Buying an SSL/TLS certificate (or using a free one) is just one of a few steps to secure your WordPress website over HTTPS. Learn how to activate SSL on WordPress and benefit from serving a secure website to visitors. In this article, the process of activating SSL/TLS is broken down into three steps, including how to fix mixed content warnings in WordPress and showing the green lock icon in your browser.
Before you begin any other step, you need to have a valid certificate installed on your web host, whether it's free or one you bought from a certificate authority (CA) like Comodo SSL. Without a valid CA-signed certificate installed (self-signed certificates aren't considered secure in production), visitors will get the red lock icon and/or see a security warning in their browser.
Cyberia Technologies web hosting integrates with Let's Encrypt SSL, a free certificate authority (CA) with backing by major companies like Google, Mozilla, and Cisco. The installation is simple and can be done in a matter of seconds. Your domain must be live (DNS records must be pointing to your host) before Let's Encrypt will issue an SSL certificate. Each web host is different and the interface will differ as a result. For example, a cPanel host might allow you to install an SSL certificate through an interface like this:
Contact support at your hosting provider find out if they offer Let's Encrypt SSL/TLS certificates. If you are a Cyberia Technologies customer and have any questions or trouble, you can email support.
The next step in how to activate SSL on WordPress is to configure or "tell" your WordPress installation to use it. This is done by adding the 's' in the URL (http:// to https://) in the fields marked 'WordPress Address' and 'Site Address'. Click 'Save' after making the changes to both fields.
WordPress will log you out automatically—this is normal. Simply log back in again with your administrator username & password, and you're for the next step!
This step ensures your WordPress site uses HTTPS consistently instead of HTTPS for only some links and HTTP for the rest. Though this step is key to fix WordPress mixed content warnings, it requires some level of technical competence. To accomplish this, we'll need to find and replace the links in the database pointing to images, attachments, or theme files that are still using the non-secure protocol.
From your WordPress Dashboard, select 'Add New Plugin' and type 'Better Search Replace' into the search box. Click 'Install' and then 'Activate'. Next, go to Dashboard > Tools and select 'Better Search Replace'.
Referencing the screenshot above, the first field is for the old, non-secure domain (take note of the absence of 's' in 'http'). The second field is for the new secure domain protocol (https). The correct settings to be used are highlighted in purple.
Remember to take extreme care not to mistype or misspell anything in either field. Double check protocols, the placement of the colon, if the double forward slashes are present, etc. Making a backup of your database might not be a bad idea either, since a mistake here can potentially break your website.
Next, select all the tables (SHIFT + L Mouse click on PC) or select them one by one (CTRL + L Mouse click). Tick the GUID checkbox if your site is new or is a test site. The dry run checkbox must be unchecked in order to run the operation.
To finish, simply Click 'RUN Search/Replace' at the bottom. If successful, you will see a notice at the top of the page with the number of non-secure URLs the plugin was able to find and secure.
You've learned how to activate SSL on WordPress and your site will be served to visitors with a green lock icon. If you don't see a lock icon yet, refresh the page or try another browser.
Note 1: This secures your WordPress site and everything hosted inside it. If you have external pictures, content, or third party scripts, i.e. hotlinked content or embedded iframes, they must still be secured on their own host.
Note 2: It's a good idea to review your Google Analytics and Google Search Console properties to the newly secured URL (https://).
Note 3: To be thorough, we also recommend you setup a 301 redirect from the old, non-secure URL to your secure domain. This way visitors and search engines trying to reach your site will seamlessly arrive on the secure domain. This can be done either by your host or from inside WordPress.
Note 4: Your website SEO rankings or "link juice" may take some time to settle, though this is necessary in order to activate SSL on WordPress correctly.
If you use WordPress, you might have noticed a seemingly endless supply of plugins claiming to speed up your WordPress site and boost your page speed score. And, for those of you who've tested them against measuring tools like Pingdom or GTMetrix, you might agree with us if we said most caching plugins don't live up to their expectations. That being said, there are some effective ways to speed up your WordPress site without investing too much time and effort. In this article we cover 3 quick ways to speed up WordPress and boost your page speed score without going into premium plugins or CDN services.
Optimizing all your images is a strong first step in order to speed up WordPress. Install an image optimization plugin like TinyPNG, EWWW Image Optimizer, or reSmush.it to begin without too much setup. These usually work the same way by removing redundant color data, a process known as quantization, and clearing the metadata from your photos, graphics, icons, etc. This technique in general does not create any noticeable degradation of image quality. Though the default settings are good enough for most, you might be able to shave off a few more kilobytes by tweaking compression settings.
