How to make a WordPress site fast and secure? (Level – Beginner)

  1. TTF – “Time to first byte” is very important. This is not in your hand and purely based on your hosting server. Majority of the hosting servers are great in this but if you are facing this issue and your website loads slow then you should contact your hosting server support and they should be able to help you.
  2. Site Speed – Nowadays there is more awareness about this but it was not the case before. You should check your site speed once a week at least. Slow-loading website could be an indication of the infected website. It could be because of any malware, bloatware or it could be hacked.
  3. Security – WordPress is popular and that’s why there will be many hacking incidents also, you can remain safe by taking some basic steps like having a reliable firewall installed on your website. Please don’t do any compromise here. Have industry best one here.
  4. ZIP Backups – Common you live in 2019 and there are so many ways where you can safely save your zip backups in the cloud storage, so, ZIP backups on your hosting server? I would consider this as a mistake which you would regrate later. Keep all zip backups offline and do not keep them on your server and never keep on the same directory where your website live.
  5. Delete “install.php” and “upgrade.php” files – You are done with the installation of WordPress, then what are you doing with the files are not required. These files are auto-generated files. When you install WordPress it creates “install.php” file and it is not required after the installation same way upon update WordPress will create “upgrade.php” file, which you don’t need after the upgrade. So you may have to delete “upgrade.php” file after every WordPress update.
  6. Protect “wp-config.php” file – This is “the” most important file to protect for your WordPress installation. If this one is not safe your site can be easily hacked. There are 2 ways to protect it (1) if your website is on Apache server then it can be protected by .htaccess file (you can see many available articles how to protect “wp-config.php” file) (2) If you have dedicated server then move “wp-config.php” file above the root folder.
  7. Lock the directory access – There are two directories which always need to be restricted from the access (1) wp-admin (2) wp-includes. This can be also done by making changes in .htaccess file. Articles and videos are available on Google/Youtube.
  8. Block failed login attempts – This goes without saying. But you should surely and immediately block the failed login attempts but IP blocking. Firewalls are useful in these cases.

3 Comments

  1. One of the great article I came across recently. Why I rated great because it is short and right on the topic without wasting my time.

Comments are closed.