Godaddy Archives - Page 17 of 18

How to Fix a Slow Loading WordPress Dashboard (Step by Step)

Is your WordPress dashboard loading too slow?

Having a slow loading WordPress dashboard is annoying, and it hurts overall productivity when it comes to creating content and managing your website. Also the underlying cause of a slow WordPress dashboard can also impact your website conversions.

In this article, we’ll show you how to easily fix a slow loading WordPress dashboard, step by step.

Fixing a slow loading WordPress admin area

What Causes a Slow Loading WordPress Dashboard?

A slow loading WordPress dashboard can be caused by a number of reasons, but the most common one is limited server resources.

Most WordPress hosting providers offer a set number of resources for each hosting plan. These resources are enough to run most websites.

However, as your WordPress website grows, you may notice slight performance degradation or slower loading across the board. That’s because more people are now accessing your website and consuming server resources.

For the front end section of your website which is what your visitors likely see, you can easily install a WordPress caching plugin to overcome WordPress speed and performance issues.

However, the WordPress admin area is uncached, so it requires more resources to run at the optimal level.

If your WordPress dashboard has become annoyingly slow, then this means a WordPress plugin, a default setting, or something else on the site is consuming too many resources.

That being said, let’s take a look at how to troubleshoot and fix the slow loading WordPress admin dashboard.

Here is an overview of the steps we’ll cover in this article.

1. How to Test Performance of WordPress admin area

Before making any changes, it’s important to measure the speed of your WordPress admin area, so you can get an objective measurement of any improvement.

Normally, you can use website speed test tools to check your website’s speed and performance.

However, the WordPress admin area is behind a login screen, so you cannot use the same tools to test it.

Luckily, many modern desktop browsers come with built-in tools to test the performance of any web page you want.

For example, if you’re using Google Chrome, then you can simply go to the WordPress dashboard and open the Inspect tool by right-clicking anywhere on the page.

This will split your browser screen and you will see the Inspect area in the other window either at the bottom or side of your browser window.

Inside the Inspect tool, switch to the Lighthouse tab and click on the Generate Report button.

This will generate a report similar to the Web Vitals report generated by Page Speed Insights.

From here, you can see what’s slowing down your WordPress admin area. For instance, you can see which JavaScript files are taking up more resources and affecting your server’s initial response time.

2. Install WordPress Updates

The core WordPress team works hard on improving performance with each WordPress release.

For instance, the block editor team tests and improves performance in each release. The performance team works on improving speed and performance across the board.

If you are not installing WordPress updates, then you are missing out on these performance improvements.

Similarly, all top WordPress themes and plugins release updates that not only fix bugs but also address performance issues.

To install updates, simply go to Dashboard » Updates page to install any available updates.

For more details, see our guide on how to properly update WordPress (infographic).

3. Update the PHP Version Used by Your Hosting Company

WordPress is developed using an open-source programming language called PHP. At the time of writing this article, WordPress requires at least PHP version 7.4 or greater. The current stable version available for PHP is 8.1.6.

Most WordPress hosting companies maintain the minimum requirements to run WordPress, which means they may not be using the latest PHP version out of the box.

Now, just like WordPress, PHP also releases new versions with significant performance improvements. By using an older version, you are missing that performance boost.

You can view which PHP version is used by your hosting provider by visiting the Tools » Site Health page from your WordPress dashboard and switching to the ‘Info’ tab.

Luckily, all reliable WordPress hosting providers offer an easy way for customers to upgrade their PHP version.

For instance, if you are on Bluehost, then you can simply login to your hosting control panel and click on the Advanced tab in the left column.

From here, you need to click on the MultiPHP Manager icon under the Software section.

On the next page, you need to select your WordPress blog and then select the PHP version that you want to use.

For other hosting companies, see our complete guide on how to update your PHP version in WordPress.

4. Increase PHP Memory Limit

Your web hosting server is like any other computer. It needs memory to efficiently run multiple applications at the same time.

If there is not enough memory available for PHP on your server, then it would slow down your website and may even cause it to crash.

You can check the PHP memory limit by visiting Tools » Site Health page and switching to the Info tab.

You’ll find PHP memory limit under the Server section. If it is less than 500M, then you need to increase it.

You can increase PHP memory limit by simply entering the following line in your wp-config.php file.

1	`define(` `'WP_MEMORY_LIMIT',` `'512M');`

For more details, see our article on increasing the PHP memory limit in WordPress.

5. Monitor WordPress Plugins for Performance

Some WordPress plugins may run inside the WordPress admin area. If plugin authors are not careful, their plugins can easily consume too many resources and slow down your WordPress admin area.

One way to find out about such plugins is by installing and activating the Query Monitor plugin. For more details, see our step by step guide on how to install a WordPress plugin.

Upon activation, the plugin will add a new menu item to your WordPress toolbar.

Clicking on it will show performance results for the page you are currently viewing on your website.

This will bring up the Query Monitor console.

Here you need to switch to ‘Queries by Component’ tab on the left side. From here, you can see the performance impact of plugins and find out which one is taking up too many resources.

You can now temporarily disable the slow plugins and see if that improves performance.

If it does, then you can reach out to plugin author and seek support or find an alternative plugin.

6. Install a WordPress Caching Plugin

WordPress caching plugins not only improve your website speed, but they can also help you fix a slow loading admin dashboard.

A good WordPress caching plugin helps you optimize page load speed, CSS and JavaScript delivery, your WordPress database, and more.

This frees up resources on your WordPress hosting server that your WordPress admin area can utilize for improved performance.

We recommend using WP Rocket. It is the best WordPress caching plugin on the market. It works out of the box and makes it super easy to optimize your WordPress performance.

For more details, see our guide on how to properly install and setup WP Rocket in WordPress.

7. Tweak Admin Screens & Disable WordPress Dashboard Widgets

WordPress automatically loads some widgets on the dashboard screen. This includes Quick Draft, Events and News, Site Health, and more.

Some WordPress plugins add their own widgets to the dashboard screen as well. If you have a lot of these widgets loading on your dashboard, it could slow things down.

You can turn off these widgets by simply clicking on the Screen Options button and unchecking the box next to the widgets.

Screen Options to remove unnecessary widgets

Similarly, you can use the Screen Options menu to show and hide sections on different admin screens.

For instance, you can choose the columns you want to see on the posts screen.

8. Fix Slow WooCommerce Admin Dashboard

If you run an online store using WooCommerce, then there are some specific WooCommerce features that can affect the performance of your WordPress admin area.

For instance, you can turn off the WooCommerce dashboard widget by clicking on the Screen Options menu.

Similarly, you can change the information displayed on the Products page.

After a while, your WooCommerce store may add unnecessary data to your WordPress database.

If you are already using WP Rocket, then you can simply switch to the Database tab under plugin settings. From here, you can delete transients and optimize your WordPress database with a click.

9. Lock WordPress Admin Area and Login Pages

Random hackers and DDoS attacks are common internet nuisances that can affect WordPress websites.

These automated scripts access WordPress login pages and attempt to login hundreds of times in a short amount of time.

They may not be able to gain access to your WordPress website, but they would still be able to slow it down.

One easy way to block these scripts is by locking your WordPress admin directory and login pages.

If you are on Bluehost, then you can simply go to your hosting control panel and switch to the Advanced Tab. From here, you need to click on the Directory Privacy icon.

Next, you need to locate wp-admin directory (usually found inside public_html folder).

Then simply click on the Edit button next to it.

Next, you will be asked to provide a name for your protected directory.

Click on the Save button to continue. The control panel will save your options and you’ll need to click on the Go Back button to continue.

After that, you will need to create username and password for the protected folder.

Now, when you visit your WordPress admin area, you will be prompted to enter username and password.

For more details, see our tutorial on how to password protect the WordPress admin directory.

Password Protect WordPress Login Page

Next, you would want to block access to WordPress login page. For this, you’ll need to manually edit .htaccess file on your website and generate a password file.

First, connect to your WordPress website using an FTP client or the File Manager app inside your hosting control panel.

After that, go to the root folder of your website (the root folder is where you can see the wp-admin, wp-includes, and wp-content folders).

Here you need to create a new file and name it .htpasswd.

Next, you need to visit this online tool to generate a .htpasswd string.

You need to use the same username and password that you used for the WordPress admin directory.

Then click on the Generate button.

The tool will generate a username and password string under the output box.

You need to copy and paste this string inside the .htpasswd file you created earlier.

Next, you need to edit the .htaccess file and copy and paste the following code inside it.

123456789 ### BEGIN BASIC BLOCK<Files wp-login.php>AuthType BasicAuthName "Protected Folder"AuthUserFile /home/username/public_html/yourwebsite/.htpasswdRequire user jsmithSatisfy All</Files>### END BASIC BLOCK

Don’t forget to replace jsmith with your own username and change AuthUserFile value with the path to your .htpasswd file. You can find it inside the File Manager app.

You can now visit your WordPress login page to see the password protection in action.

10. Manage WordPress Autosave Intervals

The WordPress block editor comes with built-in autosave feature. It allows you to easily restore your content in case you close the editor without saving your changes.

However, if multiple users are working on your website during peak traffic, then all those autosave requests will slow down WordPress admin area.

Now autosave is a crucial feature and we don’t recommend turning it off. However, you can slow it down to reduce the performance impact.

Simply add the following line to your wp-config.php file.

1	`define(` `'AUTOSAVE_INTERVAL', 120 )`

This line simply tells WordPress to run autosave once every 2 minutes (120 seconds) instead of 1.

Reduce Heartbeat API Calls

WordPress uses something called the heartbeat API to send Ajax calls to a server without reloading a page. This allows WordPress to show other authors that a post is being edited by another user, and it enables plugin developers to show you notifications in real-time.

By default, the API pings back every 60 seconds. If multiple authors are working on your website at the same time, then these server calls can become resource-intensive.

If you are already using WP Rocket, then it will automatically reduce heartbeat API activity to pingback every 120 seconds.

Reduce Heartbeat API activity using WP Rocket

Alternately, you can also use their standalone plugin called Heartbeat Control to reduce Heartbeat API calls.

We recommend reducing them to at least 120 seconds or more.

11. Upgrade or Switch to Better WordPress Hosting

All WordPress performance issues depend on the infrastructure provided by your WordPress hosting providers.

This limits your ability to improve performance to the resources offered by your hosting provider.

The above tips will certainly help you reduce load on your WordPress server, but it may not be enough for your hosting environment.

To improve performance even more, you can move your WordPress site to a new host and sign up with a different hosting provider.

We recommend using Bluehost, as one of the top WordPress hosting companies. Their shared hosting plans come with built-in caching which improves WordPress performance.

However, as your website grows you may need to upgrade your hosting plan.

High traffic sites would benefit from moving to a managed WordPress hosting platform like WP Engine or SiteGround.

At WPBeginner, we use SiteGround to host our website.

We hope this article helped you learn how to fix a slow loading WordPress dashboard. You may also want to see our complete WordPress security handbook or see our pick of the best WordPress plugins to grow your business.

Source :
https://www.wpbeginner.com/wp-tutorials/how-to-fix-a-slow-loading-wordpress-dashboard/

The Cybersecurity CIA Triad: What You Need to Know as a WordPress Site Owner

One of the core concepts of cybersecurity is known as the CIA Triad. There are three pillars to the triad, with each pillar being designed to address an aspect of securing data. These three pillars are Confidentiality, Integrity, and Availability.