Remember to use your best judgement when it comes to image optimization suggestions. As an example, even Google's Page Speed Insights tool isn't gospel and will sometimes make impractical recommendations (as with all page speed testing tools).
Next, let's configure browser caching on your host. Please note we recommend this step only if you're not using a caching plugin in order to avoid potential conflicts. If your web host provides cPanel or a server powered by Apache, simply insert this snippet inside the <IfModule mod_expires.c> block in either your webroot .htaccess file or server's apache .conf file:
ExpiresActive On ExpiresByType image/jpg "access 1 week" ExpiresByType image/jpeg "access 1 week" ExpiresByType image/gif "access 1 week" ExpiresByType image/png "access 1 week" ExpiresByType text/css "access 1 week" ExpiresByType application/pdf "access 1 week" ExpiresByType text/x-javascript "access 1 week" ExpiresByType application/x-shockwave-flash "access 1 week" ExpiresByType image/x-icon "access 1 week" ExpiresDefault "access 1 week"Alternatively, if your host is powered by NginX or sports a dual server configuration (e.g. Plesk Panel), you should not use the above code. Instead, reach out to your host to add this snippet to the server's nginx .conf file (not .htaccess).
location ~* \.(js|css|png|jpg|jpeg|gif|ico|mp4|webm)$ { expires 7d; add_header Cache-Control "public, no-transform"; } gzip on; gzip_proxied any; gzip_min_length 1100; gzip_comp_level 1; gzip_types application/x-javascript application/javascript text/javascript text/css text/plain text/xml application/xml image/gif image/jpeg image/png image/x-icon image/bmp image/svg+xml application/x-httpd-php video/mp4 video/webm; gzip_vary on;Notice how we recommend setting the cache validity period for 7 days or 1 week. We find this duration strikes a good balance between browser caching and fresh downloads from your host and is also the minimum accepted duration in most page speed scoring tools.
If you're not sure where to put the code or don't feel comfortable modifying .htaccess, reach out to your host for some support. It is always best to err on the side of caution when modifying .htaccess or .conf files.
3. Remove Query Strings from Static Resources
This step is optional but strongly recommended in order to fully unlock the benefits of configuring browser caching. Removing query strings from static resources ensures web browsers can cache everything on your site they need to. Without this step, any improvements to your page speed score from step #2 might be limited. Simply paste this PHP snippet into the functions.php file of your child theme or into a snippets plugin.
function _remove_query_string( $src ){ $parts = explode( '?ver', $src ); return $parts[0]; } add_filter( 'script_loader_src', '_remove_query_string', 15, 1 ); add_filter( 'style_loader_src', '_remove_query_string', 15, 1 );Please note you can also paste the above snippet into the functions.php file of your theme and have success, though this isn't recommended. If you don't have a child theme and don't want to use a snippets plugin, here's a great child theme generator plugin to get you squared away.
So there you have it. If you invest 15-20 minutes to implement one or more of these steps, your WordPress site will be in much better shape. If you have questions or want to switch hosts, please reach out to Cyberia Technologies and we'll do our best to help.
Along with with the wondrous versatility WordPress as a platform for your website comes a certain degree of maintenance responsibilities. Luckily the most important WordPress maintenance operations are easy to do with so many plugins to choose from. Optimizing your WordPress database every so often is excellent to protect your investment so that it runs smoothly in the coming years. In this article we'll cover how to optimize your WordPress database and explain in detail exactly why it's important to optimize your database from time-to-time.
Before Jumping into How to Optimize Your WordPress Database, Let's Share What's Happening Under the Hood.
Your WordPress database relies on two technologies to do it's job correctly, called MySQL and PHP. You don't need to know how to code in PHP to safely optimize your WordPress database, however possessing a basic understanding will help you make sense of what's contained in this article. The WordPress database does not dwell as a file on your web host, like the .php files you may have seen. Instead, the database is stored and runs inside a special program called MySQL, often also referred to as MariaDB. Your WordPress database keeps all of the following types of information:
Imagine that each time you add a plugin, change a theme setting, or remove text on an article, your database is storing all that data, often without ever deleting it. If you frequently revise your content or you just have a really old website, your database is likely very bloated can benefit from a tune-up. Though the impact is negligible at first, it can contribute to more MySQL RAM usage and slower server responses over time. Not to mention, an unoptimized database can lead to unnecessarily large website backups.
You may not be very technical or would rather not risk breaking something. Kudos to you! This is generally the best mentality to have towards any database changes. Today we recommend using one of these two easy, highly reliable plugins to optimize your WordPress database. Not to mention they are both free!
