Articles

8 Reasons Your Site Is Slow + How To Fix Them

,

1, 2, 3 – That’s exactly how long it takes you to start losing visitors if you have a slow-loading website.

Hold on! Surely, the only thing that matters to users is that your website works flawlessly and looks great… right? Wrong!

The fact of the matter is that we’ve all become accustomed to instant access to information and content. The average internet user today places a lot of value on speed, and the bar is continually being raised.

If you are like most people, you probably feel an immediate sense of dread at the thought of optimizing your website. Where do you start? How can you make the most impactful improvements? What makes your website slow in the first place?

Have no fear, as we’ll be answering all of your questions below as well as putting you on your way to a website that loads with blazing speed.

Why Should You Be Worried About A Slow-Loading Website?

Good question!

As many as 53% of visitors abandon a site that takes more than 3 seconds to load. Even worse, 1 in 3 shoppers will leave a website if it takes longer than 5 seconds to load.

So, performance plays a huge role in the user experience of your website and whether your visitors will stay on your website or be converted into customers.

For some time, Google has been keenly aware of this fact. As a search engine, Google knows that it’s counterproductive to recommend content to users if they won’t stick around to consume it.

That’s why they’ve continually been increasing the role performance plays when ranking websites for their SERPs (search engine results pages).

In recent years, Google has introduced core web vitals. These are metrics they hope will help quantify how performance affects the user experience. In general, they measure how fast, stable, and interactive a page is while loading. This will be more important than ever after Google announced its Page Experience update, which started its global rollout in June 2021.

As you may know, ranking highly for Google is vital for your website’s visibility. For one, 68% of online experiences begin with a search engine, of which Google has a 92.7% market share. Even if you manage to land on the coveted first page of Google, the first five results get over 70% of all clicks (28% to the first result alone).

So, to recap why a fast loading website is so desirable:

  • It directly affects your ability to keep, satisfy, and even convert visitors to your website.
  • It impacts your search engine rankings which impacts your “findability” and organic traffic.

8 Reasons Your Site Is Slow + How to Fix Them

O.K., so now that we’re all on the same page regarding the importance of your website performance, let’s look at common issues slowing down your website + how to fix them.

1. You’re Using A Sub-Par Hosting Service

As the party responsible for making your website available to the outside world, your hosting service can be a make-or-break factor. Not only should you pick a host that has a good track record when it comes to uptime a performance, but also one that’s suitable according to your needs.

Even if you take all the steps below to optimize your website’s performance, it may still load slowly if traffic to your website is overwhelming your available bandwidth or your host’s server capacity. If that happens, some users may experience extremely slow loading times, broken features, or even complete unavailability.

For most personal, blog, or local/small business sites, a respectable hosting provider like Bluehost or GoDaddy should be good enough. However, if you plan on running any type of large-scale, high-traffic webstore, business portal, or other type of website, you’ll want premium hosting, such as WPEngine (for WordPress), VPS hosting, or even a dedicated server.

2. You’re Not Optimizing Your Media Assets

As you probably know, media like images and videos take up significantly more space than most other types of content, such as text, code, stylesheets, or other static files. Even a single image has the potential of consisting of more data than dozens of website pages containing nothing but the underlying HTML and text.

In a Speed Essentials presentation, the Google team identified images as the largest contributor to page weight. In fact, they have the potential to consume a website’s entire performance budget if left unoptimized. Images can also directly impact all three of Google’s core web vitals – key metrics Google uses to measure the performance of a website.

However, the use of images and video is likely to continue growing, heightening the importance of finding a sustainable solution. According to HTTPArchive, images have increased by 19.3% on desktop and 42.7% on mobile.

For now and the foreseeable future, optimizing your images carries the greatest potential for improving performance.

The problem is that optimizing image assets requires multiple steps. Most importantly:

  • Using the appropriate next-gen formats which can differ depending on the user’s device, OS, or browser.
  • Appropriately compressing the size and quality of images to reduce payload without affecting visual quality too badly.
  • Using the optimal display size and density based on the accessing device to reduce payloads further.
  • Using lazy loading to only load images as needed.

As you can see, manually going through these steps for every single image on your website can be extremely labor-intensive. This is especially true if you consider that you somehow need to create the optimal variants for different users based on what device, OS, or browser they are using.

