Web Development Blog - Be Devious Web Development

Speed Up WordPress Websites – 6 Essential Tips

July 20, 2016 by Dominic Vermeulen-Smith Leave a Comment

Website loading speed has been a hot topic for a little while now and this isn’t something that is going away. WordPress website speed comes up a lot and the is a fairly large conception that WordPress websites are slow, and a lot of people ask me how to speed up WordPress websites.

To say this is a generalisation is an understatement as WordPress websites come in all shapes and sizes, some are slow and some are not slow. Also, non-WordPress websites can also be slow or not slow.

WordPress gives you a lot of flexibility to build websites, but with such a huge array of plugins, themes and features, it can be very easy to all of a sudden end up with a slow website if you are not keeping an eye on it.

Here’s my top 6 tips for keeping your WordPress website speed up.

Speed Up WordPress Websites – 6 Essential Tips

OK, hold up, before we get started, let’s do some bench marking. Before you start trying to speed up your website, it’s a good idea to test how fast your site is right now. Two of the best tools out there are GT Metrix and Pingdom.

For the purposes of this article I’m going to be using GT Metrix as it’s what I prefer. I find the user interface easier to get along with and over the years it’s helped me to speed up a lot of sites.

So, head over to GT Metrix and enter your website’s URL, it’ll take a few moments, but then you’ll get your results:

OK, 1.3s to load my home page. That’s not too bad. This is what I’ve managed to achieve with what I’d consider my “standard” speed optimisations. So let’s see what they are.

1. Use your end point URL

I’m going to kick off with a really simple one. This isn’t actually a change to your website at all, but more you can help yourself, especially when sharing your website address on-line or sending it to someone in an email. The end point URL for my home page is https://www.bedevious.co.uk/. There are a few other versions of this that will still work and you’ll end up at the end point all the same, some of these are:

http://www.bedevious.co.uk/ – http instead of https
http://bedevious.co.uk/ – http instead of https and without the www.
https://bedevious.co.uk/ with the https but no www.

Now, if you use thes URLs, when the request arrives at the server, the first thing that will happen is that you are redirected to the https version. I have an SSL certificate for security, but it also helps with SEO, according to Google. And so I want everyone to visit using this version.

As a preference, my site keeps the “www.” in front of the domain. Don’t ask me why, I just prefer it. So, people who visit without a www. are redirected to the version with the www.

If you visit without the https or the www. you’ll be redirected twice. This all adds time to how long it takes to load the page. How much time I hear you ask? Well let’s use GT Metrix to compare the page load times:

I’ll be honest, even I was was surprised to see such a large difference, but it goes to show heading straight to the end point puts on the best starting point to speed up your WordPress site.

2. Image sizes

The images you put on your website are one place you can almost always look to speed up your website. They are normally the largest part of a webpage (in terms of file size) and so downloading hefty image files can slow you down a lot.

The secret here is to reduce the size of your images so that they are the size of the space you need to fill so that your users are not downloading a 1000px wide image to fill a 700px space. If people are interested I’ll add some detail on how to calculate the maximum width available for an image.

The good news here is that GT Metrix will highlight images that could be smaller and then even tell you how big to make them. Just look for the “Serve scaled images” section. You can click on the links to view the images if you aren’t sure which ones the are:

I like to use the free on-line image editor and Photoshop alternative Pixlr to resize images before uploading them to WordPress.

I also then use WPMU’s WP Smush Pro plugin which will compress the image files on upload so that they can be as small as possible. This plugin isn’t free by any means, but there are some free alternatives.

5. Lazy Loading

Lazy loading is great and a really quick way to speed up your site’s load time. There’s also a great free WordPress site speed plugin called, wait for it, Lazy Load. It’s available on WordPress.org here.

This plugin will figure out what will be on your visitors screen when the page loads and only downloads that content. Then, if and when they scroll down, more content will be downloaded so that it’s ready when it comes into view.

So if only 10% of a page is visible on screen when the page loads, only 10% of the content is downloaded initially and the user doesn’t have to wait for 100% of the content before they can start reading.

4. Caching / Minifying / Compressing

OK, now we get a little more technical. There are a few decent caching plugins to help with WordPress website speed optimization, to name a few:

After A LOT of experimentation with these, W3 Total Cache, or W3TC, comes out top for me every time. While initially seeming very complicated, once you get used to the settings it isn’t so bad.

There are a few types of caching, and some other optimisations that tend to be linked with caching, namely minifying and compressing.