The Confidentiality pillar is intended to prevent unauthorized access to data, while the Integrity pillar ensures that data is only modified when and how it should be modified. Finally, the Availability pillar assures access to data when it is needed. When employed in unison, these three pillars work together to build an environment where data is properly protected from any type of attack, compromise, or mishap.

While managing a website may not always feel like a cybersecurity role, a crucial purpose of any website is to maintain data, which calls for the use of the CIA Triad. Managing a WordPress site is no exception to the need for the CIA Triad, even if you are not actively writing any code for the website.

As you build or update a website, it is important to keep the CIA Triad in mind when determining which plugins and functionality to include on the website. While user experience is often the main consideration, it is important to research any plugins or themes you may be considering for your website to ensure you are only installing ones that are well-maintained, and do not have a track record of being an attack vector in website data breaches. Ignoring any of the three pillars of the CIA Triad can lead to a weakness in your website which could impact your site’s users or your business. This makes it important to understand how the Triad applies to management of a WordPress site.

Maintaining the Confidentiality of Privileged Data

The Confidentiality pillar of the CIA Triad is frequently in the public eye, especially when it fails. The basic concept is that any data that should be kept private is restricted to prevent unauthorized access. Privileged data on a WordPress site can vary, but includes administrator and user credentials as well as personally identifiable information (PII) like addresses and phone numbers. Depending on the purpose of the site, additional customer information may also be included, especially in scenarios where you might be running an e-commerce or membership website. Aside from personal data, you may also have business data that should be kept confidential as well, which means that the concept of Confidentiality needs to be employed properly in order to protect this data from unauthorized access.

One thing to keep in mind is that unauthorized access can easily be accidental. Each page on a WordPress website can be set to require specific permissions for access. If you are publishing restricted information, you will need to ensure that the page is not published publicly. Even when updating a page, a good best practice is to always check the post visibility prior to publishing any changes in order to ensure that restricted data cannot be accessed without a proper access level. This check is quick, and only takes a moment to correct if the visibility is set incorrectly.

Shows how to set post visibility in wordpress

Malicious access is also something that needs to be accounted for when managing a website. One of the most common types of attacks on web applications is cross-site scripting (XSS). A danger of XSS attacks is that they are often simple for an attacker to implement, simply by generating a specially crafted URL. If an XSS vulnerability is present on the website and an attacker can convince your users, or administrators, to click on a link they have generated, they can easily steal user cookies or perform actions using the victim’s session. If the vulnerability is stored XSS, a site administrator accessing the vulnerable page may be all that is needed in order for the attacker to obtain admin access to the site. If the attacker is able to obtain authentication cookies, then they will have the same access to information on the website as the user or administrator that they stole the cookie from. Further, when it comes to WordPress sites, XSS vulnerabilities can easily be exploited to inject new administrative users or add back-doors via specially crafted JavaScript that makes it incredibly easy for attackers to gain unauthorized access to sensitive information on your WordPress site.

Unauthorized access to confidential information can have lasting negative effects on a business or website owner, but taking steps to secure this data goes a long way in mitigating these risks. Whether you’re running a personal blog that collects subscriber emails addresses, or an online retail site, there will be data that should be protected from accidental and malicious access. Keeping the concept of Confidentiality in mind while building and updating your WordPress website is a critical part of protecting this data. Even if it feels like a hassle to do the initial research and choose plugins that are known for their security, you will end up saving time and money by avoiding a potential data breach in the future.

When researching themes and plugins, one aspect you will want to consider is the developer’s transparency with any vulnerabilities. A few disclosed and patched vulnerabilities likely means the developer actively fixes any problems. A theme or plugin that does not list any patched vulnerabilities in the changelog may be just as much of a problem as one that has had too many vulnerabilities, especially when the theme or plugin has been around for a significant amount of time. This signifies the importance of not just relying on whether a plugin or theme has had any previously disclosed vulnerability, but rather focusing on the transparency and communication about security management from WordPress software developers.

Ensuring the Integrity of Site Data

Integrity is the pillar that defines how data is maintained and modified. The idea here is that data should only be modified by defined individuals, and any modification should be accurate and necessary as defined by the purpose of the data. Incorrect or unnecessary changes to data can cause confusion at a minimum, and can even have legal and financial consequences in some cases. While the Confidentiality pillar plays a role here, Integrity must be addressed independently to ensure that data being accessed has not been maliciously or accidentally compromised.

Capability checks are one way that WordPress not only protects Confidentiality, but also Integrity. Any plugins should be using capability checks to ensure that the user making a change to the site information, configuration, or contained data actually has the correct permissions to make those changes. From a site owner or maintainer perspective, researching any plugins and testing any that are being considered for the website to ensure that data can only be changed by its owner, or by an appropriate level of editor or administrator. If data is available on the website in any form, it will need to be checked because a vulnerable plugin could allow an attacker to change or delete data if they know how to exploit the vulnerability. Site settings and code are also data, and if their Integrity is impacted, it can result in a complete compromise of the Confidentiality and Availability of any other data on the site.

Due to the fact that not every plugin will properly use capability checks, it is the site maintainer’s responsibility to ensure the Integrity of data. In addition to testing plugins for access errors, all users should be properly maintained with appropriate access levels. In a business setting, this will also mean that user audits will need to be performed, and any employee who leaves the company should be immediately removed or disabled on the site. In many cases, having a policy of separating contributors and editors is a good practice as well. This will provide an environment where more than one set of eyes are seeing the changes to help catch any errors in the changes made to the data. Integrity is all about proper maintenance of data, but both malicious intent and unintentional errors must be taken into account to protect the Integrity of the data.

Guaranteeing the Availability of All Data

The final pillar in the Triad is Availability. In this sense, Availability means that data is available when requested. With a WordPress website, this means that the website is online, the database is accessible, and any data that should be available to a given user is available as long as they are logged in with the correct level of access. What Availability does not mean is that data will be available to everyone at any time. The first two pillars in the triad must be taken into account when determining Availability of data. Availability is the pillar that relies more heavily on infrastructure than on what most will consider to be security.

Availability may be the most obvious pillar to the end user, as it is clear to them when a website is not available, or the data they try to access on the website won’t load. The end user may not always be able to tell when confidential information is accessed without authorization or when data is incorrectly modified, but a lack of Availability is always going to be obvious. WordPress websites have a lot of working parts, and in order for data in a WordPress site to be available upon demand, all of those parts must work together flawlessly. This means that the website must be hosted somewhere reliable, fees associated with the domain name, hosting or other aspects of the infrastructure must be paid for in a timely manner, TLS certificates need to be renewed on time, and the website software must be updated regularly.

Countless articles have been written on the importance of updating WordPress components to protect Confidentiality and Integrity, but the topic of updating for Availability is just as important. Again, limiting access and ensuring Integrity play a role here, as data can be deleted maliciously or accidentally, but proper maintenance of the components of your website are just as critical. As technologies change on web servers, or new features are added to the website, older components may become incompatible and cease to function. Keeping a proper maintenance schedule, and testing functionality after each update is an imperative part of guaranteeing the Availability of your website and the data it contains.

I’m Not A Cybersecurity Expert, How Do I Use The CIA Triad?

Fortunately, you don’t need to be a cybersecurity expert in order to keep the CIA Triad concepts at the core of the work you do. Defining policies for maintenance schedules, how to address problems with plugins, and even procedures for publishing changes to data will guide your processes. Wordfence, including Wordfence Free, provides a number of tools to help you keep to these standards, including two-factor authentication (2FA) to protect user accounts, and alerts for outdated site components or suspicious activity. The Wordfence WAF blocks attacks that threaten your data’s Confidentiality and Integrity, and the Wordfence Scan detects malware and other indicators that your data’s Integrity may have been compromised. Wordfence Premium includes the most up to date WAF rules and malware signatures as well as country blocking, and our Real-Time IP Blocklist, which keeps track of which IPs are attacking our users and blocks them so they don’t even have a chance to threaten your site.

Wordfence also offers two additional services: Wordfence Care and Wordfence Response. Both services help maintain your site’s security by following the core principles of the CIA Triad. Our team of security experts review your site initially through a complete security audit to identify ways you can improve your WordPress site’s data Confidentiality, through things like TLS certificates & cryptographic standards. Our team also recommends best practices that can improve your WordPress site’s Integrity and Availability of data, such as performing regularly maintained back-ups and not using software with known vulnerabilities. Both Wordfence Care and Wordfence Response include monitoring of your WordPress site by our team of security professionals to ensure that your site’s Confidentiality, Integrity, and Availability are not compromised, and both services include security incident response and remediation. Wordfence Response offers the same service as Wordfence Care, but with 24/7/365 Availability and a 1-hour response time.

Conclusion

Employing the CIA Triad will help any website owner or maintainer to manage the security of the data on the site, even if they are not specifically in a cybersecurity role. No matter who the website is for, the data on it needs to be confidential, accurate, and available. The concepts covered by the CIA Triad are here to guide decisions that will ensure this need is met. Employing these concepts will help you breathe easier knowing that you have minimized the chances of your data being compromised in an attack or accident.

Source :
https://www.wordfence.com/blog/2022/06/the-cybersecurity-cia-triad-what-you-need-to-know-as-a-wordpress-site-owner/

Yoast SEO 19.0: Optimize crawling and Bing discoverability

One of the most important aspects of SEO is optimizing the crawlability of your site. Search engines have near-endless resources, so they have the power to crawl everything they find — and they will. But, that is not the way it should be. Almost every CMS outputs URLs that don’t make sense and that crawlers could safely skip. With Yoast SEO Premium 18.6, we’re starting a series of additions to clean up those unnecessary URLs, feeds, and assets so that the more critical stuff stands a better chance of being crawled.

Making your site easier to crawl

Google and other search engines crawl almost everything they can find — as Yoast founder Joost de Valk proves in a post on his site. But it can be hard to get them to crawl what you want them to crawl. Moreover, crawlers can come by many times each day and still not pick up the important stuff. There’s a lot to gain for every party involved — from the crawlers, site owners, and environment — to make this process more sensible. Yoast SEO Premium will help search engines crawl your site more efficiently.

In Yoast SEO Premium 18.6, we’re introducing the first addition to our crawl settings, allowing you to manage better what search engines can skip on your site. In this release, we’re starting with those RSS feeds of post comments in WordPress, but we have a long list of stuff that we want to help you manage.

Head over to our new Crawl settings section in the General settings of Yoast SEO Premium and activate the first addition to preventing search engines from crawling the post comment feeds.

From Yoast SEO Premium 18.6 on, the Crawl settings will host additional controls that impact crawling

This feature is available to all Yoast SEO Premium subscribers in beta form, and we’ve selected not to activate this for every site. In some cases, there still might be sites that use this in a way we can’t anticipate. We’re rolling out more crawling options — big and small — in the coming releases.

Let’s all start cleaning up the crawling on our sites — it’s better for you, your visitors, search engines, and the environment. All with a little help from Yoast SEO Premium. Let’s go!

Go Premium and get access to all our features!

Premium comes with lots of features and free access to our SEO courses!Get Yoast SEO Premium »Only €99 EUR / per year (ex VAT) for 1 site

Keeping Bing updated on your site

Yoast SEO 19.0 and Premium 18.6 also help Bing find your XML sitemaps. Last week, Bing changed the way they previously handled XML sitemaps. Before, we could submit sitemaps URLs anonymously using an HTTP request, but Bing found that spammers were misusing it thanks to this anonymity. You have two options to submit your sitemaps to Bing: a link in the robots.txt file or Bing Webmaster Tools.

