A website will achieve most of its intended goals when it implements WordPress best practices. That is why it is unfortunate that many website owners without deep knowledge about the best WordPress tips and tricks are only implementing less than 10% of these practices. Sourcing information from the internet, there is usually no undisputed guarantee that a site is up to standard. One thing is guaranteed though, a website implementing only 10% of these practices is vulnerable to cyber-attacks. In our informed experience, a secure website begins with tight security, optimized performance, monitored stability, and great marketing. Download our WordPress best practices checklist to compare against your website and tick as we go through these four website needs.

1. Security

The very moment you launch your website is the very moment you should implement WordPress security measures. We know some people don’t do this because security vulnerability is one of the most common issues developers deal with on a daily basis. Especially because hackers are always lurking. You can protect your website by applying these WordPress security tips.

A. Change WordPress default name and set a strong password

WordPress security compromise starts with something as simple as having a weak password, and using WordPress default username, admin. Ideally, your username should have no connection to your WordPress domain nor should it be your real name. Especially if you mention your name on your website.

How to set a strong password?

You can change your password by clicking the name Howdy on the top right of your WordPress dashboard. Use how secure is my password to measure your password strength before setting it.

Changing WordPress username

To change your username, scroll down on your WordPress dashboard and click on users. The process is straightforward. We recommend using a random and meaningless name.

WordPress username

B. Update plugins, themes and WordPress on a regular

WordPress updates

It is important to update WordPress when a new version is released. You should always be using the latest version available. Each WordPress version is released with the aim of improving performance, fixing bugs, refining existing features, and improving security.

To see the version your website is using, scroll down on your dashboard page and look on your bottom right. It should be there.

If your website is too outdated, avoid complications by using a staging area to test out updates before updating on a live site.

WordPress version
How to update themes and plugins on WordPress?

Updating themes and plugins is an underused WordPress tip. We know because we come across many sites jam-packed with unused free plugins that are not connected for updates. Some people update their themes and plugins occasionally and think this is enough. No, this won’t cut it either.

Hi there, please stop using nulled themes and plugins.

If you don’t have time to check for updates every day, enable auto-updates. If you don’t like the idea of enabling auto-updates, at least check for updates weekly. This is important because each time you update your website, you strengthen it against cyber attacks.

WordPress version
Tools to use to set a staging area for updates
  1. Localwp - This is a free application you can use to set up a local, offline staging site on your computer. The instructions are straightforward and you will be guided all the way through the process.
  2. WP Staging - Wp Staging is a staging area plugin available for installation on WordPress. This is the best option for a minimal admin process.
  3. cPanel - Most hosting providers create a cPanel account on your behalf. All you have to do is login into your cPanel and follow the instructions. We don’t recommend this process for beginners.
  4. UpdraftClone - UpdraftClone is a staging area solution by a notable product for different WordPress practices, UpdraftPlus.
  5. Set using your hosting provider - Processes may differ depending on your hosting provider. First, check your hosting provider’s site to see if they offer the staging area option and take it from there.
Staging Area Tools

C. Always backup your WordPress site

Back up your website at all times. And when you do, test the backup to see if it is working. This WordPress practice is important because sometimes websites have incidents that result in data loss. When this happens, a ready-to-use backup might just be what saves you.
Some people store their backups with their hosting providers. Currently, WPengine is the popular hosting provider for its premium hosting service with different security features i.e. monitoring, automated backups, and increased performance.
Since some hosting providers do not explicitly assume blame for a backup gone wrong, we recommend you also store your backup on a remote location like Google Drive or even an offline location.

WordPress Backup Tools
  1. UPDraftPlus - A highly regarded WordPress backup, restore and clone plugin. It has an option for an automated backup process, and it also provides the option to save your backup in remote locations.
  2. Vaultpress - This plugin is great for e-commerce sites as it backs up every transaction in real-time. You can easily install these plugins on your WordPress dashboard and start implementing this WordPress tip.
Plugin Installation

D. Get a good hosting provider

There are many hosting providers out there. Some you should stay away from completely, and some are good for it. You just have to do your research and make an informed decision before you commit to one.

