Developing and maintaining a WordPress website involves several factors to consider for optimal performance and security. Choosing appropriate themes and plugins, as well as regularly updating WordPress Core and plugins, are crucial aspects that should not be overlooked. Additionally, performing regular data backups and selecting quality hosting will help ensure smooth website operation. Learning basic coding and resizing images before uploading will improve website efficiency. Using a caching system and customizing wp-login.php are other methods that can enhance website speed and security. Lastly, don't forget to comply with PDPA regulations to protect users' personal data.
Conversely, certain actions should be avoided, such as directly editing theme files, using pirated themes or plugins, and using copyrighted images without permission. Additionally, minifying and combining JavaScript files through caching plugins can sometimes cause issues. Over-relying on plugins is not the best practice. It's also advisable to avoid having the server handle image resizing. Furthermore, don't forget to remove unused plugins or themes to reduce system load and enhance security.
This article will help you understand the correct methods for customizing and maintaining your WordPress website, ensuring that your site operates efficiently, securely, and maintains high quality in the long term.
Table of content
Do's
All these points are gathered from my own experience in working with WordPress, not only to make the website secure but also to keep it lean, small, fast-loading, and to understand the correct ways to customize your own WordPress.
Choosing a Theme
Choosing a theme for WordPress involves considering several factors. Firstly, select a theme that is regularly updated to ensure it remains secure and of high quality. Next, check reviews and ratings from other users to understand their experiences and any issues they encountered. It's also important to verify that the theme supports the plugins you intend to use.
Another point to consider is the responsive design – how the theme looks and functions on different devices, and whether it meets your needs. Don't forget to test the theme in a local or staging environment first to ensure it works well and is secure before deploying it to the live environment.
The final point to check is the theme's resource loading. The amount and type of resources a theme loads can significantly impact the loading speed of both the frontend and backend of your website. Slow loading times negatively affect SEO, especially if you're using a page builder that doesn't utilize the Gutenberg editor, as this can greatly affect resource loading and overall performance.
Choosing a Plugin
Choosing plugins from reputable sources is crucial to prevent malware and viruses that might come with the plugins. It's also important to check how frequently the plugin is updated. If a plugin hasn't been updated for a long time and displays a warning that it hasn't been tested with your version of WordPress core, it's best to avoid using that plugin.
Additionally, plugin support is an important factor. Check the available support channels and the responsiveness of the support team. This can help reduce frustration when issues arise, ensuring you can get assistance quickly and effectively.
It's important to assess the impact of plugins on your website's performance, both on the frontend and backend. Weigh the pros and cons of using each plugin to determine if the features provided are worth the potential performance impact. Additionally, make sure to remove any unused plugins from your website, as they can pose security risks.
Updating WordPress Core, Themes, and Plugins
Updating the Core and Plugins not only provides you with new features but also plays a crucial role in patching security vulnerabilities. Generally, minor updates to the Core (e.g., from version 6.6.0 to 6.6.1) do not cause many issues. However, most problems tend to arise during major updates (e.g., from version 6.9.2 to 7.0).
Therefore, the safest approach is to wait for a major version to be out for a while, allowing plugins time to be tested with that version of the Core. After that, you can proceed with the update. This way, you can minimize potential issues and ensure compatibility.
Regular Backups
Having up-to-date backups gives users or business owners more confidence, reduces worries about data loss, and saves time and resources in recovering or recreating data from scratch. Additionally, backups enhance system security, allowing for quick recovery in case of hacker attacks or malware incidents.
It is even safer if the backup is not stored on the same server. We upload the backup to Google Drive every time a backup is made. There are several plugins that meet this need, such as UpdraftPlus, WP All-in-one Migration, and the additional Google Drive Extension.
Choosing Hosting
When choosing a hosting provider, besides server specifications, you should also consider the support provided when issues arise, the PHP version, and user reviews. These factors are crucial in helping you select the hosting that best suits and meets the needs of your website.
In 2024, I conducted a survey on “Popular WordPress Hosting for Thais” to assist in the decision-making process. I gathered information and feedback from users with firsthand experience using these hosting services. This information can serve as a guide to help you choose a high-quality hosting service that suits your needs.
Learn to Code: Understand the Basics
Knowing the basics of coding will help you customize themes, plugins, and various website functions according to your needs accurately and efficiently. Additionally, if any issues or errors arise on your website, having a fundamental understanding of code will enable you to identify and fix problems quickly without always relying on a developer.
If anyone is wondering how to start becoming a theme developer, I have written a post on this topic here:Navigating Your Path to Becoming an Expert WordPress Theme Developer“
Resize images before uploading to the website
Resizing images before uploading them to a WordPress website offers several advantages that can significantly enhance user experience and website performance. Smaller images load faster, resulting in quicker page load times, which improves the user experience and reduces bounce rates. Additionally, it conserves bandwidth, benefiting visitors with slower internet connections and helping website owners reduce hosting costs.
Websites that load faster are more likely to achieve higher rankings in Google search results and other search engines. Therefore, resizing images is one of the methods to improve a website's SEO. Additionally, it helps mobile users, who often have slower internet connections and limited data, access web pages more quickly, providing a better user experience.
Smaller images reduce the server's workload in delivering files, allowing the server to operate more efficiently. They also save storage space on the server, enabling the management of more content.
