The idea for this post came up in [this thread](https://www.reddit.com/r/Wordpress/comments/1cpme25/mods_can_this_subreddit_implement_a_minimum_karma/) by u/**wiz** to avoid the number of similar questions we get around here and to serve as a megathread for any/all questions of a similar nature. I will collate any and all valuable information by other users and update this thread as we go. Seasoned users please pitch in with anything that should be included.
Many thanks to u/BlueSix for assisting in putting this together.
What’s covered:
* The .COM vs .ORG Issue Hosting – Where should I host?
* Performance – Why is my site slow / Pagespeed Score Appalling?
* Building Your WordPress Site: Is X builder better than Y? What is the best theme? Etc.
* Updates
* Backups
* Security
* Hacks/Malware: Err guys help, there’s some weird stuff on my front end.
* Resources To Learn WordPress
* Where to find plugins/add feature X?
* I found a plugin that costs $50 for $5 on a “GPLDL” source, is it safe to use?
# The .COM vs .ORG issue
This one is probably the single most asked question in this sub. Why can’t I do x,y,z?, Why do I have to pay more to install a plugin or edit a theme? Etc.etc. There are literally 100’s of threads about this. If you want more info please search the sub for [wordpress.com](http://wordpress.com) or [read this thread](https://www.reddit.com/r/Wordpress/comments/rremcd/the_difference_between_wordpress_com_and_org/) by u/summerchilde
To summarise:
Wordpress is free, open source software which can be found at [wordpress.org](http://wordpress.org/).
Think of [wordpress.com](http://wordpress.com/) as a host that is using .org’s software and has various functionality locked behind pricing tiers.
What you want to do is get your own cheaper hosting and self install and manage wordpress so you don’t have any restrictions at base software level.
# Hosting – Where should I host?
The next big question is who is a good host? This is better suited for r/webhosting.
Having said that, there are plenty of different hosts to choose from. Shared web hosting is the cheapest but comes with the caveat that performance is shared with others on your same server. Dedicated, VPS and Cloud solutions are faster but more expensive.
The thing to remember here is performance is directly tied to price and you get what you pay for.
The most recommended hosts around here that I’ve seen are Digital Ocean, Cloudways and Siteground. Again, for specific hosting questions you will get better support at r/webhosting
# Performance – Why is my site slow / Pagespeed score apalliang?
# #1 Hosting
Most of the time it’s just bad hosting. As mentioned earlier, cheap shared hosting is notorious for bad performance. If your host is slow then nothing else will matter much, so this is your first port of call.
# #2 Properly optimise images
This is a relatively simple one. Don’t use images that are 6000 x 4000px. Figure out the max display size for your use case and resize.
Secondly ditch PNG and JPG and use WEBP. The recommendation is to convert before you upload. Most image editors will let you save in webp and 75-80% compression works well for a balance.
To bulk convert, use [XnConvert](https://www.xnview.com/en/xnconvert/) or [Photoshop Batch process](https://helpx.adobe.com/au/photoshop/using/processing-batch-files.html).
For existing media you can use a plugin. There are many Smush, Optimole etc. [Converter For Media](https://wordpress.org/plugins/webp-converter-for-media/) is a free option.
Some servers like Siteground and/or other optimisation plugins may have this feature inbuilt so always check so you don’t end up doubling up.
Since 6.3, WordPress can also convert to WEBP on upload. You can use the [Performance Lab](https://make.wordpress.org/core/2022/03/07/the-performance-lab-plugin-has-been-released/) plugin by the wordpress team themselves to manage this.
If, like me, you don’t want your server getting clogged up with multiple image types and you only want to have the WEBP files OR you don’t want to use a plugin use [this snippet](https://gist.github.com/Acephalia/b26d91698806c9d7d2521911bf194a12).
# #3 Lazy load
Lazy loading images, videos and iframes will speed up things significantly. Some themes/page builders will have this by default. Some hosts and caching plugins like WP Rocket will also have this option.
Alternatively use a plugin such as [Lazy Load by WP Rocket](https://wordpress.org/plugins/rocket-lazy-load/) or [A3 Lazy Load](https://wordpress.org/plugins/a3-lazy-load/) for more control.
# #4 Caching, CDNs. Minification Etc.
You should be using caching on your website if you care about performance.
***WARNING: Using minification and/or combining files and scripts can cause your website to break so always test, test and test again!***
There are [many, many free and paid plugins](https://wordpress.org/plugins/search/caching/) for this. Some hosts will have their own caching plugin, this should be preferred over others. If you have a Litespeed enabled server use Litespeed.
The general recommendation here is to use [Cloudflare](https://www.cloudflare.com/) free with [Super Page Cache For CF](https://wordpress.org/plugins/wp-cloudflare-page-cache/). Here is [a guide](https://developers.cloudflare.com/fundamentals/setup/manage-domains/add-site/) on how to set up your domain, after that follow the plugin instructions.
Common question #1: Should I keep my hosts caching on with CF?
Yes. Your server is the origin server and having your own files cached means it is less taxing on your server resources and CF fetches files faster.
Cloudflare also has its own minification settings under : Speed > Optimisation
Common Question #2: I’m getting an SSL error or redirect loop. Make sure you have a valid SSL certificate server on your server and make sure to set Cloudflare > SSL/TLS > Overview to Full (strict).
Other recommended options:
* [WP Rocket](https://wp-rocket.me/) (Subscription)
* [Perfmatters](https://perfmatters.io/) (Subscription)
* [Autoptimize](https://wordpress.org/plugins/autoptimize/) (Free)
# Advanced optimisation
If you really want to get under the hood and squeeze every last bit out of your setup then:
* Use a plugin like [Debloat](https://wordpress.org/plugins/debloat/) for a quick clean up
* Use [Asset Clean Up](https://wordpress.org/plugins/wp-asset-clean-up/) to go through each page and disable unused crap. (Time consuming but potentially massive gains.)