For now, install W3TC and make sure you pay attention to these settings as a priority:

Page Caching – will probably have the biggest initial impact on page speed. Basically, it generates static HTML files that are served to your visitors rather than having to dynamically generate content, e.g. lists of posts, every time someone visits your site.
Minify – for both CSS, JavaScript and HTML files. Basically, it removes anything that isn’t necessary for a browser to read the files, but may be included to make it easier for a developer to read, for example. W3TC can also combine these file types to reduce the number of files that need to be downloaded.
G-Zip Compression – Provided that it is supported by your host / server, this is a setting within the Browser Caching section and is a simple click to switch on. While your there, scan down the list and make sure you are setting expire headers whereever possible.

5. Use a CDN

What is a CDN? CDN stands for Content Delivery Network. I’ll explain how this works by use of an example.

Say my website is on a server in London. If a user in London visits my website, happy days, it should download nice and quickly because it doesn’t have a long way to go. But, say someone who lives in Toronto visits my website, they need to download my images from London. They’ll need to travel around the world.

Sure, the internet is fast, and will it take THAT long? No, but if we’re optimising, then it’s adding unnecessary time to your WordPress website page speed.

When using a CDN, requests for things like images will go through a 3rd party network, who may have a server in, say, Toronto. The first time someone in Toronto visits the site copies of all of the images on a page will be downloaded to their Toronto based server. The second person in Toronto visits your sire, rather than coming all the way from London, the images are now just down the road.

I do love a CDN, so clever, but actually very simple.

Implementing a CDN might seem daunting, but actually there’s a couple of relatively simple options:

Use CloudFlare – Setting this up could warrent a post of it’s own, but actually CloudFlare are very helpful and provide a lot of supportive documents. They also have a free plan.
Set up using W3TC – if you use W3TC you’ll notice a CDN section. It will require registration with a 3rd party (I recommend MaxCDN because their customer service is insanely good). Sign up, add the details to W3TC and it will take care of the rest for you.

6. Hosting

OK, I’m sure I’ll get a battering for leaving this until last and for what I’m about to say.

Hosting does matter, for sure. To get an indication of how good your hosting is, click on to the Waterfall tab in your GT Metrix results and look at the first line:
This diagram shows a timeline of how long it takes to download everything a browser needs to display your page. You’ll notice that the first line stands all on it’s own.

This is because this is the initial request to the server to get the basic markup of the page, which contains all of the “instructions” of where to get everything else, e.g. images. A browser can’t do anything with this and therefore this metric is important. It’s also known as the TTFB – time to first byte. i.e. the time it took for the browser to receive the first byte of information.

Whilst the quality of your host is not solely responsible for this metric, it is included in there. 55ms is perfectly respectable and this website is not on any specially “WordPress optimised hosting”. Just a regular server that’s been managed well.

Why do I make this point? Because there is a lot of talk about WordPress optimised hosting and how good it is. And while I don’t doubt it has the potential of being the best possible, every time I’ve looked at this in the past I can’t imagine how you could justify the cost VS the benefit.

So, my advice here? Once you’ve optimised the life out of your website, if you are sure that your TTFB has not been slowed by any WordPress configurations or plugins that you could change, then consider looking at your host.

And yes, there’s plenty more…

Like anything else to do with running your own WordPress website, trying to increase the speed of your website is a can of worms for sure. This is just the tip of the iceberg but are the easiest steps to take with the biggest return.

What are your top tips for speeding up a WordPress website?

10 Search Engine Optimisations, according to Google

July 4, 2016 by Dominic Vermeulen-Smith Leave a Comment

Search Engine Optimisations, commonly known as SEO has been made into some magical science. Don’t get me wrong, I love spending half an hour reading a Neil Patel blog post on SEO as much as the next geek. But when I speak to my customers, or perspective customers, I feel like I’ve got to talk them out of this mindset and get them to forget everything they think they know, and just start being a bit more sensible about life.

I guess it’s easier when needing good sources has been nailed into your brain

In my previous life before I quit my job and became a self employed mega geek, my occupation was working on business cases for a large broadband / phone / entertainment company in the UK. The business cases usually needed some pretty solid numbers and facts behind them about things that their customers were doing, and what they would do with a new product or product feature.

You’d then get continually grilled about where these facts came from, so you soon found the best course of action was to get someone else to provide the info. An expert. And then write their name next to the fact in question.

