How to Create a Website that is Flexible, Fast and Secure
How to create a FLEXIBLE website
When most people think of web design, they think of the design aspect first, the images, colors, typography and layout. And while all of these are important for producing a nice looking website, the real foundation of a good website begins before the design phase. Choosing the best platform insures maximum flexibility which will allow your website to grow and adapt as your business grows. Designing your website for speed and delivering fast page loads insures your visitors fast access and a better user experience. Configuring your website with security in mind from the start will minimize disruptions to your business and possible loss of valuable data to hackers, malware and spammers. With these goals in mind, let’s explore some possible options that will set your business up for online success without breaking the bank. Let’s get started creating a website that is flexible, fast and secure!
Cost: FreeWordPress is the great equalizer. No longer do you have to be a rockstar developer to create a first class website for your business. WordPress is a free CMS (content management system) that started out life as a blogging platform. And while it still does that, with even more improvements in just about all phases, it’s gained it’s unchallenged popularity due to it’s user friendly interface, unrivaled flexibility and widespread support. From blogging, to business sites, to eCommerce, WordPress can be molded to your specific business needs. Not only is WordPress free but there are literally hundreds of free plugins (drop-in packaged code for specific feature and function enhancement) as well as free themes. Even premium themes (recommended to gain access to ongoing updates and support) are available for very reasonable investments. You’ll need to pay for hosting (see below) but you can start for nearly free and move up to better paid options as you continue to build your site and traffic. NOTE: While you can find many sites that provide free websites and free hosting, the price you pay for this will be loss of control. When building the foundation for your online business, always try to remain in control of your assets, you’ll sleep much better. While developers may prefer to install WordPress manually, most of the better web hosts provide installation utilities like Fantastico and Softaculous, as well as their proprietary scripts which allow non-developers to accomplish the install by just filling in a form and submitting. This makes installation very simple even for those with no tech skills. You can have your WordPress installed within minutes, ready for you to add a theme and plugins. You can begin adding content and building your website immediately. It’s this ease of installation, configuration and design that makes WordPress so flexible and so popular. If you find you need professional support, there is no other CMS that is better supported with more options than WordPress.
Popular Theme Companies
- Elegant Themes
WordPress Theme Marketplaces
- Creative Market
- Mojo Marketplace
Top 50 WordPress Plugins (detected by What WordPress Theme Is That)
- Contact form 7
- Yoast SEO
- All In One SEO Pack
- W3 Total Cache
WordPress Plugin Marketplaces
- Creative Market
WordPress.org This site reaches over 245K U.S.monthly people. Rank 7591 Source Global Rank 207 Total Sites Linking In 2,027,535 How fast does wordpress.org load? Fast (1.248 Seconds), 63% of sites are slower.Source
How to create a
Solution: Web Server – VPS, Dedicated or Cloud Server
+ CloudFlare CDN
Cost:$50/mnth approx. for entry level VPS
Image Source: LoadStorm If you’re strapped for cash, standard shared hosting can still work using the technologies below. However, you will have less control to implement additional performance enhancing technologies such as memcache. Therefore, it’s recommended to move to a VPS (virtual private server) as soon as possible. Although VPS is stilled a shared environment (other VPS on the same physical server) because each VPS is better isolated from it’s “neighbors”, more performance options will be available. With a VPS, you’re not sharing your operating system and just as important you’re not sharing your RAM (memory). All of this adds up to more control, more options and better performance resulting in a faster website.
- 51% of online shoppers in the US say that site slowness is the top reason they’d abandon a purchase.
- A 2-second delay in load time during a transaction results in abandonment rates of up to 87%. This is significantly higher than the average abandonment rate of 70%. [source]
- 64% of smartphone users expect pages to load in less than 4 seconds.
