Improving Performance of Your WordPress Site

In today’s world, many people make use of WordPress for hosting a successful and useful site. However, depending on WordPress is just the beginning. You need to build a site that will actually work for readers or you will not keep those readers for very long. One of the mistakes that many people make is creating a site that has low or poor performance. This happens simply because they are making wrong choices when they build their site. Have you noticed that your own WordPress site seems to be slow to load, frustrating, and just plain hard to use? If so, then you need to go through a few steps to improve the performance of it.

Limit the Plugins

It may be your first reaction to choose a wide variety of plugins to a site simply because they can be useful, eye catching, and fun. However, as with anything else, too much of a good thing can be bad. When you use too many plugins, then you can actually slow your site down to the point that it can be slow loading and difficult to load. In order to improve the performance of your WordPress site, be sure that you are limiting your plugins on each of the pages. Some of the plugin options that can be major culprits in a slow site would include the following:

  • Heavy JavaScript features
  • Requiring HTML to resize images instead of resizing them by hand
  • Placing JavaScript in the site header

Choose the Right Theme

One of the best ways to build a WordPress site that is high performing, fast loading, and easy to use is to choose from Premium WordPress templates that are designed to be streamlined. These themes are designed specifically for both performance and attractiveness of the site. Choose a theme that will help you limit the chances for performance busting features from the very beginning.

Use Google

Google offers a content delivery network that can work with the JQuery library. This means that if users find your site through Google, their computer will most likely already have that JQuery information on their computer. This leads to a faster loading site. If you want your site to be high performance, then choose to use JQuery that comes from the Google content library.

WordPress is a very handy tool for website creation when you use it wisely. By taking the right steps and avoiding the right things, then you will be able to build a site that is higher in performance.

The Pros and Cons of Managed WordPress Hosting

Have you considered Managed WordPress hosting? Managed WordPress hosting is becoming an increasingly popular option among many professional WordPress bloggers and top webmasters these days as these services will often take care of all the technical aspects of WordPress for you, allowing you to focus on creating and sharing great content. As an added bonus, these companies will also typically answer your technical questions, make sure your WordPress content loads quickly, and install your WordPress theme and plugin updates.  Examples of popular managed WordPress hosting companies include WPEngine, ZippyKid,, and Synthesis. These top companies provide similar services and features but all offer a few extras to try to seperate them from the pack.

So, is a managed WordPress hosting service for you? Deciding whether or not to sign up for one of these services will likely come down to your personal needs.  If your website/blog attracts a lot of traffic and you use WordPress frequently, managed hosting could be an attractive option. On the other hand, if you’re just a casual blogger who just wants the basics from WordPress, managed hosting might be an unnecessary expense. Before you start paying for this type of hosting, it’s good to keep in mind that companies like ZippyKid and Synthesis can make your life as a WordPress user easier, but they’re not perfect solutions for everyone.

Here are some of the pros and cons of managed WordPress Hosting:


  1. Your site and content will load faster. People are a lot more likely to leave your site or spend less time on it if it loads slowly.
  2. You’ll have someone to turn to when technical issues arise. Trying to call one of the big hosting giants like HostGator or GoDaddy when you’re having WordPress problems won’t get you anywhere. The tech support people at big hosting companies don’t know anything about WordPress. You’re paying managed WordPress hosting companies to know the ins and outs of the popular content management system. So, you get the kind of support you need from companies like WPEngine and ZippyKid.
  3. Your content and confidential information will be more secure. Managed WordPress hosting means you don’t have to worry as much about malware, vulnerabilities, and other security issues. It also means that your data is backed up regularly to ensure you don’t lose any of it, even if something crashes or a security issue arises.
  4. You don’t have to spend as much time learning about WordPress. Many WordPress users spend hundreds of hours every year researching WordPress how-to guides and taking free WordPress classes to become better at using the content management system. Since managed WordPress companies take care of all the technical stuff, you don’t have to waste any of your precious time learning how to install a new theme or get a new plugin to work.