My new job isn’t much different in some ways, although many seem to be getting away with spouting a load of rubbish with no source reference what so ever. I personally choose to listen to the experts, in this case, Google is a good place to start.

So, without further adieu, here’s 10 things Google have said will help your search engine rankings over the past few years.

Be careful when choosing someone to work on SEO for you

It can be easy to spot people you don’t want helping you with SEO. I’ll give you a clue, they’ll say something like “I’ll get you to #1 on page 1 of Google search results“, or “I’ll get you 500 genuine, high quality back links to your site”. You can find plenty of these on sites like freelancer.com or fiverr.com, or by opening your email junk folder.

Also known as “black hat SEO”, these are not good things. Getting lots of organic search traffic requires effort and patience.

“…some unethical SEOs have given the industry a black eye through their overly aggressive marketing efforts and their attempts to manipulate search engine results in unfair ways. Practices that violate our guidelines may result in a negative adjustment of your site’s presence in Google, or even the removal of your site from our index.” – Google Search Console Help

This article pretty much gives you the run down on everything you should consider when hiring someone to help you with SEO.

Forget about “putting keywords in you headers”

<sarcasm>This is my very favourite</sarcasm>

People are so adamant about this one. The thing is, it used to be true in the early days, but those people looking to trick Google knew this and filled their meta tags with irrelevant keywords just to get them to their site. Also, less bad people used this to get people to their sites, but the keywords weren’t always relevant.

“Google does not use the keywords meta tag in web ranking” – Matt Cutts, Google Software Engineer

Not sure why this one is still going since this was said pretty categorically back in 2009. It’s a given. Lets all accept it and move one please.

Understand search from Google’s point of view

As a general life rule, I think it’s a good idea to question how things work, and think about what others might be trying to achieve. Especially in business, always have a think about why people provide services and products, especially for free.

Google is an advertising platform. End. Advertising relies on one key ingredient – an audience to advertise to. That’s you and me when we go there to search. How do they keep us coming back? By making sure we get what we’re looking for when we go there with a question.

“I will make my product find the best answers to your question, or the best information related to the topic you are looking for.” – OK, that one was me…

Google did actually say…

“You want the answer, not trillions of web pages. Algorithms are computer programmes that look for clues to give you back exactly what you want.” – GoogleIndie Search – Algorithms

Here’s a nice little page that explains a bit about what the Google Search Algorithm is and how it’s been developed to focus on getting people the best content.

Clue: the key part here is – the best content…

[bedev_widget_area]

Make your site easy to crawl

OK, this one might get a little bit technical, but actually a lot of the time your host might take care of it for you. Or, if you’re using WordPress, use of a good SEO plugin like Yoast’s WordPress SEO, adding a robots.txt and sitemap.xml file is easy. Then it’s just letting Google know about them in the Webmaster Tools Search Console.

These files may seem complicated, but they’re not, especially the sitemap – it’s as it sounds, a map of your site. Literally a list of pages, posts, images and other content on your site.

“With the robots.txt file, site owners can choose not to be crawled by Googlebot or they can provide more specific instructions about how to process pages on their sites.” – GoogleIndie Search – Crawling & Indexing

Nothing will make it easier for Google to index your content how you want them to than you telling them how you want them to do it.

Make sure your site is mobile friendly

Anyone with a smartphone knows how easy it is to use a non-mobile friendly website on their phone. Not easy. Trying to zoom in, scroll around the pages. It just doesn’t work nicely.

“Last year, we started using mobile-friendliness as a ranking signal on mobile searches. Today we’re announcing that beginning in May, we’ll start rolling out an update to mobile search results that increases the effect of the ranking signal to help our users find even more pages that are relevant and mobile-friendly.” – Webmaster Central Blog

This was a great update for people who already had mobile friendly websites as they got an instant search boost.

Also worth a note that tools like Google Page speed report do give more favourable results to truly responsive websites. For developers, that means using @media queries in your CSS to style pages appropriately on different size screens.

For everyone else, if you have mysite.com that redirects you to m.mysite.com, this is a separate mobile website, not a mobile friendly website. These tend to provide a worse experience because companies that make them have to actually build a second website.

Most modern websites, or WordPress themes are responsive. If you have a service selling websites where responsiveness is a feature you can gain by upgrading, stay clear.

Use SSL

This one still seems to come up for debate a lot, I can’t get my head around why. For those not in the know, SSL is a technology that essentially scrambles information as is sent between a user’s browser and the server a website is stored on so it can’t be intercepted by hackers.

