How to Maintain a Healthy WordPress Website/Maintaining a healthy WordPress is fundamentally important for every website manager. From optimization tips to security, to maintenance, running updates, and lots more, we need to implement best practices to be sure we are free from hackers, stay safe and healthy.
Fortunately, the release of WordPress 5.3, came with some great features and improvements for the WordPress CMS Being the most popular CMS today. We will in this post examine some basic tips necessary to keep your WordPress website healthy and conclude with the new features of WordPress 5.3.
Your WordPress site health will be based on tests your WordPress website passes successfully. If you pass all of them, your score would be 100%. As it focuses on ensuring that your site is up to date, healthy, and secure, the Site Health Score is, undoubtedly, something that will help make the web better.
How to Check Website Health with WordPress Site Health Tool?
Checking your website health is now super easy. It does not require any plugin. You just need to go to Dashboard > Tools > Site Health. You will see the overall site health status in percentage. The tool checks your website health and shows the result in the following categories.
- Site Health Status
- Site Health Info
You just have to switch between the tabs to see the status and get the information.
Site Health Status
The Site Health Status shows critical information about your WordPress configuration and items that require your attention. If there’s anything that requires improvements shown on the Site Health Status page, The Site Health tool checks the issues in 2 major categories.
- Performance – WordPress & PHP version, SQL server, required, and recommended PHP modules are installed, UTF8MB4 support, scheduled events, HTTP requests, REST API, and loopback requests.
- Security – Active themes and plugins, HTTPs connection, secure communication, debug mode off, communication with WordPress.org, and background updates status.
The tool gives you site health status in 3 different layers.
- Critical Issues – Shows the number of critical issues found. Marks issues with category namely security or performance than say what to do about them.
- Recommended improvements – Shows all the recommendations to improve site health and gives instructions on how to address them individually.
- Passed Tests – Displays the number of items with no issues and shows all items in detail.
Is Site Health Score Percentage Actually Important?
The simple and straight answer to this will be yes! You will find out that most of the tests your website will have to pass for a good site health score are performance and security related. So, passing the site health test simply means you are up-to-date with security and performance for your WordPress website. Most people would like their website to run smoothly and be as likable as possible. Seeing a 100% score will give you the reassurance that your WordPress website is performing exceptionally well.
We are aware that people are naturally highly competitive and will strive for the precious 100% score. Because of that, we decided to share some tips on how to get that perfect score on your website. In fact, this goal is not as hard to accomplish, as some may expect. So, let’s get on with the guide!
Update Your WordPress Version
The first test your WordPress website must pass is the update test. It is important that you maintain a healthy WordPress website by keeping up with the latest updates. That simply means you have to be running the latest version. It is extremely important that you ensure you are run the latest version of WordPress. Please note that prior to performing the actual update of your WordPress platform, it is important that you ensure a full backup of the current website is performed.
To proceed with the actual upgrade, you will have to log into the WordPress Dashboard, go to Update (Dashboard → Update), and then click on the “Update Now” button. After doing that, make sure you don’t click back or try reloading the page. Usually, you would only need to wait a few seconds. Also, keep note that your website will be in maintenance mode during the time your WordPress version is being updated.
Following the installation of WordPress 5.2, go to Tools → Site Health to check your score.
When you go there, you will see that this tool helps you a lot in your way to the perfect score. You will be able to see not only your current score but also all the recommended improvements. Additionally, you can check out every test that your website has already passed.
We’ve managed to get these awesome 100% score, and we will help you accomplish it for your website. It’s fairly easy.
Keep Only One Default Theme
We strongly advice that you keep only the latest of the default themes, which currently is “Twenty Nineteen.”
Follow that by cleaning up all unused themes and plugins. To remove a theme, your path to go would be Dashboard → Appearance → Themes. Continue with finding the theme for deletion and hovering over it. You will see a “Theme Details” button. Click on that button and a window with info and options about that particular theme will be opened. At the bottom right corner is the “Delete” button. You know what to do from there.
Note that when a theme is currently active, there won’t be a button for its removal.
Keep all Plugins and Themes Up To Date
The main reason to keep every theme and plugin up to date is to avoid hacker attacks. Ultimately, those would lead to your website going down. Also, Google would begin warning all potential visitors, saying that your website could be hacked. Since you don’t want downtimes and you want visits on your site, we recommend that you take the time and update all active plugins and themes.
Run-on The Latest PHP Version
As at the time of writing this ost, PHP 7.3 is the highest level available. However, we strongly recommend that you always use PHP’s most current version. There are some things that also need to be mentioned on why you should upgrade to the latest PHP version:
- WordPress 5.2 checks whether your current and most secure version of PHP is the latest possible. If that’s not the case, one of the Site Health suggestions will be to update PHP
- Note that if your site is still on a 5.x version of PHP, it’s highly vulnerable and could get hacked; If we compare PHP 7.3 with its 5.6 version, we see that version 7.3 handles almost three times the requests of 5.6; Currently, most of the plugins work only if the latest PHP version is installed, which is one more reason for an update.