A good hosting provider will have the following:
  • File backup services
  • Secure File Transfer Protocol (SFTP)
  • Reliable and prompt technical support team, especially when sites go down due to server related issues.
  • Stay up to date with security standards
Recommended hosting providers
  1. WPengine - This is a premium hosting with impressive security features
  2. NameCheap - Name cheap is good for small static sites that have a small budget.
  3. DigitalOcean - This one is reliable like WPengine while allowing for more customization.
  4. Siteground - If you are looking for hosting with good responsiveness, Siteground is for you.

E. Have an SSL Certificate installed on your website

Your website is like a communication portal. Depending on your business, you may have instructions left for your audience on it i.e enter password to log in, enter credit card number to complete purchase. Without an SSL certificate, this information is not encrypted.
An SSL certificate encrypts information on your behalf by activating the https protocol that prompts a secure connection between your web server and the browser.
So, when hackers get hold of any information shared through your website and your server and you have an SSL certificate in place, they only get an unbreakable cryptographic code.

F. Configure an application firewall

Not everything that shines is gold, and the internet knows that too. That is why we have an application firewall. When configured, an application firewall monitors, blocks and filters out malicious HTTP traffic to your website.
There are two types of firewalls; the DNS website level firewall and the application level firewall. While both play a role in monitoring incoming traffic, the DNS takes precedence because it also reduces server load time.

How to configure an application firewall?

WordPress has a variety of firewall plugins to choose from. Again, do your research and pick what works for your needs starting with this list:

  1. Sucuri
  2. Wordfence
  3. Titan security
  4. Jet pack
  5. Cloudflare

G. Conduct regular site scans for security vulnerabilities

You can never be too sure with WordPress. That is why prevention is better than cure. Even when it feels like you are on the good side, you should check and be sure.
Regular WordPress scans check against database vulnerabilities so you can address them before they are exploited.
There are plugins you can use for this. Most free versions scan themes and plugins to note if they expose your website to danger, and premium packages scan for malicious codes too.
Scan your website now with Sucuri’s free website security check and malware scanner. They will also tell you what you need to improve.

Website scanner

H. Manage user access levels

If your website has multiple users and administrators, all managing users should have strong passwords that are difficult to hack.
To maintain control yourself, you can manage user access levels on your WordPress dashboard under the user's option.

2. Performance

If there is anywhere the phrase take things slow as they come does not work is on your website. Internet users hate slow websites.
According to Kissmetrics, 47% of visitors expect a website to load in less than 2 seconds, and 40% will leave the website if the loading process takes over 3 seconds.
With over 1.7 billion websites to choose from on the internet, you best believe your website’s performance matters. Assuming your end goal is to keep visitors of course.
Your website’s slowness is enough to give you a poor reputation with both your audience and the search engine. Thereby, you should optimize your website to perform well at all times.
Heaviness is usually the reason behind a slow website. Here are WordPress best practices to speed up your site.

A. Compress images

Fancy and making your website look good, images could be what is standing between you and a fast loading website.
Unoptimized high-resolution images consume a lot of bandwidth when they load, as a result, they slow down websites. Setting your website to only allow 1mb image uploads is one way to keep track of your image sizes.
Images are also available in different formats, with PNG being the largest. So, unless you really have to use PNG, opt for jpeg images.
Even with these recommendations, you should still compress your images. Compression will help reduce image size and therefore improve website speed. All you have to do is go to your WordPress dashboard, press plugins, press add new and search for image compression plugins and they will appear.

3 popular Image compression plugins
  1. Smush
  2. Optimole
  3. Imagify
Image compressor

B. Enable website caching

It is great that your website is getting traffic. We wouldn’t want it any other way. Except, everytime users load a page on your site, their browser needs to download a lot of information from your website to clearly load the whole page. This process takes a little more time than users care to wait.
When your website is cached, your web page loading time is reduced. This is because copies of your pages and information that users need to view your website is stored in an easily accessible temporary location.

