How to Optimize and Speed Up Your WordPress Blog

Did you know that site speed is one of the most important factors in determining your conversion rate? A study done by KISSmetrics analytics determined that if your website has not loaded within 4 seconds, you are already losing one in four of your potential converting visitors. In fact, you not only lose visitors by having a slow loading website, but you also sacrifice your search engine rankings as Google and most other search engines use page speed as a ranking factor.

Page Speed vs. Bounce Rate

Firstly, before you even get started on optimizing your website, you should check out your current page speed and then decide whether or not you need to optimize. It’s helpful to compare your page speed to your competitors to determine whether or not speeding up your website would ultimately be worth it to increase rankings or visitor retention.

Tips to Speed Up WordPress

  1. Remove unnecessary plugins
  2. Many people use the thousands of available WordPress plugins to dress up their websites and add extended functionality. What most people don’t realize however is that extensive plugin usage only degrades your site’s performance and thus it is important to only utilize plugins that are absolutely necessary for your website. When deciding on which plugins to keep and which ones to delete, just ask yourself whether that plugin is ultimately benefiting your conversion rate; if its not, then deactivate/delete it.

    There are several plugins that make calls to external websites which can drastically slow down your site’s performance — try to avoid these plugins as much as possible and remove all other unnecessary plugins as well. This does not mean that the usage of any plugin is bad for your website; it just goes to say that using a ton of useless plugins that don’t really benefit you in anyway or contribute to your goals should be removed to help improve page speed.

  3. Use a WordPress cache plugin
  4. Caching is the process of storing any static parts of your website so that they only need to load once instead of on every single page load. Since most WordPress sites are mostly static, using a cache plugin can help drastically improve performance. When it comes to picking a cache plugin for WordPress, you have the option to choose between:

    • W3 Total cache
    • W3 Total Cache is meant for more advanced users due to its extensive number of available options but is also good for the beginner who wants to employ its basic functionality. There are plenty of guides available online to help you use the plugin to optimize your website; be careful however as incorrect settings can actually break your website.

    • WP Super Cache
    • WP Super Cache is an easy to use plugin that can be setup within a few seconds after installation. Simply install the plugin and turn caching on — or modify more advanced settings if you feel comfortable.

      WP Super Cache Settings

  5. Use a Content Delivery Network (CDN)
  6. Content delivery networks use server nodes nearest to the location of your visitor to serve your website — ultimately making your site load much faster. CloudFlare is an extremely well performing CDN that is available absolutely free of charge with any of WireNine’s hosting plans and can be activated from within cPanel. If you are not hosted with WireNine, you can also manually sign up to CloudFlare on their website and follow their simple step-by-step instructions to set up your website on a CDN.

  7. Optimize your WordPress database
  8. When you write new posts and save them as drafts or uninstall plugins, all that data is saved within your database. Having a large database can drastically slow down your website, especially if you are on a shared web hosting plan. Fortunately, there’s a plugin to help you optimize your database; use WP-DBManager to optimize & repair your WordPress database.

  9. Compress images on your website
  10. Images are usually the slowest loading aspect of any website (depending on image size), and if your website is jam packed full of images it only makes sense that your website will load slowly. Fortunately, there are a few steps you can take to optimize your images and make them load faster — however, you should first remove any images that are not necessary for your blog.

    Sometimes however, when your whole website is based around images (such as galleries), all you can do to increase your page speed is to optimize your images; use the tips below to speed up your image load time:

    • Use the best image format
    • Two of the best image formats to use online are JPEG and PNG. JPEG images will usually lose quality upon size reduction (compression) whereas PNG is considered a lossless compression format but can’t be reduced to the same degree as JPEG images.

      Image Compression Formats

      The image quality is dependent on the format; sometimes you may be able to produce a JPEG duplicate of a PNG image that is actually smaller in size and vice-versa. If you’re ever in doubt, just save your image in both formats and compare them side by side for quality loss.

