WordPress delivers an extraordinary out of the box performance. Tho, it is its expandability where it really shines and which quickly overwhelms new users and old foxes similarly.
There are Themes, Plugins and dedicated WP Services and as if that wouldn’t be enough, you can also use a gazillion of jQuery Plugins (that is if you know how to do so).
But what if the world was coming to an end and you were only allowed to implement 5 mods on your site? Here is what I would do:
1. Improve Security
Nothing is more annoying than your site getting hacked. It is not, that WordPress is not secure, but it is mostly its users who make it insecure. And not only does a hacked website harm the owner of it, it is bad for all of us. Why, you might ask? Simple: Most hacked website are use to distribute malware and spam emails. So, I ask you, if you only apply one of these 5 recommendations, please let it be this one!
Change Your Admin Username
First of all change your Administrator account from “admin” to something else. It really doesn’t matter what. It can even be admin1, but change it. Then, delete the old “admin” account.
Ensure To Receive Auto Updates
Next I recommend to keep your site updated. If you run any WordPress version older than 3.7, make sure to update. You will then receive automatic security updates for your current point release version. These security updates don’t change functionality, but only fix holes in the code. Thus, it should be fairly safe to update and the risk of breaking anything should be low. If you have trouble doing so, feel free to contact me and I am happy to work with you on updating your page and creating the necessary backups to roll back in case something goes wrong.
Besides these two essentials, I recommend the use of two plugins on all of your sites:
Limit Login Attempts
Limit Login Attempts is a free plugin that requires no configuration at all. It just works out of the box. All it does, is preventing robots (or humans) to guess the password of your WordPress site repeatedly. If you type in the wrong password 5 times in a row, you won’t be allowed to login for 20 minutes. You won’t believe how much of a difference this can simple plugin can make to harden the security of your site!
Bad Behavior
The other plugin I recommend is Bad Behavior. Like Limit Login Attempts it also does not require any configuration. It is simply preventing spam robots to access your site by analyzing their behavior across the web. If one does bad things, he won’t be allowed to access your site. Simple and reliable!
2. Install a Child Theme
Let’s face it. We all played around with the looks of our sites before and then ended up with a broken site, after the theme author released an update. Most of the time we then don’t remember the changes we made and without a backup, we are often out of luck, unable to bring the site back to its former glory. This must not happen, when using Child Themes.
So, what is a Child Theme? A Child Theme serves as a substitute for your regular theme and allows you to make changes that are persistent, even after you update the parent theme. Most of the Premium Themes come with a Child Theme out of the box, so make sure to use it. If you are using a free theme from e.g. WordPress.org (make sure to check out my theme “Life is Good”), you can use plugins like One-Click Child Theme to create one with the click of a button.
Once the Child Theme is installed and activated, you can simply put all your CSS changes into the Child Theme’s style.css. And that’s not even all, since you can also implement custom PHP functions within functions.php, or change the HTML markup of your page, you are free to modify the theme’s looks and functionality completely.
Changing the markup is a bit trickier tho. What you have to do, is copy the original PHP file from your Theme, into your child theme and apply the changes. For example: header.php. After you copied the file to your child theme, you are free to edit the code to your liking and WordPress will show the edited version. The header.php in the Main Theme will simply be ignored.
Tho, there is one tricky thing about Child Themes: When activating the Child Theme, thinks like the menu, or custom theme options need to be reapplied. Thus it is a best practice, to make use of a child theme at the very beginning of your project!
3. Install JetPack and Activate Akismet
The JetPack plugin isn’t the most popular plugin for WordPress, without a good reason. It comes with so much great features, that it would actually deserve an article on its own. To get started with it, make sure to signup with WordPress.com and it will automatically activate Akismet for you.
Akismet is a comment spam blocker and boy it just works. Next I’d recommend to disable all unused packages of JetPack and choose the ones that are really relevant for you. My favourites are the WordPress Stats, the Contact Form and the Mosaique Image Gallery, but there’s a ton more of goodies available and you can be sure you’re in good hands since it is developed by the makers of WordPress itself!
4. Sign-Up with CloudFlare CDN
CloudFlare is a so called Content Delivery Network provider. What this means is, it takes your WordPress based site and mirrors it across several servers around the world. Not only will this reduce the load on your server, it will also speed up your site for visitors of your site from the other end of the world. As if that wasn’t good enough, CloudFlare also optimizes your website’s CSS and HTML, and offer HTTPS encryption (yes, an HTTPS Certificate).
Did I mention it’s free? Yes, you’ve read that right! It might at first look a bit difficult to set up, but to be honest it’s a piece of cake. I even wrote a tutorial on How to Setup CloudFlare CDN with WordPress. Go, give it a try!
Ah, and by the way they also protect you from spam and hackers…
5. Backup Your Site
We covered quite a bit here already, but one important aspect of every website should be a regular backup. Sure, after following these tips you might be (somewhat) save from hackers and such, so what could happen.
Well, let me tell you that one of my previous webhosters once called me (actually they didn’t have the balls and sent an e-mail…) and said: “Sorry, your (actually it was theirs…) VServers HardDisk crashed and we noticed the Raid Mirror wasn’t setup properly. So, all your data is gone, but you can’t blame us. It’s all in our Terms and Conditions!”
Well, that was a great day and of course I had no backup for this custom built website… I believe you get my point and this is why my last point should probably be my first (or second, since a backup of a hacked website is also not worth anything…).
Thanks to the WP community, there are a lot of solutions out there. I personally recommend UpdraftPlus for your backups, since it is free, and easy to configure. Also, no matter if you use DropBox or Google Drive, you’ll be running an automated, free, (somewhat secure) offsite-backup solution.
There you have it, my last of 5 things I’d do before I die before the world goes down the drain. I hoped it helps the new WordPress users but is also somewhat useful for the more experienced out there. If you liked what you’ve read, you can follow me on Twitter and make sure to read my blog for more WP goodness.