I’ve compiled a list of free and paid tools that may help you know if your website safe and keep it safe, see if your hosting is good, your domain name is happy and your website is free of mal-ware.
Mostly we are talking about wordpress, but much of this information applies to other website platforms. Go ahead and play around. Mark this page so you can come back and try some more stuff.
For general information about wordpress and online help see the wordpress codex. The word press core is open source. You can do anything you want with it within your interest, ability and skill set. This means WordPress is constantly evolving. Because of the open source nature of wordpress, not everything that is made for word press is good. Only add plugins and themes from highly trusted sources. Only keep plugins you really need and keep them updated. If you start playng with wordpress heavily, get a ftp connection to your server.
Domain Name Privacy
The company you registered your website name (domain) should offer something called privacy protection. European companies often include privacy on domains as part of privacy law.
Try DomainTools and Whois.net, check to see what information is public. If you can see your name and address (or registered address), phone number, email address, etc., This may leave your website name open to piracy.
Highly recomended : Turn privacy protection on with the company you have your domain registered with. This may cost a small yearly fee
“SSL Certificates are small data files that digitally bind a cryptographic key to an organization’s details. When installed on a web server, it activates the padlock and the https protocol and allows secure connections from a web server to a browser.” Global sign
Google thinks that any legitimate buisness should have a security certificate for its website. It’s easiest to get one from your hosting company, some offer it for free. Others charge from $60-$70 per year. Most hosting companies will install the certificate for you. You may need the really simple SSL plugin to make sure it properly set up the certificate on word press. Setting up a security certifcate yourself can be a pain. You’ll see free alternatives on the web. Doesnt seem prudent.
Looking deeper into your website
Use googles transparency search to see if a website has been compromised with malware.
Ultratools has a check to see if your website is on the Naughty list for spam. they have a bunch of tools that will tell you about web performance.
Here you can create a site map for your website. This will help robots see everything on your website you want them to see.
It’s nice if other people are talking about you! Resist the temptation to create or purchase phoney link-backs, Google thinks this is bogus and gives you less love. Its good practise to have a couple of links to relevant information in every page and post
Use Moz.com (requires sign up) to see how other websites mention your website and link to it: .
Code errors, Opitimization
Validate your HTML and CSS coding at W3C (World Wide Web Consortium) using HTML validator, CSS validator, and mobile code validator. (if you really want to know, It depresses me when I see sloppy code)
See Google developers for advanced information . I’d recomend create high quality pages for anyoone who wants to create great content. Yoast also addresses content, its annoyingly picky, dont take it personally.
Google’s page speed insights is informative on optimization that may help your website load faster. However, I’ve had extremely slow websites score well, and fast websites score poorly.
Highly recomended: Think about changing your theme and re-doing your website every 5-7 years, or more often if you can.
Here are some recomended wordpress plugins that everyone should get:
Yoast: (sets the meta information, page names and keywords that wordpress is bad at)
All in one Wp security (creates a firewall and checks security, backs updata base and other settings)
Edit author slug (removes or changes the authors name from pages and posts which might be a gateway to guess your log in) There are more ways to do this.
Google Analytics Dashboard for WordPress this plug in works with google to give you the basic connection and stats (first sign up with google analytics to get your code for your website.Google analytics goes from simple traffic data to highly involved statics and testing) I am using the GA google analytics plugin on this website which adds the google analytics code.
Wp-Optimizer Nice to have, makes java script and style sheets smaller (minified) use with caution, it might interferre with other caching, may break stuff. But does not appear to cause permanent damage when reversed. I really like it, but it doesnt always work. There are many choices I will test in the near future.
WordPress Website Page Editors
Divi builder is a design system that is built into website themes, it works very well, but has some advanced features. They ask for money, I believe after a year.
Visual builder comes with many themes and is fairly easy to use, however it doesnt like to update after a period of time, also wants money. Neither of these seem to break websites when they expire, but the constant pay to update message can be annoying.
Word Press Themes
These are pre built templates that offer funcitonality that can make your website look great. They can save a lot of time building what has already been built, and help designers like me offer clients better websites. Many are often free or offer free versions, fancier ones cost $49-$79. Example: a sports website that will feature stats and scores. There is no need for me to build these features when they are built in to a good theme.
The power of the Web is in its universality.
Access by everyone regardless of disability is an essential aspect.
—Tim Berners-Lee, W3C Director and inventor of the World Wide Web
Your website should be usable to as many people as possiable. If people have trouble reading your text, (whether they are disabled or not) you should make adjustments.
See the WAVE accessibilty tool
W3 schools has tons of information on Accessibilty as well as tutorials and web standards. Go there for basic coding examples.
You should decide what you want webcrawlers to go, Both for accessabilty and for continuity. Think about Do not track directives
All images MUST be labeled with alt tags, If a person can not see the image they will know what it is. Keep alts honest and simple.
UC Berkely offers more links to accessiability tools
If your website is about or serves persons with health or mental health topics, collects personally identified information in any form, you should recognize privacy regulations created by HIPPA see the HIPPA journal for more information. Ask your webmaster to sign a business agreement stateing they will not reveal anything they may see in website communciation. Example: An email that says, “I need counceling for..” or a application form for an event that states a health condition. Of course you have security certiifcate if you are collecting Information..right?
The European union adopted privacy standards, (the General Data Protection Regulation or GDPR) and enacted them in May of 2018. Essentially you must protect the information of anyone who visits or uses your website. These standards are honored in the US. It is good practise to protect yourself from privacy leaks.
I have no recomended hosting at this time but WP engine includes the security cert and CDN, which will help with page speed, so it might be worth the price. Save 20% off your first payment when you choose wpengine for your hosting Use coupon code WPE20OFF
Godaddy has excellent customer service, however, they upsell aggressively which is annoying. Im not fond of their wordpress hosting, cpanel hosting is just fine. Many people, including myself only use them for domain services. You can also use my reseller program at zombieinternet.com to buy domains. Zombie internet offer free privacy on domains.
Blue hosting offers a free security certificate with hosting, their hosting seems fine, but they also upsell, Engage in bait and switch marketing tactics and have been know to redirect calls to outside vendors. ultra annnoying.
Highly recomended: web hosting with PHP 7, MySQL version 5.6 or greater
Backing up your stuff
Choose tools on the word press dash board and choose export. Save the xml file somewhere safe. Redo this if you create content often. If you use All in one Wp security, ask it to run a data base back up now and then and email it to you. If possiable, get a copy of your theme and hold on to that.
I hope this helps and give you some tools to test your website. If you have questions or find tools I should include, let me know! contact Brooke Here