Category: page speed

Website Security Basics

Posted on by Bob Wilson

Where there’s a will, there’s a way. If somebody really wants to hack into your website, if they put enough time and effort into it, then they can probably make it happen. But most hackers aren’t looking for hard targets. They’re looking for easy targets. So here are some simple and highly effective ways that you can improve the security of your website.

Website Security Basics: Only Use Well Managed Input Boxes

An input box is one of the most direct paths to your website’s host server. The best way to keep your input boxes secure is to not create any in the first place. However, if you absolutely need one, you should make sure that you use extra caution.

A lot of people like to use contact forms. Many people consider contact forms to be standard operating procedure. If you have a business that you are sure would benefit from a contact form, then my recommendation is that you set it up through a well managed plugin that gets regular updates. Or have it built into to your page by a developer that will run regular updates. But the safest bet is to not use one.

Website Security Basics: Hide Your Passwords in a Private Directory

When you first set up your WordPress site it is not as secure as it could be out of the box. There are a bunch of passwords within your main WordPress directory. Put those passwords into a private directory. If you don’t know how to do this, then you should hire a developer to do it. If you do it wrong, then you’ll mess up your site. But if you don’t do it at all, then you’ll increase your chances of people being able to discover your passwords. Anytime you use passwords, make sure that you move them out of public directory paths.

Website Security Basics: Use a CDN like Cloudflare

CDNs don’t just make your website faster, they also create a checkpoint that your visitors have to pass through. Even free CDN versions will usually provide some kind of bot management. Setting up Cloudflare is free. So there really isn’t a good reason not to use it.

Website Security Basics: Download Your Software from Reputable Sources

Open source software often has little to no restriction on republication. Make sure that you download all of your open source software from legitimate download sources. It is common for people to take other people’s software, then repurpose it under their own brand and add malware to it. For example, if you want to download the Big Themes, then you should download them from wordpress.org or through the WordPress admin center.

Minimize the use of Third Party Inline JavaScript Services

Doing things like embedding interactive maps and third party videos can be a great way to improve the functionality of your site as long as you perform regular maintenance. However, hackers love to exploit these well known security vulnerabilities. A good rule of thumb is if you don’t regularly update these features, the you shouldn’t use them. Not using them will make your website more secure, and it will make your pages load faster, especially on mobile devices.

Frequently Update Your Support Software

People become timid about updating their support software because they worry that it will cause breaking changes. But not updating it can open up security vulnerabilities. If you use services like WordPress, you don’t have to necessarily update to the latest version as soon as it becomes available, but after the new version of WordPress receives a security update or two, you should probably update to the latest version.

Website Security Basics: Avoid Obscure Poorly Maintained Plugins

Some plugins don’t get updated for years and work great. So it can be difficult to determine the difference between a plugin that you can depend on and one that you can’t. You should do your research on any plugin that you use. And check on it on a regular basis to make sure that it doesn’t have any problems. If you’re not sure about the quality of a plugin, then you should contact a pro to review your site.

Website Security Basics: Avoid Hot New Underdeveloped Software

Open source software is often pushed out to the public with many bugs and problems undetected, including security vulnerabilities. And it can be difficult to tell when to adopt something new. New versions of existing software tend to be more reliable than totally new kinds of software, but that isn’t always true. Do your research or consult with a professional. Don’t be afraid to wait. But don’t be so timid that you fall behind.

Website Security Basics: Be Wary of Outdated Software

Some software works great long after it has reached its end of life and no new features are being added. Other old software becomes a place where hackers can find vulnerabilities that they know won’t be repaired. Using older software can be a great way to maintain site stability. But you have to make sure that it is still safe to use.

Have a Professional Review Your Website on a Regular Basis

Having a professional perform a routine checkup on your website is like seeing your physician once a year. Sometimes it seems like a waste of time because there is nothing wrong. And sometimes you find out things that you don’t want to learn. But you should do it anyway if you want avoid more serious problems.

Assess Your Website’s Page Speed: How to Do It Accurately

Posted on by Bob Wilson

If you have built your website and you have only seen how fast it loads on a new MacBook with a high speed internet connection than your testing has been inadequate. It’s easy to convince yourself that all of your webpages are loading well even when some of them are severely problematic. Your visitors will try to load your website on other than ideal conditions, and you need to see how your page loads under those conditions. You need to assess all of your pages, using speed assessment software in an emulated environment. And you need to assess your pages using real world information. This blog post will teach you the right way to assess you website’s page speed.

