There’s a strong consensus among those in the blogging world that WordPress is hands-down the best blogging platform out there.
It’s ease of use, amazing flexibility and natural friendliness towards search engines makes using WordPress a true no-brainer in my opinion.
But that being said, it’s extremely easy to build a WordPress site that’s cumbersome to use, irritatingly slow to load and inherently insecure if one just throws a bunch of “pieces” together to create their blog.
And as you might imagine a slow loading and insecure blog tends to drive away visitors in droves, keep your pages from ranking well in the search engines and make your blog susceptible to hackers.
On the other hand, it’s actually pretty easy to build and maintain a WordPress blog that loads very quickly and is (more or less) immune to hacking attacks if you know how to go about it. Here are a few tips that can help…
Note: The links in this post will open in a new window to make it easy to close out that page and return to this one.
First, lets discuss ways to make your blog load as quickly as possible:
1 – Choose a high quality web hosting company to host your blog
There are several great web hosts to choose from, but I host all of my blogs (including this one) at inmotion Hosting.
inMotion will host your blog on fast, uncrowded servers and store its files on super-fast SSDs.
What’s more, their customer service and tech support are the best I have ever experienced (and I’ve dealt with a LOT of hosting companies over the years).
2 – Choose a high-quality theme for your blog
There are thousands of free WordPress themes for you to choose from, but unfortunately many of them are bloated, slow and poorly coded. If you choose the wrong one, your site will be slow to load AND easy for hackers to break into.
If you decide to go with a free theme (and it’s fine if you do – I’ve used free themes on some of my blogs for years), I suggest visiting a couple of WordPress forums like the official one at WordPress.org or the great WordPress community over at Digital Point and ask the seasoned WordPress users there for recommendations.
While finding a high-quality free WordPress theme can be a hit-or-miss proposition, it’s pretty easy to acquire a theme you can have complete confidence in by investing in a premium theme framework such as Genesis (my personal favorite that actually powers this blog).
3 – Keep your images as small as possible (in bytes, not necessarily in pixels)
Every byte of data transmitted from your web server to the visitor’s computer adds precious time to your page loads, and images are typically the “heaviest” items on your page.
Shaving as many bytes from your images as possible while still preserving a decent image quality will speed up your page load times considerably.
I limit the sizes of my image files in two ways. First, on most of my blogs I crop and/or re-size the images to 300 pixels in width. That makes them perfect for use as an acceptable thumbnail while still being large enough to add value and context to the post.
Next, I compress every image I plan to use on my blogs with this awesome online tool before I upload the image to the server.
4 – Keep your entire WordPress installation updated with the latest versions
Keeping every component of your WordPress blog up to date will help keep your blog running quickly, smoothly and securely.
Always install updates to your blog’s WordPress core files, themes and plugins as soon as possible after they are released. These components are usually updated on a regular basis, and many of those updates provide performance enhancements and plug dangerous security holes.
5 – Keep the number of plugins and widgets to a bare minimum
Every plugin and widget you use adds extra code and a corresponding delay to your blog’s page load times. That’s why you need to be very judicious when deciding whether to install a new plugin.
Of course if you need a specific plugin to serve a needed function, by all means use it. I use a dozen or more on some of my blogs!
But always be asking yourself “Is the value provided by this plugin (or widget) really worth the extra page load time it will add?“. If the answer is no, then don’t use it.
6 – Delete any plugins that you don’t actually use
Even a “deactivated” plugin can be a drag on your blog’s load time, and a security risk to boot. If your blog doesn’t use a plugin 24/7, delete it and then re-install it every time you actually need to use it.
7 – Install a high quality caching plugin
Caching plugins are great because they create static HTML versions of the slower loading dynamic pages created by the WordPress engine, store them in a “cache”, then serve them to visitors when your pages are requested.
Since WordPress doesn’t have to waste server resources (and time) re-creating the pages that haven’t changed since the cached versions were created or last modified, subsequent loads of those stored pages are extremely fast!
There are a handful of great caching plugins to choose from but I use and recommend the awesome WP Fastest Cache.
