What is site health tool and how can it help me?
Site Health is an optimization tool for your website, but what exactly does it optimize? Some serious aspects of every website are performance and security. Performance refers to the speed in which web pages are downloaded and displayed on the user’s browser. On the other hand, security can be a set of measures which protect websites from malicious attacks. Those two critical aspects can now be covered on a basic level from Site Health. Site Health comes with the WordPress installation and it is available at the Tools section of your Dashboard.
-Is it automated? Well, no.
There are some things you have to do in order to be fully protected and optimized. No worries though, at the end of this article you will have all the useful information you need to make your website fast and secure.
Let’s check your site’s health
By opening the Site Health Tool, you will get two options on top, the Site Health Status and Info. Under Status you have a summary of what tests your site has passed, what problems were detected and their severity. Under Info you have all the available information of your WordPress installation and some of its components, such as PHP version that your server uses, sizes of directories, active/inactive themes, plugins, e.t.c.
In this guide, we will focus on Site Health Status. As mentioned above, Site Health evaluates your site on security and performance. We will group and analyze one by one all of the existing attributes, let’s begin, shall we?
- Does your website have the latest WordPress version? If you want to be secure your website must always be up to date, from minor to major releases. And remember, before any update, a backup is welcome.
- PHP is a programming language, it is used to build and maintain WordPress. WordPress is pushing users to upgrade their version of PHP in their servers for a robust and faster website. You may not see an instant performance improvement on your website but this upgrade is quite serious for performance and security reasons. In order to upgrade your PHP version you should connect to your hosting admin panel (Plesk or cPanel) and upgrade it from there or contact your host’s support.
- Up to date SQL server increases the performance of the whole website, because SQL databases are a major pillar of every WordPress installation. SQL databases administrate your website’s content and settings.
- Some WordPress functions or plugins may require extra PHP modules in order to work right, those required and recommended PHP modules have to be installed.
- UTF8MB4 is supported. UTF8MB4 is a database storage attribute which is used by databases that makes sure your site can store non-English text and other strings (for instance emoticons) without unexpected problems.
- Scheduled events are specific functions or/and cron jobs which are executed on specific time or with specific triggers. These scheduled events may be malfunctioning for various reasons and Site Health Status will help you troubleshoot them.
- Working HTTP requests. The Hypertext Transfer Protocol (HTTP) is designed to enable communications between clients and servers. Supposing that a browser is the client and the server that hosts your page is the server, those two entities have to communicate properly.
- REST API availability. A RESTful API is an application program interface (API) that uses HTTP requests to administrate data. In general, REST technology provides web services faster than the typical HTTP request – response model.
- Loopback requests are used to run scheduled events, and are also used by the built-in editors for themes and plugins to verify code stability.
- Only running active themes and plugins. But why, what dos this mean? If a theme or plugin is not maintained by its author, or if the site administrator does not keep it up to date, it could become a potential security risk. To avoid this, it is recommended to uninstall any themes or plugins you are not actively using, and keep the rest up to date.
- HTTPS connection is gradually becoming a must on the web. HTTPS is the HTTP protocol with an ‘s’ which refers to the word secure. This extra level of security makes all the communications between your browser and the website encrypted.
- Secure communication between servers is needed for transactions such as fetching files, conducting sales on store sites, and much more.
- Debug mode provides useful information for a website, e.g. errors, warnings, notices to developers but it can also be used as a tool to find vulnerabilities for possible attacks. So after its use, it would be better if it’s turned off.
- Communicating with the WordPress servers is used to check for new versions, and to both install and update WordPress core, themes and plugins.
- Background updates ensure that WordPress can auto-update if a security update is released for the version you are currently using.
To sum up, Site Health is a good tool for monitoring and fixing some aspects of security and performance but it’s not a complete solution. There are many more features to check on a website and tools which aim specifically on performance or security.
Some plugins you can check for your website’s security are iThemes security or WordFence, but those require a bit more studying on web security in order to not make any wrong moves which may passively harm your website. Also, if those words sound familiar to you, caching, minifying, CDN, e.t.c. you are on the right track of getting involved with performance. Some plugins you can try for optimizing your website’s performance are: WP Rocket, Hummingbird & Autoptimize.