Assess Your Website’s Page Speed: Using Page Speed Insights

Google’s page speed insights is the simplest and most effective way to measure page speed. There are a number of different assessors on the market. But this assessor is free, thorough, and it doesn’t have any use limits. In particular, you want to pay attention to the difference between the mobile score and the desktop score. If your score is good on both (90 or better), and it is consistently good, then you shouldn’t try to beat yourself up trying to make it better.

screenshot of a perfect page speed score
screenshot of a perfect page speed score

If your score isn’t good on mobile or desktop, then you may want to ask yourself if it is worth the time and effort to improve it. Even perfect scores will recommend improvements.

Assess Your Website’s Page Speed: How Good Should Your Page Speed Insights Score Be?

Getting a score of ninety or better on mobile on every page isn’t necessary. However, it is feasible, and it is ideal, if you are willing to make the necessary sacrifices. There are a number of examples where getting a higher score is feasible if you put in the work, but the work is non-trivial. An example of this is loading your fonts through the Cloudflare CDN instead of the Google fonts CDN. Another example of something that will slow down page speed is the use of video. How you use the video and where the video is loading can create distinct performance results.

Using Page Speed Insights to Improve Your Performance

Google page speed insights will give you a number of recommendations for how to improve your page speed. But you shouldn’t expect to need to make every improvement. A lot of things that make a webpage cool can also slow down its load time. So you should use page speed insights to get your page speed to a load time that is consistently reasonable.

screenshot of opportunities and diagnostics
screenshot of opportunities and diagnostics

Focus on the page speed opportunities and diagnostics that have the highest performance impact. You don’t have to fulfill every requirement. Just keep going until you get a satisfactory score. If you can’t figure out how to improve each score, then you should consider hiring a professional.

Assess Your Website’s Page Speed: Using Cloudflare Web Analytics

Using Cloudflare Web Analytics is a great way to see how well your pages are running in real browsing environments right now. It will require you to sign up for Cloudflare, but this is highly recommended anyway to improve your page speed. Once you have signed up, setting up the evaluation is easy.

When you are looking at your core web vitals make sure that you have a significant number of visits and page views. You want to make sure that you have enough use cases that you can see a wide variety of results. Set the previous time span to somewhere between a week and a month. Usually the longer the time span, the more accurate the results.

You need to make sure that the results are coming back with a score of good (green) most of the time. You can hover over each core web vital color to see what the percentage value is for each score.

How Good Should Your Cloudflare Web Analytics Score Be?

You shouldn’t expect all of your pages to load well all of the time. If you have speed scores that are considered good at least seventy five percent of the time, you are performing adequately. If you are getting scores of good ninety percent of the time or greater, than you are performing excellent.

Assess Your Website’s Page Speed: Have a Professional Look at Your Site

Is your page speed score worse than it ought to be? Then maybe you should have a pro take a look at it. Sometimes when people build a website they just get lucky and they create it in a way that it loads well without any creative thought. But if you keep making improvements and your score speed isn’t improving, then you need to think about bringing in someone with more experience to your site.

Assess Your Website’s Page Speed: Questions?

If you have any questions, then please post them in the comments section.

Page Caching PHP to HTML and the Latest Versions of WordPress

Posted on by Bob Wilson

It used to be that if you were using even moderately sophisticated PHP programs, then you wold want to convert your PHP pages to HTML on your local server so that users wouldn’t need to wait for your pages to be processed. But is that still necessary? Anecdotally, I have been removing local page caching plugins from many sites, and whenever I have done it with the latest version of PHP (8.2 as of this post) and WordPress (6.3 as of the post), I have noticed that the page speed performance has improved with the version updates, even though I had removed a caching plugin. In fact, I have seen some caching plugins that have actually caused the page speed to slow down.

How Do These Plugins Work?

Caching plugins can do a lot of things. The particular plugins that I am referencing are plugins that create a folder, then they run the PHP program that creates the page for your visitor, then they store that page as an HTML file in the folder so that your users don’t have to wait for your PHP program to be run when they request the page. It is also possible for a plugin to use hashing, but the principle is still the same.