Best WordPress Caching plugins to get you started
  1. WPRocket
  2. Hummingbird
  3. W3 Total Cache
  4. WP Super Cache

C. Use Content Delivery Network

How far away is your server from your users? - You don’t have to answer that, most people don’t know. It’s just that websites load faster when there is less physical distance between a server and the user. And this is where the content delivery network comes in.
Content delivery is a system that uses multiple servers distributed around different locations. Storing your website’s images, CSS, javascript and HTML data, CDN delivers this content to users who are in close proximity to each server. This helps minimize website loading times.
There are different paid CDN services out there to choose from. However, Cloudflare and Jetpack offer free CDN services. Check them out.


D. Change permalinks accordingly

Your users are able to access different pages and posts on your website separately because each page and post has a unique URL address. We call this URL address a permalink.
Search engines also use permalinks to determine the content on your pages and posts. Which means they are an essential element of your SEO. With that said, it is important that your permalinks include respective keywords for your pages and posts.
Optimized permalinks should let users know which content to expect, and organize links in categories.
It’s your responsibility to change the default WordPress permalink configuration from numbers to a post name with a keyword.


Ideally, you should change permalinks when you first install WordPress. If your site is already live, you might need to create redirects for all existing pages into their new URLs to avoid having a 404 error.

E. Minify CSS

Your website uses a sheet style language to describe how your web pages and posts should look. The problem begins when the cascading style sheets (CSS) do not describe only the web colors, fonts and layouts. They go further and describe unnecessary characters like white spaces and lines adding unnecessary weight.
By minifying CSS, you delete these unnecessary characters and ultimately reduce the size of your CSS file. Minifying CSS also helps enhance your site’s performance as it reduces loading times, improving user experience and search engine rankings.
You can minify CSS using a dedicated plugin such as WP Super Minify and Autoptimize. You can also use an online tool like CSS Minifier.
Learn how to minify CSS
W3 Total cache and Hummingbird (mentioned above) also have CSS minify features.

F. Your site load speed time is less than 2.5 seconds

You know what they say, fast website, happy customers. Besides that, site load time affects your ranking. If your website checks a majority of the recommendations on this list, there is a good chance it loads in less than 2.5 seconds. Even so, you need to be sure.
You can conduct a website loading speed using Gtmetrix. The nice thing about Gtmetrix is that it gives you a detailed report on where your website is performing well and where to improve to reduce your load speed time. A B should be fine, though you should aim for an A.

Gtmetrix example

G. Delete unused plugins, content and themes

When you first install WordPress, it will come with a default theme. If you have no plans to use this theme, you should delete it right after you install and activate the theme you want to use.
Something developers see from clients is a lot of unnecessary, unused plugins. We have gathered that the reason behind this is clients sometimes install plugins for one time use, but never delete them afterward.
Fiverr developers are also culprits. They fix websites by installing unnecessary plugins, instead of doing the real developers’ work.
The problem is these plugins stay on your website serving no purpose. Some are even outdated and put your website at risk.

3. Stability

If you are reading this and already have a website, I hope you at least got the first step right, which is having a good hosting provider.
A good hosting provider will provide you with a secure server for your website, which is great for fighting cyber-attacks, keeping your data safe and also keeping your website stable.
Besides your hosting provider, you can also implement some WordPress tips and tricks to help your website be stable.

A. Set automated backups

It is not bizarre for a WordPress website to be okay one moment, and not the next. You just never know with websites. This is why automated backups are a critical part of website maintenance.
Automated backups help ensure that you have a plan in place should your website malfunction at any moment for any reason. They also reduce the risk of cyber-attacks.
Depending on how frequent your website is used, automated backups frequency can differ i.e. a busy website should probably have daily database backups and weekly complete backups. This is because we want to backup everything on your website, including the latest changes.
Updraftplus is the go to plugin for automated backups. You can also use it to test your backups which is what we are going to speak about next.

automated backups example
Recommended WordPress backup services
  1. Vaultpress (Jetpack)
  2. BlogVault
  3. BackupBuddy
  4. BackWPup

B. Test backups on a schedule

It is not unlikely for a website to have untested backups where it’s unknown whether a backup is working or not. Besides that, website owners get caught in the business aspect of the website and neglect maintenance.
Unfortunately, this is problematic. Especially if you have a busy website that’s constantly going through changes. Each time you upload new information, you should also make sure you have a working backup with that latest information should anything go wrong.
Testing backups on a schedule helps you ensure that your backups are working and have all your website information. You can use a staging area to test your backups and fix failed tests before disaster.

