlogAid Facebook Page. You can also catch the quick recap later that evening on the BlogAid YouTube Channel.

BlogAid Happenings

Speed Tests are Complete

Woohoo!!!!!!!!! I’m celebrating!!!!

I’ve been running deep speed tests for 1.5 months and I’m finally finished!!

This week I’m collecting all of my notes and collating them into tutorials for my Webmaster Training peeps. They’ve been following along with all of the documentation the entire time.

It’s about 400 pages worth of case study, and required 12-15 tests per server type and plugin.

But, I’ve also made a nice spreadsheet with all the data for easier comparison. It just doesn’t tell the whole story, hence me shaping up these notes.

My test sites included elements common to all sites, like Genesis with a child theme, and a sidebar full of image widgets and an optin and social follow icons, and a post with lots of images and social share buttons, it’s still about half as heavy as posts on my client sites.

So, speeding those test sites up is one thing. Doing it on a production site with a zillion plugins that could be affected is a whole other ballgame.

Live Production Site Speed Testing Underway

This week, I’ll be applying what I’ve learned to a staging site of BlogAid.

After that, I’ll be applying the speed treatments to a selection of my site audit clients who volunteered for the tests.

I’ve identified 3 specific site types that I want to work on, as they will have very different needs and restrictions, and I have volunteers for each type.

So, I’m not far away from being able to document the types of tweaks needed for each type of site, and with their particular host type.

Keep in mind that these are far more aggressive speed settings than what I have been offering site audit clients because they really needed to get the bare basics going first.

These speed elements carry the risk of breaking things on the site and/or require more specific tweaking on a per-site basis.

So, that’s why I need to do more testing on these 3 live production site types before I release tutorials for my webmasters.

And then I’ll start releasing my post series on all things speed for everyone.

DIY SEO Workshop this Thursday

Quick reminder to members of the DIY SEO course.

Our next live workshop will be this Thursday, the 22nd at 1pm ET / 10am PT.

You can find the Zoom meeting info on your member dashboard page.

And, look for the replay of a livestream I did in our Facebook group of how to find your most important pages.

This time we’ll be covering your on-page SEO. So, you’ll want to get jumping on that with your most important pages right away.

Plus, in the Workshop list, you’ll find a new link to a running checklist I started for us in the Content Audit section, for those of you taking that side challenge.

For those of you not already in the course, you can still catch up with us and get a proper, and thorough SEO foundation laid on your site.

We’ve got a Jump start Challenge to get you up to speed with your Google Connections and Yoast SEO settings, and then replays of the live Workshops on Technical SEO and Global SEO and Page Titles, plus all of our live bonus sessions.

That’s all the news from around here. Let’s jump into this week’s tips.

WordPress Tips

Update to WordPress 4.9.4

If you haven’t done so already, be sure that you manually update to WordPress 4.9.4.

The 4.9.3 update broke the auto-update feature for minor release versions, like these .3 and .4 releases.

So, you have to manually do this one, then you’ll be back to auto updates for the minor ones again.

Best Update Order

This past week, I’ve seen at least 5 posts in different groups for the proper order to update things.

And every one of the answers has been different, with a wide variety of opinions as to why.

Here’s the order I use that makes the most sense to me, and seems to have worked best over all the years that I’ve used it, with the least breaks or issues.

1. Take a full backup that you know how to restore.
2. When there is a WordPress update, do it first, as theme and plugin updates are generally dependent on the changes in WP core files.
3. Clear all cache, including local plugin and Cloudflare. Open an incognito/private window and check your site carefully, as a visitor would see it, meaning not logged in.
4. Update Genesis, if needed, or your theme, if you’re not using a child theme.
5. Clear the cache and check your site again.
6. Take another full backup.
7. Update plugins in small batches.
8. Clear the cache and check your site again.
9. Take another full backup.

I also have the WP Rollback plugin installed so that if a plugin update goes haywire, I can roll it back to a previous version.

That’s also why you want to do plugins in small batches, so you’ll know which one went whack.

Okay, all that said, I know most of you won’t be doing all those steps.

So here’s the quick and dirty.

1. Take a full backup.
2. Update WP and your theme.
3. Clear cache everywhere and check your site.
4. Update the plugins in batches, check the site in between.
5. Clear the cache.
6. Take a full backup.

Checking your site in between a WP update and doing the plugins also gives the plugins time to realize that the new WP version is active. Some of them won’t give you an update notice if their changes are dependent on changes in the WP core.

Another line of thought is to update your plugins and then WP, and then update any plugins again, if needed. That way you know all of your plugins are okay before you make another major change.

So, do what makes the best sense to you.

Just get that backup first no matter what!

WordPress.com has a New President

Kinsey Wilson has taken the new President position at Automattic, the parent company of WP.com.

His expertise is in the digital change departments of USA Today, NPR, and The New York Times. He was doing that job when WordPress was just getting started, so he definitely knows what it takes to bring companies through massive changes in the digital and online realm.

He’s basically taking over that visionary position so that Matt Mullenweg can focus more narrowly on being the lead dev on Gutenberg. I don’t see him leaving that post for at least another year, maybe longer. He’ll be driving the release up to 5.0, which is when Gutenberg will roll into the core. But I’m betting he sticks around to help guide where this thing is going afterward too.

