There’s a plugin for that, right? Plugin overload is by far the most common issue we see with WordPress sites. A business wants or needs a particular feature, and the web developer they use finds yet another plugin to accomplish this. Yes, plugins are great! But it is wise to carefully select well-maintained ones with a good security reputation that do not introduce conflicts with your theme or other plugins.

Moreover, plugins can slow a website down tremendously. Often, sites load all of the code from a plugin, simply to accomplish one very small task (that only requires 5% of the code!). As you can imagine, this is inefficient.

When we optimize websites, we do a deep audit of plugins being used to ensure they are essential, and that there aren’t better alternatives.

WordPress is notoriously vulnerable to hackers – but it doesn’t have to be. If you follow good practices and are proactive with security, you can be worry-free. A good website security plan begins with a secure hosting environment and investing time upfront to take proactive measures, such as:

• Changing the default login URL
• Including a CAPTCHA on logins
• Blocking unauthorized XML-RPC
• Implementing modern password hashing
• Locking editing of plugins and themes from the WP Admin
• Denying direct access to config files
• Regularly auditing WP Admin accounts and removing any users who no longer need access

But the most common cause of WordPress vulnerabilities? …drum roll…

There is plenty of data to back it up – only around 61% of WordPress sites are running on the latest version. Studies have shown that hacked websites were often running out-of-date WordPress core software at the time of the incident.

Outdated themes and plugins are also a significant source of security issues. Developers are often quick to patch vulnerabilities, but without ongoing proactive website support, you may not have a plan to install these patches promptly.

Keeping core, themes, and plugins up to date isn’t only about security. Certain website features may become incompatible and stop functioning if left on an outdated version. Website speed/performance can also take a hit from obsolete code.

If you haven’t already heard, I hate to be the one to tell you, but WordPress is NOT a fast CMS out-of-the-box. Most benchmarking reports place WordPress near the bottom of the CMS performance list with Wix.

The good news is there are many ways to improve the performance of WordPress websites. That is one of our specialties, and we consistently bring client sites scoring low on PageSpeed’s performance metric up to a 90+ score and even include that in our ongoing website optimization package.

Our methods include:

• Hosting on a LiteSpeed server
• Fine-tuning all levels of cache – including object cache, page cache, browser cache
• Image optimization
• CSS/JS optimization
• General cleanup of unnecessary plugins and code
• Examining any resources that are page-render blocking and finding alternative delivery methods

I see too many WordPress sites with posts at default URLs, like “domain.com/2023/11/08/here-is-what-i-posted-today.” Leaving the permalink settings at their defaults might make sense for a personal blogger, but if your business website URLs look like that, you are missing out on crucial opportunities to categorize your content better, give signals to search engines about what topics and keywords are most important, and provide good wayfinding for users.

Ready to overcome these obstacles to optimize your WordPress website?