Tips on WordPress Security and Speed
2021-01-26 | 8 min read

Tips on WordPress Security and Speed

Bojan Zidarevic

WordPress Developer

Being the most popular CMS in the world, WordPress is also an attractive target for hackers. But don’t worry, the platform itself already is very secure. If you want to go one step further and optimize your website for higher security, then keep reading. I will introduce you to some of the best practices every WordPress site owner should consider. 

As a bonus, I’ve added a few tips on speed optimization. Enjoy. 

Security

Limit login attempts

By default, WordPress allows the user to enter the password as many times as they want.

To prevent hackers from entering different combinations until they get the correct password, you should limit the number of failed login attempts per user.

To achieve that, use the Wordfence, All in one wp security or Defender plugin.

Change the WordPress default login URL

It’s pretty easy to find a login URL for any WordPress site unless you change it. You can change it easily with the Defender plugin or with WPS Hide Login.

Install the Wordfence plugin

If you want to increase the security of your website, I recommend the Wordfence plugin. 

Wordfence is a security plugin and comes with an extensive set of features and options.

Some features are:

  • Scanning for vulnerabilities
  • Receiving e-mail alerts due to security problems
  • Firewall and Login security ( e.g. two-factor authentication)
  • File repair

It’s a great tool to protect your WordPress website.

Remove the WordPress version number

To remove the version number from your WordPress site, simply add the following code to your functions.php file:

function remove_wordpress_version() {
return '';
}
add_filter('the_generator', 'remove_wordpress_version');

Update WordPress, themes, and plugins regularly

With regular updates, you increase security and bug fixes, improve speed, and, sometimes, updates can come with new features, which is a bonus.

Make backups on a regular basis

By creating a regular WordPress backup, you can easily revert it to a state before it was compromised, with a minimal loss of data.

These are some WordPress backup plugins:

I use Duplicator Pro to migrate WordPress sites, but also for backups. In Duplicator Pro you can schedule daily, weekly or monthly backups and you can choose where to store those backups - on Dropbox, FTP, or Google Drive.

Use SSL and HTTPS

One of the main benefits of HTTPS is that it adds security and trust to a website. If your domain has the letters HTTPS in front of the www, then your site will have a clear SEO advantage over those that stick to the old HTTP.

Disallow file editing

Open the wp-config.php file in the file editor and above the line that says /* That’s all, stop editing! Happy Blogging. */ add the line: define(‘DISALLOW_FILE_EDIT’, true);

Change the WordPress database table prefix

Changing the WordPress database prefix makes it less likely to be attacked by hackers. You can easily change it during the installation process when you reach a page like the one pictured below.

You can choose whatever you want for the table prefix - for example, you can type wp_5345_, as I did. However, the goal is to choose a prefix that is as safe as possible so that it cannot be guessed.

Speed Optimization

Update the PHP version

Hosting servers support multiple versions of PHP. To change the PHP version you need to:

  • Login into Cpanel
  • In the Software section, click “Select PHP version”

Then click on the drop-down next to the PHP version, choose the required PHP version, and click on “Set as current”.

This will set the chosen PHP version as the PHP version of your account.

Install the cache plugin

A caching plugin can improve your website’s speed, performance, SEO, user experience, and conversions.

There are a lot of caching plugins, and these are some of the most popular:

Every site is a little different and may require a different type of caching, so find the cache plugin that suits your website best. I normally use the W3 Total Cache, WP Super Cache, and even the Litespeed Cache plugin, depending on the website I’m working on.

Reduce excerpt length

There are 3 ways to change the excerpt length.


1. Manually adding excerpt

When editing a post, on the right side, you should see an “Excerpt” dropdown. Click on the dropdown arrow to expand. In the text area, you can type your custom post excerpt.

2. Changing the excerpt length with code

To change excerpt length, add the following code to functions.php:

function mytheme_custom_excerpt_length($length)
{
return 20;
}
add_filter('excerpt_length', 'mytheme_custom_excerpt_length', 999);

Find more information about this here.

3. Changing the excerpt length with plugins

For example, the Advanced Excerpt plugin is very simple and adds several improvements to WordPress’s default way of creating excerpts.

If you want to add code to the theme’s function.php file, you first have to create a child theme. If you use the child theme, your changes will remain intact when you update the theme. In my opinion, it's better to add code to the functions.php file than to install too many plugins. Even though the number of plugins is less important than the quality of them, try to use as few plugins as possible. But if you’re, for example, a designer without any programming knowledge, using plugins is the better way to go.