You can tell if a website has SSL as it’s address will start with “https” instead of “http“, and you get the little green padlock in the address bar.

Many still argue that SSL isn’t necessary and doesn’t affect search engine rankings. Well, according to our friends over at Google…

“over the past few months we’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We’ve seen positive results, so we’re starting to use HTTPS as a ranking signal” – Google Webmaster Central Blog

So while this article was saying they were testing and starting to roll it out, that was a while ago, and the internet is hardly moving away from SSL. In fact, one of the latest server protocols, http2, only works when SSL is enabled.

Also, since when is being more secure a bad thing?

If you haven’t heard of Letsencrypt, you should check it out. While not available to everyone at the moment, depending on access, control panel, skill level, this is backed by some big players, including Google, and promises to remove the financial decision from whether or not to secure connections to your site.

Be careful not to breach copyright

Phew, lucky I saw this one, I was just about to start a campaign of plagiarising.

No seriously, content owners all over the world are upping their game in terms of finding where their content has been used illegally. Google are also on-board and can blacklist sites if they receive complaints from content owners.

It goes without saying that stealing content and copyright material isn’t good, but the point here is don’t let it happen by accident. Double check your licences and if you are actually allowed to use the images, video and sounds that you are using!

“we will begin taking into account a new signal in our rankings: the number of valid copyright removal notices we receive for any given site. Sites with high numbers of removal notices may appear lower in our results.” – Google Inside Search

Be a good guy

Another that kind of goes without saying, but I think that some people are missing the point.

Giving users the best experience possible, be it in terms of great content, a fast website and a site that’s easy to navigate, Google are quite specifically looking to reward websites that are taking this approach and pushing them up the search results.

On the other side, they are quite specifically looking to demote those who are doing the opposite.

“In the pursuit of higher rankings or traffic, a few sites use techniques that don’t benefit users, where the intent is to look for shortcuts or loopholes that would rank pages higher than they deserve to be ranked.” – Google Inside Search

Ask yourself if you’re focused on providing an great experience as priority #1. If the answer is no, might be something to think about.

Include good content “above the fold”

This, actually, was a new one to me while I was researching for this article. And, I was a little disappointed as I’m a fan of full screen images with limited text as a website loads. I think it looks nice. But, here we are, apparently, it’s a better experience to provide the information someone is after straight away on screen.

I think my takeaway here will be to start taking this on board for posts and informational pages and save the fancy designs for the home page.

“we’ve heard complaints from users that if they click on a result and it’s difficult to find the actual content, they aren’t happy with the experience. Rather than scrolling down the page past a slew of ads, users want to see content right away. So sites that don’t have much content “above-the-fold” can be affected by this change.” – Google Inside Search

Add new content regularly, and don’t forget to update the old

This is one of the most important in my opinion. Older information is more likely to be wrong. That’s just common sense. So adding new relevant information to your website says to Google “I’m more likely to be correct than someone else“, you might not be, but potentially more likely.

“Given the incredibly fast pace at which information moves in today’s world, the most recent information can be from the last week, day or even minute, and depending on the search terms, the algorithm needs to be able to figure out if a result from a week ago about a TV show is recent, or if a result from a week ago about breaking news is too old.” – Google Official Blog

An often overlooked strategy is updating old posts. Something to consider as you’ve already done a lot of the ground work. I already plan to try and update this very post over time in fact, keeping it fresh and adding the latest announcements from Google as I go.

So there you go!

So there’s my top 10 Search Engine Optimisations according to Google. It’s time to let go of all the incorrect ideas about SEO and just start paying attention to the simple things we can do to get more visitors to our websites. The good news is that most of it is really common sense, focus on your audience and what they are trying to find out. Then, give them the best experience you can.

Have I missed any biggies?

Let me know in the comments if I’ve missed any big ones, or, what are your favourite falsities when it comes to SEO?

[bedev_widget_area]

LetsEncrypt – Securing the internet, for free!

July 4, 2016 by Dominic Vermeulen-Smith Leave a Comment

I was surprised recently when speaking with a friend about the Be Devious WordPress Hosting services I’ve just launched, when I told him that I’ll be including SSL for free for all the websites I sell. He didn’t know what SSL was, but that wasn’t what surprised me, he’s far less geeky than I.

But when I went on to say “you know, when you get the little green padlock at the top? That one you’re supposed to check for before entering your card details online?“. Nope, he had no idea. I thought that message had gotten through!