In-code strategies, like a JS plugin, responsive images, or CSS media queries tend to bloat your code and lead to other performance issues we’ll discuss below.

Luckily, there are plenty of CDN services available designed specifically for providing some degree of automated image optimization. These platforms analyze the context (i.e., a specific mobile device model, OS version, and browser version) of the user trying to load one of your images and try to serve them a version of the image that’s ideally optimized for them.

However, any media optimization platforms still require installing a small JavaScript plugin to dramatically improve the image and video optimization capabilities. 

The one exception here is ImageEngine. ImageEngine uses WURFL device-detection to pick up every possible detail of the user’s device. The logic is built into their device-aware edge servers and doesn’t rely on you adding any additional code or markup to your website pages.

So, not only does it reduce your image payloads by up to 80% and serve them via a global CDN, but it doesn’t leave a footprint in your website’s code. As a bonus, it also happens to support the widest range of image/video formats, including animated GIFs, as well as client hints and save-data mode.

3. Render-Blocking JavaScript And CSS Is Delaying Page Loads

JavaScript is the de facto programming language for adding interactivity and advanced features to websites today. Likewise, CSS is the standard for adding styling. Both are critical components for almost any modern website.

However, nothing good comes free, and both may impact the performance of your website, particularly when used carelessly. 

The following are some steps you can take to minimize the impact of these assets on your website performance:

  • Minify your JavaScript and CSS files.
  • Combine a large number of JS/CSS files into fewer files.
  • Replace some of your external JS and CSS files with inline JS/CSS. (Don’t overdo this! Inline JS and CSS is only suitable for small code snippets).
  • Defer loading JavaScript until after all your content is loaded and use media queries for CSS files.

Because media can have a more significant impact on your page weight, this leads some to believe that adding more JavaScript is the lesser of two evils. 

However, depending on whether you already have render-blocking JS, Google might flag this as a completely new issue. Regardless, it will negatively impact your performance score in tools like PageSpeed Insights:

You can avoid it altogether by using an optimization engine like ImageEngine that doesn’t require any JavaScript.

4. You’re Not Using A Content Delivery Network (CDN)

A CDN is a network of servers spread across various regions all over the globe. What it basically does is store a copy of your website on each of these servers. When an internet user visits your site, the CDN automatically serves your website from the nearest server to that user.

What this does is allow your website to load faster, no matter where in the world people are visiting it from. If your website was only hosted on a single server, say somewhere in the U.S., then it could take much longer to load for a visitor located in Asia than one in the U.S.

While they all basically do the same thing, different CDNs are better at handling different types of content. Cloudflare, Fastly, and Akamai are just some of the most popular general-purpose CDNs around. Image CDNs like ImageEngine are purpose-built to not only serve image and video assets but to also optimize them using compression, formatting, etc.

So, the two main factors to consider are the type of content you want to deliver via the CDN and its global coverage. However, it’s usually possible to use multiple CDNs in tandem to cover different types of content and reach a wider area.

5. There’s Excessive Overhead In Your Database

If you have a website with any type of complexity, you probably have a corresponding database. In fact, all WordPress websites require a database to function.

Over the years, a lot of information moves in and out of the database. Sometimes, the data can get lost along the way or become obsolete. If you don’t regularly spring-clean your database, then this can really start to add up. Not only will it bloat the storage size of your database, but it will start to impact the speed of database queries and requests.

CMS users are especially prone to racking up these kinds of artifacts from plugins and themes that have been installed and removed over the years.

Unfortunately, there aren’t many easy fixes for this issue available. With most hosting providers, you’ll probably need to use phpMyAdmin to manually check and scrub your data. If you have a managed hosting solution, the host’s support team might be able to help you out. In the event that you have a locally installed database, there are some tools you can use, although they’re not 100% effective.

The best way to avoid any issues is to make database maintenance part of your routine and to learn the basics of how databases work.

6. You Have Too Many Plugins Or Themes Installed

For CMS users, plugins or themes offer near-limitless potential to spruce up the design and functionality of their website. However, each plugin or theme comes with additional code and content that add to the overall complexity and size of your website.