Split long posts into pages

If you’d like to add pagination to a page or a post, then use the page break block. Once you’re in the post editor, select the position where you would like to split the post, then click on the block inserter icon. Find or type “Page break”.

Optimize images

Large images slow down your website, resulting in a less than optimal user experience.
When you compress an image you need to find a balance between the compression quality and the image size. With minimal compression, you end up with a larger file size, but a higher quality image. With high compression, the image size will be very small, but the image quality will suffer. Your goal should be to find a happy medium between the file size and the level of compression you use.

The following plugins will optimize your uploaded images, and any images that are already in your media library: 

  • Imagify Image Optimizer – this plugin offers multiple levels of compression, image resizing, and image restore.
  • ShortPixel Image Optimizer – with this free plugin you can compress up to 100 images per month and handle several different image formats. It has a built-in recovery function and bulk optimization.
  • WP Smush  - Compress, optimize and Lazy load Images – this plugin will optimize images as you upload them to your site, along with optimizing your existing media library. It will reduce the size of your images without impacting quality.
  • Optimus Image Optimizer – this lightweight plugin optimizes your images with lossless compression, so there’s no loss in overall quality, just a reduction in file size.

Also, consider using lazy loading for images. Basically, lazy loading forces images to be loaded only when they come into view on the user’s browser.

Use a Content Delivery Network

A CDN is a service that distributes your static assets to different server locations around the world. This means that static assets, which are usually large files such as images, are physically closer to users and can therefore be downloaded more quickly. Also, since a CDN distributes assets across multiple server locations, the weight of your website is better distributed during periods of high traffic.

Enabling GZIP Compression

GZIP is a file format and a software application used for file compression. The easiest way to enable GZIP compression is by using a caching plugin that supports enabling it.
Hummingbird, for example, adds GZIP compression rules in your .htaccess file automatically, using the mod_deflate module. W3 Total Cache also provides a way to enable this for you under its performance section.

Minify CSS, JavaScript and HTML

The term ‘Minify’ refers to a method that reduces the file size of your website. You can achieve this goal by removing white spaces, lines, and unnecessary characters from the source code.

The WP Super Minify plugin makes this extremely easy and the process will take less than a minute once you install the plugin. Other than that, I suggest the Fast Velocity Minify optimization plugin. This one’s different from the competition because it includes many small features and it will minify all HTML, CSS, and JavaScript files. It also has caching options and is compatible with most of the major caching plugins. This is a great plugin to try and it will get your files minified easily.

Uninstall unnecessary plugins

There’s no reason to keep plugins around if you have decided you’re not going to use them. Not only do they clutter up your dashboard, but they can also affect your website in tangible ways, such as slowing the loading time and adding points of vulnerability to your website.

WordPress gives you the option to deactivate plugins as an alternative to outright deleting them. This is a valid approach, but it’s always better to go for a full uninstall if you’re sure you won’t need that plugin in the foreseeable future.

Limit the number of post revision

WordPress provides revision control for any pages or posts you create, allowing you to go back and view previous edits you have written. This may be a great thing, but over time your database grows to a huge size. The easiest way to limit revisions is by using a plugin.

You can use the WP Revision Control plugin for this. In the settings of this plugin, specify the number of revisions for each post type.

Disable pingbacks and trackbacks

You can disable pingbacks and trackbacks by going to Settings and then Discussion and then unchecking the box next to “Allow link notifications from other blogs”.

Disable plugins and scripts from loading on a certain page with Asset CleanUp

You may be using a plugin that loads its assets on every page of your website, instead of doing it only on a specific page. Asset CleanUp will scan your page and detect all the assets that are loaded. Find the js or CSS that you don’t need and disable them.

To conclude

We’ve reached the end of this (long) journey. Before you start installing all of these plugins right away, stop and check which ones you need at the moment - and then install them first. Less is always more, I just wanted to introduce you to all the options. Stay safe!

P.S. Don't forget to update WordPress and plugins regularly. 

Like what you read?Go on, share it with friends!
ABOUT THE AUTHOR

Bojan Zidarevic

WordPress Developer
Bojan is a WordPress developer at COBE. Besides WordPress and Woocommerce, he likes PHP and is learning React. He spends his free time playing FIFA, Crash Team Racing, and woodworking.

Let's turn your idea into reality

Save money, time and energy and book the entire team today.