Best Tips for 100% Site Health Score in WordPress 5.2
Following our blog post about the release of WordPress 5.2, we decided to pay some well-deserved special attention to the new Site Health tool, and especially the Site Health Score. The percentage score can be seen at the top of the page, which makes it something easily noticeable. It’s based on the number of tests your WordPress website passes successfully. If you pass all of them, your score would be 100%. As it focuses on ensuring that your site is up to date, healthy, and secure, the Site Health Score is, undoubtedly, something that will help make the web better.
With the release of WordPress 5.3, the Site Health Tool received some changes. The indicator that used to show a percentage and how many tests have been passed now shows your site health condition as Good or Should Be Improved. This change does not affect the importance of your site health, it just makes sure people don’t prioritize it over their site functionality.
Is this Score Percentage Actually Important?
Majority of the tests that your Site Health Score depends are performance and security related. Most people would like their website to run smoothly and be as likable as possible. Seeing a 100% score will give you the reassurance that your WordPress website is performing exceptionally well. So, the short answer to the question above would be: Yes, the Site Health Score is important.
We are aware that people are naturally highly competitive and will strive for the precious 100% score. Because of that, we decided to share some tips on how to get that perfect score on your website. In fact, this goal is not as hard to accomplish, as some may expect. So, let’s get on with the guide!
1. Update to WordPress Version 5.2
The first thing that you need to do, if you haven’t already gone through with it, is to update your WordPress version to the most current one, which at the moment of writing is 5.2. Prior to performing the actual update of your WordPress platform, it is important that you ensure a full backup of the current website is performed.
To proceed with the actual upgrade, you will have to log into the WordPress Dashboard, go to Update (Dashboard → Update), and then click on the “Update Now” button. After doing that, make sure you don’t click back or try reloading the page. Usually, you would only need to wait a few seconds. Also, keep note that your website will be in maintenance mode during the time your WordPress version is being updated.
Following the installation of WordPress 5.2, go to Tools → Site Health to check your score.
When you go there, you will see that this tool holds your hand and helps you a lot in your way to the perfect score. You will be able to see not only your current score but also all the recommended improvements. Additionally, you can check out every test that your website has already passed.
We’ve managed to get these awesome 100% score, and we will help you accomplish it for your website. It’s fairly easy.
2. Make Sure to Have Only One Default Theme
Our Advice for you is to keep only the latest of the default themes, which currently is “Twenty Nineteen.”
Follow that by cleaning up all unused themes and plugins. To remove a theme, your path to go would be Dashboard → Appearance → Themes. Continue with finding the theme for deletion and hovering over it. You will see a “Theme Details” button. Click on that button and a window with info and options about that particular theme will be opened. At the bottom right corner is the “Delete” button. You know what to do from there.
Keep note that when a theme is currently active, there won’t be a button for its removal.
3. Keep all Remaining Plugins and Themes Up To Date
The main reason to keep every theme and plugin up to date is to avoid hacker attacks. Ultimately, those would lead to your website going down. Also, Google would begin warning all potential visitors, saying that your website could be hacked. Since you don’t want downtimes and you want visits on your site, we recommend that you take the time (which will not be long) and update all active plugins and themes.
4. Use The Latest PHP Version
By the time of writing this guide, PHP 7.3 is the highest level available one. However, we strongly recommend that you always use PHP’s most current version. There are some things that also need to be mentioned on the matter:
- WordPress 5.2 checks whether your current and most secure version of PHP is the latest possible. If that’s not the case, one of the Site Health suggestions will be to update PHP;
- Note that if your site is still on a 5.x version of PHP, it’s highly vulnerable and could get hacked;
- If we compare PHP 7.3 with its 5.6 version, we see that version 7.3 handles almost three times the requests of 5.6;
- Currently, most of the plugins work only if the latest PHP version is installed, which is one more reason for an update.