    • Use WP to decrease image size
    • The WP plugin uses Yahoo’s service to reduce image size without compromising quality — and it can reduce the size anywhere from 5% to 50%.

    • Use Lazy Load for your images
    • The lazy load plugin essentially loads only the images visible in the user’s browser window (above the fold) and will load the remaining images on the page as the user scrolls down. This is especially helpful for websites that have galleries embedded within their posts as WordPress will not load all images at once but only a few at a time (using jQuery) to improve your visitor’s experience and the page load time as well.

    • Use image sprites instead of regular images
    • Image sprites are only intended to be used by advanced users as they require complex CSS modifications to function correctly. Sprites essentially allow you to display multiple images on your website from a single image by defining co-ordinates on an imaginary axis of your single image. This can drastically improve page speed as your website will now be loading a single image rather than multiple separate images.

If you follow the above tips, you can drastically speed up your WordPress installation and not only improve your overall conversion rate, but even your search engine rankings which will consequently bring in more traffic to your website. Keep in mind that you want to host your website with a reliable hosting provider to ensure your host is not affecting your page speed — a lot of low quality hosting companies will pack their servers full of customers severely degrading the shared hosting experience.

If you have any questions or suggestions, share them by commenting below!

WordPress Security Tips to Protect Your Website

WordPress Security

As WordPress is one of the largest and most popular blog platforms in the world, it makes sense that hackers would try to infiltrate its security to gain access to millions of unsecured websites on the web. We frequently see complaints all over the web regarding WordPress security vulnerabilities and webmasters requesting help regarding their hacked WordPress installations. Usually, once a hacker has infiltrated a WordPress installation, they will either delete all files causing you to lose your website or use PHP modules to send out massive spam — which will get your hosting account suspended no matter where you host your website(s).

It is important to keep personal backups of your account and to take all necessary precautions to ensure that your WordPress installation is secure and invulnerable to hackers. For this reason, we have compiled a few WordPress security tips for you below which should help make your site immune to any hackers.

Keep your WordPress Installation Up to Date

WordPress updates their platform quite frequently to not only make improvements, but also patch any security vulnerabilities that could be exploited. That is why it is extremely important that you keep your installation up to date with the latest release.

If you’ve installed WordPress using WireNine’s automated installer Softaculous, you can easily upgrade your installation by logging into your cPanel. If you’ve installed it on your own, you can upgrade from the WordPress dashboard automatically, or do a manual upgrade by overwriting your old files with newly downloaded ones from their website. For more information, check out the WordPress codex.

Set a custom username and password

The default username for any WordPress installation is admin and all hackers are well aware of that fact. When installing WordPress, make sure to choose a uncommon username — in most cases, using your name or initials will be fine.

If you are using Softaculous to install WordPress, check the screenshot below (click to enlarge) to see where to set your username.

Softaculous WordPress

As important as the username is, it is equally if not more important to have a complex password — choose a password with a mixture of letters, numbers and even symbols if you prefer. If you’re worried about losing your password, you can use a password manager such as LastPass to store all your logins; and WordPress does have a “Forgot Password” function which you can also use to reset your password in case you ever lose it.

Ensure your file permissions are set to 755 or lower where necessary

If you are an intermediate or even advanced user of WordPress, you may sometimes need to modify file permissions to make file edits from the back-end or in some cases, to allow a plugin to function. As most individuals forget to reset their file permissions afterwards, their files are usually left readable / writable for hackers who can use the file as a doorway to into the users account.

Make sure you set appropriate permissions for your files / directories (755 or lower) — always reset to the WordPress default permissions after making edits to any file.

