These 10 free enhancements will help you get the most value from your WordPress site. Setup SEO, SSL encryption, performance optimizations, site backups, and site security; all for free, and in a matter of only a few hours.

WordPress is the world’s most popular blog and content management system but it ignores many important aspects of overall platform management that are critically important to maintaining a successful site. This is by design. WordPress is an extensible platform and as such, the project’s architects defer to the user community to extend WordPress’ functionality with custom plugins to cover functional gaps. In this article we will take a deep dive into 10 easy-to-implement enhancements that will make your site safer, faster, more discoverable by search engines, and more resilient to hacker attacks. Ok, let’s get started!

You’ll need admin access to your WordPress site as well as permissions to install plugins. If you’re planning to build a site from scratch then I recommend the following two how-to guides from the AWS official documentation

1. Linux Operating System Tuning

This first step is only relevant if your WordPress site is on a server that you control, and to which you have SSH access. The default settings for Linux, Apache, MySQL, and PHP generally work well for most WordPress sites. One exception however is the “Maximum File Upload Size” in the PHP settings which defaults to 8mb. Most custom theme packages and custom plugins are larger than 8mb and so this setting is a common stumbling block on new WordPress sites; so much so that we should preemptively set it to a higher value.

The PHP configuration file is located at /etc/php.ini. There are two sets of parameters that you should check and potentially adjust. The first is on or around row 657. Modify post_max_size to 128M.

The second is on or around row 800. Ensure that file_uploads = On, then modify upload_max_filesize to 128M and max_file_uploads to at least 20.

2. Add SSL Encryption With LetsEncrypt

There are immediate and tangible benefits to adding SSL encryption to your WordPress site, and thanks to LetsEncrypt it’s become both easy to setup and free. Adding SSL encryption ensures a private browsing experience for your visitors. It also makes your WordPress site appear more professional and it noticeably improves your Google and Bing page rank. To setup SSL encryption on your WordPress site follow my step-by-step how-to guide for installing LetsEncrypt on your Amazon Linux EC2 instance

3. Rename The WordPress Admin Login Page

The most prevalent WordPress hacking strategies are surprisingly crude, and involve mobilizing large botnets to randomly guess the password to the WordPress admin console. A highly effective counter-measure is to simply change the console login URL to something different so that botnets get a 404 “page not found” error every time they attempt to access your login page to guess the password. We’ll do this with a free plugin named Rename wp-login.php to anything you want. After installing the plugin you’ll find a new input box in the Settings->Permalinks console page where you can set the login URL to any syntactically valid name.

Important: You will be immediately logged out of the WordPress Admin console after updating the name of the login URL. Do not forget the new URL or you will not be able to login again!

And presto, as simple as that, you’ve just thwarted a not-insignificant percentage of hacking attempts on your WordPress site.

4. Add Wordfence Security Plugin

Wordfence Security is a freemium plugin that takes care of most of the heavy lifting regarding site security. This is a full-featured, well-designed and well-supported WordPress security solution. The free version is excellent, and might be all that you need. Setup is mostly automatic and includes a wizard that is designed for regular human beings with a limited understanding of web security concepts (i.e. most people).

5. Add W3 Total Cache Plugin

WordPress greatly simplifies content management; even for multi-user environments with sophisticated editing and publishing practices. But the flip side to WordPress’ user friendliness is a lot of complexity under the hood, and all of that complexity means that your server works hard to serve up pages to your site’s visitors. There are a half-dozen generally-accepted strategies for optimizing performance of WordPress sites, and W3 Total Cache is a fantastic full-featured solution that will enable you to leverage the short-list of strategies that are both high impact and easy to setup. For sites that not very interactive, like this blog for example, you should focus on only three performance strategies

  • Page Caching. This is really simple in theory. WordPress ultimately serves up web files like html, css, javascript, images and so on. Some of these, like HTML and CSS files for example, can be complicated for WordPress to produce and cause your server to work hard. Consequently, many of these kinds of files do not change frequently. A page cache stores copies of these fully-built files in a location “off to the side” that your server can quickly and effortlessly serve up to visitors. W3 provides lots of controls for fine tuning, however, the default settings for page caching work well.
  • Browser Caching. It turns out that popular computer browsers like Chrome, Firefox, Safari and others support browser caching, which is similar to page caching. Your computer (or rather, the computer of your site visitor) stores copies of all files that you download so that these pages can be served up instantaneously if and when you visit these pages later on. Browser Caching regards things that your WordPress site can do to the files it serves so as to incentivize visitors’ browsers to cache as many files as possible for as long as possible. Like page caching, W3’s default settings for browser caching work well.
  • Content Delivery Networks (CDN). Delivery of large multimedia content to your site visitors is a lot more complicated than it might seem, and it has mostly to do with the geographic location of your site visitors relative to the geographic location of your WordPress server. The farther your visitors are from your web server, the longer it will take them to download large digital content. The extent of performance degradation that your visitors can encounter can be alarming depending on the nature of the WordPress content