This article originally appeared on SMPS Boston’s website.
by Vanessa Schaefer
Marketers at A/E/C and other firms, both large and small, love using WordPress. It makes updating websites quick and easy. That’s partly why WordPress has become the most widely used content management system (CMS) in the world today, by far. Yet as web designers, there are two questions that we hear fairly often from clients unsure about the WordPress platform. Those two questions relate to speed and security. Read on to learn more about how to address both issues.
Question #1: “Will WordPress Make My Website Slow?”
Answer: No, not if you use well-provisioned hosting, maintain lean code and employ server-side caching.
WordPress is a robust CMS and needs adequate hosting resources to perform at its best. Many A/E/C sites have grown larger and become much more complex in the past years, but their hosting has not followed suit. WordPress websites on shared hosting can be slow to respond. And, since many hosting companies pack more and more websites on their shared servers, the sites get even slower over time. In contrast, well-provisioned hosting (such as WP Engine and VPS hosting) cost a little more but eliminate these issues and help keep your site up to speed.
Most sites built on WordPress start with a pre-existing “theme” or template. Unfortunately, many of these themes are coded poorly or are loaded down with extra code that you do not need or ever utilize. Many existing WordPress themes or frameworks try to be everything to everybody and thus have excess code that can snowball when content is added. WordPress sites built from “scratch,” not built on an existing theme, eliminate unnecessary code. Building websites with minimal code ensures that the website will have exactly what it needs and not suffer from excess code that will slow it down.
One of the major reasons a WordPress site, or any database-driven site, can perform poorly is that server-side scripting and database operations can be time-consuming. The best tool to overcome this is “server-side caching.” This technique generates static HTML files that are served directly to your users instead of having to process your scripts and/or perform database queries whenever a page is requested.
Question #2: “Will WordPress Make My Site Less Secure?”
Answer: No, not if you use strong passwords, keep WordPress updated, and utilize added security like Wordfence.
Since WordPress is now the largest CMS in use worldwide, there are, sadly, hackers who write code targeting WordPress sites. But there are also many reputable developers writing code to combat those hackers. One of the most fundamental ways to help keep your site secure is to make sure you (and everyone at your firm with access to your website) choose secure usernames and passwords. WordPress now mandates strong passwords, and will caution you if a weak password is selected.
Some hosting companies, like WP Engine, will add an additional level of security by denying access if a weak password is selected.
WordPress, like all software, needs regular updating. Often, updates are written specifically to combat security issues. It is crucial to make sure you keep WordPress up to date. Additionally, if your site uses plugins for added features, those plugins must also be kept up to date. WordPress notifies you when you need to make updates, which can be made with a click of a button.
We also employ tools for sending alerts and automatically mitigating security vulnerabilities. Wordfence, for example, provides WordPress-specific security features, including:
- Brute force protection
- Malware scanning
- Two-factor authentication (2FA)
- Firewall to protect against common and WordPress specific attacks
Vanessa Schaefer is the president and creative director of Clockwork Design Group.