Use a Stable and Supported Version of a Database Management System
This is also very important. Fortunately, at Todhost, we support MySQL 5.6+, which supports UTF 8 Unicode. The UTF 8 is to make sure that your website can store text content that is non-English, in addition to some other strings (e.g., emoticons) without the risk of unexpected issues.
Use HTTPS for your WordPress Site
It is recommended that your entire website should be running on the secured https mode. Keep in mind that HTTPS requires a valid SSL certificate to be issued for your site. Fortunately again, at Todhost, we offer free SSL support for all clients with no additional costs for Let’s Encrypt SSL certificates. Thanks to our integration with Let’s Encrypt, you can easily enable and issue Free SSL certificates right from within the cPanel section of your website. To do so, you should go to Client Area → cPanel → Let’s Encrypt.
All that remains is to click on +issue for your chosen site:
But why does HTTPS really matter? Last year Google had announced a project that would improve the overall web security via encouraging all site owners to make the necessary switch from HTTP to HTTPS. As part of the plan, their popular Chrome (web browser) would mark all unencrypted websites as “Not Secure” starting July 2018. This, of course, had a great impact on site traffic given that a security warning undoubtedly introduces uncertainty and hesitation among site visitors.
Even if you do not bring much attention to the security of your site, Google definitely does. HTTPS has been sometimes described as just a minor Google ranking factor when it comes to organic internet search algorithms but we have found that it can have severe impact on site raning when not taken seriously. It’s more often seen in the form of a “site quality” score, alongside many other factors, such as page speed and mobile responsiveness. There are multiple different “best security” practices and enhancements that are implemented for ensuring a website is locked down.
Nevertheless, padlocking your site still would not be enough to ensure the automated redirection of your HTTP traffic to the secured HTTPS version of your site. Eventually, people will find their way in reaching your website over HTTP://. For that reason, we strongly recommend the use of HTTP Strict Transport Security (HSTS), instead of the HTTPS option. Doing that will help you avoid cookie hijacking, SSL protocol attacks, SSL stripping, as well as other attempts to bypass your SSL protection. Here comes the best part – you exponentially improve your overall SSL rating with Tod host.
Have Cron Job Enabled
Site Health checks for running scheduled events. WordPress uses Cron Job wp-cron.php task scheduler to periodically check for updates to plugins, themes and WordPress itself. It is also what makes sure to publish scheduled posts on time. It does that in the background.
What happens if WP-Cron unexpectedly stops working? Not to worry! There is a plugin with the name of “WP-Cron Status Checker”, which is quite handy.
Turn Off WordPress Debugging
Debug mode is often enabled for gathering additional details about an error or site failure but may contain some sensitive information that should not be available on a publicly available website. Removing the debugger would prevent any leaking of personal server information. Go in wp-config.php. The default setting there is for WP_DEBUG to be set to false. Go ahead and double-check. In case it’s not – make it so define( ‘WP_DEBUG’, false ).
Do not Disable Rest API
The REST API is one way WordPress, and other applications, communicate with the server. One example is the block editor screen, which relies on this to display, and save, your posts and pages. Disabling Rest API would make WordPress function inadequately. There are certain Android apps that also require the Rest API to be enabled.
Make Sure Required PHP Modules are Installed
PHP Modules and extensions are additional libraries that extend the functionality of the PHP programming language. WordPress recommends several PHP modules to be installed for optimal performance.
You can find a list of extensions on the WordPress website. Some of these extensions are required and others are recommended but not necessary.
Now, how do you install a missing module?
You will need to ask your hosting providers to install these extensions for you. Some web hosting providers allow you to install them from hosting dashboard (look for PHP PEAR Packages). However, you would still need to configure them in php.ini file which may not be easier for beginners.
Disable WordPress Debug Mode
WordPress comes with a built-in debug mode which allows you to see if a plugin, theme, or custom code is throwing some errors. This feature is intended to be used by developers or advanced users.
It is not recommended to turn on the WordPress debug mode for a live website. It may show warnings and notices in the WordPress admin area which affect user experience.
Do not Disable Background Updates
Background updates are more important than a lot of people would think. They ensure that WordPress can auto-update if a security update is released for the version you are currently using. Disabling them is one of the things that put your WordPress website at a greater risk of being hacked.
Make Sure WordPress Can Run Scheduled Jobs
Your WordPress website needs to perform scheduled tasks like checking for updates. These tasks use a system called cron jobs.