I have written a script to set the maximum file size allowed for uploads, which is another way to prevent large files from being uploaded to the server. This should help address the issue more effectively.Ready-Made WordPress Code: Instantly Solve Common Issues“
Change wp-login.php
Modifying or customizing the wp-login.php file in WordPress has several advantages. For instance, enhancing security by changing the login URL to a hidden URL reduces the risk of Brute Force attacks that attempt to gain access by guessing passwords.
For even better security, you can use plugins for additional login methods such as two-factor authentication or email verification.
The one I use most frequently is WPS Hide Login
Use a cache system to improve website speed.
Caching in WordPress can be divided into several main levels, including Browser Cache, where the user's browser stores certain data such as image files, CSS, and JavaScript to reduce load times on subsequent visits.
Server Cache involves storing the results generated by the server, such as HTML, to reduce repeated processing. Server Cache includes Page Cache, which stores the results of entire web pages; Database Cache, which stores the results of database queries; and Object Cache, which stores objects created from repetitive calculations.
There is also Content Delivery Network (CDN) cache, where a CDN stores website content on multiple servers around the world to reduce load times for users far from the main server. Additionally, Opcode Cache involves caching compiled PHP code in memory to reduce the time needed to recompile the code each time it is executed.
You can choose the appropriate caching method based on your needs. Typically, cache plugins on the market focus mainly on Page Cache, but for the best results, you should opt for server-level caching. Select a server that supports this feature to ensure optimal performance. Don't forget to use CDN-level caching as well. Utilizing these different levels of caching will improve your WordPress website's efficiency, reduce page load times, and lessen the server's workload.
Popular cache plugins in the market include: W3 Total Cahce, WP Super Cache, WP Rocket, Litespeed Cache .
Don't forgot PDPA
Even though the enforcement of the PDPA law is relatively lenient, it is important to remember that the law is still in effect. Many websites that continue to collect data without user consent should at least display a popup to inform users. The button "Accept" could be changed to "Acknowledge" instead. If anyone hasn't implemented this system yet, I recommend doing so. Designil PDPA which has all the capabilities required by law and offers various customizable display options. It is a tool that makes legal compliance easier.
Don'ts
Things to watch out for when using WordPress include not only reducing the risk of hacking, viruses, or malware, but also preventing your website from slowing down and avoiding unnecessary server resource usage.
Editing theme files directly in a pre-made theme.
If we edit the theme directly, problems will arise when the original theme is updated, causing the files we modified to be overwritten and lost. Standard pre-made themes always provide Child themes to ensure proper editing and customization.
You can study the Handbook here.
Using pirated themes or plugins
Many people receive unwanted extras from downloading pirated plugins, especially from websites advertising themselves as GPL sources. Using them can be very dangerous and may lead to significant issues that will take time to resolve in the future, making it not worth the risk.
Be cautious about using copyrighted images.
Using copyrighted images on a website can lead to several issues, particularly legal and ethical ones. If you use copyrighted images without permission from the copyright owner, you may face lawsuits demanding damages, which can be very costly.
Additionally, using these images without permission is unethical as it violates the rights of the creators. This issue can be resolved by using licensed images, Creative Commons images, or purchasing images from reputable stock photo websites. This ensures that your use of images is both legal and ethical.
There are many sources of free images available now, whether using AI to generate images or visiting various free image repositories, such as: Pixabay, Unsplash, Pexels, Freepik, Burst .
Minifying and combining JavaScript files
An important caution when using cache plugins is the minify and combine functions for JavaScript files. These can often cause errors (JS errors) and break the UI. If this occurs, you should investigate the source of the error by using the exclude feature to exclude specific files from being combined and minified. Then, check the results and repeat this process until the root cause of the problem is identified.
Plugins don't solve everything
Many people often use plugins to solve problems or add features to their websites, which can sometimes make the website large and affect performance. However, some problems or features can be easily addressed using hooks in various functions. I have compiled articles with code snippets to solve many common issues. You can read them here ครับ
Avoid having the server handle image resizing if possible.
Resizing images not only saves server space but also speeds up image loading and reduces server processing by pre-processing images before uploading. Additionally, it saves money, as image resizing plugins often offer free credits initially but require payment later on.
The recommended approach involves setting up a policy to optimize image sizes before converting them to AVIF or WebP formats. This ensures the smallest possible file size through efficient compression. Additionally, you can enforce maximum upload size limits to prevent users from bypassing the policy. Here’s how to implement this:
The AVIF (AV1 Image File Format) is an image file format compressed using AV1 technology by the Alliance for Open Media (AOMedia). Its advantages include high quality and smaller file sizes compared to formats like JPEG or PNG. AVIF supports a wide color range and transparency. Its use is becoming popular in web design and development because it saves storage space and speeds up image loading on websites.
Forgetting to remove unused plugins or themes.
Failing to delete unused plugins or themes can have several negative impacts, particularly on website security. Unused plugins and themes that remain in the system may have vulnerabilities that hackers can exploit, increasing the risk of security breaches.
Additionally, they waste server space, causing storage to fill up more quickly. Even if not in use, some plugins and themes may still load certain files or processes, slowing down the website's performance.
I hope this article helps readers correctly manage their WordPress sites and avoid common pitfalls, ensuring that your WordPress website performs at its best.