To make your sitemaps available to Bing, we’ve updated Yoast SEO to add a link to your XML sitemap to your robots.txt file — if you want. This ensures that Bing can easily find your sitemap and keep updated on whatever you publish or change on your site. If you haven’t made a robots.txt file yourself, we’ll now add one with a link to your sitemap.xml file. You can add the link yourself via the file editor in Yoast SEO if you already have one.

Also, this might be an excellent opportunity to check out Bing Webmaster Tools — there are some great insights to be gained into your site’s performance on Bing.

An example from Bings homepage that shows the XML sitemaps properly links in the robots.txt

Other enhancements and fixes

Of course, we did another round of bug fixes and enhancements. There are two that we’d like to highlight here. We’ve enhanced the compatibility with Elementor, ensuring that our SEO analysis functions appropriately.

In addition, we enhanced our consecutive sentence assessment in the readability analysis. This threw warnings when you had multiple sentences starting with the same word in a list. We handle content in lists differently now, and having various instances with the same word should not throw a warning anymore.

Update now to Yoast SEO 19.0 & Premium 18.6

In this release, we’re introducing more ways to control crawling on your site. For Yoast SEO Premium, we’re starting with a small addition to manage post comment feeds, but we’re expanding that in the coming releases. The feature is in beta, so we welcome your feedback!

In addition, we’ve also made sure that Bing can still find your XML sitemap, and we’ve fixed a couple of bugs with Elementor and our readability analyses.

Source :
https://yoast.com/yoast-seo-may-31-2022/

How to dial in the one-page WordPress website

If you’re looking to offer a more affordable (and easier to build) solution for a client’s business, online portfolio, and much more, you may want to consider a one-page WordPress website.

One-page websites are simple, popular and — when built on Managed WordPress — easy for nearly anyone to maintain.

However, dialing in the one-page design isn’t always a simple task for website designers, especially when you’re used to taking on larger or more complex projects. Luckily you’ve come to this post. Here, we look at tips to help create a solid one-page website design. Here’s what we’ll cover:

Determine whether one page is enough
Create a strategy for content
Build an anchor menu for easy navigation
Understand the audience
Make scrolling easier
Make the website mobile-friendly
Develop strong CTAs
Avoid large text blocks
Optimize for search engines
Include social media accounts
Be creative with the contact block

Why a one-page WordPress website?

One-page website designs have gained increased popularity among business owners and web designers because they’re simple, easy and trendy. But while one-page websites are ideal for different types of business, they are not a one-fits-all solution.

Before settling on a one-page website, ensure it is ideal for your client. You may want to create a one-page website if they don’t have a lot of content or many different elements. A single-page website may be ideal for clients who:

Want to create an online portfolio or personal website
Sell a few products or services
Have one-time events such as conferences and weddings
Need a campaign-specific landing page

On the other hand, a one-page WordPress website may not be ideal, for example, if their content is complex or they sell lots of different products or services with tons of information.

Tips for creating a one-page WordPress website

Less is more in design, and web design is not an exception. After all, the fewer pages a site has, the more it will be appealing to visitors. A good one-page design will communicate a story effectively, promote a brand and drive conversions.

However, that doesn’t mean that creating a one-page WordPress website is a simple task. Without the right gameplan, you may end up with a single page that isn’t attractive and doesn’t serve your marketing purposes.

To that end, here are steps to follow for a perfect one-page website design:

Determine whether one page is enough

Before you take any step, it’s best to determine whether the situation calls for one page or a classic website. Depending on the type of client you’re helping, one kind of website might be better than another — you need to weigh the options to determine which type of website will work.

As stated earlier, a one-page WordPress website should have a simple yet robust design that is user friendly. It often displays only a small amount of text but more images.

Due to its long scrolling design, you have the option to be creative and decide the order in which content appears.

One-page website design offers a good user experience. Since the content appears in a linear fashion, visitors won’t get lost in multiple pages. These sites also render well on mobile and tablets, and are easy to maintain.

A classic website comes with a homepage alongside other pages, often services, a contact page, and FAQ. The main advantage of a classic web design over a one page is that it allows you to display tons of content about products or services.

With the classic design, you get the option to display each piece of content on a dedicated page, allowing more thorough descriptions. But if you decide that a one-page WordPress website is best, move to the next step.

Create a strategy for content

The first step to creating a one-page WordPress website is to plan out content. One page allows you to control the order in which content appears. The idea is to ensure the order is both logical and intuitive.

Be careful with what you place above the fold or what the visitor sees before scrolling down the site. Ideally, the main message should entice visitors.

Like any other website, a one-page WordPress website could include an about section, services and products, more about the offering, an FAQ section, CTAs, a photo gallery and contact information.

How you prioritize this content will determine how effective the one-page design will be. Remove unnecessary information to keep content as simple and organized as possible.

Build an anchor menu for easy navigation

Unlike a classic website (where each item links to a page of its own), a one-page WordPress website menu links to a different section of the same page. As a result, you need to build an anchor menu to link each section.

These are three important steps to help create an anchor menu for a good one-page design:

Create an anchor — An anchor will help users navigate to a particular part of your one-page design. While some templates come with built-in anchors, there’s usually an option to rename, move or delete them.
Link anchors to the menu — Linking the site’s menu to anchors makes it easier for visitors to go to a specific section. The idea is to select the corresponding section to attach an anchor to, which will help in the navigation.
Create a menu order — Linking the menu to anchors isn’t enough. You should ensure the order in the menu corresponds to the order of section. Single-page website designs involve a lot of scrolling. As such, ensure that the menu is always visible by freezing it. Fortunately, this is easily achievable via plugins such as WP Floating Menu.

Understand the audience

When it comes to a one-page WordPress website, you have only one page to display many sections. That’s why it is important to identify gaps in every section and fill those gaps to improve user experience and overall site performance.

Analyzing which sections have gaps and making the necessary changes is paramount. To achieve this, you need to group your visitors based on location, demographics, source, behaviors, devices they use, and other such criteria.

You can collect this data for clients if you install proper analytic tools like Google Analytics on the site. Ensure that you have everything set up to get required data and determine the metric to track.

Tracking user behavior for a classic website with multiple pages is straightforward. But things get rather complicated when it comes to a single-page website.

Luckily, free tools like Google Tag Manager will help track activities on a one-page website. This tool will enable you to track different actions on the site and provide more insights regarding the needs and expectations of a target audience.

Make scrolling easier

A one-page WordPress website involves a lot of scrolling. Don’t make visitors keep scrolling down the site to find what they are looking for — make it as simple as possible.

A scroll-top button (yep, there are plugins for that) and anchor links make navigation easier and fast. You may also want to use parallax scrolling (make the background move a different speed from the foreground content) to keep your users engaged when scrolling until they find what they are looking for.

No matter how creative you want to be with navigation, you shouldn’t ignore usability. After all, visitors are real humans, so ensure they can easily find the content they need.

Make the website mobile-friendly

People spend more time on smartphones or tablets than desktops. You may also have heard about mobile-first indexing, where Google considers the mobile version of the content for indexing and ranking.

As a result, ensure the website is functional and looks as good on mobile as desktop. Adapting to the mobile version shouldn’t cause headaches if you use a readymade CMS like WordPress.

Develop strong CTAs

Strong CTAs for the one-page WordPress website are essential. This command phrase, such as “Buy Now” or “Sign Up,” takes the form of a button or hyperlink to increase sales or conversion.

To get the most from a CTA, it needs to:

Be logical, intuitive and concise
Encourage visitors to take action
Unique from other graphical elements
Placed at strategic places for users’ view

Once you have CTA content, link the button to an anchor to make it easy for visitors to navigate a particular section.

Avoid large text blocks

Having too much text on one page can hurt conversions. After all, users expect as brief a chain of actions as possible (e.g. visit > see what you need > take the required action).

Imagine if, during the second step, there’s tons of text for the user to read.

Include only the information that directs users to a CTA, and presents it in a brief and straightforward manner. If you have a lot of information to share with users, create a separate blog and link it to a unique place on the website.

Optimize for search engines

The need for search engine optimization for any website cannot be overstated. When it comes to a one-page WordPress website, you only have one page to rank for several keywords, and you have fewer things to optimize than a classic website.

However, this doesn’t mean that you cannot optimize the single-page website. Yes, it may be a bit challenging, but it’s possible. That said, here are things to remember when optimizing a one-page website:

Improve page speed

Page speed refers to the time it takes to display a page content fully. In our case, this is the time it takes to display one page of website content.

A significant number of visitors will leave a page that takes more than three seconds to load.

And if your website loads slowly, Google and other search engines will consider it to have a bad user experience. That’s why you need to analyze your site loading speed and optimize it.

Luckily, Google has a free tool to help analyze your website speed. To analyze your website, go to PageSpeed Insights and enter the URL. This tool will help analyze how a site performs on both desktop and mobile devices.

Once you get insights into what is slowing down the website, try to resolve all errors to improve website speed.

Optimize each section for SEO

Treat each section of the one-pager as a separate page and optimize it for SEO. The idea here is to ensure that each section of your one-page website has a heading tag to tell what the section is all about.

Next, optimize each section for the primary and related keywords. You also need to optimize text blocks for those keywords and include alt texts in images.

Ensure content is fresh and relevant

Content is king, but only if it’s fresh and relevant for an audience and search engines. Content is not static. To keep up with the ever-changing Google algorithms, pitch content updates to your client so the website can rank higher on SERPs.

Include social media accounts

Social media can provide a perfect way to improve an online presence. As such, connect your client’s Instagram, Facebook, and LinkedIn profiles with their one-page WordPress website to help improve traffic to the site.

One way to achieve this is by adding an Instagram feed. Doing this will provide an opportunity to share the latest photos of your client’s business with visitors.

Another perfect way to incorporate social media profiles into the website is to place icons for all business social media accounts. Users will see these elements as they scroll the website, providing a perfect way to further interact with a business.

Be creative with the contact block

Last but not least, make sure visitors can easily find contact information on the site. That said, consider placing phone numbers, email addresses, blogs, and social media links in a separate block at the top of the site.

The idea is to ensure that users will not need to scroll to the bottom to see contact information. After all, this can be troublesome, especially if the site has many media components that can load slowly when there’s a poor internet connection.

Closing thoughts on the one-page WordPress website

Creating a one-page WordPress website has many benefits, including better SEO potential, it’s faster and easier to maintain, intuitive to use, and easy to organize. Once you determine that a single website is best for your client, the above tips will help you get a perfect one-pager going.

Source :
https://www.godaddy.com/garage/one-page-wordpress-website/

12 top SEO best practices for small business websites

Wondering how to improve your website’s SEO and increase web traffic fast? There are plenty of actionable steps you can take today. Most don’t even require a web developer or coding knowledge to get started.

Below we’ll review 12 best practises you can easily work into your business plans to help you:

Rank higher in search engines
Grow your audience
Attract more leads

We’ll also give you tips on how GoDaddy can help you on your journey, plus share plenty of free resources you can refer to along the way.

1. Optimize your URLs

Optimizing your URLs is a good way to improve SEO quickly. It’s something that takes little effort but can help boost your rankings when done right. Here are a few best practices to look out for.

Example of Page Title editor in GoDaddy's Website Builder — Screenshot of Page Title editor inside GoDaddy Website Builder.

Go for shorter URL titles

When it comes to URLs, you want to keep them short and compelling. Shorter URLs are often easier to remember, which makes them more shareable and higher ranking. Make sure your URL is free of fluff words (like “and” or “for”) and easy to understand.