WordPress and PHP Processing Speed

When WordPress and PHP are capable of processing your programs faster, storing a ready copy as HTML can have an undetectable influence. However, other factors can make PHP to HTML caching useful.

Server Impact of Caching PHP to HTML

It is also important to realize that the server that your site is being hosted on will also have an impact on how fast your PHP programs are processed. Higher quality servers can process information faster than lower quality servers. Think of how much your PC improved the last time that you got a new laptop. The same principle is true for servers and their operating software.

WordPress Theme and Plugins Impact

How your WordPress theme is written is another factor that will affect how fast your PHP is processed. The quantity and quality of your plugins will also have an impact. However, you may find that themes and plugins that used to be a little bit slow will now load about as fast as a lot of the so called “lightweight” themes if they have been updated to the latest versions of WordPress and PHP.

Traffic Impact of Caching PHP to HTML

The number of people that are using your site will also have an impact on how fast your page is loading. If you are on a shared server, then other websites that are being hosted on your site will also present an impact.

The Advantages of Not Caching PHP to HTML

The primary advantage of not caching your HTML locally is you have less to manage. Anytime you add a plugin to your WordPress site, you make it more complicated to manage. You need to make sure that the plugin is set up properly, and it is actually working. And you need to make sure that the HTML files are not out of date. So you may be required to manually refresh the cache after updating content.

Don’t Neglect the Use of a CDN

It’s important to realize the impact of not caching HTML pages on a local server is distinct from other forms of caching. Eliminating local HTML caching will not offset the need to use a CDN. It is also worth noting that if you know how to cache your HTML into a CDN, that may still cause a detectable performance enhancement.

Try It and Test It

Do you want to know if you can ditch your page caching plugin? All you have to do is try it and test it. First run your web page and see what page speed score you get. Then disable your page caching plugin and run the test again. Try this on at least several pages of your site. If the performance of your page is as good or better than before you disabled the plugin, it probably means that you don’t need a local page caching plugin anymore.

My Experience

My experience has been pretty consistent. WordPress websites that run on traffic appropriate servers and run the latest versions of PHP gain less benefit from local PHP to HTML page caching than they used to. But a significantly large volume of traffic will produce some noticeable benefit. And I have noticed that there is still a slight benefit from caching the HTML into a CDN. It should be noted that most of my testing has been done using the Big Themes. It is also worth noting that WordPress 6.4 is currently being advertised as being even faster than WordPress 6.3.

Questions?

If you have any questions, then feel free to post them in the comments sections below.

How to Build a Website for a Bar, Tavern, Pub, or Brewhouse

Posted on by Bob Wilson

If you own a bar, then you need a website. You can’t make excuses that you don’t have the time, or a website isn’t important because you have social media. Unless your goal is to have a reputation for owning a dive bar that won’t last very long, then you need to set up a quality website that doesn’t look like it was hacked together in about an hour. So let’s learn how to build a website for a bar.

I realize that my previous paragraph has a bit of an attitude, but anecdotally, I have seen a lot of bars (not so much restaurants) that have some of the most consistently lousy websites that I have seen. Your website is the most accessible statement you have about the quality of your business. If your website is dumpy, many people will assume that your bar is dumpy, and they won’t want to show up. Like it or lump it, this is something that you will have to put some time into, and nobody will be sympathetic if the results turn out bad.

Keep It One Page and Simple

You need images of your bar displaying its ambiance. You need a little section explaining what makes your bar special. And you need to make it easy for people to figure out how to get to your bar.

The easiest way to get an idea of how your website ought to look is to view a couple of examples.

You can build a website like this using one of the Big Themes. If you don’t have time to deal with all of this, or you don’t consider yourself to be tech savvy, then consider hiring a pro.

Two versions of a bar template built with the Big Chill WordPress theme. Click on the images to see video demos.
Get a Bar Template

Don’t Embed a Map on a Website for a Bar

Embedding a map will slow down your webpage’s page load, and map embed’s frequently break and cause security vulnerabilities. Conversely, you can link to Google Maps and outsource all of your problems to your visitor’s browser or your visitor’s Google maps app.