C. Set site monitoring

People are generally too busy to keep an eye on their websites all the time and that is okay. Even so, that does not change the fact that anything can happen to your website at any point and time.
With a site monitoring in place, you can get an alert in real time should your website go down or be inaccessible.
Ideally, your website should never go down. Imagine this happens while your users are trying to get access to your website. They won’t like it, and neither will Google.
You can get a good plugin to monitor your site. Apart from that, a good hosting provider plays a big role here. Good hosting providers never allow their sites to be down for long, Even a few minutes is too long.

Site monitoring services to choose from
  1. Pigdom
  2. Jetpack
  3. Uptime Robot
  4. Super Monitoring

D. Link your website to Google search console

Google search console is a powerful service with different useful tools for websites needs.
It is also a great tool to alert you via email should your website have any issue that needs to be fixed immediately.
Namely, Google search console helps with website performance focused on the following areas:

  • Search analytics - site’s impressions, clicks and position on Google
  • Content on Google - sitemaps, individual url crawling and index coverage,
  • Website issues - affected URLs, mobile usability, breadcrumbs
  • Web pages - detailed page crawl, index and information about pages,

Here is a step by step search console training by Google to get started.

Google Search Console

E. Use latest PHP version

WordPress is written using an open source scripting language called PHP. Because of this, PHP is the main code used by WordPress to process user requests on your sites. PHP also fetches and interacts with data from your database.
Every now and then, a new PHP version is released. When this happens, you should also update yourWordPress site to use the latest PHP version. Reason being, outdated PHP versions are a security risk. They have vulnerabilities that can’t be fixed should a hacker exploit that outdated PHP.

4. Marketing

When marketing through a website, there are technical aspects you need to take into consideration to fully optimize your marketing strategy.
You need to understand how automated funnels, content creation and how SEO works to make your website rank.
Sometimes you might need marketing specialists to get the best results but there are also WordPress best practices you can apply on your own to get desirable results.

A. Set up a Google Analytics account and link to your website

Google analytics is another great service by Google. Unlike Google search console, Google analytics provides you with free tools to get insight on your website visitors behaviour. Using this information, you can build informed marketing strategies.

Google analytics metrics:
  • Real time data - Locations, traffic sources, content, events, conversions
  • Audience - Demographics, interests, behavior, technology,
  • Acquisition - overall traffic, Google Ads, marketing campaigns, social media
  • Behavior - site search, site content, site speed, events
  • Conversions - Goals, E-commerce, multi channel funnel
Google Search results example

B. Put a contact form on your website

For any reason, warranted and not, your website visitors may want to get in touch with you. And you have to make it easy for them to reach you by putting up a contact form on your site.
Most WordPress contact forms are drag and drop and very easy to use. Once you have one up, it will work to direct any sent messages to your email inbox without you having to put up your email address on display.
A contact form is also one way to build a mailing list, provided you ask for permission to send emails of course. You can also use your contact form as a support ticket and link it to your CRM. This is great for Ecommerce businesses.

Easy to use contact forms plugins
  1. WPForms
  2. Contact Form 7
  3. Formidable Forms
  4. Ninja Forms
WordPress forms

C. Have an about page

Sometimes users find themselves on your website because they clicked on one of your posts on a search engine. After reading, they might be interested in knowing more about you and your business. And this is when they are likely to check out your About page. Trust me, it will be a big disappointment if you don't have one.

Standard information to put on your about page.
  • Your business’s values, mission, vision and purpose.
  • What exactly does your business offer? - UVP
  • Do you have any experience? If so, What exactly?
  • How do you work and will you help them?
  • Can they trust you? If so, Why?

D. Link social media accounts to website

Some of the best products with the potential of growing probably died because of lack of marketing. No matter how good your business is, don’t bet on people finding it on their own. Market your business by placing it where potential customers can find it.
Social media is the best place to market your business as a lot of people use social media. According to statista, Facebook alone has roughly 2.85 billion users per month.
When choosing a social media platform for your business, consider where your ideal target audience spends most of their time. Make sure to link your social media accounts back to your website, and your website to your social media accounts.

