red line

Tips for building WordPress sites for speed, security, and reliability

Wordpress is the most popular publishing platform on the Internet. That makes it a target for hackers and novices but that doesn't make it an inferior platform. Be a WordPress pro by following these best practices.
Blog design

As a digital agency we build tons of websites every year. Technology fads come and go but a few key technology solutions remain relevant and an important part of web development and digital marketing. Wordpress is one of the solutions that has gotten better with age and has become our tool of choice for marketing focused websites, especially with some of the high powered add-ons like Elementor that are available.

WordPress, when paired with Elementor, allows Solid Digital to shift the time we used to spend on programming templates to increase the time spent on creative, strategy, and SEO performance

The tools that Solid Digital use are determined by the purpose of what we are building. If the purpose of project is leaning towards a web application, then we chose the right tool for that job, if the purpose is to communicate a brand, provide a compelling narrative and empower marketers, then we choose WordPress.

For every site we build using WordPress we ask ourselves the following questions:

  • Does the site provide functionality to empower marketers?
  • Is the site setup for performance?
  • Is the site secure?
  • Is the site easy to maintain and recover from a disaster?

Let’s dig into these concepts and discuss how we deal with digital marketing, speed, security and reliability.

Empowering Digital Marketers:

Websites should be built with a strong and targeted purpose. If the goal of the website it to build brand awareness and generate leads, then digital marketers need to have the tools to generate pages easily and effectively. We use a solution called Elementor for this, it a Page Builder solution that we believe shifts the balance of creating a site from web developers to content creators. There is much more information on the subject that we have written about in our blog post Why “Page Builder” is no longer a dirty word in 2019. A digital agency should ensure that your marketing team can do at least the following marketing activities:

Designing a Website for Speed:

Visitors coming to your site have a short attention span. They might tolerate bad performance if you are offering something they want or need badly but that will only last for so long. Most likely visitors will just move on and go somewhere else. You can help speed up your site by:

  • Perform a page speed analysis and make suggested changes. We use a plugin called Autoptimize to help us with making many of these changes. Remember you should focus on mobile devices as well as desktop devices for your page speed. A fast mobile speed is rewarded through increased SEO rankings.
  • Host your assets on a CDN (images, videos, etc). The amount of content you can host or cache on a CDN depends on the purpose of the site but if it’s a marketing website or doesn’t have user generated content, you could cache the entire site on a CDN. For caching, take a look at WP Super Cache
  • Optimize your videos and images.  Your overall page size is important when evaluating performance. You want to get to “first paint” as fast as possible and having optimized assets served up ensures that your visitors are not downloading more than they need to. For images we recommend a WordPress plugin call Smush to squeeze the most you can out of your images.

Planning for Security Reliability:

So now that your site looks great, empowers your marketing team and is screaming fast, we want to make sure it doesn’t get compromised and leave you up a creek without a paddle.

  • Create a backup strategy. For sites that Solid Digital hosts, we backup site files, databases and assets on daily basis using a plugin called Updraft Plus. Those backups are stored remotely on AWS S3. That allows us to recover safely and quickly.
  • Setup your file permissions with WordPress best practices
  • Monitor your file system for file changes. Our favorite security plugin is iThemes Security Pro
  • Setup Multi-factor authentication (also available in iThemes Security Pro)
  • Audit and reduce the number of plugins your site relies on.  You should only install reputable plugins with a strong community.
  • Get notified of plugin vulnerabilities. Plugins are the most common ways to get your website hacked. We subscribe to services that notifying us of hacked plugins it’s called WPScan Vulnerability Database

Remember, to always keep your plugins and WordPress installations up to date. These tips will help you get started but your site should be audited on a regular basis to ensure that you are protected as possible. 

Related resources