Page Load Speed

Make sure that you page loads fast on mobile. If someone is on the road and looking for your bar, you want to make it easy for them to get a map to your bar with GPS. All you have to do is add a Google map link for your bar’s address. If this is difficult for you to figure out, then you should hire a pro.

No Need for a Navbar on a Website for a Bar

If your website is one page and short, then adding a navbar is unnecessarily complicated. Removing the navbar from one of the Big Themes is easy. If you decide you want to expand your site in the future, it’s easy to add the navbar back.

Use a Blog as an Optional Events Announcer.

The advantage of using a blog to announce events in addition to social media is people who don’t have accounts with any of your social media platforms will still be able to see the announcement.

Contact Section for a Website for a Bar

Contact information should just be an address, a phone number, social media links, and maybe email. Don’t waste your time with a contact form. They attract more spam then anything else, and even if they are maintained and updated properly, they can still serve as a security vulnerability.

Software Updates

Don’t forget to update your software every once in awhile. A simple website is easy to set and forget. But if you forget it for too long, then your website runs the risk of developing security vulnerabilities.

Questions?

Feel free to to post any questions that you may have in the comments area.

Google Fonts CDN Versus the Cloudflare CDN

Posted on by Bob Wilson

You probably have realized that serving your fonts through Google’s Font CDN is faster than serving your fonts locally, but if you’re like me you may be wondering if Google’s CDN is the fastest CDN available. So I decided to test the Google Fonts CDN versus the Cloudflare CDN.

TL:DR
My personal experience is that after using seven different series of fonts, the Cloudflare CDN is consistently faster on a 4G mobile network by about a second, but the difference on laptops or desktops with a good connection is less noticeable.

Assumptions of Knowledge

You will need to understand how a content delivery network and caching works if you want to understand this post.

The Kinds Of Pages That I Tested

I used both Bootstrap based and WordPress based pages. And each page had different kinds of content.

Update (7/31/24)

I have written a new article about Cloudflare Fonts that expands on this blog post’s discussion.

The Local Server I Tested On

I used a HostGator shared server to run every font series that I tested. This is hardly the world’s greatest server, but it isn’t terrible either. So it is a good local server to test on if you’re trying to determine average results.

The Tools I Tested With

I primarily relied on Google Page Speed Insights to test the performance of my different pages.

The Work Necessary to Perform the Updates

I wouldn’t say that performing the updates was complicated, but it was tedious and time consuming. It required a lot of attention to detail. Ordinarily, this is part of the fun of coding, but when you’re doing something as monotonous and repetitive as this, your mind might fight to wander off into more entertaining territory.

My method was to hard code the results when I used Bootstrap pages. And for my WordPress pages, I used a simple plugin that served primarily as a code template that resulted in mostly hard coding.

There are other WordPress plugins that don’t require you to write code, but they have inefficient coding, so I would be concerned that they would not be ideal for improving page speed. The plugins are only designed to host your fonts locally. So if they don’t process the results fast, then they will contradict the speed enhancement of being served through Cloudflare. The plugin that I used was designed so that each time you must rewrite it to host exact fonts for an exact page, so there is no processing waste needed to be performed for generalization.

The Results of the Google Fonts CDN Versus the Cloudflare CDN

Perfect 100 score on a smart phone utilizing a 4G Network. The loaded visible screen includes a full screen image, a typing feature, and an animated button.

I don’t want to be too presumptuous as to why the performance was faster; I only want to note that the performance was consistent. I don’t remember how many tests I performed, but after considering standard deviation, it was safe to say that the tests resulted in about a second faster in page speed on a 4G mobile network. However, desktops that already loaded fast didn’t load much faster.

Is It Worth the Time and Effort?

I don’t have a great answer to that question. Taking the time to do this isn’t something that I would encourage every website owner to perform. But if you get a lot of mobile traffic, and your visitors don’t have a lot of patience, then I would certainly consider it.

If you’re not a developer or you are not unusually tech savvy, then you may find this operation to be pretty difficult. There are a lot of different ways to make mistakes, so almost anybody that tries this is likely to make one. And if you don’t know how to troubleshoot, then you’ll probably get stuck. So if this is important to you, and you don’t have the means to do it yourself, then you should probably hire a pro.