If you have a hand-coded website, the same goes for any additional applets or libraries you want to add to your site. 

The best way to combat this is to be conscientious when adding any extras to your website. Only install what you really need or want, and make sure to uninstall and properly remove them if you don’t need them anymore.

As mentioned, they might leave various transients or artifacts behind, so you should keep an eye out for them throughout your website files (not just the database) whenever you do some spring cleaning.

7. You Aren’t Utilizing Caching

Caching is often one of the most effective yet ignored techniques for improving website performance. Caching stores your website content in fast-access memory in the user’s browser, allowing it to be loaded near-instantaneously by users. This can include everything from text to stylesheets to images to JavaScript files.

Without caching, a user will need to redownload everything when they navigate to or reload a page — whether or not anything has changed.

However, not properly configuring caching on your website can lead to issues, such as users only loading out-of-date content. Most high-quality caching tools have built-in features that automatically clear the cache when you make changes to a specific website page or content. So, users will only reload content once it has been modified.

Some hosts offer out-of-the-box caching tools with their hosting service. CMS can also usually find plugins for this, such as WPRocket for WordPress.

8. Ads Are Dragging You Down

In the end, ads are just another form of media that increases the overall weight of your website pages. While they are typically small and lightweight, multiple ad placements can really start to add up.

What aggravates the issue is that ads are loaded from external sources. This means they’ll take longer to render, generate more requests, and may mess with how stable your pages load — affecting your core web vitals.

Depending on how important ads are to your revenue stream, you’ll want to carefully consider how many ads you use on your site, where to position them, and when they load. If possible, avoid loading ads at the same time as the rest of your page, especially interstitials.

Conclusion

As you can see, website performance is a multi-faceted subject. Although some may be worse than others, you can’t just address one area and expect your website to suddenly be performant.

However, some general principles apply:

  • Keep HTTP requests low by limiting the number of files required for each of your website pages.
  • Maintain proper code hygiene and spring clean transients and leftover artifacts.
  • Invest in proper hosting infrastructure as well as a CDN for your website.
  • Optimize your media assets to significantly bring down payloads without sacrificing engagement.

The final point deserves another shoutout. As we’ve pointed out, finding an optimization solution for your media, particularly images, is probably the best thing you can do to improve your website performance. From purely a performance perspective, there is no service quite as effective as ImageEngine. It’s also the one that requires the least amount of technical expertise and ongoing maintenance.

Regardless, you’ll want to run some tests using tools like PageSpeed Insights so you can gather data on what issues your website is facing. From there, you can prioritize fixes to make your website more competitive.

 

[– This is a sponsored post on behalf of ImageEngine –]

Source

The post 8 Reasons Your Site Is Slow + How To Fix Them first appeared on Webdesigner Depot.


Source de l’article sur Webdesignerdepot

/par

Teach yourself Scrum in 5 minutes

,

I’ve just been appointed the CTO of a small company with less than 10 employees. Companies of this size typically don’t have the luxury of hiring a professional Project Manager, hence the role almost automatically goes to the CEO of the company, since he is the product owner – Which creates a problem for me, summarised in the ingress of this article. But as the CTO, I’m also responsible for all IT choices, including infrastructure choices, so let me go through all of my choices below – Since these have consequences for the process we must follow.

Cloudless first

Cloud systems such as Azure or AWS are amazing products, with a feature list covering everything you can imagine. However, they’re also ridiculously expensive, typically at least 10x as expensive as a simple VPS providing the same value from an application deployment point of view. At my last company we paid €5,000 per month for Azure, and probably something similar for our AWS account (Sigh, yes, we used both! Not my decision though!) – Let’s say €8,000 per month to make sure we’re within the boundaries and that I am not exaggerating. I told my developers back at that company that I could have ran the whole company on a handful of VPS servers from DigitalOcean paying no more than €200 per month in total. Nobody believed me until our CTO confirmed my numbers more or less by saying; « At my former company we ran a 300,000 EUROs daily profit FinTech company for some 200 EUROs worth of droplets from DigitalOcean. »

Source de l’article sur DZONE

/par

How CentOS Became 2020’s Final Victim

,

If you were paying close attention to your IT department around the 8th of December, you might have heard some quiet sobbing and the occasional wail of, “Why? Why?! WHY?!” Now, it was the year 2020, so this might have seemed normal to you, but it’s actually something of a problem that could affect your business: CentOS is pretty much dead.