So turns out some people still don’t know what this is. But if you have a website you need to, and it is becoming more and more the consensus that you should have it.

What is SSL / TLS / HTTPS?

Secure Socket Layer / Transport Layer Security / Hypertext Transfer Protocol Secure.

That cleared it up for you?

No?

OK, I’m not going to go in to detail about this works right now, as it’s not specifically required for this article. In general, without SSL, any information that is sent from your browser to a web server is sent “as is”. i.e. it’s just sent as text. So if I log in to a site with myusername and mypassword, anyone clever enough and with a mind to intercept or log that message can pretty much just pick out my login details.

When SSL is in place, before your browser sends anything out it encrypts it. That is, it turns it into a meaningless mess of letters, numbers and special characters. The only way it is possible to translate this back to what it was in the first place is to pass it to the web server which has the key to unlock the code.

That’s it in a nut shell.

SSL can be considered relatively expensive, especially for small businesses, blogs or non-profits. It is considered by many that making whether or not you secure user’s personal information or not a financial one isn’t a good thing. Enter LetsEncrypt…

What is LetsEncrypt?

SSL certificates are issued by bodies called Certificate Authorities. Those who are trusted to issue SSL certificates work with those who make browsers so that if a website attempts to use a certificate that isn’t trusted, your browser can warn you of this.

LetsEncrypt is a new Certificate Authority backed by some big players including Automattic (WordPress) and Google (Google). Their advisory board has also got some big boys sat on it including folks from Mozilla, Akamai and Cisco, so you know it is the real deal.

These guys are committed to six key principles – Free, Automatic, Secure, Transparent, Open, Collaborative. I think we can all get on board so far yes?

What you can take away from this is that they want to take the financial angle out of security and make the internet a safer place for all.

Another important point to note is a new technology HTTP2, a major upgrade in how websites work and will have a large impact on website speed only works with SSL, therefore it’s in everyone’s interest to secure their sites to be ready for their servers to be upgraded to use HTTP2.

Ways to use LetsEncrypt

So first off theirs a couple of ways to get a certificate from these guys that does require some technical knowledge. And by that I mean you need to know how to use the command line. If this doesn’t sound like you, or you’ve never heard of SSH or Shell access, I suggest you don’t attempt this.

If you think this is for you, I’m not going to reinvent the wheel, there’s a couple of really decent run throughs of this provided on the WPMU blog:

Personally I’ve found that it is considerably easier to pass the “heavy lifting” of this process to someone else. Fortunately Plesk has provided an add-on to not only install certificates but manage the renewals for you, and for a small price you can purchase one for cPanel.

Did I mention that all Be Devious WordPress Hosting comes with a LetsEncrypt certificate set up for you on your domain? And that all Be Devious Web Hosting uses Plesk and has the LetsEncrypt extension available for you to install certificates to your heart’s content?

Maybe I did, oh well, you definitely know now!

Limitations

Of course there have to be some limitations. I’d be interested in hearing from people if there are more that need to go onto this list…

Wildcards

When you set up an SSL certificate, you need to specify the domains that you want to include. Normally you’d want at least mydomain.com and www.mydomain.com covered. You may also wish to cover all of your sub-domains as well, i.e. subdomain.mydomain.com – in the general SSL market, you can get something called a wildcard certificate. This means all your subdomains are included automatically, often written as *.mydomain.com ( * = all ).

LetsEncrypt have stated that they don’t support wildcards and don’t plan to.

Via the command line and Certbot methods you can list multiple domains for one certificate and so you could include numerous sub-domains, however you’d need to update this every time you created a new sub-domain.

The Plesk extension currently only supports the www. and non-www. versions of a domain and there are no further options.

I’ll come on to how to work around this shortly

[bedev_widget_area]

Browser Compatibility

During the Beta stage of testing there were a number of issues raised with compatibility of certain browsers on certain operating systems. Google Chrome on Windows XP and Windows Vista to name a couple. These were resolved, but it is possible that older browsers and operating systems could in future throw security warnings for valid LetsEncrypt certificates.

It’s something to be aware of. Personally I have opted for the more affordable, higher level of security and at every opportunity recommend people stop using outdated and unsupported browsers and operating systems.

