5 Free Ways to Bulletproof Your WordPress Site

These notes correspond with my WordCamp Seattle 2009 presentation of the same name. You can also view video of this presentation at WordPress.tv.

What Does “Bulletproof” Mean to me?

A bulletproof site is:

• Usable
• Accessible
• Secure

Most importantly, a bulletproof site provides both your users and you with a satisfying experience, regardless of browser type, network speed, physical abilities, or preferences.

I’m going to highlight some easy tools to help you:

1. Keep on top of backup and maintenance
2. Tighten up security
3. Speed up performance
4. Identify usability & accessibility issues
5. Increase usability by improving search

Backup & Maintenance

Here are some important things you need to know about backup and maintenance:

Backup regularly: I know it should go without saying, but I’ll say it again anyway: Backup regularly!

They say “it’s only important to backup the stuff you want to keep,” which for me includes custom themes and plugins and, most of all, databases.

Know your host’s backup policies and tools: Your web host should provide you with handy-dandy backup tools; spend some time familiarizing yourself with them.

Find a plugin that makes backup and maintenance easier: There are a bunch of great backup plugins. One of my favorites is WP DB Manager by Lester Chan.

WP DB Manager lets you configure automatic backup and maintenance on your WordPress database and will even email you regular backups. I highly recommend having regular backups of your database emailed to you–better safe than really, really sorry!

Beef Up Security

Another thing that should go without saying–but merits oodles of repeating anyway–is KEEP WORDPRESS AND YOUR PLUGINS UPDATED! Yes, it’s so important it even needs to be written entirely in caps.

Paying attention to security has saved my bacon enough times to supply a year’s worth of deliciously high-cholesterol breakfasts!

Tips for beefy security:

• Use the secret key in your wp­config.php
• Read the heck out of the invaluable “Hardening WordPress”
• Use SSL for Admin Pages or the helpful Admin SSL plugin by Ben Green
• Audit your WordPress setup with WP Security Scan by Michael Torbert

WP Security Scan

WP Security Scan looks at your WordPress setup and file system configuration for potential security vulnerabilities and provides tools and advice on how to patch them.

Speed it Up!

A bulletproof site is a speedy site!

Google claims that a 500 millisecond increase in loading time reduces their traffic and advertising revenues by 20%! Amazon has reported that each 100 millisecond increase in load times reduces their conversion rates by 1%.

These are pretty darn convincing argument for the importance of speed.

Here’s what you can do to ensure your site has all the zip it needs:

Be prepared for traffic:

• Have good hosting infrastructure & make sure your host can quickly and easily support your site’s growth
• Tailor images & code for use on the web
• Reduce the number of requests to the server
• Offload media to other domains
• Use plugins judiciously
• Enable a caching plugin like WP Super Cache by Donncha O Caoimh

Test your site’s speed with these Firefox plugins:

• Yahoo’s YSlow
• Google Page Speed

Both YSlow and Page Speed are Firefox plugins that help identify and fix performance bottlenecks. You definitely want to avoid having a rotten rating like this!

Use the Firefox Web Developer Toolbar

Why? Because it’s amazing!

The Firefox Web Developer Toolbar by Chris Pederick is easily my favorite tool for:

• Development: Write CSS & HTML and see the effects in real time
• Troubleshooting: Troubleshoot HTML markup & CSS
• Testing: Test sites for common usability & accessibility issues

Development:

With the Web Dev toolbar, you can view and change CSS and HTML and see the effects instantly. It’s a great way to locate troublesome layout issues.

You can even use it to save changes locally; in fact, this is how I code 95% of my CSS.

Troubleshooting:

If you visit the WordPress forums, you may notice that people have tons of layout and theme issues caused by simple HTML or CSS mistakes.

The Toolbar helps you find and fix errors by making it easy to validate online, or local, HTML and CSS.

Testing

Testing your site is very important and often overlooked. The Web Dev Toolbar is an invaluable testing tool. Here are some ways I use it:

Disable CSS:

Stripping your site bare by disabling CSS gives you a good idea what search engines and screen readers encounter when they visit your site.

A bulletproof site makes sense and is easy to navigate even when it’s not dolled up with fancy CSS makeup. Good, semantic markup helps both users and search engines.

Disable images:

What happens when you turn off images? There are still people on dial-up, and eliminating images can really speed up load times.

The New York Times website is a great example of the way a bulletproof site functions without images. For your site to be bulletproof, you should be able to answer “yes” to the following questions:

• Can you still navigate and make sense of the site?
• Is there alt text for the images?
• Is the site branding still visible?

Disable JavaScript:

It’s not uncommon for users or security software to disable or filter JavaScript, and the Web Dev Toolbar makes it easy to see how your site functions without JavaScript.

Here’s a great example from Fickr, whose site makes wonderful use of JavaScript. Notice that even with JavaScript disabled, Flickr still works. They even present us with a handy message letting us know that our experience would be better if we had JavaScript. That’s graceful degradation!

Disable JavaScript with the Web Dev Toolbar and ask yourself:

• Does the site degrade gracefully?
• Is there an alternate version or message for users without JavaScript?
• Can you still navigate the site?
• Do forms and behaviors still work?

Validate WAI/508 Accessibility:

Just as you can validate HTML and CSS with the Web Developer Toolbar, you can also use it to send your pages through Section 508 and WAI Accessibility validators.

The Toolbar will:

• Show you major accessibility issues
• Link to usability checkpoint definitions

While automated online tests aren’t the best way to test accessibility, they’re a great start, so take advantage of this handy feature.

Improve Search for Better Usability

I can’t emphasize enough how important search is for a website’s usability and accessibility. There’s a reason Google is a household name — they’ve proven that better search equals better usability… which equals more traffic!

As sites grow, search only becomes more critical. WordPress has a search feature that was created for blogs. Unfortunately, it just ain’t good enough for a bulletproof site. (Please don’t tell WordPress search I said that, though; there’s no need to go hurting its feelings.)

Here’s How WordPress search is flawed:

A WordPress search for “hosting” on our WordPress-powered business site produces this:

• The results are listed in reverse chronological order, which is okay for blogs, but isn’t necessarily good for businesses
• The results aren’t the most relevant
• The search terms aren’t highlighted
• When content grows, search gets worse

Meet Relevanssi, the bulletproof WordPress search solution:

Fortunately, I found a solution with Relevanssi, a fantastic search plugin by Mikko Saari. Yay!

Here’s what happens when I search for “hosting” using Relevanssi:

The results are ordered by relevance and the search terms are highlighted. But that’s not the only reason that Relevanssi instantly became one of my favorite plugins!

Relevanssi lets you:

• Include only posts, only pages, or both
• Index comments, tags and custom fields
• Expand shortcodes before indexing
• Limit results to certain categories or tags
• Log searches
• And much more!

Best of all, the more content you have, the better your search becomes! Now is that spiffy or what?

The Wrap

I know this is a lot of info, and it just scratches the surface of each topic, but hopefully you’ve found something helpful. Feel free to contact me if you have any questions.

I appreciate all those who attended, organized and sponsored WordCamp Seattle and I look forward to seeing you at an upcoming WordCamp!

Again, if you’d like to see me speed-talk my way through this presentation, head on over to WordPress.tv to view video of this presentation