E. Use a mobile responsive theme

You need to reach people where they are, and that is on their mobile device. And when you do, your website needs to be mobile friendly. Remember Google search console? It can help you with this. If linked to your website, it will alert you about how your website is performing on mobile.
Your website’s mobile friendliness depends on your theme. In fact, a good theme will be mobile friendly, SEO optimized and have low site load speed time.
It will have a responsive website design and adapt the design depending on the device used to view your website. It will also adjust your content while retaining easy readability.

Theme example

F. Create a XML Sitemap

Google bots crawl your website to find out what your website is about, the type of content you post and also to gauge your pages.
When you have a sitemap file in place, you make it easier for Google to crawl all your website pages.This map is especially important if you have a big website with a lot of pages.
Overall, a sitemap can directly affect your SEO ranking by providing Google with the information they need to place your website in front of the right people.

G. Remove Broken links

Users visit your website because they are interested in you and your business. The last thing they need is for your links to be broken.
This is a very disheartening and horrible user experience that results in loss of potential customers and revenue.
Google also hates broken links. This means your broken links are probably affecting your SEO, and ultimately your ranking strength.

H. Optimize posts and enable sharing option

I repeat, no matter how good your business is, don’t bet on people finding it on their own. That is why placing a sharing button on your content is the best thing you can do for your business.
Yes, readers will probably share your content if they have a burning need to. It’s just that making the experience easy for them goes a long way. It makes the process a natural action to take after reading.
You also want your content to be clicked on when it reaches social media. One way to get those clicks is to have a visible short and catchy headline accompanied by an enticing feature image.

Social sharing

I. Posts and pages have good readability score

People never make it to search engines' second page because they find what they are looking for somewhere in the quality content ranking on the first page.
There are different factors that go into boosting content’s quality. i.e keywords, meta tags, content originality, etc.
But if you want to retain the reader's attention, readability is the best trick. Clear, compelling writing will retain your readers' attention. When this happens, the bounce rate is reduced.
Bounce rate has a direct impact on your content’s ranking.

SEO example

I. Optimize pages and posts for SEO

Before I even get into optimizing web pages and posts, your content needs to be of quality in three ways

  1. Write relevant content
  2. Write what your users are searching for
  3. Speak the language of your users
Get the H1 Tag right

The H1 tag is the most important header tag in your pages and content. This is because it lets search bots know what your page/post is about. It is also what appears on search when you rank.
On the search engine result snippet, H1 tags appear as the main heading of the snippet showing the audience what a web page is about before they click to visit a website.
Clear and properly formatted headings equal a clear and enticing search engine snippet which will earn your website visits and boost traffic.

H1 tag example
Work on your meta tags

Meta tags are embedded messages you can carefully place on your website pages for search engine bots to read and determine what your page is about. There are two very important meta tags that work together to optimize your content


A search engine result snippet shows a summarized pitch meant to entice readers to click on your website. In the snippet, the title is the first line that people see, so it has to always count.

Meta Description

Also appearing in the snippet just under the title, meta description is a concise summary of the content on your page or post. For best results, make sure you include your keyword in the meta description.
To have a credible snippet that earns clicks to your website, the title and the meta description have to compliment each other.
For people to stay and read your content after visiting your website, make sure the meta description matches the content on the page. This will keep the bounce rate low and improve your ranking.

Great SEO tools for WordPress tips and tricks
  1. Semrush - improve online visibility and discover marketing insights.
  2. Ahrefs - SEO software suite that contains tools for link building, keyword research, competitor analysis, rank tracking and site audits.
  3. Yoast - A great SEO WordPress plugin
  4. Rank math - Add best SEO tools on your WordPress website

If you have a lot of boxes you need to tick on your WordPress best practices checklist but don’t know where to start, learn how to find a WordPress developer worth your money to help you out.

Help others improve their website with our best practices checklist by sharing this post
Get in touch with us, we can help you. Fill out the form below!