Essential tips to secure your WordPress website

Once you own a WordPress site, then your next important task will be to make sure its security is unbreachable and uncompromised. You are not just protecting your own data, you also need to secure your customer’s data as well.

You just can’t mess around in this matter. Fortunately, there exists technology such as SSL (Secure Sockets Layer) and HTTPS (Hypertext Transfer Protocol Secure) that makes the task easier and simple. SSL and HTTPS make sure your browser’s data is fully protected when it transfers from one server to another.

But before moving on how to implement these securities to your WordPress site, you first need to know what is SSL and HTTPS?

What are SSL and HTTPS?

Whenever you make your engagement with any website, your data is been transferred from one server to another. But this doesn’t mean that your exchanged data are encrypted or protected by any security. Actually, it can be intercepted any time by anyone. 

Thus, SSL and HTTPS are evolved to protect the online data.

However, these two securities have their own distinct roles to play,

SSL: Basically it provides communication security over a network.

HTTPS: This is the advanced form of HTTP which actually provides security for a website and its server.

You must have both for any of your WordPress website. As quickly as you implement them on your website both your server and data transfers became fully protected.

Adding SSL and HTTPS to your WordPress site

Even these protocols are complex and hard to understand, but implementing them in your WordPress site are actually simple and easy. 

We will simply follow three basic steps to implement SSL and HTTPS in your site,

Select appropriate SSL certificate. 

Before moving ahead with any implementation process, first, you need to select the appropriate SSL certificate for your site. It generally takes your time with some research and involvements. Actually, there are so many available in the market but the most common are,

Domain Validation(DV): This certificate means that you are the owner of your domain.

Organization Validation(OV): This certificate means that your organization is legitimate and verify your domain with all security needed.

Extended Validation(EV): This is the most secure certificate where your customers must pass a vetting process in order to exchange data.

Choose the SSL certificate as per the level of security you need for your website. But keep in mind that higher level of security means higher cost in compared to others.That means the more sensitive data you want to protect the more cost it will take.

Creating Certificate Signing Request(CSR)

After choosing the SSL certificate, next, you need to do is validate your website, domain, and server with that certificate.

For this procedure, the steps vary as per the server you are using, but the most basic steps are,

  • Connect your server with SSH(Secure Shell).
  • After that, you need to run a console command.
  • Then, you must submit your website URL and business details.
  • At last, you will get a text which you need to copy and paste into your account’s SSL request area.

Even after you perform these steps and hosting provider you need to carry out some modifications and updates in your WordPress dashboard and then you are all ready to go. 

Tell WordPress to use SSL and HTTPS

Lastly, the final step would be to tell your WordPress that you are now using SSL and HTTPS for your website.

For that, you need to go to your WordPress dashboard. 

Then go to General settings,  

There you will see WordPress Address (URL) and Site Address (URL) with http://,

Replace that http with https://

(daicha yo tala ko image xai tapai ko afno site bata nikalnu hai)

After that, save the changes and you are all set to go.

But, if you are thinking about implementing SSL on one of your existing websites, then you have to make some alteration in your .htaccess file. While carrying out this task make sure you make a backup of your WordPress core files in case something goes wrong.

Once you are done with backing up your core file, go to your FTP and find .htaccess and add the following code there,

RewriteEngine On

RewriteCond %{SERVER_PORT} 80

RewriteRule ^(.*)$ https://www.yoursite.com/$1 [R,L] 

In above code, I have written www.yoursite.com, please make sure you replace that text with your original WordPress site URL and save the changes. After this, do verify from your side by going to your website and checking all http:// are changed into https:// or not.

Nothing is important than security when it comes to any website. It should always be the top priority and make sure you do it instantly once your site is set up. 

Anyway, the steps are not that difficult and are you still need a more easy way to do it then there are so many plugins in WordPress community. But make sure you choose the best and effective one.

5 simple steps to speed up a WordPress website

Website speed matters the most when it comes to competing with competitors for traffic and google ranking. 

According to Google, 53% of mobile users abandon the site that takes over 3 seconds to load. Globally the use of the internet is increasing more and more, the average internet connection speed is also increasing. But this is causing internet surfers to become less and less tolerant day by day of low-speed load time.

So to retain the traffic and get good ranking in google for your WordPress site, let’s discuss the 7 simple steps which you can apply to speed it up quickly and effectively.