  1. Managed WordPress hosting is costly. It generally ranges in price from about $30 a month to a few hundred dollars a month, depending on how many WordPress installs you need managed. If you’re a perpetually broke college student who blogs for fun, managed WordPress hosting probably isn’t for you.
  2. You have less control. If someone else is managing all the technical aspects of your WordPress accounts, you don’t decide what gets updated and changed to improve efficiency. Someone else does. If you like to be in control, managed WordPress hosting might not be the best fit.
  3. You have to pay extra when one of your posts goes viral. Most basic managed WordPress hosting packages, the ones that cost you around $30 a month, only allow a certain number of visitors to your site each month before they charge you extra. Usually the number of visitors allowed is around 25,000. If 1.3 million visitors check out your site one month, you have to fork over quite a bit of extra money to the hosting company. You could avoid this by paying for a more expensive package that allows more visitors per month, but that would just end up costing you more too.

Overall, if you can justify the price of managed WordPress hosting, there’s definitely good reason to look into it, especially if you want to make your life as a WordPress user simpler.

Should My WordPress Site Use a Related Posts Plugin?

Related Posts Plugins are an amazing way to keep a visitor engaged on your site. By doing some magic on the backend of a site, they can make tailored post suggestions according to the content on-page. Tailored recommendations will boost average time on site, average page views, and the like. Related posts are also awesome ways to add advertisements to a site.

Unfortunately, related posts plugins can also destroy a site’s performance, or bring it down entirely.

Many related posts plugins work by creating a “FULLTEXT index” on the “posts” table in MySQL. This is a mechanism to make complex queries against the content of posts.  For example, “posts which contain A and B but not C or D.” Usually, this means indexing categories, tags, specific keywords, and a number of other data points and querying them later.

It’s a cool way to search, but MySQL wasn’t built to make queries like this.

In MySQL, FULLTEXT indexes consume high loads of resources at run-time, particularly for larger sites with proportionally large databases.  Under heavy traffic loads, this will slow the entire site down, or crash it entirely.

To make matters worse, when changes are made to (large) tables with FULLTEXT indexes, rebuilding that index can take hours and hours. Sometimes rebuilding will even fail, producing a corrupted MySQL table. This can happen when you do something like upgrade to the latest version of WordPress.

That was a lot of bad news. Here’s the good news!

There are TWO PLUGINS that achieve “related posts” functionality, but do it off-server, so that you don’t bog down MySQL.

Take a look at nrelate’s and LinkWithin’s “related posts” plugins. These do their calculations on their own servers and don’t cause the same issues with the databases.

Nrelate has 3 different plugins based on whether you want your most popular content or related content to display, as well as if you want the related post to “fly out” at the reader.  All three are available in the WordPress plugin repository.  LinkWithin will make recommendations to related posts based on several factors, including title, tags, and content.

How they work

Nrelate creates its own, secure, RSS feed, and feeds your content directly their servers. This means their pinghost is added to your Update Services. So each time you update your blog with new content, nrelate gets the feed and can analyze it for related posts. Then, they use Natural Language Processing inside a database designed for search to analyze your content and make related recommendations.

LinkWithin similarly analyzes your content off-server. They have a context engine that looks at categories, tags, keywords, and a few other aspects of your content in order to make recommendations. LinkWithin used to redirect traffic through their site, but no longer. You get all the SEO juice from the links.

Both plugins accomplish the related posts functionality off-server. I’m personally a big fan of nrelate’s strategy of using the RSS feed to get the content and then processing it with NLP.  I was also able to speak on the phone with both developers from nrelate in the writing of the article, which indicates the support they’re providing their plugin.


LinkWithin has secure processes to pull your content, and there are zero known security issues with their plugin.

When I spoke with nReleate, they talked about how their RSS feed can only be accessed with a random key that is generated when you install the plugin.  They hired Mark Jaquith to build this part of the plugin with airtight security.

Image options

With nRelate, you can either show your content as one of six sizes of thumbnails, or as very simple bullets. The plugin automatically creates a thumbnail from the featured image, but you can also specify which image to use.  If you don’t have any images on your post, nrelate will actually pull one from their image library.  You can see examples of their ads on Huffington Post and Endgadget.

LinkWithin relies heavily on featured images from your page in order to provide thumbnails.  If you don’t set featured images, the plugin won’t show any.  It also provides very customized sizing of images that are optimized for your site.


You can add your advertising networks to nRelate (they have their own ad network) and serve your ads along with the recommended content. Linkwithin does not currently support advertising.