Regularly backup your websites / databases

Although WireNine does create daily backups for all accounts on our servers, it is always recommended that clients also make their own backups from within cPanel in case their site data is ever compromised. Maintaining daily backups will help ensure that you can immediately restore your website in case of an emergency. To create a full or partial backup of your account, simply navigate to cPanel, click on “backup wizard” and choose which elements of your account you would like to backup (refer to the picture below).

cPanel Backup

Keep all plugins and theme files up to date (free and premium)

Since WordPress has such a vast amount of available themes and plugins (both free and premium), its important to make sure that you only select plugins and themes from trustworthy sources. Most premium theme and plugin purchases will include free lifetime updates to patch any security holes — but free plugins and themes are sometimes not updated for long periods of time. This not only causes the themes / plugins to break with new WordPress updates, but also leaves tons of security vulnerabilities for hackers to exploit.

It is important to use the latest WordPress compatible version of each plugin / theme to ensure there are no security risks to your website. Fortunately, WordPress’ free plugin repository has plugin and theme ratings which can help you decide which plugins would be the best and most secure for your blog / website. If you wish to invest in a premium theme or plugin, make sure the seller is a verified source before you make any purchases.

Use a WordPress Security Plugin

WordPress security plugins are not always necessary if you follow all the security tips listed above; however they do help make your installation more secure. If you are worried about any hack attempts on your blog, its always better to be safe than sorry and install one of the following highly recommended security plugins:

Bulletproof Security

Bulletproof security was created to mainly protect your website through your .htaccess file which hackers commonly use to gain access to an account. With the bulletproof security plugin, you can protect your WordPress website against against XSS, RFI, CRLF, CSRF, Base64, Code Injection and SQL injection hacking attempts.

WordPress Bulletproof Security

Better WP Security

This plugin has a host of features that help secure your website — mainly by hiding and securing any locations of your website that are most vulnerable to an attack (such as the login page or admin panel). The plugin also creates a daily backup of your WordPress databases so in case you do somehow get exploited by persistent hackers, you can easily restore your website.

General Security Tips

  • Do not share your login. If you have hired a webmaster to manage your website, make them a separate account with the necessary permissions. It is not advised to share your username / password with anyone you don’t fully trust.
  • Enable Cloudflare. CloudFlare is a content delivery network (CDN) that improves the performance of your website but also offers a security scanning feature that comes in handy at times. CloudFlare is included absolutely FREE of charge with any shared, reseller or VPS hosting plans at WireNine and can be easily enabled from within cPanel.
  • Regularly change passwords. It’s important to change your password every once in a while to maintain security — you can use a password manager such as LastPass to make this easier

While the WordPress security tips listed above will help you secure your website, they do not guarantee that your website will be 100% immune to hackers. They do however drastically decrease the chances of your WordPress installation being hacked or tampered with in any manner. Remember, it’s important to maintain regular backups of your website / database so you always have a recoverable copy laying around in case of an emergency.

If you have any questions, don’t hesitate to ask by commenting below.

Google Introduces Link Disavow Tool to Combat Negative SEO

We’ve been hearing rumors for quite some time about Google working on a project to help combat negative SEO — and now, they’ve finally released the disavow tool to allow webmasters to take control of their backlink profiles. Since the most recent algorithmic updates by the search engine giant, a lot of webmasters and SEO specialists have been struggling to rank their websites in organic search results. Google’s Panda and Penguin update revolutionized search engine results by targeting and removing low quality websites from their index (or at the very least demoting SE rankings); these updates were made possible by the knowledge graph.

Although Google succeeded at removing low quality websites from search engine rankings, not everyone saw the Panda or Penguin update as a step in the right direction. Many marketers and SEO specialists criticized Google for these updates mainly due to the fact that their websites were affected — however, Google’s mission is to provide the most relevant search results to their users; they don’t cater to webmasters using spammy link building techniques to artificially rank their websites. Google believed (and does to this day) that their Panda and Penguin updates ultimately enhanced their search results and continued updates will only help to provide a better user experience.

Unfortunately, with these Google updates also came the idea of negative SEO — a tactic used by people to manipulate and lower the search engine rankings of their competitors. Anyone could point thousands of spammy links to a website and drastically drop their rankings and in some cases even get them de-indexed from the search engine altogether. The internet community was convinced that Google did not take into account negative SEO when developing their algorithm, especially for non-authority websites as many authentic webmasters fell prey to negative SEO.