Renewals

Depending on the method of set up, you may need to manually manage certificate renewals. LetsEncrypt certificates are only valid for 90 days. This is to enforce faster and more frequent updates that is especially handy if security vulnerabilities are discovered. i.e. if someone figures out how to hack LetsEncrypt, you are a maximum of 90 days away from getting a new certificate. If you’re smart and engaged you will renew sooner.

The extensions offered for Plesk and cPanel handle all the renewal processes for you, and the Plesk extension even revokes certificates automatically when a domain is deleted from the control panel.

Rate Limits

There are limits on how many certificates can be registered per week, per domain and per IP address. If you’re requesting enough for this to affect you, I’m assuming you’re technical enough to read about the limits directly from the source.

WordPress

LetsEncrypt works just fine with WordPress. Here’s a few handy tips to look at.

.htaccess

.htaccess is an Apache file that essentially is the last point that your server might interject on a request being made by a visitors browser before it hands of to the WordPress php files to generate a webpage. It is commonly used for enforcing redirects and can be handy for managing requests and forcing them to head to the https version of your site.

A quick Googling of the topic will show you numerous options of what to use here, but through my experimentation, here’s what works best:
RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

This is my preferred method because it captures every request not using SSL and dynamically redirects to the host AND the URL. It is assumed a lot of the time that your website only makes use of one domain. If you are using WordPress multisite with multiple domains, sub-domains, sub-directory sites and mapped domains, this should have you covered.

Updating everything to HTTPS

An important point to note is that when using SSL, all requests for resources on a website must also be requested over SSL. If they are not they will either not be downloaded – which would cause the page to look terrible or malfunction in the case of images, style sheets and javascript files, or to throw a security warning.

My recommendation is to use the Really Simple SSL plugin – this adds another few rules to your .htaccess as well as makes some updates to the database to ensure that requests for resources are updated.

If you are using a CDN, you’ll also need to make sure that they offer SSL access to your pull zones.

Are you using SSL? What’s your experience?

Setting up SSL can be easy, but it can also cause some headaches. Share your experiences and tips in the comments below.

[bedev_widget_area]

Website backups – do you KNOW how?

July 4, 2016 by Dominic Vermeulen-Smith Leave a Comment

You gotta love a good backup. A few months ago I found that I didn’t love backups enough. Or at least I hadn’t been paying my backup processes nearly enough love. We won’t even talk about whether or not I’d ever fire drilled a recovery. A simple mis-typed command into a linux terminal while necessarily logged in as the root user started me on a path of learning that a neglected relationship with your backups leads only to pain.

Since this horrific ordeal I’ve come to be considerably more of an expert in backups than I was previously. Here’s a run down of the various backup methods I’ve tried and or now employ to ensure I’ve got things covered, including their pros and cons when it comes to attempting to restore.

First off I’ll give you some food for thought on what your situation might be, then I’ll give you some tips on how to improve things.

If you are a web hosting customer of whoever, know what is being backed up

Shared hosting

Shared hosting, not normally called shared hosting, but if you’re paying a few quid a month on hosting, you’re on shared hosting. These services are pretty much always backed up, to an extent.

Shared hosting essentially means your websites, the files and databases are on a server with other people’s websites, their files and databases. As you share an operating system and the hardware (memory, processors, hard disks – at least in a virtual sense), all this will be managed by your hosting company. If they make a mistake, they better hope they’ve got their customer’s data backed up and are able to restore it quick smart but they will likely not take any responsibility for the impact to you or your business for downtime during a restoration.

It’s worth checking your shared hosting Ts&Cs to see what the deal is on your hosting package.

[bedev_widget_area]

VPS & Dedicated Server

So contrary to share hosting, here it’s unlikely that your hosting provider has your back when it comes to securing your stuff. Here’s a list I find useful when it comes to backups to make sure I have everything covered. Ask yourself, if your server disappeared tomorrow, how quickly could you restore:

Your server software, including – operating system, php, apache, nginx, apache MySQL files and updates
Your server control panel, including – domain settings, DNS settings, account settings for resellers
Your websites files
Your website databases

These tend to come in a couple of different flavours – managed and not managed. If managed, you may find that they take care of the first couple but it’s worth checking. It’s rare that backups for the second two are included as part of a standard package. Even though they might sell them as extras, just consider whether you want your backups stored in the same place as your server, ehem, 123-reg…

Cloud Servers

Here I’m really talking about those who have their own servers and VMs spun up on services like the Google or Microsoft Clouds. These services should be pretty solid, you hope, but you can still backup an entire sever image in one, perhaps not the best for a regular backup, but before and after any major updates it could be a good way to keep hold of stable versions of your systems.

