Keeping your WordPress powered site running smoothly is easy if you follow a few simple steps. We have clients that run WordPress powered sites ranging from personal blogs to sites that receive millions of page views a month. By supporting these clients, we have found a few tips to maintain site performance while reducing the likelihood of a security exploit.
Update WordPress (WP) when new releases are made available. Your site does not have to be a target. Automated tools scan for older WP installations. If they find yours outdated, the scanners will attempt to break into your site automatically. If successful, the scripts often install phishing, spamming or other hacker related tools. Most of the successful WP hacks we see are due to outdated installations. You can stay atop WP updates by subscribing to their RSS feed or email notification list.
Keeping your plugins updated is just as important as your main WP installation. Keeping up with these updates is more difficult but, if you blog regularly, WP will tell you when updates are available. Also review these updates to see if they are security fixes. WP plugins and themes can be exploited just like the main application. Secunia has a good search tool for finding security vulnerabilities. Before you even install a plugin, you may want to check out the plugin’s security history.
Hang with the Popular Kids
The 1000’s of plugins available for WP is one of the reasons it is so popular and capable. When looking for a plugin to do a certain task, pay attention to how often it is updated and how much community chatter there is about the plugin. In general, the more popular plugins tend to have bug and security fixes applied more quickly.
When possible, do not use plugins for simple tasks. For example, if you need to have social media buttons on your posts, consider modifying your templates with the appropriate code. This reduces a need for a plugin. I see many plugins that can be easily replaced by modifying your templates with simpler code which will run faster and with fewer security risks.
Some of the most problematic WP sites I have encountered are using custom plugins. Often these bloggers have hired a freelance developer to write up something to do a specific task for them. This may work great until WP or plugin updates introduce issues. Keep in mind that if you write your own plugins, you will need to review these plugins every time you update WP. This site management and security headache may not be worth the feature the plugin delivers.
Simple WordPress Setup
To keep your WP site fast, keep things simple. I’ve encounter many highly cumbersome WP deployments. For the traffic levels of the site, the site architecture was simply too complex. Most of the performance benefits of alternate HTTP servers, caching, and similar tuning tools only apply to the busiest of sites. If your site is not getting more than 100,000 page views a day, a well configured, standard Apache server can handle the loads, so don’t over complicate things.
Speeding up WordPress
Speeding up WordPress is a popular topic. You will find a lot of good and bad information out there. There is no magic switch to speed up WP. If there was, the WP developers would have already flipped it. If your WP site is slow, take a look at your plugins. If possible, disable half of them and see if the site is still slow. Continue along this path until you find the plugin bogging things down. In more than half of WP performance cases we work on, a single plugin is the cause for a blog’s instability or poor performance. If plugins are not the cause, consider using W3 Total Cache. I’ve found this tool to be great on busier sites but you need to setup it up properly. Don’t go for memcache implementation right away. Use the simpler disk based caching or perhaps the Xcache method. Once again, keep it simple until need dictates something more complex.
If you have multiple WP sites, check out ManageWP. They have a great tool to allow you to monitor, update and post to a number of sites at once.