SEO Disavow Links

With the announcement of the new disavow tool, SEO specialists are rejoicing at the fact that they can “disavow” their spammy backlinks — while others are claiming that the tool is useless and that Google should automatically disavow any links they believe to be spammy. In either case, webmasters now have complete control over their backlink profiles from within Webmaster Tools — making negative SEO harder but not impossible.

So, what does the disavow tool do actually? Well, it doesn’t actually “delete” the links that you submit but it does set them to nofollow so they have no direct impact on your SE rankings. In fact, Matt Cutts of Google recommends that you should try and manually remove as many links as possible before submitting any of your low quality links to the disavow tool. The tool was officially made available in WMT on October 16, so there are no reports yet as to how it performs (or if it even works). We will be doing a follow-up post in a few weeks regarding the effectiveness of the tool.

To learn more about the disavow tool, check out Official Google Webmaster Central Blog or watch the video by Google engineer Matt Cutts below. Comment below to share your opinion on the disavow tool.

Roundcube webmail gets a new look

If you are a user that uses webmail rather an email client of your own (Roundcube to be more exact), you may have noticed that the leading software just got a new look that’s supposed to greatly improve user experience.

I won’t get into too much detail about the new look but I recommend if you haven’t already, check it out from within your control panel. For anyone wondering how to access webmail from their browser, you can check out the help article: Where do I check my webmail?

[fancygallery id=’Roundcube’]

WireNine introduces unlimited shared hosting plans with redesign

After much deliberation, WireNine has finally decided to start providing unlimited web hosting in order stay competitive in the hosting industry. It’s important for people to understand what unlimited actually means as most companies in the web hosting industry advertise an unlimited amount of disk space and bandwidth but fail to meet the expectations of their clients. Unfortunately, consumers need to understand that true unlimited web hosting does not exist. Although most unlimited web hosts will not cap your disk space or bandwidth usage, they will suspend your account once they start to see a high CPU usage. This is the true limitation of unlimited as you will start to exceed memory and CPU usage limits far before you surpass any arbitrary disk space or bandwidth limits.

WireNine has access to tons of disk space and bandwidth from its data center to ensure that customers will never have to worry about their usage. However, as with any unlimited shared hosting plan, you are hosted on a server with hundreds of other customers thus sharing memory and CPU resources. Therefore, in order to maintain the quality of service WireNine is accustomed to providing, we have to ensure that we don’t let 1 or 2 individuals ruin the shared hosting experience for hundreds of other clients.

It’s only natural that people want the most value for their money and thus would rather invest into a cheap unlimited hosting plan over one that has capped disk space and bandwidth. The fact of the matter is, the majority of those individuals will barely utilize any disk space or bandwidth while still abiding by the terms of service of the company they are hosted with. Unless you are using your account for file sharing purposes (which is strictly prohibited, see terms of service), or own a high traffic website, you should be able to manage with the most basic unlimited hosting plan WireNine has to offer.

There are a few clients who will attempt to host their high traffic website on low level shared hosting plans and then blame the company for providing slow or unstable service. With that being said, WireNine does offer a semi-dedicated plan for those individuals requiring extensive CPU resources. It’s understandable that a high traffic website would perform poorly on a shared server with hundreds of other clients — so ultimately, it is beneficial for the consumer to upgrade his/her hosting plan to provide the best possible experience to their site visitors.

Additionally, with the new site launch, WireNine has also introduced VPS hosting — but more to come on that later. I do want to point out however that our VPS hardware is top of the line and we use 15,000K RPM SAS Enterprise Drives instead of SATA II drives like most other providers. This helps ensure the fastest possible VPS experience for all our customers.

P.S. We’d love to hear your opinions on our new site redesign. What do you think? Leave your comments below.