The year’s almost up; the time for family and festivities is upon us. Rather than making a New Year’s resolution to learn to play the guitar or eat your weight in ice cream (you should totally do both of those things), how about you resolve to get your WordPress website ready for the new year by keeping it updated, optimized, and audited?
We often forget about our websites as life starts to get busier, especially if we don’t need to update our websites with any regularity. This time of year, more importantly for eCommerce website owners, site traffic will increase, and there are a few things we can do to potentially help your users our, as well as help, protect yourself.
I like to keep things clean and running smoothly with SOAP: secure, optimize, assess accessibility concerns, and prioritize updates. So, let’s get started.
Security, especially around the holidays, is essential. Even the smallest website could potentially put your users at risk if not adequately audited, configured, or updated. You don’t need a computer science degree to keep your website secure; you need to make sure you’re looking at a few key points.
Make sure your hosting provider has your back. Companies like WP Engine often release information about their ongoing security efforts to let you know that you’re covered. Hacks are happening all the time and often without your knowledge. It’s important to know that the hosting platform you choose is just as dedicated to staying safe online as you are. If they’re not, it might be time to find someone new.
Add a secure sockets layer (SSL) certificate to your site. It used to be that the only sites that handled sensitive data like names or credit card numbers required additional security in the form of an SSL certificate. Now, companies like Google and Mozilla, to “secure the internet,” are requiring SSL certificate on every website. Sooner or later, your website visitors (and customers) may not even be able to see your website without first seeing this:
You can imagine how much that will affect your website traffic. Plus, an SSL certificate is an extra layer of security at little to no cost. Check out options like Let’s Encrypt before paying the big bucks to your hosting provider.
There are a myriad of other ways to keep your WordPress and non-WordPress website up-to-date and secure, but the aforementioned items are more than enough to secure most websites and protect yourself and others into the New Year.
Optimization is a funny industry buzzword. I get the impression that the word “optimization” gets thrown around as the goal of any website without really understanding what optimization means or what limitations revolve around a truly optimized website. Not every website needs to be optimized to the fullest. The more site traffic or interaction you have, the more beneficial it is for you to make some optimizations, but you won’t know until you take a look at your site traffic to figure out who’s visiting, which pages they’re visiting, for how long, and on which devices.
There are a few easy ways to optimize a WordPress website. For example, keeping in mind that some hosts already handle a good number of these for you, Flywheel and WP Engine both handle server-side caching and have options for a CDN to serve up media. You can learn more about some of those optimizations by reading Best Practices for WordPress Website Image Optimization.
- Utilizing a CDN to serve up images and media will help speed up your website by using cached images rather than needing to download them each time the page loads, which is especially important if your users are typically on slower networks or utilizing mobile devices.
- Utilizing a caching plugin like W3 Total Cache or WP Super Cache are good options for automatic handling site caching on Apache websites. Nginx websites may need a bit more manual configuration.
- If your theme has changed or you’ve made updates in the past six months, you may want to rebuild all of your thumbnails to make sure that you’re using an image meant for space rather than an extra large image in an area that renders a small image. Regenerate Thumbnails is an excellent option for doing this efficiently without needing to access your server directly.
Assess Accessibility Concerns
Accessibility refers to two things: a user’s ability to access your WordPress Admin and the ability for website visitors with special considerations to access your website. Both items should be addressed to help you in the new year.
For access to the WordPress Admin, update and audit your Users. People come, and people go, but we often forget to remove old users who can leave your site open to unexpected access. Removing unused users and keeping passwords secure and changing them frequently will help optimize your site, not for performance, but for organization and security’s sake.
Bonus tip: stop using one login for all of your users. You’ll thank me later.
For visitor accessibility (WCAG 2.1, for example), you may need to do more comprehensive updates. If your site is trafficked highly, primarily if your website sells a product, you may be dismissing users with any disability because they are unable to navigate your website with the keyboard or by sound with the help of text to speech technologies. Picking a theme that meets WCAG standards is a great place to start.
Keep in mind that not all eCommerce and WordPress plugins are created equal. WooCommerce places much importance on their plugin’s accessibility; so it might be worth switching if you don’t already use it.
If you’re curious, you can use an online service like WAVE Web Accessibility Tool (also a browser plugin) to audit your website’s accessibility status. You might be surprised.
Keeping your WordPress website up-to-date is probably the most important thing you can do to keep your website optimized and secure. This includes your platform, plugins, and add-ons. Auditing them and removing unused ones is crucial, but it’s also important that the ones that remain on your site are updated.
- WordPress Core: Unless you’ve switched the option off, updates can occur automatically. Along with new features and performance improvements, these updates address potential security vulnerabilities as they’re found and go a long way to securing your data.
- Plugins: Keeping plugins up-to-date offer the same benefits as keeping the Core updated, in most cases, but I recommend that you make sure that the plugins are confirmed compatible with your current version of WordPress, are updated fairly regularly, actively installed, and rated highly. The little things make a big difference.
I get asked a lot about plugins that go through a development change or are no longer supported with the current version of WordPress, but yet the website owner is reliant on a specific feature that the older version of the plugin provides, causing them to not update the plugin or the WordPress core and continue to operate their website on an old version of WordPress. In other words, they simply refuse to update anything.
To them, I say this: it’s time to update! You’re out of SOAP!
You risk security vulnerabilities, are probably causing optimization issues, and ignoring accessibility considerations. Plus, because you’re out-of-date, living in the past, and not taking advantage of the newest technologies the internet has to offer, you and your website visitors (aka your customers) are missing out on all the things meant to make your life and the lives of your users better. Think about that.
To the Future!
So, let’s see if we can’t get your website updated, secured, and optimized. I appreciate it and bet your users will, as well. If you’re one of those that have just been sitting on an old version of WordPress to preserve functionality, why not reach out and see how we can help you bring that up-to-date?