* Use [Query Monitor](https://en-au.wordpress.org/plugins/query-monitor/) to inspect what is going on under the hood and find unnecessary scripts etc.
If that is still not enough here is a [73 page guide](https://docs.google.com/document/d/1gmf49ItePFgzFY2gvNQA5uc470vBDvKIgn5d2fcQ6Bs/edit#heading=h.k025x4qtgq1e) by u/jazir5
# Building Your WordPress Site: Is X builder better than Y? What is the best theme? Etc.
There are many conflicting opinions on this because there is no one way to do things on WordPress. Each camp will tell you the other one is inferior and purists dislike all of them.
You can build your site with:
* A page builder : [Bricks](https://bricksbuilder.io/), [Elementor](https://elementor.com/), [Divi](https://www.elegantthemes.com/gallery/divi/) etc.
* Using prebuilt themes. Each theme will have its own settings that’s exclusive to it.
* A completely custom coded setup, written with a combination of html, css and php using WordPress actions, filters and hooks.
My two cents on the matter: Budget, experience and skill all come into play here. Thus, what works for you to achieve your end goal is the best.
* If you like a WYSIWYG approach then page builders will more likely be your thing. Play around with the demos, watch some tutorials and if one of them looks more likely to work for you, then take it for a spin.
* The Twenty Twenty Four theme along with the block builder is a solid place to start. There are [many tutorials](https://www.google.com/search?q=twenty+twenty+four+theme+guide.) on how to get started with 2024 including the official [Wordpress documentation](https://wordpress.org/documentation/article/twenty-twenty-four/).
* A CSS editor such as [Yellow Pencil](https://wordpress.org/plugins/yellow-pencil-visual-theme-customizer/) or [Microthemer](https://wordpress.org/plugins/microthemer/) will assist you to fix a lot of front end annoyances and supplements any workflow.
# Updates
Stay up to date with all plugins and core software at all times if you don’t want to have security holes and get hacked.
# Backups
* Make a backup whenever you make a change at the very least.
* Get a host that does daily backups.
* You will cry if you don’t have a backup.
Recommend backup plugins:
* [UpdraftPlus](https://wordpress.org/plugins/updraftplus/): schedule for daily, weekly or month, send backups to remote servers (AWS S3, Dropbox, Google Drive).
# Security
* Keep everything up to date at all times.
* Run updates at least once a month. Fortnightly is better. More frequently is better
* Use plugins and themes that are well supported, frequently updated, high install counts, well ranked, well established.
* Use [Wordfence](https://wordpress.org/plugins/wordfence/) – it’ll alert you when any plugins that you’re using have a known vulnerability or haven’t been updated (by the developer) for 2 or more years. It will also protect you from known attack vectors for vulnerable plugins (for the free version, this protection is only available after the vulnerability is 30 days old, but there’s nothing stopping you updating your plugins, assuming a patch is available).
* Don’t use hosting where multiple sites sit in the one account (common on shared hosting). Each website should have its own owner.
# Hacks/Malware: Err guys help, there’s some weird stuff on my front end.
Congratulations you got hacked. Most of us have dealt with this in one way or another at some point so you aren’t alone.
Do you have a backup?
* Easy, wipe everything and restore.
* Run a scan with Wordfence or GOTMLS to be doubly sure you are clean.
* Harden your security to avoid repeat issues.
No backup? (Get the tissues)
* Install \[Wordfence\] and scan (https://wordpress.org/plugins/wordfence/).
* Alternatively my first port of call for this has always been [GOTMLS](https://wordpress.org/plugins/gotmls/). Update definitions and run a root scan the plugin should find any code that shouldn’t be there and you should be good to go.
# Resources to learn WordPress
If you are serious about your wordpress journey then you must equip yourself with some coding knowledge. Some skills in PHP, Javascript, CSS & HTML will help you immensely.
* [Learn WordPress](https://learn.wordpress.org/)
* [W3 Schools](https://www.w3schools.com/) (HTML, CSS)
* [Wordpress Developer](https://developer.wordpress.org/)
* [Wordpress Hooks, Actions & Functions](https://kinsta.com/blog/wordpress-hooks/) (Quick Start)
# Where to find plugins/add feature X?
The WordPress [plugin repository](https://wordpress.org/plugins/) should be your first stop. You can access this library via your Dashboard > Plugins > Add New Plugin
Codecanyon is a decent marketplace to get premium plugins for a one off buy without ongoing subscription costs.
For code snippets and help with your own code StackOverflow[enter link description here](https://stackoverflow.com/questions/tagged/wordpress) or r/prowordpress is your best bet.
***Remember to always double check the source and reputability before installing third-party plugins and/or scripts.***
# I found a plugin that costs $50 for $5 on a “GPLDL” source, is it safe to use?
The simple answer here is NO. No you shouldn’t and that should be the end of that.
But alas, we still have many more questions:
* Will the plugin still work? Probably.
* Are there any guarantees that it will work and demo content will be provided? Absolutely not.
* Will there be links to turn one’s junk into a cyborg on my site? Most likely.
* Will Google blacklist you? If you have malware. Most definitely.
* Will your host shut you down? If detected, any reputable one will.
* Is rebuilding an entire site and losing the trust of your audience worth all this? Not to me, but only you can answer this for yourself.
That’s it, hopefully this gets you started on your WordPress journey. If you have any further questions feel free to leave a comment and someone should be able to assist.
[ad_2]