Note: GoDaddy’s Website Builder automatically optimizes your URL title for you by limiting it to 25 characters. Simply type in your URL title into the designated text box for “Page Title” and you’re done. It also fills in any spaces with hyphens following web convention.

Include primary keywords

Adding a primary keyword to your URL is another best practice for optimization and should also be applied to your:

Meta title: This is the blue header in the search engine results page
Meta description: This is the copy that sits beneath the meta title
On-page title: This is the actual title of your work at the top

Aim for placing your keyword closer to the beginning of your URL title for optimal results.

Keep it relevant

URLs should also be relevant to the content you’re displaying on that specific page. Keeping them aligned with the page copy allows Google’s search bots to easily understand and identify the information for search queries.The more relevant your information is to a search query, the higher it ranks on Google.

Think about how relevant it will be for future use. You don’t want it to be overly specific that it becomes less relevant over time.

For example, you can make a URL more applicable for future use if you avoid adding a specific year at the end. Peek the following URL endings to see how they contrast.

Instead of a URL that ends in: .com/best-fathers-day-gifts-2022

Go for something like: .com/best-fathers-day-gifts

If other websites link to your page, the URL without the year enables that page to keep hold of any authority and associated rankings in the future.

Screenshot of how to edit URL title on GoDaddy Website Builder — Screenshot of URL title settings inside GoDaddy Website Builder.

A note on changing URL titles

Editing your URL title is an option using GoDaddy’s Website Builder, but it’s not recommended you make any changes when dealing with older existing pages.

Changing an existing URL can hurt your SEO and result in decreased traffic, since it’s likely you have backlinks attached to the post you’re trying to change. This means that anytime someone finds the old link through a partnering site or newsletter, they might end up at the dead link instead.

Unless you really need to for rebranding purposes, it’s best you avoid this route to prevent any damage to you SEO.

2. Optimize metadata

Screenshot of where to place meta description in GoDaddy Website Builder editor — Screenshot showing where to write a meta title and meta description inside GoDaddy Website Builder.

The term “metadata” comes up a lot when researching how to improve SEO quickly. It refers to the data on a webpage that provides Google with information about a particular site. In other words, it’s data that describes other data.

By itself, metadata won’t affect SEO rankings. But it can help in the following areas:

Boost engagement
Increase click-through rates
Give you the upper edge over your competitors

It’s a small piece of the SEO puzzle that is often overlooked but can be beneficial when combined with other best practices. Let’s look at two ways to improve your meta data below.

Meta descriptions

Meta descriptions appear in the search results page underneath the meta title. It often gives a quick snippet of what the web page is about and typically includes a call to action (CTA) to encourage more clicks.

Examples of these CTAs could look like:

“Shop now”
“Schedule an appointment”
“Click here to read more”

As noted earlier, you’ll want to include a primary keyword within the description and keep the copy to 155 characters or less. The primary keyword will also appear in bold anytime it matches a searcher’s query.

Meta titles

The meta title (aka title tag) is the text shown in large blue font in the search engine results page. It’s often the first thing searchers will see and can sometimes be confused with the H1 tag.

Example of how a meta title appears in a Google search query

However, the meta title and H1 tag are two separate things.

The meta title is named with SEO and Google in mind, while an H1 tag is more for the user’s benefit. A lot of times digital marketers will use the same title for both the meta title and H1 tag to cause less confusion for users.

When naming your meta title, you should always:

Screenshot of meta title editor inside GoDaddy Website Builder.Include a primary keyword at the start. An exception should be made for well-known brands or local businesses who should add their business name to the start.
Accurately describe what’s on page. Make sure you showcase what people want to see and use actionable words that’ll generate more clicks.
Ensure each title tag is unique. Look at competitors for ideas but don’t copy. Keep it short and sweet like: Tall Men’s Clothing | Tall Jeans, Pants & Coats | ABC.
Keep it to 65 characters or less. This includes spaces, so avoid going over if you don’t want search engines to automatically truncate it for you. Title tags may be rewritten by Google if it thinks there’s a more suitable one for the searcher’s query. If you need to test the length, you can use free online tools like this meta title counter to help you.

Editing the meta title and meta description is easy using GoDaddy’s Website Builder. Simply use the editor and go to the page you need optimized. Click on Settings (cog symbol) and then select Get Found on Google to edit what you need.

3. Check your speed

An important element of improving SEO is speed. The time it takes for your webpage to load will affect whether your users stay to engage or bounce back in search of something better.

Between July and August 2021, Google rolled out a measure of core web vitals (CWV) to help website owners evaluate their overall page performance.

This report is based on real-world user data (or field data) and includes three segments that evaluates a user’s experience loading a webpage — two of which are related to a site’s speed.

Here’s a quick breakdown of each one for reference:

Largest contentful paint (LCP): This refers to the largest block of text, video, or visuals that take up the most amount of time to load after a user clicks on your site.
First input delay (FID): This is the amount of time it takes for a browser to respond to a user’s first interaction on your site (typically when they click on a link or tap on a button).
Cumulative layout shift (CLS): This has to do with any layout shifts your user be experiencing as they interact with your page. Too many unexpected shifts could result in a bad user experience if left unchecked.

One best practice is to score below 1.3 seconds when reaching the First Byte. This means that the overall responsiveness and speediness of your website should fall within this time frame after a user clicks onto your site from a search query.

How to optimize your CWV score

Rankings are affected by a CWV score, so it’s best to aim high in good rankings to increase web traffic.

Google’s search advocate, John Mueller, noted in a recent YouTube discussion that if a site had lost or gained traffic steadily over the period of the CWV roll out, then it was likely related to the website’s CWV score.

GoDaddy’s Website Builder scores nearly 68% in good CWV rankings and outperforms most other competitors. It’s a great option to consider if you’re looking for low-hassle performance speed on your site. Plus, it includes other fool-proof elements like SSL certificates and more.

Line graph showing GoDaddy CWV rankings — GoDaddy scores higher than other competitors when it comes to Google’s CWV rankings.

For non-GoDaddy sites, your biggest priority is to minimize image sizes before uploading to your site. Try using an image compressor to cut down on load time and apply a lazy loading plugin if you have a WordPress site. This will display all images below the fold only when the user scrolls down.

4. Find the right keywords for your content

Improving SEO means creating content Google can easily comprehend. That’s why optimizing with keywords helps. It allows Google bots to decipher what your page is about so that it can provide relevant results to search queries.

Let’s take a look at some best practices for keyword usage.

How to choose the best keywords

When creating content for your site, try to think of phrases and terms your target audience may be typing into a search query. For example, if you’re a retailer that specializes in kid’s clothing, you could aim for keywords like:

Toddler girl dresses for spring
Zipper onesies for baby boys
Activewear for boys and girls

Keep an eye on your competitors and note how they utilize their keywords for search queries.

It’s important to know the keywords your competitors are ranking for that you are not.

Let these findings guide you when deciding what keywords to create for your own content. Ensure your version is better optimized and more informative to win the upper edge.

Where to include primary keywords

Here are other areas where you should include primary keywords throughout your text:

Each page on your site: Include a primary keyword for every 60 – 150 words in each of your posts. Ensure they sound natural and avoid keyword stuffing to prevent Google from penalizing you.
On-page title: Make sure each page on your website has a primary keyword within the on-page title at the top.
First 100 words of every page: Include a primary keyword in your opening paragraph for each post. The sooner you introduce it, the better.

It’s also best to add a secondary keyword that’s similar in meaning to your primary keyword. This provides Google with extra information (or clues) to what your page is about.

Screenshot of h1 code that GoDaddy Web Builder automatically generates — Example of how a page title is automatically marked up as H1 tags for SEO using GoDaddy Website Builder, despite the over-sized font on the page.

Editor’s Note: GoDaddy’s website builder automatically assigns your primary keyword as a required H1 header tag in the backend, so there’s no extra coding necessary for you. This makes things easier any time you want to adjust the font size or style. Simply edit as you go.

Keyword length

When it comes to keyword length, there are two things to remember:

Short keywords with a large volume are harder to rank for and are more competitive
Longer keyword phrases with three to five words are easier to rank for and are less competitive

Let’s imagine you run a clothing shop. Instead of choosing a generalized keyword like “T-shirts,” you can opt for something more specific like “cruelty-free vegan T-shirts.” The competition for the longer phrase is lower and has a better chance at ranking higher on Google.

Duplicate keywords

On a similar note, you want to avoid including the same keywords and phrases on multiple pages of your website. This is known as keyword cannibalization and could lead users to the wrong page when they enter your site from a search query. It’s also not good for bounce-back rates.

The same goes for duplicate content. Try to avoid creating posts that are similar in topic, since this could confuse the search engine bots.

An example would be targeting “divorce lawyer near Los Angeles” on one page and “how to find a divorce lawyer near me” on another. The angles are too similar for Google to recognize the difference.

Helpful tools and resources

To help you optimize strategically, you can use the following tools when deciding which keywords to go for:

Google’s Keyword Planner: This is a tool for finding keywords that many digital marketers tend to utilize – especially in advertising. But you don’t need to be an advertiser to use it. Anyone can sign up for free and use it for insight on keyword search volume.
KWFinder: If you’re looking for a tool with more advanced features, try KWFinder. It offers a free trial and helps you find keywords that are easy to rank for.
Keyword Tool: Ecommerce store owners can find extra ideas using predictive search tools like this one. It gives you free keyword search suggestions for Amazon, eBay and more.

Remember, it’s best to avoid using keywords that have volumes in the highest and lowest categories. Refer to these tools any time you need help.

5. Write for your audience

Developing content that improves SEO quickly should be centred around your audience first and foremost.

You need to know who you are trying to target before you begin writing posts for your website.

This will allow you to create content that is genuinely helpful to potential customers visiting your site. It’s also something Google will reward you for in rankings and will lead users to CTAs that apply to:

Purchases
Email sign-ups
Inquiries and more

When drafting content for your site, you should note that there are two main categories to consider:

Standard pages and blog posts: These typically consist of informational content. A standard page should have a minimum of 300 words, while a blog post should have 700 or more.
Ecommerce product pages: Ecommerce pages focus more on product details. The recommended word count for these pages should range between 120-200 words.

Let’s discuss them even further to help you better understand why both are important for improving SEO.

Pages and blog posts

Pages and blog posts provide informational content to users but differ in the type of content displayed. Pages are more static and don’t often need updating (like About Me or Contact pages), while blog posts provide constant updates to queries that are relevant to your product or service.

Google ranks all web pages according to a mixture of:

Relevancy for the searcher
Value of content on a page
The page’s uniqueness
A website’s overall authority

Authority takes time and is something you earn as your audience grows. It’s not something you can control right away. But optimizing the other categories can help you achieve authority success down the line.

Dwell time

Google rewards websites with higher rankings if searchers stick around for a while (aka dwell time).

To increase dwell time, owners should write for their prospective customer and not for Google.

Write as if you are encouraging a friend to take the next step with your business offer. Use words that inspire and provide informative content that helps users with pain points.

Ecommerce product pages

Ecommerce pages provide users with information about your product or service, but also convinces them to follow-through with a purchase.

Example of product page description with 156 words on an ecommerce site.

Many ecommerce sites miss out on visibility due to lack of content, which makes it hard to rank.