Your css is automatically adopted by nRelate, so the thumbnails and font styling will automatically look like your design, but you can still customize things as you like.

International Languages

Nrelate is also in the following languages: Dutch, English, French, German, Indonesian, Italian, Polish, Portuguese, Russian, Spanish, Swedish and Turkish.

Check out both of those plugins to see which one works for your needs. Both of them offer significant speed and scalability benefits to your site.

Are you using a related post plugin for your site?  How has it affected your traffic?  Have you noticed any performance issues?

How to Protect WordPress from Malware Infections

WordPress is installed on so many websites now, the global reach is comparable to a company like Microsoft. Hackers, scammers, and phisherman target Windows because it’s installed on millions of computers all over the world. If you’re going to break into computers with malicious intent, you want the biggest target.

You will find (at times) some proponents of other popular open source CMS software (Joomla, Drupal) may try to say “WordPress isn’t safe, look at all the hacked websites”. WordPress is actually very stable, mature, and secure. But by it’s very nature, being software, it must be maintained (or security holes appear over time). If everyone kept WordPress, plugins, and themes updated, and performed just the slightest bit of preventative maintenance and hardening, the amount of compromised WP websites would probably go down by 90%. In this article we’re going to go over the basic steps of how to protect your WordPress website from malware, virus infections, and malicious code and scripts.

First let’s talk about some basics you should know…

What is (website) malware?

You probably already know the word “malware” from PC’s and computers. Computer viruses have been around a long time, as well as virus scanning software. With the Internet age came “spyware” (programs that spy on what you do and send the details to a remove computer), as well as “anti-spyware” computer software. You might also have hard about trojans, and key-logging software as types of computer virii. The term “malware” in conjunction with a computer means something installed on your PC in order to deliver a payload. Like installing a browser toolbar, and having it (on the backend) install a script, program, or trojan without your knowledge as the payload.

Google started tracking malware in websites a few years back as part of Google webmaster tools. Malware (at that time) was known mostly as something installed in your website designed to deliver a payload unknowingly to the website visitor (also like a virus, trojan, program, script, etc.). Now, the term is used to cover nearly any compromised website wither it delivers an actual payload, redirects the user to a rogue website, or just plain contains simple SEO spam.

How do websites get infected with malware?

If you think about the amount of WordPress websites online (more than 73 million and counting), when reports come out that say “10,000 websites hacked from ABC vulnerability” it’s a small percentage in comparison to the whole. Then again, that’s 10,000 broken websites that are either down, redirected, or infested with spam.

Often people have a perception that there are actual people (or hackers) trying to break into websites. That’s not really the case, it’s an automated process. Hackers, spammers, and criminals write scripts to seek out and search for websites with specific vulnerabilities they can use to break in. They watch the latest security holes patched in WordPress itself, as well as themes and plugins. They also look for other software with holes, such as Joomla, Mambo, Drupal, phpBulletin, Simple Machines forum, phpBB, and anything else they can find. Often scripts are written to break in through one hole, and then just infect all PHP files, all sites in a hosting account, or just all WordPress installations at once.

So think about the home you live in and it’s security. You have locks on the doors and windows, and if someone were trying to get in – you’d know about it right away. The bulk of websites online are in shared hosting accounts. Unless you have some alerting or monitoring installed for your website (and even if you do), the only place break-in and hack attempts are stored is the server logs. You don’t know it but your website is being “attacked” night and day 24/7 hundreds (if not thousands) of times. You have no idea that something is constantly trying to break into your website. If you did – you’d actually beef up the security a bit.

Back to how the websites get infected. These automated scripts look for security holes in WordPress itself, themes, and plugins. If your website (or themes or plugins) are out of date – you might be open to one of these attacks looking for a way in. But this isn’t the only way.

Another way websites can be compromised (any website, not just WordPress) is by using an insecure connection to either login to FTP, your wp-admin dashboard, or your web hosting account. Remember when we talked about computer viruses and malware? If your PC is compromised and you connect to your WordPress website, your connection information could be sent to a remove PC by a keylogger or trojan. Even is your PC is clean, if you connect to any of these by an insecure connection such as Starbucks connection, public wifi in a hotel or airport, the same thing could happen (same if your home wireless router isn’t secured).