Hosted / Managed Website Services

Now here is somewhere you definitely want to check what your provider is doing to look after your site(s). It’s common that you won’t have any access to files or databases, and with a CMS like WordPress you probably won’t have the ability to install any backup plugins. If you want an extra layer, you can always look at regular exporting your content and storing it somewhere.

OK, so make sure you know what’s being backed up, now, how can you go the extra here?

Via Control Panel

For those using a popular server control panel such as cPanel, Plesk or Direct Admin, you’ve got a few easy options at your disposal.

In the Tools & Settings look for “Backups” or “Backup Manager“. These tools will normally allow you to schedule backups of your control panel configuration – your settings, domain settings and customer settings for resellers – as well as your files and databases.

You should also get options to store these backups in a remote location via FTP. Use this option. What? Your hosting costs just went up from needing another server to store this stuff on? A necessary cost.

Another handy setting is incremental backups. Setting these every hour or so will mean only files that have been added, removed or changed will be added, removed or changed in the backup location. This can be great for going easy on your server’s resources. While a daily snapshot / total backup can give you something to roll back to if you need to, in case of a hack, for example.

Resources:

CMS

I’m really only an expert in WordPress here, so let me tell you about a few good options.

I mentioned using the WordPress export functionality already (under tools). Though not ideal as you can’t automate, plus this actually only generates an XML file, i.e. text only. Obtaining your images later via this method actually relies on them still being in place on your server.

Here’s some other plugins that might make your life a bit easier:

iThemes Security

A classic for securing WordPress, and one I recommend every time, especially given that the free version is actually pretty damn good. A feature of the free version is automated daily database backups that can be sent to you by email. Make sure this is sent to an email that IS NOT hosted on the same server as your website…

Resources:

iThemes Security

Backup Buddy

Also from iThemes, a well renowned backup plugin that can backup your files and databases at regular intervals and automatically send them to remote locations. Backup Buddy also makes it very easy to restore from backup files which can be used to recover from a rogue plugin or user error.

Resources:

Backup Buddy

WPMU’s Snapshot Pro

My favourite plugin for backups in WordPress, mainly because it’s great for WordPress Multisite Networks. You can set the plugin to backup a specific sites files and or it’s database tables. I’ve been able to use it in the past to restore a site to a version backed up an hour ago whilst not touching or impacting any other sites on the network. A missing feature is the ability to backup the entire network in one, but word on the street is that this is in the pipeline, along with remote storage for WPMU members to go alongside it’s current FTP, GDrive, OneDrive and DropBox options.

Resources:

WPMU’s Snapshot Pro

Some others that may interest you

Mover.io

Got to give a shout out to Mover.io. This service can be used not only for backups but also migrating files between numerous other services including OneDrive, GDrive, DropBox (for free I might add) as well as “Premium Connectors” like FTP and sFTP for $20 / month. This can be used to effectively create a mirror of your website’s files on another web server, FTP storage server or cloud storage service like the ones mentioned above.

As with other method mentioned here, the incremental option is a powerful one enabling an hourly update of files that have changed since the last run.

Something to watch for – if you delete files from your website, they are not deleted from the mirror which adds an extra thing to think about if using it for restoration.

Something else to watch for – an hourly process like this requires Mover.io to login via FTP every hour and check through the created and modified time stamps for every file, this can be a little intensive on server resources.

Databases

A clear shortfall of using a service like Mover.io to backup via FTP is that it won’t include your databases. Not to worry, dumping your database into your website directory on a regular basis will include it in one of your regular incremental. Just be sure to update the dump file’s permissions so that it isn’t publicly accessible.

Here’s some methods you can use for this:

MySQL Export – via phpMyAdmin, click the export tab and export an SQL file.
Cron MySQL Dump – set up a cron or scheduled task containing the mysqldump command to save a copy of the database
WP CLI DB Export – If you are using WordPress, installing the WP CLI utility and using the wp db export command will pretty much do the same as mysqldump but will take care of the username and passwords for you

So there you have it

Some food for thought for many I’m sure. I’m not sure that I ever would have focused on my backup processes so closely if I hadn’t had to experience a disaster first hand, so perhaps a blessing in disguise.

Of course having backups is only one half of the game, ensuring their integrity and knowing how to restore, and restore quickly, is the other half. I’ll come to that soon.