A general recommendation to improve SEO is to start by optimizing product and service pages first. You can do this by:

Using long-tail keywords: This helps increase opportunities in competitive spaces and even converts better with keywords that are low in search volume. It’s better to have a small increase in web traffic and sales, rather than none.
Hitting the 120-200 minimum word count: Do this for all products in your online catalogue and avoid writing beyond this range. Writing too much could be a distraction to the potential sale.
Uploading enticing images: Try to aim for at least three images per product, including one that shows it in use. You might also consider adding product-specific text to images that highlight dimensions and special features.
Avoid copying manufacturer descriptions: Google will consider this duplicate content and you’ll end up taking a hit to your SEO.

6.Leverage SEO with a blog

Blogging is the most efficient way to increase web traffic online. They serve many purposes but are often used for informational content. Even Airbnb and Paypal use blog posts to attract visitors to their site.

Here are just a few ways blogs can improve SEO rankings for your site:

Drive organic traffic to your site: Incorporating long tail keywords into your posts can help bring new users into your site via Google.
Increase dwell time: Posts that have engaging content will keep users on your site longer.
Boost authority: Informational posts are often picked up by other sites who want to linkback to your site as a source.

Focus on quality over volume

When it comes to blog content, you want to ensure your posts offer users valuable information that’s helpful and relevant.Don’t post articles for the sake of filling up space on your site.

Instead, aim to solve customer problems by answering common questions they might have.

For example, a wedding planner might write a long form article titled “What does a wedding planner do?” to address a common query users search for.

Remember to focus on one primary keyword per blog post and scatter it throughout the text naturally. Combining words like “How”, “What” and “Why” with your keyword will make it sound more helpful for users and Google alike.

Ensure your posts are easy to read

You can make readability more convenient for your users by:

Using short sentences
Keeping paragraphs concise
Optimizing images for quicker page loads

This will allow users to quickly scan the text for information they need. Plus, it makes it easier for Google bots to crawl you site for ranking purposes.

Another best practise is to highlight important information by:

Adding bold text
Making bulleted points
Italicizing blocks of text

Google’s John Mueller confirmed that bolding important words in a paragraph can improve SEO.

It’s also useful for ecommerce sites to include links to priority products and category pages on relevant blog posts. Just remember to make it sound natural and not too spammy.

Continue to audit older posts

Do revisit your old blog posts on a regular basis and update or extend them when possible. Google hates inactive dusty sites and will reward sites with fresh new content.

Don’t forget that your blog posts must also include a title tag and meta description. Be sure you include your keywords in the meta data and that it is up-to-date with Google’s standards.

7. Optimize images

Close up of person holding glasses in outdoor setting — Photo by Josh Calabrese on Unsplash

Images are the second-most popular way to search online. They help users find what they’re looking for and serve as a visual guide in their buying journey.

But if you’re not optimizing your images before uploading, you might be missing out on valuable SEO rankings.

A couple of good ways you can improve SEO using images is so to:

Include alt text: Alt text (aka image alt or alt attributes) helps search engines understand what the image is about. It also helps with accessibility for users with screen readers and displays when browsers can’t process images correctly.
Compress images: This helps boost your on-page loading speed and can be done using Photoshop or by using a site like TingPNG before uploading.

Optimizing for both areas will make it easier for Google to crawl and decipher your site. But if you need a little more help with alt text, read the section below.

Key notes for writing alt text

Despite the latest advances in technology, search engine crawlers can’t see images like humans do. They must rely on the accompanying alt text to help them out.

One best practice for alt text is to keep it simple. These descriptions are meant be short and should include 125 characters or less (including spaces). There’s no need for gimmicks or extra filler worlds like “this is an image of …” Simply describe what the image is about in the most direct way possible.

Screenshot showing where to add image alt text in GoDaddy Website Builder — Screenshot showing where to add image alt text inside GoDaddy Website Builder.

For example, the alt text for the image above could be, “Close up of someone holding a pair of glasses.”

Image optimization made easy

GoDaddy’s Website Builder makes it easy to edit alt text on images. Simply click on an image insider the editor and write your alt text in the box designated for “Image description.”

You can also use GoDaddy’s Website Builder to automatically compress your images, along with any other large files you may have already uploaded.

8. Is your site mobile friendly?

Making your site mobile-friendly is an important factor for Google rankings. It’s a primary reason why mobile-first indexing was created and adds to the overall convenience for users on-the-go.

Users should be able to experience your website on a mobile or tablet device the same way they do on a desktop.

It needs to be easily accessible without needing to pinch or squeeze to view your content.

Wooden fence with sign that reads this way next to arrow pointing to the right — Photo by Jamie Templeton on Unsplash

Google’s Mobile-Friendly tool is a great way to test your website when optimizing for mobile devices. Or if you don’t want to hassle with checking yourself, GoDaddy’s Website Builder has standard built-in mobile responsiveness.

9. Submit your sitemap

A sitemap helps search engines crawl your website and index it faster. It consists of a file that contains all the URLs on your page, plus metadata that shows each one’s importance and the date they were last updated.

If you’re not using GoDaddy or a content management system (CMS) like WordPress, you’ll need to create one using a tool like XML sitemap generator.

Submitting your sitemap to Google is the last step in this process. You can do this by logging into your Google Search Console (GSC) account and entering it in the “Sitemaps” tab in the side bar.

Backlinko has a great step-by-step guide if you need extra help importing your sitemap link into your account.

10. Experiment with backlinking

Sometimes other websites will link to your site when they want to refer to you as a source of information. This is considered backlinking and it helps boost your authority when Google notices they are coming from relevant and reputable websites.

Another tactic is to partner with other websites in your industry and guest blog on their site. This allows you to share your expertise with similar audiences so that you can backlink and gain new leads.

It also helps to include links to other relevant blogs on your site whenever you find valuable information you can share with your audience.

Additionally, Google and major search engines consider a backlink from a site you don’t own as a vote for your business. Numerous studies suggest that backlinks from quality websites can help increase a site’s rankings and traffic.

11. Local business

Open sign hanging on store front window — Photo by Mike Petrucci on Unsplash

Local businesses can make use of additional opportunities in search engines with things like Google My Business (GMB). This allows brick and mortar or service businesses to reach local audiences in the surrounding area through rich search results.

In other words, your business can have a dedicated profile with Google that appears any time someone submits a query for relevant businesses in their area. It typically includes things like:

Your website’s URL address
Photos that highlight your business or services
Customer reviews and more

All of this info can be optimized to improve SEO and there are plenty of other distinct things to do to increase website’s traffic locally. You can find more information about local SEO with this handy guide from our blog.

12. Measure your success

Google Analytics (GA) is a free tool for monitoring website traffic from any source. Many digital marketers use it to collect insight on:

Target audiences
Website performance
Ad campaigns

However, it can be a bit intimidating if you’ve never used it before. GA contains a wide variety of reports and data that take time learning how to navigate.

It can also be a challenge to set it up, since it requires a bit of coding knowledge to get started.

To make things easier, GoDaddy’s Website Builder integrates with Google Search Console to track search engine performance for you. It also provides technical SEO suggestions to help improve your website.

Insight reports shown on GoDaddy Website Builder — Most GoDaddy Website Builder plans show traffic insights you can access within your account.

Most plans for GoDaddy’s Website Builder also include a simplified window inside the platform for essential organic performance. This makes is so there’s no need to log in anywhere else until you’re ready for more advanced steps. It’s a great launching point for beginners interested in learning more about GA.

Check out Google Analytics’ Analytics Academy playlist for more information.

Final takeaways

If you want to have a competitive edge in today’s online marketplace, you need to ensure your business is ranking on search engines. The best way to do that is to improve SEO on your site, so that search bots can crawl it and easily determine what your site is about.The more SEO-friendly your site is, the higher it’ll rank in search queries.

Users with GoDaddy’s Website Builder have the upper hand since it includes built-in benefits like:

Standardized mobile optimization
Automatic XML sitemaps that don’t need to be maintained
SSL certificate with HTTPS for data encryption
Access to Google Search Console

You also get the added benefit of 24/7 support in case you need extra help determining your next move. And you can even opt for additional plans (like GoDaddy’s SEO Services) to help boost your online presence even more.

Remember, improving SEO for your site is all about time and dedication. Now’s the time to jump in and capitalize on opportune moments that get your business noticed online.

Source :
https://www.godaddy.com/garage/how-to-improve-seo-fast/

Millions of Attacks Target Tatsu Builder Plugin

The Wordfence Threat Intelligence team has been tracking a large-scale attack against a Remote Code Execution vulnerability in Tatsu Builder, which is tracked by CVE-2021-25094 and was publicly disclosed on March 24, 2022 by an independent security researcher. The issue is present in vulnerable versions of both the free and premium Tatsu Builder plugin. Tatsu Builder is a proprietary plugin that is not listed on the WordPress.org repository, so reliable installation counts are not available, but we estimate that the plugin has between 20,000 and 50,000 installations. Tatsu sent an urgent email notification to all of their customers on April 7th advising them to update, but we estimate that at least a quarter of remaining installations are still vulnerable.

All Wordfence users with the Wordfence Web Application Firewall active, including Wordfence free customers, are protected against attackers trying to exploit this vulnerability.

We began seeing attacks on May 10, 2022. The attacks are ongoing with the volume ramping up to a peak of 5.9 million attacks against 1.4 million sites on May 14, 2022. The attack volume has declined but the attacks are still ongoing at the time of publication.

The following is a graph showing the total volume of attacks targeting the vulnerability in Tatsu Builder.

Graph showing attack volume against CVE-2021-25094

While the following is a graph showing the total number of sites being targeted by attackers trying to exploit the vulnerability in Tatsu Builder.

Description: Unauthenticated Remote Code Execution
Affected Plugin: Tatsu Builder
Plugin Slug: tatsu
Plugin Developer: BrandExponents
Affected Versions: < 3.3.13
CVE ID:CVE-2021-25094
CVSS Score: 8.1 (High)
CVSS Vector:CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Researcher/s: Vincent Michel (darkpills)
Fully Patched Version: 3.3.13

Indicators of Attack

Most of the attacks we have seen are probing attacks to determine the presence of a vulnerable plugin. These may appear in your logs with the following query string:

/wp-admin/admin-ajax.php?action=add_custom_font

The vast majority of attacks are the work of just a few IP addresses.

The top 3 attacking IPs have each attacked over 1 million sites:

148.251.183.254
176.9.117.218
217.160.145.62

An additional 15 IPs have each attacked over 100,000 sites:

65.108.104.19
62.197.136.102
51.38.41.15
31.210.20.170
31.210.20.101
85.202.169.175
85.202.169.71
85.202.169.86
85.202.169.36
85.202.169.83
85.202.169.92
194.233.87.7
2.56.56.203
85.202.169.129
135.181.0.188

Indicators of Compromise

The most common payload we’ve seen is a dropper used to place additional malware located in a randomly-named subfolder of wp-content/uploads/typehub/custom/ such as wp-content/uploads/typehub/custom/vjxfvzcd.

The dropper is typically named .sp3ctra_XO.php and has an MD5 hash of 3708363c5b7bf582f8477b1c82c8cbf8.

Note the dot at the beginning as this indicates a hidden file, which is necessary to exploit the vulnerability as it takes advantage of a race condition.

This file is detected by the Wordfence scanner.

What Should I Do?

All Wordfence users with the Wordfence Web Application Firewall active, including Wordfence free customers, are protected against this vulnerability. Nonetheless, if you use the Tatsu Builder plugin, we strongly recommend updating to the latest version available, which is 3.3.13 at the time of this writing. Please note that version 3.3.12 contained a partial patch but did not fully address all issues.