Now, even though we've used both of these plugins (separately) for years without incident, it's best practice to create a database backup. There are plenty of great database backup plugins, like UpdraftPlus, WP Migrate DB, and Duplicator. If you're a Cyberia Technologies hosting customer, then we have you covered with daily database backups taken automatically.
Simply install one of these two plugins (there is absolutely no need to install both):
WP Optimize is a safe, effective database cleaner by the creators of UpdraftPlus:
https://wordpress.org/plugins/wp-optimize/
Optimize Database Before Deleting Revisions has more options and includes a 1-click feature:
https://wordpress.org/plugins/rvg-optimize-database/
Completing the WordPress database optimization operation usually takes less than 60 seconds. Even though you might not need it, it would be wise to have your database backup handy. In the unlikely event something does break while optimize your WordPress database, you'll have a safe restore point to fall back on.
The act of learning the best practices for small business web design and then implementing them is both an art and a science. A lot of artistic talent can go into creating a beautiful, modern-looking website. When it comes to creating the site's layout, all that artistic effort can—and should be—backed up by hard data. Any small business web design provider worth his or her salt will have spent some time researching what works and what doesn't. Small business owners have a lot to gain by relying on all that tangible experience and wisdom.
There is (or at least should be) a methodical process that a small business web designer adheres to when designing the layout of a website's UI/UX, such as putting call-to-actions (CTAs) in the right places, picking the right types of colors, and positioning the small business' brand in a way that resonates with customers and positively reflects the industry.
For small business owners shopping for a new website, the quality of the final project may well provide the difference between a 1% conversion rate and a 10% rate. Let's break down these best practices for small business web design into further detail.
A professionally built small business web design should never be a collection of disparate pages, yet many of them are. Instead, the entire collection of web pages must be mapped out into a “tree”, with each page serving a purpose. This is called a sitemap and includes everything from the main landing page/home page all the way to the terms & privacy policy pages.
Your finished small business website must present a clear message of what you offer and why your target customers need to care. Visitors form opinions about your small business within seconds of visiting your new website, and will grant you only a few seconds before deciding to stay or leave. You must have the information they're looking for easily and readily accessible. Focus on making the first impression of your small business web design a stellar one.
Your must also plan the development of your small business website around a visitor objective you want completed. If your web traffic just comes and goes without any meaningful exchange, then it's all but useless. Common objectives can be getting visitors to subscribe to your email list, to book for your services, or to buy one of your products. Getting visitors to "convert" into customers is a science in and of itself, but any professional small business web design provider will recommend A/B testing to reveal the numbers.
This is the age of information and people expect instant results more now than ever before. There are only seconds before another distraction comes along, and visitors hate slow-loading pages. You will only get a moment to grab their attention before they click away. This is why incorporating fast loading times into your small business web design is essential.
Your website pagespeed will be affected by both the website itself as well as your web hosting server. A website requires optimized images & code and high-performance hosting to load the fastest. Your small business web designer or developer should do each of the following in some capacity:
Over half of all global traffic (including 3rd world countries without good cellular/4G networks) comes from mobile devices. In fact, nearly 54% of traffic is coming from mobile, while just 43% is coming from desktop. Often, visitors come across your small business website on mobile first, and then decide whether or not they will revisit on their laptop or desktop.
You might be asking yourself, if that's the case, why does a mobile responsive site even matter? Won't they revisit with their desktop anyways? Perhaps not—if you lose out during a potential customer's early research stage, you may have lost them for good.
Remember my earlier bit about science and conversion-tracking? Numbers indeed don't lie. When it comes to conversion optimizing, lowering bounce rates (getting visitors to stay), and boosting search engine rankings, empirical data is vital. Fortunately, search engine providers like Google make it ridiculously easy to gather this data.
Yet, sometimes I build or service websites for clients who are so eager to be done with everything, that the installation of Google Analytics is skipped. Completing the necessary steps your provider recommends, like installing Google Analytics, is important to get the best ROI out of your new small business web design. Not only are tools like these 100% free, but using them is as simple as emailing the code to your web developer. Still, some less experienced types of small business web designers or perhaps indifferent small business owners can skip over this step and forget.
Next, a professional small business web designer must be able to recommend what steps to take based on the results of the data. Many digital agencies also provide SEO services, such as on-page or off-page SEO. Cyberia Technologies leverages our close-knit network of SEO specialists to clients.
Your social media strategy must go hand-in-hand with your website, rather than exist in a parallel universe. Provide links to your small business website on your social media pages and integrate a social media tool like Monarch or Social Warfare. Put social media buttons on your website pages, blog posts, & products to get more shares, and in turn more reach.
In the age of information, security is front and center for websites both big and small. If you have a WordPress site, then it is only a matter of time before a bad actor tries to hack it. This very site receives over a thousand various attack attempts per month, and we are by no means “big time”.
