Tools to check & optimize your website

I’ve compiled a list of free and paid tools that may help you know if your website safe and keep it safe, see if your hosting is good, your domain name is happy and your website is free of mal-ware.

Mostly we are talking about wordpress, but much of this information applies to other website platforms. Go ahead and play around. Mark this page so you can come back and try some more stuff.

For general information about wordpress and online help see the wordpress codex.  The word press core is open source. You can do anything you want with it within your interest, ability and skill set. This means WordPress is constantly evolving. Because of the open source nature of wordpress, not everything that is made for word press is good. Only add plugins and themes from highly trusted sources. Only keep plugins you really need and keep them updated. If you start playing with WordPress heavily, get a ftp connection to your server.

Domain Name Privacy

The company you registered your website name (domain) should offer something called privacy protection. European companies often include privacy on domains as part of privacy law.

Try  DomainTools and, check to see what information is public. If you can see your name and address  (or registered address), phone number, email address, etc., This may leave your website name open to piracy.

Highly recommended : Turn privacy protection on with the company you have your domain registered with. This may cost a small yearly fee

this website has no security certificate

Security Certificates

“SSL Certificates are small data files that digitally bind a cryptographic key to an organization’s details. When installed on a web server, it activates the padlock and the https protocol and allows secure connections from a web server to a browser.” Global sign

Google thinks that any legitimate business should have a security certificate for its website. It’s easiest to get one from your hosting company, some offer it for free. Others charge from $60-$70 per year. Most hosting companies will install the certificate for you. You may need the really simple SSL plugin to make sure it properly set up the certificate on word press. Setting up a security certificate yourself can be a pain. You’ll see free alternatives on the web. Doesn’t seem prudent.

Highly recommended: You should have a privacy policy page. You might also create terms and conditions to address certain situations.

Looking deeper into your website

Use googles transparency search to see if a website has been compromised with malware.

Ultratools has a check to see if your website is on the Naughty list for spam. they have a bunch of tools that will tell you about web performance.

Here you can create a site map for your website. This will  help robots see everything on your website you want them to see.

Wonder what they do see? ask google to crawl your website and report back to you.. You may decide to exclude some material with a do not follow


It’s nice if other people are talking about you! Resist the temptation to create or purchase phony link-backs, Google thinks this is bogus and gives you less love. Its good practise to have a couple of links to relevant information in every page and post

Use (requires sign up) to see how other websites mention your website and link to it: .

Code errors, Opitimization

Validate your HTML and CSS coding at W3C (World Wide Web Consortium) using HTML validatorCSS validator, and mobile code validator.  (if you really want to know, It depresses me when I see sloppy code)

See Google developers for advanced information . I’d recomend create high quality pages for anyone who wants to create great content. Yoast also addresses content, its annoyingly picky, dont take it personally.

Google’s page speed insights is informative on optimization that may help your website load faster. However, I’ve had extremely slow websites score well, and fast websites score poorly.

Highly recommended: Think about changing your theme and re-doing your website every 5-7 years, or more often if you can.


Here are some recommended wordpress plugins that everyone should get:

Yoast: (sets the meta information, page names and keywords that wordpress is bad at)

All in one Wp security (creates a firewall and checks security, backs updata base and other settings)

Edit author slug (removes or changes the authors name from pages and posts which might be a gateway to guess your log in) There are more ways to do this.

Google Analytics Dashboard for WordPress this plug in works with google to give you the basic connection and stats (first sign up with google analytics to get your code for your website.Google analytics goes from simple traffic data to highly involved statics and testing) I am using the  GA google analytics plugin on this website which adds the google analytics code.

Wp-Optimizer  Nice to have, makes java script and style sheets smaller (minified) use with caution, it might interferre with other caching, may break stuff. But does not appear to cause permanent  damage when reversed. I really like it, but it doesnt always work. There are many choices I will test in the near future.

WordPress Website Page Editors

Divi builder is a design system that is built into website themes, it works very well, but has some advanced features. They ask for money, I believe after a year.

Visual builder comes with many themes and is fairly easy to use, however it doesnt like to update after a period of time, also wants money. Neither of these seem to break websites when they expire, but the constant pay to update message can be annoying.

Beaver builder works well, I like elementor the best, use these when your want to build pages with columns and images, text animations, spacing, galleries and other style tools.

Word Press Themes

These are pre built templates that offer functionality that can make your website look great. They can save a lot of time building what has already been built, and help designers like me offer clients better websites.  Many are often free or offer free versions, fancier ones cost $49-$79.  Example: a sports website that will feature stats and scores. There is no need for me to build these features when they are built in to a good theme.

Website Accessibility

The power of the Web is in its universality.
Access by everyone regardless of disability is an essential aspect.

—Tim Berners-Lee, W3C Director and inventor of the World Wide Web 

Your website should be usable to as many people as possible. If people have trouble reading your text, (whether they are disabled or not) you should make adjustments.

See the WAVE accessibility tool

W3 schools has tons of information on Accessibility as well as tutorials and web standards. Go there for basic coding examples.

You should decide what you want web-crawlers to go, Both for accessabilty and for continuity. Think about Do not track directives

picture of media screen
where to add the alt tags to images

All images MUST be labeled with alt tags, If a person can not see the image they will know what it is. Keep alts honest and simple.

UC Berkeley offers more links to accessibility tools

HIPAA compliance

If your website is about or serves persons with health or mental health topics, collects personally identified information in any form, you should recognize privacy regulations created by HIPPA see the HIPPA journal for more information. Ask your webmaster to sign a business agreement stating they will not reveal anything they may see in website communication. Example:  An email that says, “I need counseling for..” or a application form for an event that states a health condition. Of course you have security certificate if you are collecting Information..right?


The European union adopted privacy standards, (the General Data Protection Regulation or GDPR) and enacted them in May of 2018. Essentially you must protect the information of anyone who visits or uses your website. These standards are honored in the US. It is good practice to protect yourself from privacy leaks.

I use the wp-gdpr compliance plugin which asks people to agree to your privacy policy and allows them to request stored data. The concern is that pirates may hold you for ransom if you arent protecting privacy. You should investigate further if you need more privacy protection or have concerns.


I have no recommended hosting at this time but WP engine includes the security cert and CDN, which will help with page speed, so it might be worth the price. Save 20% off your first payment when you choose wpengine for your hosting Use coupon code WPE20OFF  

Godaddy has excellent customer service, however, they up-sell aggressively which is annoying. Im not fond of their wordpress hosting, cpanel hosting is just fine. Many people, including myself only use them for domain services.

Blue hosting offers a free security certificate with hosting, their hosting seems fine, but they also upsell, Engage in bait and switch marketing tactics and have been know to redirect calls to outside vendors. ultra annoying.

Highly recommended: web hosting with PHP 7, MySQL version 5.6 or greater

Backing up your stuff

Choose tools on the word press dash board and choose export. Save the xml file somewhere safe. Redo this if you create content often. If you use All in one Wp security, ask it to run a data base back up now and then and email it to you. If possible, get a copy of your theme and hold on to that.

I hope this helps and give you some tools to test your website. If you have questions or find tools I should include, let me know! contact Brooke Here