If you know anyone using the Tatsu Builder plugin on their site, we urge you to forward this article to them as this is a large-scale attack and any vulnerable sites that are not updated and not using some form of a Web Application Firewall are at risk of complete site takeover.

If you believe your site has been compromised as a result of this vulnerability or any other vulnerability, we offer Incident Response services via Wordfence Care. If you need your site cleaned immediately, Wordfence Response offers the same service with 24/7/365 availability and a 1-hour response time. Both these products include hands-on support in case you need further assistance.

Source :
https://www.wordfence.com/blog/2022/05/millions-of-attacks-target-tatsu-builder-plugin/

Massive WordPress JavaScript Injection Campaign Redirects to Ads

Our remediation and research teams regularly find malicious redirects on client sites. These infections automatically redirect site visitors to third-party websites with malicious resources, scam pages, or commercial websites with the intention of generating illegitimate traffic.

As outlined in our latest hacked website report, we’ve been tracking a long-lasting campaign responsible for injecting malicious scripts into compromised WordPress websites. This campaign leverages known vulnerabilities in WordPress themes and plugins and has impacted an enormous number of websites over the year — for example, according to PublicWWW, the April wave for this campaign was responsible for nearly 6,000 infected websites alone.

Since these PublicWWW results only show detections for simple script injections, we can assume that the scope is significantly larger.

Investigating Obfuscated JavaScript in WordPress Sites

We recently investigated a number of WordPress websites complaining about unwanted redirects. Interestingly enough, they were found to be related to a new wave of this massive campaign and were sending website visitors through a series of website redirects to serve them unwanted ads.

The websites all shared a common issue — malicious JavaScript had been injected within their website’s files and the database, including legitimate core WordPress files such as:

./wp-includes/js/jquery/jquery.min.js
./wp-includes/js/jquery/jquery-migrate.min.js

Once the website had been compromised, attackers had attempted to automatically infect any .js files with jQuery in the names. They injected code that begins with “/* trackmyposs*/eval(String.fromCharCode…”

However, it was clear that the attackers had taken some measures to evade detection and had obfuscated their malicious JavaScript with CharCode, as seen below.

Malicious JavaScript injection obfuscated with CharCode

Once deobfuscated, the true behavior of the injection emerged.

Deobfuscated malicious JavaScript redirects site visitors on page load

This JavaScript was appended under the current script or under the head of the page where it was fired on every page load, redirecting site visitors to the attacker’s destination.

Malicious Chain of Redirects

To accomplish these redirects, the malicious injection creates a new script element with the legendarytable[.]com domain as the source.

The code from the legendarytable[.]com domain then calls to a second external domain — local[.]drakefollow[.]com — which calls from links[.]drakefollow[.]com, redirecting the site visitor to one of many different domains including:

bluestringline[.]com
browntouchmysky[.]com
redstringline[.]com
whitetouchmysky[.]com
gregoryfavorite[.]space
gregoryfavorite[.]top
pushnow[.]net/

At this point, it’s a free for all. Domains at the end of the redirect chain may be used to load advertisements, phishing pages, malware, or even more redirects.

From a site visitor’s perspective, they’ll simply see the following malware page before landing on the final destination.

This page tricks unsuspecting users into subscribing to push notifications from the malicious site. If they click on the fake CAPTCHA, they’ll be opted in to receive unwanted ads even when the site isn’t open — and ads will look like they come from the operating system, not from a browser.

These sneaky push notification opt-in maneuvers also happen to be one of the most common ways attackers display “tech support” scams, which inform users that their computer is infected or slow and they should call a toll-free number to fix the problem.

Detecting Malicious JavaScript via SiteCheck

Client-side redirects are initiated by the site visitors’ browser once the infected web page has been loaded. Since this particular infection is found client-side, remote website scanners like SiteCheck can help scan a website and identify this malware.

Here’s an example of a SiteCheck results page for this specific campaign.

SiteCheck results for malicious Javascript injection

At the time of writing, PublicWWW has reported 322 websites impacted by this new wave for the malicious drakefollow[.]com domain. Considering that this count doesn’t include obfuscated malware or sites that have not yet been scanned by PublicWWW, the actual number of impacted websites is likely much higher.

Conclusion & Mitigation Steps

Our team has seen an influx in complaints for this specific wave of the massive campaign targeting WordPress sites beginning May 9th, 2022, which has impacted hundreds of websites already at the time of writing.

It has been found that attackers are targeting multiple vulnerabilities in WordPress plugins and themes to compromise the website and inject their malicious scripts. We expect the hackers will continue registering new domains for this ongoing campaign as soon as existing ones become blacklisted.

If you believe that your website has been infected with malicious JavaScript or you have found unwanted redirects to spam or ads on your site, you can use our free remote website scanner to detect the malware.

Website owners who have identified malware on their website can leverage the instructions found in our hacked WordPress cleanup guide — and, as always, we’re happy to help clean up an infection if you need a hand.

Source :
https://blog.sucuri.net/2022/05/massive-wordpress-javascript-injection-campaign-redirects-to-ads.html

ShieldPRO 15.0 Upgrade Guide

ShieldPRO 15.0 for WordPress is a major release.
We’ve taken steps to improve the Shield Security Dashboard navigation menu and the Overview section UI making it much easier to secure your WordPress site by quickly identifying areas of improvement. Also, the original WordPress Admin Dashboard widget was pretty basic, so we’ve completely revamped it with some of your latest site activity. This guide outlines what have been added/removed, changed, or improved and what fixes we’ve made.

Firstly, we’re going to explain what major changes are made and which options you’d need to review.

New Added Features

For 15.0 release we added

Block Username Fishing option

This feature is now a Bot Signal which is recorded in the Activity Log and triggers offenses.

You can use this option to block the ability to discover WordPress usernames based on author IDs. When enabled, any URL requests containing “author=” will be killed.

This option is accessible from within WP Lockdown module > Obscurity:

Security Rules Engine

The new Security Rules Engine is the new foundation of how Shield will handle security for nearly all WordPress requests. It’s accessible from within the main navigation menu > Tools section.

This article outlines what brought this about, what the Rules Engine is and does, and how it will inform future development and our approach to WordPress Security.

Changes

Change 1: All-New Security Overview page

We’ve broken up the plugin into 7 key areas and gathered configuration options and conditions of the site under each one. We give each component a weighted score and calculate an overall percentage.

You can see your score within each area and click “Analysis” to get a clear breakdown of what constitutes that score.

Example, Site Scanning area:

Change 2: All-New Dashboard WidgetSimilar to the Security Overview we offer some visibility to the workings of the Shield plugin right on the WordPress Dashboard, using the built-in widget area.Currently it shows your

security overview progress
recently blocked IPs
recent offending IPs
recent user sessions
jump links to key plugin areas

Change 3: New Template-Based Block Pages

When triggering the Shield defenses, Shield now provides a much more visitor-friendly block page that outlines exactly what’s happened. It’ll provide details of why the block occurred and what the visitor can do about it. Please see below examples of the new blocking pages.

General IP Blocking Page (non-logged in users)

General IP Blocking Page (logged in users)

Firewall Blocking Page

Username Fishing Blocking Page

Change 4: Audit Trail (now renamed to Activity Log) and Traffic Log: Direct access to the IP analysis

In the previous plugin release, when you click an IP address from within Audit Trail or Traffic Log, you were directed to the IP Analysis page in a separate tab.

Now, you can analyse IP directly from within Audit Trail (Activity Log) Traffic Log. Please see below examples.

From Within Audit Trail (Activity Log)

From Within Traffic Log

Change 5: Option Removed: Legacy Comment SPAM Detection

We’ve completely removed the older, less reliable comment spam detection using Javascript and CAPTCHAs. Please use the newer AntiBot Detection Engine. Change 6: Option Removed: Auto-Filter Scan ResultsShield will now filter unnecessary scan results automatically.

This option can now be adjusted using a WP filter. Change 7: Deprecated: Options For CAPTCHA and GASP Bot Checking On WordPress Login FormsThe options to use CAPTCHA and/or GASP Bot Checking for WordPress Login SPAM has been deprecated. These options are replaced with the AntiBot Detection Engine and will be completely removed in a future release.

Change 8: Audit Trail Renamed to Activity Log

Improvements

For 15.0 release we’ve made the following improvements

Improved Plugin Navigation
This release brings further enhancements in this area – the new dynamic page loading and smoother navigation.
Improved Visitor IP Source Detection
We’ve built a Javascript utility which will determine your best visitor IP source. This should, hopefully, solve this problem of everyone going forward, even if your host is badly configured (there are many such hosts!).
Massive Performance Optimisations
As part of our new approach to security with the Security Rules Engine, we’ve taken the opportunity to rip out legacy code and optimise many other areas. We’ve eliminated unnecessary MySQL queries and redesigned core components to be more efficient with how they store data.
New Filters: Adjust scanner notices about plugin/theme update/active status
You can now use filters to adjust whether Shield warns about inactive plugins/themes or those with updates.
A New WP Filter To Add Custom Shield Template Directory
If you’re looking to adjust some of our page templates, such as the block pages, you can now provide custom templates more easily using the new filter.
Option Removed: XML-RPC bypass option, under the General settings:

This option can now be adjusted using a WP filter.

Fixes

For 15.0 release, we’ve made the following fixes

15.0 release
- Broken password reset links in some cases when using hidden login page
- Help ensure forward compatibility for sites with newer TWIG libraries also installed
- Fix for some scan results browsing errors

For more information on Shield 15.0 release, read this blog article here.

Source :
https://help.getshieldsecurity.com/article/461-shieldpro-15-0-upgrade-guide

Microsoft Azure Vulnerability Exposes PostgreSQL Databases to Other Customers

Microsoft on Thursday disclosed that it addressed a pair of issues with the Azure Database for PostgreSQL Flexible Server that could result in unauthorized cross-account database access in a region.

“By exploiting an elevated permissions bug in the Flexible Server authentication process for a replication user, a malicious user could leverage an improperly anchored regular expression to bypass authentication to gain access to other customers’ databases,” Microsoft Security Response Center (MSRC) said.

New York City-based cloud security company Wiz, which uncovered the flaws, dubbed the exploit chain “ExtraReplica.” Microsoft said it mitigated the bug within 48 hours of disclosure on January 13, 2022.

Specifically, it relates to a case of privilege escalation in the Azure PostgreSQL engine to gain code execution and a cross-account authentication bypass by means of a forged certificate, allowing an attacker to create a database in the target’s Azure region and exfiltrate sensitive information.

In other words, successful exploitation of the critical flaws could have enabled an adversary to gain unauthorized read access to other customers’ PostgreSQL databases, effectively circumventing tenant isolation.

Wiz traced the privilege escalation to a bug stemming as a result of modifications introduced in the PostgreSQL engine to harden its privilege model and add new features. The name ExtraReplica comes from the fact that the exploit leverages a PostgreSQL feature that permits copying database data from one server to another, i.e., “replicating” the database.

The Windows maker described the security vulnerability as affecting PostgreSQL Flexible Server instances deployed using the public access networking option, but stressed that it did not find evidence of the flaw being actively exploited and that no customer data was accessed.

“No action is required by customers,” MSRC said. “In order to further minimize exposure, we recommend that customers enable private network access when setting up their Flexible Server instances.”