Sometimes your hosting environment may block them from running or you may accidentally end up stopping WordPress cron jobs.
You need to make sure that WordPress can run these scheduled tasks to improve your site health score.
WordPress 5.2 Comes With New Features Enhancing Site Health
WordPress 5.2 “ was officially released on May 7, 2019, and is available for download on the official WordPress website.
In all fairness, this version comes with a lot of features, the biggest one being the new Site Health check tool which will help educate users and give developers the essential information they need. Other improvements include PHP error protection (fewer white screens of death), block editor improvements, new dashicons and emojis, and various developer and accessibility updates.
The WordPress team, captues the great features and performance improvements in its description:
- WordPress 5.2 gives you even more robust tools for identifying and fixing configuration issues and fatal errors. Whether you are a developer helping clients or you manage your site solo, these tools can help get you the right information when you need it.
- This is the second major release since the launch of the WordPress block editor (AKA Gutenberg) in WordPress 5.0. Below we’ll dive into all the new improvements and the most important changes you will find with this latest WordPress .2 release.
Site Health Info Page
This is a very interesting part of the website health feature. All you have to do is switch tabs to this page and you will get detailed information about the configuration of your WordPress
Information such as:
- PHP version your site is using
- your memory limit
- Is your site HTTPS?
- Even your server and database information
This is where you can easily get debugging information that is used for troubleshooting. So if something goes wrong you just copy the information form this page and send it to your hosting or support team.
Site Health Check
The first site health check features came in WordPress 5.1 when they added PHP version compatibility checks for plugins and themes. In WordPress 5.2, they’ve added a completely new tool which comes with two new pages to help debug common issues due to server and software configurations, PHP versions, etc.
Under “Tools” → “Site Health” there is a new page called “Status.” The site health check shows critical information about your WordPress configuration and items that require your attention.
One thing you’ll probably notice is that they’ve added a percentage score grade at the top of the page based on how many tests your site passes. Some aren’t happy about this and there is a discussion among developers (Ticket #47046) of whether or not a grading system should exist. The main reason is that scores sometimes create additional problems as users are obsessed with scoring 100%.
However, a check for things like inactive plugins and themes is important. This is because many don’t realize that simply because something isn’t active on your WordPress site doesn’t mean someone can’t execute the code if they browse directly to it. Therefore, in order to keep your WordPress site secure, it’s recommended to completely remove inactive themes and plugins if they aren’t being used.
The tests in the new Site Health tool includes checks for the following performance and security-related items:
Performance Checks
- Latest WordPress version
- Up to date version of PHP
- Up to date SQL server
- Required and recommended PHP modules are installed
- UTF8MB4 is supported
- Scheduled events
- Working HTTP requests
- REST API available
- Can perform loopback requests
Security Checks
- Only running active themes
- Up to date plugins
- HTTPs connection
- Secure communication
- Debug mode off
- Can communicate with WordPress.org
- Background updates are working
Site Health Info
Under “Tools” → “Site Health” there is another new page called “Info.” This is a place to find helpful debugging information about your WordPress site’s configuration which you can share with developers, hosting providers, etc. There is a handy “Copy site info to clipboard” button which allows you to easily grab the information and paste it into a text file to share with a third-party.
The Site Health Info page contains hundreds of different data points about your WordPress site. Without a doubt, this new page will help developers get the information they need from users faster.
Here’s just a snapshot of some of the awesome and very helpful details you can quickly see.
- WordPress – WordPress version, site language, user language, Home URL and Site URL, permalink structure, multisite check, number of users.
- Directories and Sizes – WordPress directory location, size, upload location and size, theme location and size, plugin location and size, database size, total installation size.
- Active Theme – Name of theme, version, author, author website, parent theme, theme features, theme directory location.
- Must Use Plugins – Details of any must use plugins currently running, version numbers, and author names.
- Active Plugins – Active plugins running, version numbers, and author names.
- Media Handling – Active editor, ImageMagick version number, string, resource limits, GD version, Ghostscript version.
- Server – Server architecture (such as Linux, Windows, etc.), Web server (such as Nginx or Apache), PHP version, PHP SAPI, PHP max input variables, time limit, memory limit, max input time, upload max filesize, post max size, cURL version, SUHOSIN status, Imagick library status, .htaccess rules.
- Database – Extension, server version, client version, database user, host, name, prefix.
- WordPress Constants – ABSPATH, WP_HOME, WP_SITEURL, WP_CONTENT_DIR, WP_PLUGIN_DIR, WP_MAX_MEMORY_LIMIT, WP_DEBUG, WP_DEBUG_DISPLAY, WP_DEBUG_LOG, SCRIPT_DEBUG, WP_CACHE, CONCATENATE_SCRIPTS, COMPRESS_SCRIPTS, COMPRESS_CSS, WP_LOCAL_DEV.
