SEO is a complex craft that encompasses content creation, link building, technical aspects, and many other elements. Presently, search engines are the largest and most cost-efficient traffic source for most sites. Without a well-thought-out SEO strategy, a WordPress site is not likely to realize its full potential.
WordPress is the most popular CMS platform in the world, with a 50-60% market share. It is also one of the best in terms of SEO. WordPress offers many useful plugins to help boost SEO.
Although content optimization is important, technical SEO is also critical. It lays the foundation for page optimization. Technical problems can prevent your site from reaching the first page in search results. In fact, technical SEO is the most direct route to high rankings of keywords relevant to your business. Among many other tech elements, your site’s loading time is an important quality indicator for both visitors and search engines.
Our company undertook a project to promote a WordPress site. It was immediately clear that the site worked slowly. Also, our in-depth analysis identified the following problems:
- Slow server response:
- 5.4 PHP version (while 7.2 is a recommended version)
- Too massive database
- Lack of caching on the site
- Non-optimized CSS and JS files
- Non-optimized images and fonts
- Validation HTML errors
- General issues:
- 4.7.15 WordPress version (at the time of writing, 5.2.3 is a recommended version)
- 17 non-updated plugins
- Absence of basic protection of the site from spam and hacking attempts
- Sitemap containing links to 404 pages
With so many technical problems, any SEO strategy would yield only modest results. If there was an influx of new customers, the site would not be able to withstand the load and would likely crash. Also, with growing popularity comes greater visibility to hackers, increasing threats of attacks and active spamming.
To begin, we migrated the site to the development server, where we could work safely without fear of unexpected site crashes.
1. Server Response, WordPress and Plugin Update
After migrating the site to the development server, our team started optimization work by fixing a slow server response, and updating WordPress and plugins.
- We upgraded the PHP to version 5.6, since version 5.4 increased the probability of a site crash when updating plugins. The transition to version 5.6 was an intermediate solution, since the performance increased just slightly. We planned to adopt the PHP version 7.2 later, after updating the site.
- WordPress and plugins were updated to the latest versions. This was a very important step because, in addition to code optimization positively affecting the site’s work as a whole, we were able to use security patches to hide the site’s weaknesses from attackers. In our experience, most WordPress sites are hacked due to outdated plugins.
- The Wordfence Security plugin was installed and used to scan the site. Scanning revealed nine plugins that were no longer supported.
- After determining the functionality of the unsupported plugins, as well as their purpose, and coordinating with the client, we disabled six plugins, found regularly updated analogs for two, and wrote code that duplicates the functionality used by the client to replace the other. At this stage we revealed four plugins that were not used at all on the site, and shut them off to reduce loading time.
- After updating the WordPress version and plugins, the PHP version was upgraded to 7.2, and most PHP errors and warnings in the site topic were fixed.
- All revisions of posts and pages were deleted (a total number: 1095), which reduced the database size from 186MB to 53MB, and the number of records from 1,307,416 to 38,629. To prevent the problem from recurring, we limited the number of revisions for one record to five.
- A caching plugin was installed. Caching significantly reduces file upload time when users return to the site.
After the above-described improvements, the site became noticeably faster and a PageSpeed recommendation about server response time no longer appeared on the development server.
2.Plugin Scripts, Styles, and Libraries
The second step was to optimize plugin scripts, styles and libraries.
- The connected CSS and JS files were deleted from the header.php and footer.php files and linked to functions.php.
- Unused fonts were detected and removed. Used fonts were optimized and a font display feature (swap that allows loading fonts asynchronously) was added.
- A plugin for minification and combining styles and scripts was connected. Minification removes spaces and comments, thereby reducing file sizes. The combining feature assembles all files into one, which reduces the loading time of scripts and styles.
In the third stage, our team optimized images.
- We installed a plugin for image optimization. All existing images were compressed and the compression of new images when uploading to the site was configured.
- Image cropping sizes were optimized. We removed all unused sizes and added a couple of new ones. This helped to reduce the number of cropped copies of each image from 18 to 7, which minimized the load on the site when adding new images and saved hosting space.
- A lazyload plugin was connected. It allowed us to avoid uploading media files that are invisible to users at the moment of initial page loading. Many popular lazyload plugins have a common advantage: built-in functionality for replacing YouTube videos with YouTube thumbnails. It reduces the load on the site and positively affects page load time.
4.404 Errors in Sitemap
In the fourth stage, we fixed pages with a 404 error in the sitemap.
- The Yoast SEO plugin is responsible for the sitemap formation. By default, this plugin generates links to all post types that are used on the site and not excluded from the search. But it is possible to exclude individual post types from the sitemap in the plugin settings. In our case, links to authors’ pages and application pages were excluded.
In the fifth stage, we cleaned the code of validation errors.
In stage six, we improved security in the following ways:
- Registration via wp-admin was removed.
- The /wp-admin/ path was replaced with a custom path.
- Akismet plugin for all forms on the site was connected. Akismet is a very helpful spam filtering service. It has an extensive spammer database, as well as advanced algorithms for filtering messages by various parameters. Unlike Google reCAPTCHA, it is much lighter and does not affect the site loading speed.
- We configured Google reCAPTCHA on the admin login page (wp-login.php), since loading speed is not critical for this page.
- Wordfence Security and Sucuri Security plugins were connected and configured. These plugins send email alerts in case of suspicious behavior on the site, limit the number of login attempts, scan the site for fishy files, show site analytics and real-time traffic, and enable two-factor authentication.
- CloudFare CDN service was connected to the site. It is very helpful for preventing DDoS attacks and client data leakage. In addition, Cloudflare increases the site’s loading speed by caching static content on the network.
Next, we tested the site on the development server in order to detect errors initiated by the above changes. After testing and fixing bugs, the site was successfully updated on the production server.
Also, on the production server, we raised the tariff plan to 2x CPU and switched to SSD drives.
As a result, we updated WordPress, PHP, and plugins, cleaned the site of non-updating and unnecessary plugins, set up caching and automatic image optimization, correctly connected and compressed styles and scripts, removed extra fonts, excluded broken links from the sitemap, fixed validation HTML errors, and configured basic site security.
The site is now much more responsive. Currently, Google PageSpeed is in the green zone. The site is protected from spam and brute force, and fully ready for the next stage of SEO promotion.