Source :
https://thehackernews.com/2022/04/microsoft-azure-vulnerability-exposes.html

How to Defer Parsing of JavaScript Properly + WordPress Fix [Updated Guide]

Learn how to Defer Parsing of JavaScript to improve pagespeed score. And how you can fix ‘Eliminate render-blocking of JavaScript’ warning in Google PageSpeed Insights by deferring non-critical JavaScript(s). The newer version of Google PageSpeed Insight refers to this issue as ‘Eliminate render-blocking resources’; these render-blocking resources may include JavaScripts and CSS.

In this article, I will cover what is defer parsing of JavaScript, how to defer parsing of JavaScript properly, why you should defer parsing JavaScript, how to find render-blocking JavaScript(s) which are to be deferred, how to defer multiple JavaScripts in one go, how you can defer parsing of JavaScript in WordPress with or without plugin and how does deferred loading of JavaScript help to speed up your website?

how to defer parsing of javascript in wordpress - how to defer parsing javascript — How to Defer Parsing of JavaScript

In a nutshell, we’ll eliminate render-blocking JavaScript(s) not by actually removing (deleting) them from the website code but by defer loading them. So that they stop blocking the loading (rendering) of meaningful content (the first paint) of the website.

These terms (the above terminology) might be overwhelming for you at first, especially if you’re not a tech guy.

But, don’t worry about that!

I am going to explain everything step by step in simple words. So that you can proceed at your pace and implement the methods to fix ‘Eliminate render-blocking resources’ on your website/blog.

Table of Contents [hide]

What is Defer Parsing JavaScript

A web page is made of up several components which include HTML, CSS/Stylesheets, JavaScript, and graphical (images & icons) components etc. These components are stacked one over another in the code structure of the web page.

When a user types your website URL in the web browser’s address bar and hit enter. The browser first establishes the connection with the server on which your website is hosted.

Once the connection is established, the browser starts rendering the components of the webpage to display the web page.

A2 Hosting - 72% OFF on Turbo (Up To 20X Faster) Hosting

The browser renders the components serially from the top towards the bottom of the webpage. That means what comes first rendered first and so on.

When the browser encounters JavaScript on a web page, it downloads the JavaScript, executes it, and then proceeds to render the next component. So during this time browser stop rendering the rest of the web page.

Every time the browser encounters JavaScript, it stops rendering the rest of the webpage until it renders and executes the encountered JavaScript.

That’s how JavaScript blocks the critical rendering path.

To avoid this situation, Google Engineers recommend deferring non-critical JavaScript.

The question still remains the same, What is Defer Parsing of JavaScript?

Defer Parsing of JavaScript can be defined as the process of using defer or async attribute with JavaScript to avoid render blocking of the first paint of a web page. These attributes tell the web browser to parse and execute the JavaScript in parallel (asynchronously) or after (defer) the parsing of HTML of a web page. Thus, the visitors need not wait longer to see the meaningful content of the web page.

Difference between defer or async

Now you know that there are two attributes – defer or async; that can be used to defer javascript loading.

Before we talk about the difference between defer and async, let’s see how does <script> tag works.

Legend

<script>

When we use <script> tag to add script in our code, the HTML is keep parsing till the script file is reached, then onwards parsing will be paused until the script file is downloaded and executed.

Suitability: Not recommended in most cases.

<script defer>

When defer attribute is appended with script tag, the script file is downloaded alongside the HTML parsing but the downloaded script executes only after the completion of HTML parsing.

Suitability: For non-critical script files.

<script async>

When async attributed is used with script tag, the script file downloads during HTML parsing, then HTML parsing pauses just to execute the downloaded-script file.

Suitability: For critical script files that cannot be inline.

Defer loading of JS & PageSpeed Insights recommendation

Let’s try to put this in a perspective with Google PageSpeed Insights warning and recommendation.

When you test, a website using Google Pagespeed Insights Tool, you get some warnings and recommendations to fix those warnings/errors.

Google PSI - Render blocking resources - JavaScripts to be deferred — Google PSI – Render blocking resources – JavaScripts to be deferred

The PageSpeed Insights (PSI) text for render-blocking resources says,

Eliminate render-blocking resources.

Resources are blocking the first paint of your page. Consider delivering critical JS/CSS inline and deferring all non-critical JS/styles.

This warning triggers for two different elements i.e. JavaScript (JS) and CSS when any of them block the critical rendering path ¹ during the website loading. Here in this article, we are discussing the JavaScript part.

(In the previous version of PageSpeed Insights Tool, the same warning (for the JavaScript) used to be called ‘Eliminate render-blocking of JavaScript’.)

In simple words, this warning triggers when there are some JavaScript(s) loading on your website which blocks the loading of the content that matters most to your visitors.

This means your visitors have to wait longer to see the meaningful content of your website because JavaScript(s) are blocking the rendering of content.

Clearly, Pagespeed Insights or other site speed testing tools (GTMetrix, etc.) show this warning/error, if your site loads some JavaScript(s) that block the loading of meaningful content (the first paint) of your site.

And this needs to be fixed.

Critical vs Non-critical JavaScript: Explained

As Google PageSpeed Insights (PSI) recommendation says you should deliver critical JS inline and defer all non-critical JS.

What does this mean?

Let’s break that down by terminology.

Critical JavaScripts: JavaScripts that are necessary to load during optimized critical rendering.

Non-critical JavaScripts: Those JS that can wait to load until the first meaningful content (the first paint) of the webpage has loaded.

Inline Delivery: Inline delivery refers to loading a resource (in this case JS) within the HTML code instead of calling/importing that separately.

Curious? Why does JavaScript block the critical rendering path in the first place?

We’ll discuss that in the next section with other reasons why you should Defer JavaScript Parsing.

Do you know? how to

Why You Should Defer Parsing of JavaScript

JavaScript Execution: is a Heavier Task

How does JS Affect SiteSpeed?

First of all, JavaScript(s) is one of the major culprits to make your website slow.

Wondering, why is that?

Because when the web browser comes across a script, it executes the script first before continuing to load HTML that includes the content users are looking for.

For a browser, executing JavaScript is a heavier task (depending on the size of the script) and takes more time as compared to rendering the meaningful content (the first paint) of the webpage.

Hence JavaScript affects the critical rendering path and slows down pagespeed of your website.

Why not defer this heavier task of JS execution so that the critical rendering path remains uninterrupted, right?

Pagespeed: is now a Ranking Factor

Site speed has already become a ranking signal.

About a decade ago Google announced ² in an official blog post on Google Webmaster Central Blog that site speed has become a ranking signal.

In another blog post published on the Official Webmaster Central Blog in 2018, they revealed ³ that Google started using page speed as a ranking factor in mobile search ranking.

Since Google had declared pagespeed a factor in search result rankings for desktop and mobile. Therefore, site speed optimization has become a significant aspect of technical SEO.

For the same reason, Google PageSpeed Insights Tool recommends deferred parsing of JavaScript as one of the solutions ⁴ to remove render-blocking JavaScript in above-the-fold content.

User Experience: decides Your Site’s Success

How does JavaScript affect user experience (UX)?

We have already discussed that JavaScript(s) slow down the pagespeed by blocking the rendering of first paint (the meaningful content). That led to more loading time and a longer wait for users to see the content; bad user experience, right.

Speed matters a lot, the truth is users do not like slow-loading websites. In fact, studies show that the users leave a slow loading site early and move on.

On the contrary, you want your website audience to engage with your site and eventually turn into a customer, subscriber, or ad-viewer. In order to make that happen, you need to improve your pagespeed by deferring non-critical JavaScript(s).

Reasons to Defer Loading of JavaScript: Summing it up

As I mentioned above, however, the parser (browser) starts downloading and executing the script over parsing the rest of HTML, whenever it encounters the script.

But the fact is, most of the JavaScript(s) come into use when the complete web page is loaded. For example, in some animation, effect, or functionality, etc.

Therefore, it is a good idea to load JavaScript(s) only after the content has loaded.

This way deferred loading of JavaScript does not affect the critical render path and consequently helps to speed up your website. And hence, a better user experience for your readers.

And by making your site load faster, you also improve your search ranking on desktop as well as mobile.

Do you know, good web hosting is a must for better pagespeed?
If you are already using good web hosting?
Awesome, let’s skip to defer parsing of JavaScript.
Not sure? whether your hosting is as good as your website deserves, don’t worry. We recommend Cloudways and Kinsta Hosting for better sitespeed.
Read our Kinsta Review.

Now, since you have an understanding of what is defer parsing of JavaScript and why you should defer loading of JavaScript(s).

It is a good time to figure out which JavaScript(s) (on your website) are the culprits and need to be deferred.

If you already know which JavaScript(s) on your website are blocking the critical rendering path, you may skip the following section and jump to the implementation part. Otherwise, keep on reading…

How to Find Render-blocking JavaScript(s)

JavaScript(s) which block the rendering of meaningful content are called ‘Render Blocking JavaScript(s)’ and need to be deferred.

You can find render-blocking JavaScript(s) by analyzing your website using site speed testing tools.

There are several pagespeed testing tools available to analyze a website for site speed and loading time. I am sharing with you the most reliable and trusted tools for pagespeed testing.

Test your site using these tools and note the results of these tools so that you can compare the results before and after implementing defer parsing of JavaScript(s).

1. PageSpeed Insights by Google

Google PageSpeed Insights (PSI) is an exclusive pagespeed testing tool by Google. Test your website using Google PSI Tool to find out render-blocking JavaScript(s). PageSpeed Insights Tool results give information about warnings and their solutions/fixes.

2. GTmetrix

GTmetrix - Speed and Performance Test Tool — GTmetrix – Speed and Performance Test Tool

This one (GTmetrix) is another good free tool to test site speed. You can test your site with GTmetrix to know which JavaScripts need to be deferred.

3. Pingdom Tools

Solarwinds’ Pingdom Tools are also very popular when it comes to site speed testing tools. You can test your site using Pingdom Tools to check the number of JS requests on your site and how much they contribute to the total number of requests.

Now you know which JavaScript(s) are making your site slow and need to be deferred. So, let’s see how to fix this issue by deferring non-critical JavaScript(JS).

Test Results: Before Defer Parsing of JavaScript

I have tested a website before implementing defer parsing of JavaScript. Consider these a baseline and compare these results after deferred loading of JavaScripts.

Pagespeed Insights Result before Defer Parsing of JS

GTmetrix Result before Defer Parsing of JS

How to Defer Parsing of JavaScript [Step by step]

You need to use the following code to defer parsing JavaScript. Insert this code in HTML file just before the </body> tag. Read the instructions given below to use this script.

< script type="text/javascript">
function parseJSAtOnload() {
var element = document.createElement("script");
element.src = "script_to_be_deferred.js";
document.body.appendChild(element);
}
if (window.addEventListener)
window.addEventListener("load", parseJSAtOnload, false);
else if (window.attachEvent)
window.attachEvent("onload", parseJSAtOnload);
else window.onload = parseJSAtOnload;
</script >

Instructions for Defer Parsing JavaScript using the script

Don’t forget to take a complete backup before making any changes in the code. If something went wrong, you can use that backup to go back.

Copy the code and paste it in HTML file just before the </body> tag (near the bottom of HTML file).
Replace script_to_be_deferred.js with the link of the JavaScript which is to be deferred. You can copy the link of JavaScript(s) (which Google PageSpeed tool suggests to defer) from Google PageSpeed Insights tool results for your website.
Save changes. And you are done.
Finally, test your website again to see the effect.

Code to Defer Multiple JavaScripts in One-go

If you want to defer multiple scripts in one go. You can use the same script with little modification. In the following code replace defer1.js, defer3.js, and defer3.js, etc. with the link of scripts that you want to defer.