- Filesystem Permissions – Check against the following directories to see if they are writable. Main WordPress directory, wp-content directory, uploads directory, plugins directory, themes directory, must use plugins directory.
PHP Error Protection
WordPress 5.1 was originally scheduled to introduce a new feature called “fatal error protection” which would protect from the WordPress white screen of death while updating PHP. However, due to several critical flaws, this feature was delayed. It has now been included in WordPress 5.2.
With this protection, WordPress will recognize when a fatal error occurs and pause the offending theme or plugin in the WordPress admin dashboard so that you’ll still be able to log into the backend of your site and (hopefully) fix the problem. For less tech-savvy users, this is a great new feature.
However, we always still recommend using a staging environment when testing out a new version of PHP.
If your site experiences issues while upgrading PHP versions, you will still be able to log into the backend to fix the problem.
On the backend, you will see a message letting you know that your WordPress site is currently in recovery mode and that there may be an error with a theme or plugin.
Miscellaneous Developer Updates
WordPress 5.2 comes with improvements for developers; everything from improvements to the block editor and privacy policy pages, a new WordPress hook, updates to the coding standard, and more.
Block Editor Improvements
There were dozens of improvements made to the block editor (Gutenberg) that is shipping with WordPress 5.2. Here are a few:
- In 5.0,
WP_Screen::is_block_editor()
was introduced to allow developers to conditionally execute code depending on whether the block editor is being loaded. However, there were some issues with this that have now been fixed in WordPress 5.2. - Media and text blocks got enhanced.
- Image and block resizers are much better than before.
- There were performance improvements made in terms of loading time.
PHP Coding Standard Updates
WordPress now officially recommends running PHP 5.6 or higher with your hosting provider.
With WordPress 5.2, this means developers can take advantage of new coding standards such as namespaces, anonymous functions, short array syntax, short ternary syntax, and assignments with conditionals. If you’re a developer and have already been running on PHP 7 or higher for a while now, this might not impact you, but it’s good to see WordPress making updates.
Privacy Updates
WordPress 5.2 brings several improvements for developers working with Privacy Policy pages and data exports.
The first is four new helpers which will make customizing the privacy policy page easier:
- New function:
is_privacy_policy()
- A new theme template file:
privacy-policy.php
- New body class:
.privacy-policy
- New menu item class:
.menu-item-privacy-policy
The second change is in regards to data exports:
User Data exports no longer use a hardcoded list, but now use the default list of allowed tags in wp_kses()
. New filtering is now available as well.
Improvements for Writing JavaScript
With the addition of web pack and Babel configurations, developers won’t have to worry about setting up complex build tools to write modern JavaScript. Read more about JavaScript improvements.
New Body Tag Hook
WordPress 5.2 adds a new wp_body_open()
hook, which lets themes support injecting code right at the beginning of the <body>
element. The WordPress team encourages theme developers to start using this. Read more about some of the other miscellaneous developer updates.
New Emojis and Dashicons
In terms of visual updates, WordPress 5.2 has new emojis and dash icons. In WordPress 5.2 the latest version of Twemoji, 12.0.1, was added. Version 12 includes 230 new emojis, including accessibility emojis and our personal favorite, the Sloth.
New Dashicons
Dashicons are used to prettify your WordPress admin dashboard. It was definitely time for an update as they haven’t changed since WordPress 4.5. WordPress 5.2 has 13 new icons, including Instagram, a suite of icons for BuddyPress, and rotated Earth icons for global inclusion. WOFF 2.0 font file format has also been added.
Notable Accessibility Changes
Along with WordPress 5.2 comes a number of changes working together to improve contextual awareness and keyboard navigation flow for those using screen readers and other assistive technologies.
- Post formats are now in list tables.
- New link markup on the WordPress admin bar submenu.
- The currently viewed archive in the archive dropdown widget is now pre-selected.
- A new media view was added to the media library.
- Headings were added to the data tables on the Export Personal Data and Erase Personal Data pages.
- The alt text field is now the first field displayed in the media modal.
Security Enhancements
Ticket #39309 was opened in 2017 describing a security issue with the WordPress infrastructure. Basically, if someone was able to compromise api.wordpress.org
, they could issue fake updates and take control of user’s WordPress sites.
Therefore, as of WordPress 5.2, it now checks for the existence of a x-content-signature
header. If one isn’t found, it falls back to a signature file. Regardless of the method, the update packages are now digitally signed using Ed25519 and are base64-encoded.
Final Words
We hope our si,ple guide can do the trick and lead you to the desirable 100% site health status. Remember that this score is not just the ultimate. The perfect Site Health Score is composed of elements that were always important. The thing that changed in WordPress 5.2 was making people more aware of how to take proper care of their websites.
About the author