8 – Use a Content Delivery Network (CDN)
A good CDN will help ensure that your blog’s pages load quickly in every part of the world. With the exception of installing a caching plugin, this is the single most effective way to make your blog load as quickly as possible, especially if a large percentage of your readers live in different countries.
CDNs work their magic by storing the most important bits and pieces of your blog’s web pages on multiple servers that are located in different countries around the globe.
Those bits and pieces are then assembled and served up to local users within those various countries without the page requests having to travel clear across the Internet back to your actual web server.
Using a CDN also helps speed up your blog by sharing the server load caused by all of your site’s concurrently requested pages among multiple servers.
As with most everything else, you have several good choices when choosing a CDN. Personally, I use and recommend Cloudflare.
Now that we’ve covered page load speeds, lets talk about ways to make your blog as secure as possible:
9 – Enable Two-Factor Authentication on your WordPress login page
Hackers love to break into WordPress blogs and either deface them or use them for their own illicit purposes.
One of the most effective things you can do to keep hackers from breaking into your blog is to enable Two-Factor Authentication on the Admin login page.
Two Factor Authentication is so effective because it requires anyone trying to log in to your blog (yes, even you) to enter a one-time security code that’s sent to your mobile phone.
If the person trying to log in to your blog’s Dashboard doesn’t have physical possession of your phone, they won’t receive the security code. And without the security code they won’t be allowed to log in – even if they know your password!
Two-Factor Authentication is usually enabled in WordPress via a plugin. There are several good plugins to choose from but I use the awesome Wordfence Security plugin on my own blogs. I recommend that you do the same.
10 – Don’t use the default WordPress username
By default, all new WordPress blogs are created with a default username of admin. Of course the hackers of the world know this so they’ll always try breaking into your blog using admin as the username.
Luckily, you can easily change your username from admin to something less conspicuous…
Simply create a new user account with administrator privileges, then log out and back in using that new username. Once you’re logged back in you can delete the user admin and assign all the posts attributed to that username to your new username.
11 – Enable TLS encryption on your blog
All blogs should now be TLS encrypted for several reasons, not the least of which is security.
A blog that’s secured with a valid (and properly configured) security certificate will send and receive data to and from your browser in encrypted form. That means a hacker won’t be able to intercept your login username and password and use them to log in and assume control of your blog.
There are several other benefits to having your blog encrypted as well, but those are beyond the scope of this post. Just be aware that you really need to enable TLS encryption on your blog ASAP if you want your blog to be as secure as possible.
Luckily, inmotion Hosting and many other quality web hosts will now install a certificate for your blog for free courtesy of a wonderful outfit called Lets Encrypt. Ask them about it right away!
This post explains how I enabled TLS encryption on Rick’s Daily Tips and my other blogs for free!
12 – Install a quality security plugin on your blog
A good security plugin will automatically plug a ton of potential security holes that hackers can use to break into your blog’s Dashboard and take complete control of your blog.
I won’t go into all the ways these plugins protect your blog because you can read about them yourself on their websites. Just know that you do need one, and you need it right now. Why? Because hackers are probably attacking your blog at this very moment without you even knowing about it!
I’ve used at least three different security plugins in the past, mostly with excellent results. But the one I use now (it’s best of the lot in my opinion) is the aforementioned Wordfence Security.
13 – Don’t fall for any phishing attempts
After you’ve been blogging for a while you’ll almost certainly start receiving emails claiming to be from WordPress telling you that you need to log in to your Dashboard and change your password.
Of course these emails are always fake, and if you click the link in the email and try to log in you’ll end up handing your WordPress username and password over to a hacker on a silver platter.
When you receive these emails simply delete them. They are fake and dangerous. Every last one of them.
As you can see, there are many pieces to the puzzle that is maintaining a speedy WordPress blog. You can either enjoy the benefits of just a few of them or put your blog on steroids by using all 13.
As always, the choice (and benefits) are yours!
Never miss a tip! Click here to sign up for my free Daily Tech Tips Email Newsletter!