 < script type="text/javascript">
function parseJSAtOnload() {
var links = ["defer1.js", "defer2.js", "defer3.js"],
headElement = document.getElementsByTagName("head")[0],
linkElement, i;
for (i = 0; i < links.length; i++) {
linkElement = document.createElement("script");
linkElement.src = links[i];
headElement.appendChild(linkElement);
}
}
if (window.addEventListener)
window.addEventListener("load", parseJSAtOnload, false);
else if (window.attachEvent)
window.attachEvent("onload", parseJSAtOnload);
else window.onload = parseJSAtOnload;
</script >

How to Defer Parsing of JavaScript in WordPress

You can defer parsing of JavaScript in WordPress by following methods:

Using WordPress Plugins (with a plugin) – suitable for all plugin lovers.
Adding a Code Snippet to function.php file – suitable for those who are used to playing with code and editing files in WordPress. – without plugin method #1
Using the Script mentioned above – suitable for geeks who don’t want to use a plugin. – without plugin method #2

1. Defer Parsing of JavaScript using WordPress Plugin

There are several WordPress plugins available to defer parsing of JavaScript in WordPress, I am listing the best plugins that stand out in the crowd because of their performance and reliability.

Obviously, the process of installing and activating any of the following plugins remains the same.

If you’re not sure about the process of installing a WordPress plugin, you can refer this beginner’s guide to learn different methods of installing a plugin in WordPress.

#1.1 Async JavaScript Plugin

If you want a standalone plugin to defer parsing of JavaScript, Async JavaScript should be your pick.

This tiny plugin offers all necessary settings to tweak deferred loading of JS in WordPress.

HOW TO USE ASYNC JAVASCRIPT PLUGIN: SETTINGS & USAGE GUIDE

Steps to defer parsing of javascript in WordPress using a plugin:

Navigate to WordPress Dashboard > Plugins > Add New.
Search Async JavaScript Plugin in the plugin repository.
Install and activate Async JavaScript Plugin.
Head-over to WordPress Dashboard > Settings > Async JavaScript.
Go to Settings tab of Async JavaScript Plugin.
Check the box against ‘Enable Async JavaScript’ option and save changes to start deferring Javascript in WordPress.
There are other options as mentioned below; You can tweak the relevant option as per your need.

enable asyns js for logged-in user
on cart/check out pages
quick settings
async javascript method
jQuery
scripts to Async
scripts to Defer
script Exclusion
plugin exclusions
theme exclusion

Async Javascript Plugin - Defer JS WordPress — Async Javascript Plugin – Defer JS WordPress

#1.2 Defer Parsing of JavaScript Setting in WP Rocket Plugin

WP Rocket is a power-pack of features when it comes to WordPress speed optimization.

You can easily defer loading of javascript using WP Rocket to speed up your site.

Steps involved to enable defer loading of JS using WP Rocket plugin:

Install and active WP Rocket plugin.
Go to WP Dashboard > Settings > WP Rocket.
Under File Optimization enable Load JavaScript deferred option and save changes.
Now test your site to check results.

Load JavaScript deferred - WP Rocket — Load JavaScript deferred – WP Rocket

DO WE USE WP-ROCKET?

Hell, YES!

You can read, how we got load time under 1s using WP Rocket.

#1.3 Defer Parsing of JavaScript: W3 Total Cache

You can defer JavaScript loading in WordPress using W3 Total Cache plugin.

Steps to defer parsing of JavaScript using W3 Total Cache WordPress plugin:

Head-over to WordPress Dashboard > Plugins > Add New.
Search W3 Total Cache in the plugin repository.
Install and activate W3 Total Cache plugin.
Go over WP Dashboard > Performance (W3 Total Cache Settings) > Minify.
Scroll down to JS minify settings. You will see settings like shown in the image below.
Check/select options as shown in the image below. Click Save all settings and you are done.
Test your site using pagespeed test to see the results.

Defer JavaScript - W3 Total Cache — Defer JavaScript – W3 Total Cache

#1.4 Defer Loading of JavaScript in LiteSpeed Cache Plugin

LiteSpeed Cache is an amazing optimization plugin for LiteSpeed server hosting. But the general features of this plugin can be utilized on any server like LiteSpeed, Apache, NGINX, etc.

Steps to defer parsing of javascript in LiteSpeed Cache plugin:

Go to WP Dashboard > Plugins > Add New.
Search Litespeed Cache in the plugin repository.
Install and activate LiteSpeed Cache plugin.
Navigate to WP Dashboard > LiteSpeed Cache > Page Optimization > JS Settings.
Scroll down to Load JS Deferred And turn it ON and save changes.
Now test your website using pagespeed tool to check the result.

Load JS Deferred – LiteSpeed Cache Plugin

#1.5 Defer Parsing of JavaScript using Swift Performance Plugin

Swift Performance plugin has become a well known name in the speed optimization category. Their free version is called ‘Swift Performance Lite’.

The process to delay loading of JS in WordPress using Swift Performance:

Head-over to WP Dashboard > Plugins > Add New.
Search Swift Performance Lite in the plugin repository.
Install and activate Swift Performance Lite
Navigate to WP Dashboard > Tools > Swift Performance > Settings > Optimization > Scripts.
Enable the option called Merge Scripts. Once you enable it, other related options will appear.
Now add the scripts to be deferred under the option called Deferred Scripts and Save changes.
Finally, test your website using speed test tool to see the result.

Deferred Scripts setting - Swift Performance Plugin — Deferred Scripts setting – Swift Performance Plugin

#1.6 Defer Parsing of JavaScript in WordPress using Speed Booster Pack

Speed Booster Pack also offers deferred loading of javascript out of the box.

Step by step procedure to enable defer loading of js in Speed Booster Pack plugin:

Go to WordPress Dashboard > Plugins > Add New.
Search Speed Booster Pack in the plugin repository.
Install and activate Speed Booster Pack plugin.
Navigate to WP Dashboard > Speed Booster > Assets.
Scroll down to the option called Optimize JavaScript. Under this option choose Defer for deferred loading of JS.
Save changes and you’re done.
Now, test your site using pagespeed test tool to check the result.

Defer Javascript - Speed Booster Pack Plugin — Defer Javascript – Speed Booster Pack Plugin

#1.7 Defer Parsing of JavaScript: Autoptimize

Autoptimize another good plugin to optimize WordPress speed. This plugin also offers the option to defer load JS in WordPress.

Step by step process to defer parsing javascript using Autoptimize:

Navigate to WordPress Dashboard > Plugins > Add New.
Search Autoptimize in WordPress plugin repository.
Install and activate Autoptimize plugin.
Go to Dashboard > Settings > Autoptimize > JS, CSS & HTML.
Under JavaScript Options enable Optimize JavaScript Code and,
Then enable Do not aggregate but defer option and save changes.
Now Empty Cache and test your site using speed test tool to see the result.

Defer Javascript Loading - Autoptimize — Defer Javascript Loading – Autoptimize

#1.8 WP Fastest Cache to Defer Parsing of JavaScript

You can eliminate render-blocking JavaScript resources using WP Fastest Cache plugin. But this feature is available with the premium version only.

2. Defer JavaScript Parsing in WordPress via functions.php file

Yes, you can defer parsing of JavaScript in WordPress by adding a code snippet to function.php file.

This is one of the methods that you can use to Defer Parsing of JavaScript in WordPress without using a plugin.

As I have mentioned above this method is suitable for people who are comfortable with code editing in WordPress.

You might be thinking, but why?

First of all, functions.php is an important theme file. That means you might end up breaking your site easily if anything went wrong with the editing of functions.php file.

Also, there are different versions of the code snippet on the web to fix defer parsing of JavaScript in WordPress via functions file. Unfortunately, not all the code snippets work fine.

So you should be careful while using a code snippet to defer loading of JavaScript.

How to Edit functions.php File Safely

I always recommend using a child theme in WordPress in order to avoid code editing mess.

Because while editing the code, even if you miss a single comma (,) semicolon (;) or any other symbol/syntax, your website will break completely or partially. And you have to make extra efforts to recover the site.

If you’re not using a child theme, learn how to use a child theme in WordPress and its benefits.

For any reason, if you don’t want to implement a child theme now, you can use this plugin to add code to functions.php file of your theme without editing the original file.

Step by step process to Defer Parsing JavaScript in WordPress via functions.php

Take a complete backup before making any changes to the code.

I assume that you’re using a child theme. If you’re not, first create and activate a child theme to any trouble because of theme file editing.

Go to your WordPress Dashboard > Appearance > Theme Editor
Select/open functions.php file (of child theme) from theme files.
Paste the code snippet given below at the end of functions.php file.
You can specify JS files to exclude from defer in the array (‘jquery.js’).
Finally, click Update File to save changes. That’s all.

The code snippet is to be pasted in functions.php file.

// Defer Parsing of JavaScript in WordPress via functions.php file
// Learn more at https://technumero.com/defer-parsing-of-javascript/ 

function defer_parsing_js($url) {
//Add the files to exclude from defer. Add jquery.js by default
    $exclude_files = array('jquery.js');
//Bypass JS defer for logged in users
    if (!is_user_logged_in()) {
        if (false === strpos($url, '.js')) {
            return $url;
        }

        foreach ($exclude_files as $file) {
            if (strpos($url, $file)) {
                return $url;
            }
        }
    } else {
        return $url;
    }
    return "$url' defer='defer";

}
add_filter('clean_url', 'defer_parsing_js', 11, 1);

The above code snippet is using defer attribute to defer parsing of JavaScripts. You can replace the defer attribute with async attribute to parse JavaScript asynchronously. You can read more about async attribute and other methods to fix render-blocking JavaScript.

3. Defer Parsing of JavaScript without WordPress Plugin – Script Method

The script method explained above can be used in WordPress to defer loading of javascript. In WordPress, the above-mentioned code can be placed in HTML file just before the </body> tag using hook content option.

Most of the popular WordPress themes come with hook content provision. If you are not using the hook content option or it is not available in your theme. Then, either you can use a WordPress plugin to add the script to WordPress footer before </body> tag or you can place the script in the footer file just before the </body> tag manually.

Facing any difficulty adding the script in WordPress footer? Check out our detailed guide, to learn how to add code in WordPress header and footer easily.

Steps to defer load javascript in WordPress without using a plugin:

Copy the code and paste that before the </body> tag (using a plugin or built-in theme hook) .
Now replace script_to_be_deferred.js with the JavaScript to be deferred.
Save changes and you’re done.
Clear the cache, if there is any.
Test your website again to see the result.

Test Results: After Defer Parsing of JavaScript

The following are the test results after defer loading of JavaScript.

PageSpeed Insights Result after fixing Defer Parsing of JavaScript

GTmetrix result after implementing Defer Parsing of JavaScript

Wrapping it up

Other than defer parsing of JavaScript, you can also use async attribute or inline JavaScript to remove render-blocking JavaScript. I have covered async attribute or inline JavaScript in another blog post, read that article here. In that article, I have also mentioned a few useful WordPress plugins to defer parsing JavaScript.

Although WordPress plugins are available to defer parsing of JavaScript. The above-explained script method is considered more appropriate by several experts and webmasters. But the people who use WordPress know that using a WordPress plugin is like bliss.

I hope this guide will help you to defer parsing of JavaScript. Let me know, which technique you use to defer parsing of JavaScript. If you are facing any problem implementing the above methods or have a question. Let me know via the comment section. I will be happy to answer.

Cheers!

Source :
https://technumero.com/defer-parsing-of-javascript/