5. Use a Stable and Supported Version of a Database Management System
Not to worry! Here, at FastComet, we support MySQL 5.6+, which supports UTF 8 Unicode. The UTF 8 is to make sure that your website can store text content that is non-English, in addition to some other strings (e.g., emoticons) without the risk of unexpected issues.
6. Make Sure that You Use HTTPS for your WordPress Site
Keep in mind that HTTPS requires a valid SSL certificate to be issued for your site. We offer free SSL support for all clients with no additional costs for Let’s Encrypt SSL certificates. Thanks to our integration with Let’s Encrypt, you can easily enable and issue Free SSL certificates right from within the FastComet cPanel. To do so, you should go to Client Area → cPanel → Let’s Encrypt.
All that remains is to click on +issue for your chosen site:
But why does HTTPS really matter? Last year Google had announced a project that would improve the overall web security via encouraging all site owners to make the necessary switch from HTTP to HTTPS. As part of the plan, their popular Chrome (web browser) would mark all unencrypted websites as “Not Secure” starting July 2018. This, of course, has a great impact on site traffic given that a security warning undoubtedly introduces uncertainty and hesitation among site visitors.
Even if you do not bring much attention to the security of your site, Google definitely does. HTTPS is just a minor Google ranking factor when it comes to organic internet search algorithms. It’s more often seen in the form of a “site quality” score, alongside many other factors, such as page speed and mobile responsiveness. There are multiple different “best security” practices and enhancements that are implemented for ensuring a website is locked down.
Nevertheless, padlocking your site still would not be enough to ensure the automated redirection of your HTTP traffic to the secured HTTPS version of your site. Eventually, people will find their way in reaching your website over HTTP://. For that reason, we strongly recommend the use of HTTP Strict Transport Security (HSTS), instead of the HTTPS option. Doing that will help you avoid cookie hijacking, SSL protocol attacks, SSL stripping, as well as other attempts to bypass your SSL protection. Here comes the best part – you exponentially improve your overall SSL rating with FastComet.
7. Make Sure You Have Cron Job Enabled
Site Health checks for running scheduled events. WordPress uses Cron Job wp-cron.php task scheduler to periodically check for updates to plugins, themes and WordPress itself. It is also what makes sure to publish scheduled posts on time. It does that in the background.
What happens if WP-Cron unexpectedly stops working? Not to worry! There is a plugin with the name of “WP-Cron Status Checker”, which is quite handy.
8. WordPress Debugging – Turn it OFF
Debug mode is often enabled for gathering additional details about an error or site failure but may contain some sensitive information which should not be available on a publicly available website. Removing the debugger would prevent any leaking of personal server information.
- Go in wp-config.php. The default setting there is for WP_DEBUG to be set to false.
- Go ahead and double-check. In case it’s not – make it so:
define( 'WP_DEBUG', false );
9. Do not Disable Rest API
The REST API is one way WordPress, and other applications, communicate with the server. One example is the block editor screen, which relies on this to display, and save, your posts and pages. Disabling Rest API would make WordPress function inadequately. There are certain Android apps which also require the Rest API to be enabled.
10. Last, but not least – Do not Disable Background Updates
Background updates are more important than a lot of people might think. They ensure that WordPress can auto-update if a security update is released for the version you are currently using. Disabling them is one of the things that put your WordPress website at a greater risk of being hacked.
We hope you like our little guide. It should do the trick and lead you to the desirable 100%. Remember that this score is not just to brag about it. The perfect Site Health Score is composed of elements that were always important. The thing that changed in WordPress 5.2 was making people more aware of how to take proper care of their websites.
What do you think? Do you like the Site Health tool? We believe it’s an excellent feature which will help make the whole internet space more secure – something that will benefit everyone. Share your thoughts, and let’s have a chat in the comments.
The latest tips and news from the industry straight to your inbox!
Join 30,000+ subscribers for exclusive access to our monthly newsletter with insider cloud, hosting and WordPress tips!