Please use the comments board to share you’re preferred methods of backing up!

[bedev_widget_area]

SEO, please, let’s end the myths

June 18, 2016 by Dominic Vermeulen-Smith Leave a Comment

I have totally lost count of how many SEO articles I’ve seen. How many people promising to get you to the top of Google search results, blah, blah, blah…

I quit my job relatively recently (7 months ago) and become a self-employed web developer offering all types of web services. Since then, every time I speak to a prospective client or contact at a networking event, or someone online, always the question “do you do SEO? Can you do my keywords?”.

It’s taken me a while to work out how to answer this question. I started with “no”, then I moved to “no, do you?”, then, begrudgingly, I started saying “yes”. I’ve even updated my website to say that I’ve started “doing SEO”. Urgh, I feel so dirty!

And why is that? I’ll tell you why, I’ve also spoken to countless people who say “I pay my web guy £60 / month to do my SEO.” Do your SEO? Do they write content for you? No? Do they continuously check and update the content on your website? No? What are they doing? Nothing, I’m afraid is likely to be the answer.

But now I’ve joined the game. But with an attempt to cut the crap. I’m looking to give people advice and provide a service where I, or they, actually do something, that helps their business in a positive way.

People have totally lost the plot with SEO

So what is the deal here? Why am I so annoyed about this?

I feel like a lot people in the industry have managed to turn SEO into this mysterious beast, where to tame it you need to be really technical and have an in-depth knowledge of Google’s search algorithms so that you can put these magical things into your website that mean that when someone searches you can be sure your website is found.

Let’s just hold up a second. Are Google’s algorithms that important?Why do they have them? What are they for?

These are easy questions. To answer them, imagine that you are Google, or maybe the person at Google who is responsible for search, it’s your product, it’s your baby. What would you want it to be, or do?

When I imagine this, I imagine that I’d want people to come and use my product and have a good experience using it.

[bedev_widget_area]

Yeah but, what is a good experience using Google Search?

Well, presumably, people come to use my product for a reason, that reason is they want to find something, or they want to answer a question.

OK, so I guess I should make my product do that job as best as I can. I will make my product find the best answers to your question, or the best information related to the topic you are looking for.

Next, let me look at what indications I’ve got that tell me when you’ve found what you are looking for. Let’s consider two scenarios

You searched, I gave you a link, you clicked it, I can see that you spent 15 seconds or so on the page and then you left.
You searched, I gave you a link, you clicked it, I can see that you spent almost 3 minutes on the page, then it looks like you clicked on a few links on that site and had a look around.

Now, which one of these sounds like my product user had a better experience? Obviously number 2, and why? Because the content on the site was what the user was looking for. It answered their question. And not only that, they were offered more content and information on the site that tickled their fancy.

Over-simplified much?

Right, have I over-simplified this? Of course I have. But the message you should be taking away here is one of mindset. Stop thinking about how you can get to the top of the search engine results, or trick Google into putting you there, and start thinking about who your target audience is, what they are looking for, what questions they have and then give them what they want.

Then, promote the life out of it! Getting people to your site yourself is the next big step in getting Google to think you’re worth directing THEIR users to when they’re searching.

So, you can just stop doing all that other stuff?

No that’s not quite what I’m saying. Here’s some “do’s”:

Do keep researching “keywords”, or “what people are already searching for” in English, and then producing content about it, making sure those words are mentioned in the relevant places is still important, but do it for the right reasons with the right mindset.

Do pay attention to your titles, page descriptions and featured images. These are what people see in search results, or when you share a link on Facebook, so is only going to help encourage people to click.

Do write amazing content that answers the questions your target audience are looking for.

Do make sure your website loads quickly, no one likes a slow site.

Do encourage other sites to link to your content, it will only get more people to your site, but do it in a positive, constructive way, not a spammy way.

Do measure what users do on your site and A/B test to find the best experience.

Do use SSL, if you can. It can’t be a bad thing, and those nice folks over at Letsencrypt are making it very affordable, and when I say affordable, I mean free.

OK so what next?

How can you do all of these good things I hear you ask? Well I am of course aiming to do the same thing that all of your are – build an audience. I’ve produced a 10 step guide, witch actual tasks you can sit down and do to help with SEO. The great thing about them is once they’re done you can see the improvement and benefit. I do, of course ask you to join my mailing list to get a copy. But I promise I’ll only send you good useful stuff, that you’re already looking for 😉

[bedev_widget_area]