Select a Best Hosting Provider

It may be the simple step you may think of but it really plays a vital role in improving your WordPress website speed. So, do your research before choosing any cheap hosting companies with WordPress minimum requirements.

So, before moving on to any type of hosting, you need to understand the requirements of your website and its performance. Does it require shared or dedicated hosting as these hostings have their own difference in pricing and performance level?

Shared Hosting

It is quite cheap in comparison to dedicated hosting as your website is supported and served by the server used by multiple other websites. With cheap service rate and price comes the limitations on storage, bandwidth, and performance of your website. Performance of your website is mostly affected by other websites as you will be sharing your website server with them. Shared hosting is preferred to websites with a low amount of traffic and user interactions.

Dedicated Hosting

In dedicated hosting, your sole website is hosted on the server. You will not share any kind of server resources with others. The only limitation you will get here is the limitation of the server itself.

It is expensive and highly recommended to the website with traffic and dynamic contents

Remove unnecessary plugins

First of all, search all plugins from your directories and remove the unused and unnecessary ones. It’s the easiest way you can think of to improve your site’s speed.

Once you are done with it then, then it’s time to review the plugins that are working. Look at the areas where your plugin needs optimization such as ineffective, repetitive and idle database queries and codes. For example, you can use WordPress’s own caching functions like get_option(), update_option() instead of using the SQL queries to make your site more faster. 

Theme selection and Optimization

Once you are done with your plugins, now take a look at selecting a suitable theme for your WordPress website and then optimizing it. Be wise and don’t select themes that take more time to load server and more time to load database queries.

After theme selection comes the optimization phase,

Image File Optimization

Don’t pollute your site with unnecessary images which are used nowhere, it will only add more load time. I know people prefer images rather than texts but whenever you find places where you can replace your images with text, just do it. And for the images which are used on your WordPress site, make sure they are all optimized in sizes and appropriate image formats(JPG/PNG/GIF) as the content requires.

You can use plugins such as Smush.it and WP Smush.it to make your task easier.

File Size Optimization

You need to optimize all of your site’s necessary file size to lowest to make it load faster. So, think of the questions like ways to reduce your number file required to display avg. pages of your site? Combining and minifying common CSS file and JavaScript files.

Plugins such as Head Cleaner and WP Minify can be used for this task.

Caching

Caching is a quick and simple fix to increase your site’s speed. With caching plugins available, you will be able to cache your WordPress websites post and pages as static files. The benefit of caching static files is that when they are served to users, they will be stored in your user’s browser and when they come back the loading time will be lesser compared to the time they load from the original server. In short, it saves page/post loading time.

But as the posts/pages of your site are difficult and dynamic, caching gets more complex.

Database Optimization

While creating a WordPress site, it unwantedly adds up an unnecessary information that automatically inflates the size of your database. These data may be trash items, post revisions, spam contents, deactivated plugins and much more which cause your site to process low and steady.

So to remove this problem, you need to schedule a time to delete your trash after 2 days or just simply disable the post revision steps.

For the manual step of clearing out your trash after 2 days, simply add the code below in your wp-config.php file

    define(‘EMPTY_TRASH_DAYS’,7);

And to limit the post revisions, simply add the code below in your wp-config.php file

    define(‘WP_POST_REVISIONS’,3);

For completely disabling post revisions simple set the value of above code to ‘o’ or ‘false’.

Use CDN(Content Delivery Network)

A CDN is a gathering of arranged servers situated far and wide. These servers store your site records and will convey them to your visitors. 

For example, in the event that somebody in Ireland visits your site, rather than it being conveyed from your server in America, they get the substance from the nearest server to them in that system (geologically). 

Another preferred standpoint of utilizing CDN is that it can surrender you to half decrease in transmission capacity use. Setting up a CDN can take you a couple of minutes yet it can hugely affect your WordPress site speed if executed correctly.

Wrapping it up…

If you ever feel your WordPress site speed and load time is slow, then immediately measure your site’s speed in Google PageSpeed Insight tool and find out about the situation. This tool will not only give you the clear view of performance but also the areas you need to work on to improve your site’s speed.

Follow the above steps accordingly and in the meantime, you will have a WordPress website which will load faster and within 3 seconds of time frame.