- If a page takes 8+ seconds to load, visitors will spend only 1% of their time on page looking at primary banner content. [source]
W3 Total Cache
Cost: Free or Paid
One way to overcome performance limitations of your website is to throw more hardware at the problem .. more memory, faster cpu, faster disks .. and while this works, scaling up the hardware ladder can become quite an expensive fix. To gain a performance advantage without breaking the bank, we can employ a few technologies that will help any website perform better. For an “on the server” solution, we can use a plugin like W3 Total Cache. “W3 Total Cache improves the user experience of your site by increasing server performance, reducing the download times and providing transparent content delivery network (CDN) integration.”There are a number of options which you can select depending on your server and hosting environment. Here are some of the more important ones: If you’re on a shared server choose Disk Enhanced for the page caching method. If you’re on a VPS server, choose Memcached (be sure to verify with your web host that memcache is active on your web server). If as suggested below, you use CloudFlare, make sure that you do NOT enable the Minify option on BOTH W3 Total Cache and CloudFlare. Choose only one. My preference is to let CloudFlare do the minify. Note: W3 Total Cache will cache static files only. Live streaming and dynamic content will NOT be cached.
Cost: Free or Paid
CloudFlare offers what’s known as a reverse proxy service in addition to a cdn (content delivery network) and a security layer. What this means to you, the business owner, is that instead of someone being able to browse or search and subsequently go directly to your website, they must first pass through the CloudFlare service. This allows CloudFlare to pre-screen out traffic from less desirable web addresses (think hackers, spammers and malware) by prompting them to enter a captcha (obscured code). Since many of these less desirables are actually automated software programs (bots) they stand a good chance of being blocked. It also allows CloudFlare to store copies of your web pages on their servers (known as caching). These “cached” copies of your web pages are then distributed around the CloudFlare global network with the result being that the visitor to your website is able to load the pages from a CloudFlare server closest to their current location. This CDN (content delivery network) greatly enhances the security and performance of your website. Considering that all of the above can be had for free, this is a no brainer, just do it. The sign up process is remarkably easy and fast.
The number of options that are available for easy one-click configuration depend which CloudFlare plan you have. However, even the Free plan offers dramatic improvement in your website performance. You will need to test the settings with your specific configuration. Here are a few of my preferences:
- Firewall Security Level – I like to start with Low. When combined with my recommended WordPress security plugin, I find this sufficient.
- Caching Level – I prefer Standard. When combined with the W3 Total Cache plugin, the results are pretty impressive.
- Always online set to ON
Result: When you combine W3 Total Cache with CloudFlare, the results will be nothing short of dramatic!
How to Create a
SSL: CloudFlare Universal SSLCloudFlare also began offering any users of their service, even free users, the ability to employ SSL for their website using what they term Universal SSL. This means that with the click of a button, you can offer access to your website using a secure encrypted connection (https://). Normally this would require that a certificate (verifying the identity of your server) be installed on your web server. But with the CloudFlare Flexible option you are able to use the certificate supplied by CloudFlare instead. Note that with this “flexible” option, only the communications between the web browser and CloudFlare are encrypted. Without your own certificate, communication between CloudFlare and your web server is still unencrypted. However, there is a solution for this that is also free.
SSL Certificate: Free or Paid
Domain name registrars sometimes off a 1 year free SSL certificate with the purchase of a domain name. Check with your domain registrar to see if they offer free ssl certificates. If you can’t find any of these free offers?
Visit StartSSL and you can get a completely free certificate. The interface can be a bit confusing but read carefully and you can indeed snag a free certificate. UPDATE: Let’s Encrypt now provides free SSL certs. Although the installation process is manual, most good web hosting services will install your certificate for free or minimal cost. Once your certificate is installed, login to CloudFlare and with a couple clicks you can change your Flexible SSL to FULL SSL and communications will now be encrypted along the entire channel from the web browser to your web server. Note that the certificate presented to the web browser will still be the CloudFlare certificate. If you require the display of your certificate, you’ll need to upgrade the the CloudFlare Business package. Either way, data communications to your website will be fully encrypted along the entire channel to and from your web server.
Cost: Free or PaidWhen your web server is running a Linux variant, your first line of defense is your .htaccess file which controls all access to files and folders. This is why my preferred security plugin is BulletProof Security. BPS automates the creation of a highly secure .htaccess file through it’s WP dashboard interface. You can create .htaccess files for your most important folders, i.e. root (public html) and wp-admin. Here is just a few of it’s many features:
- One-Click Setup Wizard
- .htaccess Website Security Protection (Firewalls)
- Login Security & Monitoring