Plenty of well-paid, well-respected IT experts, including web developers and system administrators, fail to properly secure their sites and servers. A professional small business web developer not ensures that your website is secured to the best it can be, but also works with you to teach the basics and best practices to keep your small business website secure post-development.
Here's an example: one of the simplest yet routinely overlooked things you can do today is use a password generator and storage locker like LastPass. Read our post covering how to secure your WordPress site and protect against hackers to learn more.
So why should you shell out the big bucks for for a professional small business web designer? Hopefully the answer is to avoid getting unfinished, botched, or otherwise sub-par work where basic due diligence wasn't followed. Professionally building a new website can get expensive very quickly, no doubt. Though considering a costly alternative like a slow, under-performing, or even broken website makes any wise small business owner see why hiring a professional to design and develop a website is the smartest choice.
Optimizing images on your website is important, not only because it reduces the site footprint or file size, but doing this one step will net you the greatest gains in pagespeed. Even creating backups of a website with web-optimized images is much faster and takes up less storage space. Let's dive into how to optimize images on your website for performance by sharing with you a basic understanding of a few concepts:
Both .jpg and .png file formats have their strong and weak points and its important to know when it's appropriate to use each. Using the correct file type in the right scenario will ensure your website performs the best throughout its lifespan. Here is a breakdown of each common file type:
*These are ballpark estimates and require common sense. If you have a small product photo that takes up 800KB of space for example, you need to go back and look at things.
In this day and age, your business website needs safeguards in place to protect against cyber attacks. Though our managed WordPress hosting customers benefit from several security measures, many web hosting providers don't offer any mitigation against website hacks/data loss. No matter which web host you use, we'll share with you 5 easy steps to secure WordPress and protect from hackers. These should be easy to implement and won't involve any coding.
Wrong. Indeed, the public does see headlines about their personal data being dumped on the dark web from a big corporate hack every year or so. Yahoo, Sony, and Equifax are some of the (in)famous data breaches you may have heard of. But if you think only enterprise businesses are in a hacker's crosshairs, you're being misled. Without mitigation, you may be choosing to put your business (and customers) at risk.
Use a security plugin for WordPress, like Wordfence or iThemes Security, to shut down the most common attack vectors without much setup. Many critically important features are included even with the free version of Wordfence. When you visit the Wordfence Options tab inside the Dashboard, you can customize the thoroughness of scans and log keeping. Within just minutes, you will enjoy significantly greater protection.
Creating backups is important, not only in the event of an infection you can't clean, but also in case your website breaks (i.e. after a bad update). We recommend a regular schedule of weekly or monthly WordPress backups by default. If you need to run a different backup schedule, you might want to factor in the following:
Luckily, there is no shortage of both free and premium backup tools, so you only need to be aware of what's needed as a minimum. A complete WordPress backup consists of two parts: the standard PHP files, images, etc.—and the database (a specially exported .SQL file). You need both parts to have a working backup—if you try to restore an old backup without the database, your backup is worthless.
We recommend UpdraftPlus or Duplicator to create a restore point or snapshot. The backups can be stored on your web host or externally in Google Drive, Dropbox, or AWS. If you're a Cyberia Technologies hosting customer, you're already benefiting from server-side automatic backups, meaning there is no need a third party solution. Server-side WordPress backups can be restored by logging into the control panel.
Cloudflare is a DNS (domain name service) provider built on a philosophy of security and speed. The free plan from Cloudflare even includes DDoS protection, a global content delivery network (CDN), zero-trust access protection for 5 users, & more.
It's well known by the WordPress community that you can visit the default login page for any WordPress site by going to www.thewebsite.com/wp-login.php. Given how popular WordPress is, this means anyone can try to gain entry to your website through this very predictable login slug. Changing it to something unique enough that an outsider can't guess will remove this potential attack vector.
By default all WordPress database tables start with "wp_" as a prefix, meaning any hacker can easily predict your database structure. MySQL injections and other database vulnerabilities become much easier from that point onward. Use a tool to customize your WordPress table prefixes to something completely unique/random, i.e. "w2ZbEq_". If you're a Cyberia Technologies customer, you can randomize the database prefix via the 1-click security tab in WordPress Toolkit. Otherwise you can search for a plugin in the WordPress repository to automatically do this.
Your business and your customers rely on the safety and security of your website. Although none of the above 5 steps will guarantee you won't be hacked, you'll avoid becoming low-hanging fruit for hackers. Since most small businesses don't recover from security breaches, it's worth it to review our 5 easy steps to secure WordPress and protect from hackers every so often.
