5 Tips for a Fast and Secure DIY WordPress Website

Aren’t we always on a tight budget and tight timeline? Building your own website could indeed help you to balance these factors. Save lots of time in the long run by reading these invaluable tips from experienced web developers about DIY-ing your own WordPress website!

1. Install a WordPress Backup Plugin

This is the single most important action to take in all web projects. A backup plugin like UpdraftPlus will schedule weekly automatic backups and store your website content and database information periodically.

It’s a free plugin that you can connect to a Google Drive account to store all the backup data. In any event that your website malfunctions, you can simply roll back to an earlier backup. All too often, we hear horror stories about websites with no backups and it’s definitely more than frustrating to see weeks of work disappear just like that!

When you update the website content, don’t forget to backup the database information as well. Make sure that UpdraftPlus backs up your database by going to the “Settings” tab and schedule an automatic backup for your database.

For added safety, you can purchase storage space on the Updraft Vault so that you can store the backup data in their secure online storage vault. This backup data can be accessed from different WordPress dashboards as long as you log into the same Updraft account. This makes it much easier for you to migrate a site to another domain when you need to.

Most people can become all too excited about the design stuff and getting a website up quickly, skipping the process of setting up a solid backup system. We’ve been building websites for years and our auto backups have saved the day on quite a few occasions.

Think of it as a form of insurance that you can activate (usually free) to protect your website from being lost to hackers, plugin conflicts, and user errors.

2. Shorten your WordPress Plugins List

WordPress plugins help web developers achieve special features on their websites via customization. They come in the form of code packages that you download and add to your WordPress backend. Most of the plugins available are free, but some are not.

Alarm bells should go off if you find yourself installing more than 20 plugins. Even if you only use one particular function each of the various plugins, having so many plugins will cause your website to be bloated by plugin code and load significantly slower.

This can have a big impact on your Search Engine Optimization (SEO) efforts as site speed and structure are critical factors. A useful tool I recommend to find out about how your website is doing in these areas is Google’s Page Speed Insights.

One common reason for installing many plugins is to avoid purchasing premium plugins. Some premium paid plugins can perform multiple functions that would require a combination of 3 or 4  free plugins to achieve. However, doing so will increase the risk of code conflict between the plugins as they are built on different code structures.

One good example is Elementor Pro. The Premium version of this popular drag-and-drop builder has a myriad of different widgets that are not offered in the free version of the plugin.

There is a huge library of free Elementor Addon plugins that can add the required widgets into Elementor, but it creates bloating of code and a significant reduction in your page vitals (website scores in areas like speed, security, and UX). Here’s an article that further explores the benefits of such paid plugins.

Besides paying for premium plugins, another way to avoid code bloat is to forecast the functions and designs features that you want. Then, research what plugins can cover as much ground as possible. Of course, you can experiment with the various plugins and decide along the way.

With some advance planning, it is possible for people seeking to DIY their own website to reach the end goal of minimising the final number of plugins used.

3. Install WordPress Security Plugins

In 2020 alone, there were more than 90 billion malicious login attempts to hack WordPress websites. Statistics from Wordfence show that these attacks come at a rate of 2,800 per second!

Wordfence also reported 4.3 billion attempts to exploit the vulnerabilities of WordPress, which powers 40% of the Internet. As a web developer, I can attest to the reality that hacking happens to any website, not just those of high net worth.

Most DIY webmasters panic when they realize that their website link is being redirected to another malicious site, or that their web content is being altered. They’ve been hacked!

Hence, it is important to deploy steps to prevent hacking of your website. You can install a WordPress security plugin, and use complex login credentials.

For the websites that we build, we use Wordfence security plugin. It’s free and very effective as it’s updated once a week for the newest exploits or loopholes on the internet. For websites that collect personal data, I recommend using the upgraded Wordfence Premium as it updates live and keeps your website safe the moment these exploits are discovered.

As for good login credentials, an example of a good password is "ijv813rA9!JB?Ad". Sounds inconvenient, but it’s critical to have a unique and complex password because hackers have a big database of passwords that they retrieve from leaks and other hack attempts.

If you use a password that you also use for a Google account and your Facebook account, the chances of you being hacked are much higher. Personally, I don’t memorize these long passwords. Instead, I have them in a Microsoft Word file that I save on my computer. When I need to use them, I copy and paste.

If you are using a shared hosting platform, you will have another security concern to consider. Most cheap hosting packages are shared hosting platforms, where multiple websites share the same resources and are hosted on the same server.

This is how the cost is kept low. However, the setup of a shared hosting platform opens up your website to more risks. If you do not protect your website well, and another website on the same server gets attacked with malware, the malware can reach your website too.

If you host a vast amount of personal data on your website and you feel the need to step up the security, I’d advise upgrading your hosting to a dedicated server package. After working with different hosting providers, I recommend DreamHost for their prompt support and user-friendly interface.

4. Create a Website Maintenance Plan

WordPress provides regular updates every other month, including major updates to its operating system. The themes and plugins that we use with WordPress also receive regular updates.

These updates implement additional security measures to close up loopholes that hackers take advantage of. The updates also improve the performance and compatibility between WordPress and the themes/plugins. Therefore, it is important to keep your website regularly updated.

While it might seem fuss-free to set all the plugins on auto-update mode, there is good reason to re-think that. Some major updates can cause new code conflicts which may be difficult to fix.

With experience, you will know which plugins will need to be carefully updated. Drag-and-drop builder plugins often cause some minor frontend issues when major updates happen, so it’s advisable to wait for the new updates to stabilize before going ahead to update them. Testing the updates before updating is also a good idea.

To be on the safe side, you could even create a staging environment to test the plugin updates on a local computer first before pushing the changes to a live website.

5. Create a WordPress child theme

A WordPress child theme is a copy of the actual theme that you are using. It’s a safe zone where you can edit theme files, update plugins, and test your codes without touching the theme files directly. You can follow this guide if you would like to know how to create a child theme.

Why is a child theme important? If you are learning how to modify theme PHP codes, which is the type of coding language that WordPress is built on, be aware!

The next WordPress update will overwrite all your modified code with the default code that comes with each update. By the time you realise it, all your hard work would have been gone.

The child theme is designed to not be overwritten by the parent theme. Hence, when you proceed to update the parent theme, the code that you have written in the child theme will stay as it is. Updating the parent theme will add on to the child theme as well.

Creating a child theme therefore helps you get the best of both worlds i.e receiving updates regularly while not losing your edited PHP codes.

Ready to Speed Up and Secure your DIY Website?

Walk far in your journey of DIY-ing your own WordPress website by following these recommendations! Added with good research done on Google, you can bring your website to its full capacity.

We hope our recommendations, formulated from our years of accumulated website building experience at Banah Digital, will help you avoid the common pitfalls and exponentially improve your learning curve. All the best!