The holiday season is upon us which means that if you’re selling products online, you’re probably going to notice some more sales coming through – you’re also probably going to notice a lot of troublemakers also trying to get through and either disrupt your website or harm you or your customers. Let’s explore what you can do to ensure that your site, your business, your customers and their data, stay safe this holiday season as well as help you handle extra visitor load.
Get everything updated
This seems obvious, but a lot of the time websites aren’t kept updated. When we see compromised websites, it’s generally because either plugins or the core software was neglected to be updated. If you’re running a WooCommerce shop, this means make sure WordPress is fully updated along with the WooCommerce plugin and all associated plugins. Sometimes this means renewing some licenses, but isn’t that extra cash for an updated plugin worth it if it keeps your site from being hacked?
This also means keeping your themes updated, too! Some themes are really complex and they can have security issues as much as a plugin. If you notice you’re out of date, make sure you get it updated!
Upgrade your PHP version
This one is not so obvious, but it can help your site’s performance. If you can, or ask your host for assistance, switch your PHP version to 8.1. The PHP developers have made a lot of improvements with how PHP runs on web servers and in our testing, we have seen significant increases in speed by switching to PHP 8.1. If your website is suffering some performance issues changing your PHP version probably won’t fix all the issues. Also, this should be tested on a development or staging website first. Some plugins are very particular about their PHP version, although most should support PHP 8.1 by now.
Use a caching plugin & a CDN
For some performance improvements, check to see if you’re using a caching plugin and that it’s configured properly. We shared how we increased our own site performance by leveraging caching. To quickly recap, caching plugins save your site as plain HTML files. When a visitor comes to your site, instead of PHP having to re-process the page, pull database queries, etc., the visitor is given the HTML file which bypasses PHP all together. This means it’s served up really fast. Caching plugins work in the background and will regenerate pages as they change so that your visitors always see the latest content. But how do they handle things like comments or orders? In a very similar fashion! If someone reviews a product, the caching plugin will re-generate the product page with the new review on it.
Additionally, use a CDN (Content Delivery Network) for static assets like images, JavaScript, and CSS. A popular free one is from JetPack and it will automatically load those assets from their edge to your visitor. This takes a load off your hosting account and saves you bandwidth (as well as loading time). There are also different CDNs with different regions and pricing. Remember, CDNs weren’t created equal! A poor CDN can actually slow your site down instead of speeding it up!
Only load what you need
Besides improving security, it can also improve site performance by only loading the plugins and features you actually use and need. If you use Elementor addons, it might be tempting to turn on all the features because they’re just so cool. But here’s the truth: if you enable all the features, then all the features have to load. Every single time. This increases your page load time. If you’re only using a few elements, keep those enabled but disable the rest. This will help your site load a lot faster!
Enable and configure a security plugin
Most WordPress security plugins offer a WAF or Web Application Firewall. This is code that can help block malicious requests. One of our favorites is AIOS (WP Security). When properly configured, this plugin functions as a WAF to block bad things before they happen. It also has a lot of settings so it can be overwhelming for new users. However, it will definitely help keep the bad guys out!
Can your host handle it?
Web hosting providers also have a lot of control in whether or not your site loads faster. Some hosting plans may have less performance than others. For example, you may have only so much disk I/O permitted and if your pages are large, your site is going to be throttled. How do you know if you’re hitting these limits? We have a very detailed guide on our knowledge base that will help you out – even if you’re not hosted with NodeSpace, you should see something similar in your cPanel. If you don’t see these, your host could be hiding them from you or you simply don’t have them. If you notice your site is always slow, chances are you don’t have these limits but your web server is too overloaded. If you see a lot of messages that say “508 Resource Limit is Reached”, then you do have limits on your hosting and they are far too low for your needs.
Chances are your host will allow you to upgrade to a higher tier plan with higher limits. Or you may be able to purchase higher limits.
Basic security check
And finally, do a basic security check.
- Do I have a valid SSL certificate? (Click the lock icon in your browser. View the certificate. Make sure the expiration date is well into the future.)
- Is my password secure? (Use a password manager so you don’t have to remember your password and make sure it’s at least 14 characters, upper/lower case, includes numbers and special characters.)
- Am I using a common username such as “admin”, “sitename”, “owner”, etc.? (If so, change your username. Use a security plugin to prevent brute force attacks and lock out offending IPs.)
- Do I have backups of my site? (Make sure your host takes at least daily backups for you. If they don’t, make sure you backup your site and your database at least once per day.)
By doing these things, you can make sure your site is responsive and secure for the holiday season!
What else do you do to make sure your site stays secure? Do you have any other security tips or plugin recommendations? Let us know in the comments!