Yet another way your WP website can be infected is through your webhost itself. Maybe your account is managed with cpanel or Plesk control panel and your webhost hasn’t applied the latest patches for that software. Hackers can get in through those security holes. What if an exiting employee from a webhost steals the password files (which has actually happened) – you could be compromised. What if someone external breaks into your webhost and steals your login information (which has also happened at multiple webhosts multiple times), you can also be broken into.

More often than not what we do see, are large webhosts with shared webservers where hackers break into as many sites as they can on one box at once (bad neighborhood or guilt by association break-ins). Hosts that do stupid things like leave directory indexing on by default – don’t help matters much.

How to Protect WordPress from malware?

Now that you know what malware is, and how websites get infected, it’s time to find out how to protect your own website from malware (infections). While we can’t give you complete step by step instructions, we can give you some great points to follow which will make your website more secure and hardened than it ever has been.

  • Reset your password(s): regularly reset your WordPress admin, FTP, and web hosting control panel passwords every 30-60 days. Be sure to use a 12+ character strong password from somewhere like Never use the same password at multiple websites or for multiple accounts.
  • Update everything: as previously mentioned, be sure to keep WordPress itself updated, and all plugins and your theme as well at all times. Check to see if your theme has an update available if you purchased it from a developer or a theme house. Have it reviewed by a competent WordPress developer once per year for vulnerabilities if it was custom coded.
  • Remove unused and outdated items: The worst security holes are the ones that you forget about. Always remove all themes and plugins that are unused and inactive. In addition be sure to remove (or at least have an expert check out) any plugins that haven’t had an update in 12-18+ months or more.
  • Get rid of common WordPress elements: Your WordPress installation shows what version you are running in the meta generator tag of every HTML page it displays sitewide. Use a security plugin like Secure WordPress or Better WP Security to suppress this from being displayed in your public pages. You can also remove, hide, or limit access files like readme.txt which also display WP version information.
  • Limit Access: Limit and give admin access to only those with a “need to know” basis within your WordPress website. You should be able to count full site admins on one hand (preferable one or two fingers). Give the rest lesser user roles as needed.
  • Setup alerting and monitoring: There are all kinds of free services (some by web hosting companies) that will alert or monitor you if your website is down (or if certain pages have changed in content)
  • Register with Google Webmaster Tools: If you register with Google Webmaster Tools and they find malware in your website, they will notify you via email. Keep in mind (in our experience) by the time they notify you, your website could have been infected for days or weeks (or longer)
  • Monitor changed files: There are many free plugins that will monitor your website for changed files, Better WP Security is one of them.
  • Update wp-config security salts: Since before version 3.0 the wp-config.php file of every WP installation has contained “security salts” and a URL to get random ones to update the file with. Be sure to update your wp-config file.
  • Install and configure a security plugin: Setup and configure an all-inclusive security plugin, something like Better WP Security or Secure WordPress
  • Setup and test a backup solution: By all means, make sure that in the event something does happen you have a disaster recovery plan. You can use a free plugin, premium solution, or web based service to backup your website to an offsite location for recovery in case you are hacked, or something at your web host goes down. This is even protection against issues if you upgrade WordPress or plugins and a conflict takes your website down. At least with an option like this, if you are taking regular versioned backups, you can easily revert to the last known good version

With just these few bullet points, your website security can be improved by nearly 95% (or more).

7 Benefits of Blogging with WordPress

One of the most popular blogging platforms out there is WordPress — and for good reason. WordPress offers a flexible platform that is easy to use. You can get started blogging with a few minutes, and be well on your way to blogging success.

If you are trying to figure out which blogging platform is right for you, here are 7 benefits to blogging with WordPress:

1. It’s Cost-Efficient

One of the great things about WordPress is how cost-efficient it is. You can start blogging for free. WordPress is a free, open source platform that allows you to reach your audience free of charge. Additionally, there are paid upgrades that you can use to increase the attractiveness and customizability of your blog. However, even the paid features of WordPress are reasonably priced, meaning that you can get a high quality platform without paying a premium price.

2. Integrate with Your Website

WordPress is also easy to integrate with your website. WordPress is compatible with a number of control panels, and you can add a blog to almost any site with the help of WordPress. Blogging with WordPress is easy to start, and it’s easy to ensure that your blog is fully integrated with your brand and your website.

[Continue Reading…]