Guide: WordPress best practices and security

As WordPress specialists, we build every site with a high degree of security in mind as well as a range of useful modules as standard. But many still don’t use WordPress best practices, meaning they don’t get the best out of the platform.

Best practice approach to WordPress development

We take into account a broad range of considerations when building a WordPress website. This includes:

  1. Ensuring the site complies to best practice standards for usability, ease of maintenance and search engine visibility
  2. Security – in an age of increasing security threats the ability to build defensively and maintain a secure environment is of paramount importance
  3. Usefulness – we include as a matter of course a range of useful modules and plugins to extend the ability of editors to create engaging websites

WordPress Best Practices:

We implement the following for all of our WordPress website developments

  1. Check the website in all browsers for compatibility issues
  2. Check responsive design to work on mobile devices and tablets
  3. SEO Check for common SEO requirements
  4. txt – ready for go live to enable a dev site to become visible to search engines
  5. Remove x-robots-tag from web.config
  6. W3C Html Validation – Ready for go live
  7. Accessibility Validation – Ready for go live
  8. Ensure colour contrast meets accessibility requirements
  9. Mobile OK score of 75+ as this is a key consideration in mobile Google results
  10. Google Page Speed score of 90+ again for ensuring good Google results
  11. Google Analytics snippet to enable you to view the site usage with Google Analytics
  12. 404 + 500 pages to enable re-directs to users who find themselves on broken pages
  13. Sitemap (if required)
  14. Favicon – to display your logo as the website icon in the URL
  15. 301 Redirects – to ensure you retain all of your existing search engine rankings
Guide WordPress best practices and security

Editing and site management:

In order to maximise the usability, flexibility and interactiveness of the WordPress website we include the following modules and functionality:

  1. Beaver Builder – a visual in-line editor to provide advanced editing
  2. Gravity Forms – non-technical Form builder to enable simple through to complex forms with applied logic
  3. Yoast SEO – SEO tool to help optimise pages for search engines
  4. Search Everything – a search tool that you can configure to search pages, excerpts, attachments, drafts, comments, tags and custom fields (metadata) and you can specify your own search highlight style. It also offers the ability to exclude specific pages and posts. It does not search password-protected content
  5. W3 Total Cache – W3 Total Cache helps you optimize your WordPress site for speed and performance. It allows you to easily setup page and browser caching, compress pages for quicker downloads, and set up a content delivery network for your static files
  6. Login Lockdown – limits the number of times to log in to the site
  7. TablePress – enables you to easily add tables to WordPress pages

WordPress Security Best Practices:

To support a secure security methodology we utilise the following techniques: Use the following services and plugins

  1. CloudFlare – a third-party application providing the following benefits:
    • distributed network to improve the delivery speed of web pages
    • Anti-spam filters that learn
    • Anti-hacking protection
  2. Ability to ban specific malicious IP addresses
  3. Provides a backup static site of the most visited pages in the event of the site being unavailable
  4. Login Lockdown – to limit the number of login attempts to prevent “brute force” hacking attempts
  5. Change the default login page
  6. Code defensively to protect from SQL injection attacks and Cross Server Scripting