Why You Don’t Need to Worry About Gutenberg

If you haven’t been following me for long, you may not have heard my Gutenberg predictions.

We will be upgrading WP to 5.0 when it comes out.

But we won’t be using the Gutenberg text editor.

Instead, we’ll be using the Classic Text Editor plugin, which is already available, or TinyMCE Advanced, which will also be compatible with the Classic Text Editor.

And we’ll just keep going like nothing happened.

My prediction is that it will be around 2019 before we see themes that are fully Gutenberg compliant. And we won’t be entertaining the idea of mixing and matching until at least then.

Personally, I think it will be at least mid 2019, or into 2020, before we see Gutenberg themes that have the kind of functionality needed to replace our current themes.

Who knows, this thing may go a lot faster once Gutenberg is in the core.

But we’re talking about a major shift for plugin developers and theme designers, and that’s just going to take time.

In other words, don’t worry about it. You’ve got bigger fish to fry right in front of you, like speed and SEO.

Hosting Tips

Hosting Benchmarks 2018

I look forward to Kevin Ohashi’s hosting benchmark test results every year.

In fact, his testing criteria helped me learn how to do the kind of tests that are at the core of my performance checks in site audits.

In the shared hosting category, SiteGround (aff link) was near perfect again this year.

And A2 Hosting (aff link) had marked improvement from last year.

Jump over to his post and see the other top winners. It’s broken down by monthly price of the plan rather than hosting package type. So be sure to click on the right one.

Where You Host Matters, Like Crazy

Be sure to scan through the last couple of Tips Tuesdays for more info on why the hosting company, and the server type, matter so much to your site success.

It’s not just about speed, either.

SEO Tips

Google Drops Crawl Limits for Fetch

As all of my HTTPS conversion clients know, one of the last things we do after the conversion is submit the new XML sitemap to Google Search Console.

And then we do a Fetch as Google to expedite crawling the new links.

Well, sorry if you haven’t done that already because Google has officially announced that they’ve dropped the crawl budget of what they will assign to your site when you do a request.

The old crawl budget was 500 in a 30 day period for individual links. That has now dramatically dropped to only 10 a day.

And then for recrawl and follow internal links, you could do 10 within a 30 day period. And now that has dropped to 2 a day.

So, Google will eventually recrawl your whole site, it’s just going to take a whole lot longer now.

Security Tips

2018 Predictions from Cloudflare

This post may be a little too techie for site owners, and even many of my webmasters, but definitely worth a scan by both.

They start off with how accurate they were on their 2017 predictions, and they were pretty darn close. So, even more reason to pay attention to what they are saying is on the way for this year.

The two items I want to highlight for you are:

• Continued rise in mobile use
• The new attack vectors

Mobile Use

Cloudflare predicted that mobile use would rise to 60% of all internet traffic in 2017.

While it did go over 50%, it didn’t quite make it to 60%, but they predict it will in 2018.

Many of you are already seeing 80% mobile traffic.

My recent speed tests show that when folks are on either Fast 3G or 4G networks, your site load time is 4-8 times longer.

Think about that!!!!

Not everyone is on speedy wi-fi when visiting your site.

You need to get super serious about speed!!

That’s precisely why I’ve spent the last 1.5 months doing deep speed tests.

We HAVE to go beyond the safest settings and make the kind of changes that make a real difference.

If the desktop version of your site loads in 5 seconds, that’s a minimum of 20 seconds on mobile and could be as much as 40 seconds. Your abandonment rate is going to be through the roof.

New Attack Vectors

You may recall about this time last year there was a major hack at BlogVault, which is a cloud backup service. Every site that didn’t have a Web Application Firewall (WAF) got hacked too.

I already knew I needed to upgrade to the Pro version of Cloudflare so I could get on that WAF, but the day I helped one of my clients clean up from that BlogVault hack, I immediately put $20/mo into my biz budget and got myself the extra protection.

And I’ve slept peacefully ever since.

The new attack vector is going after mother companies.

It’s tougher, but if they can break into that, then they get millions of sites.

And if they can use something like that to put a back door on your site, then they can use your hosting resources to hack other sites, or send their emails, or whatever.

And you’ll never even know they are there.

Around that same time last year, you may recall Equifax getting hacked.

While everyone was worried about credit card info being stolen, all I could think about was the 17.5 million active email addresses they got.

They could care less about the credit cards, that’s traceable.

But, selling good email addresses on the black market is gold. Those hackers are set for life.

Every Plugin and Site Service is an Open Door to Your Site

Keep this in mind about hackers hitting mother companies.

Every single plugin and outside site service you use has full, open door access to your site.

Think of a WAF like the bouncer at the club door.

It’s knows that thing is usually allowed in, but it’s going to check what is being carried under its coat.

Most of my site audit clients are on the Cloudflare Pro plan.

I strongly suggest you get on it too.

There are settings in the WAF section, and if you need help with them, we can do that in a 15 minute live session.

It’s all way, way cheaper than cleaning up a hacked site!!!!!!!!!

Wrap Up

That’s a wrap for this week’s Tips Tuesday.

Show some love!!

Share this post with all your blogger buddies to support all the free info and help you get on BlogAid

Get the BlogAid Tips Tuesday Podcast on iTunes or Stitcher

Subscribe to all BlogAid Posts via email so you never miss anything!

Be sure to visit BlogAid.net for more tips and resources and I’ll see you online.