For the non-total-nerds among us, here’s the skinny: CentOS is a Linux-based operating system, typically used on servers. CentOS has been incredibly popular, and quite a few businesses run on it. But now, that’s changing.

CentOS is a Linux-based operating system, typically used on servers…But now, that’s changing

CentOS used to be released in thoroughly tested versions, the latest being CentOS 8. CentOS 8 was released in September of 2019 and was supposed to be supported for ten years. Now, it’s been decided that CentOS will no longer have versioned releases, opting for a rolling-release style of updates. That means there’ll be one version that constantly gets new software.

That’s cool in theory, but it means the operating system will be less stable overall. Essentially, it’s going to be used as a development branch of / testing ground for Red Hat Enterprise Linux and is no longer its own OS. If you have CentOS-based servers, you should migrate to another OS sooner rather than later.

And I just got my own CentOS-based VPS set up the way I wanted it.

Wait, What Does Red Hat Have To Do With This?

Here’s the short, short version of the history of CentOS: Red Hat (an OS developer) has two Linux distributions of its own and has had for a long time. There’s the free and community-focused Fedora and the business-focused highly expensive Red Hat Enterprise Linux (AKA RHEL).

Funny story: RHEL, despite its expensive licenses, is still mostly made from open source code, which anyone can access and use. And it’s a good OS, particularly for people who like stability.

In 2004, some smart people took all the open-source parts of RHEL and made a brand new, nearly identical operating system with it: the Community Enterprise Operating System, or CentOS. Basically, people could download and use an enterprise-level server OS for free. All the documentation for RHEL was compatible, and you could get support from the community.

It was the perfect alternative for anyone who didn’t have the budget for expensive software licenses.

In 2014, Red Hat offered to partner with the CentOS community. The idea was basically this: “It’s pretty much the same software. If our company and your community work together, both our products will be better! We make our money from enterprise customers, anyway.”

Most importantly, with Red Hat doing a lot of the heavy lifting in terms of updates and support, the CentOS community could focus on growing in other ways.

Red Hat pinky swore [citation needed] that they were in this for the long haul, and CentOS did continue to flourish. You know, until 2020.

Well, So Much For Pinky Swearing

Red Hat must have eventually decided that having a popular free version of its own enterprise software and managing it themselves no less — wasn’t that good for business. So they all but shut the project down.

Well, technically, they just changed how it operated. Instead of producing tested, production-ready versions, CentOS is merely a testing ground for RHEL. It is no longer, in my opinion, a good option for anyone who wants to run a stable server.

Current and Future CentOS Alternatives

So if you jumped on the CentOS 8 bandwagon, what should you put on your physical and virtual servers now? Well, you’ve got options.

Debian / Ubuntu

For those who don’t mind going to a very different kind of Linux, Debian has been the picture of OS stability and sysadmin-friendliness for a long time. If you want more frequent software updates, the Debian-based Ubuntu Server is popular and pretty good.

Oracle Linux

Yes, that Oracle has a RHEL-compatible Linux distribution of its own. But it’s not a clone, exactly. I mean, this is Oracle. It’s set up to use their tools and ecosystem, so I hope you like Oracle products. But hey, the OS itself is free!

ClearOS

ClearOS is another RHEL-compatible OS that’s mostly doing its own thing, though I’m not entirely sure what that thing is. Does the company have some deal with Hewlett-Packard? Anyway, they do have a free community edition and paid editions for home and business use.

The CloudLinux RHEL Fork

This is an upcoming release from the makers of CloudLinuxOS. It looks like they intend to load the new RHEL-based OS with some of their own tools, such as reboot-less server update tech. The first release is intended to be a more or less drop-in replacement for CentOS 8.

Rocky Linux

So the community that made and loved CentOS in the first place is, to say the least, ticked. They are so ticked that Greg Kurtzer (a co-founder of CentOS) has decided to do it all over again by making Rocky Linux and keep it in the community this time.

Again, the goal is to make a re-build of RHEL, a drop-in replacement for CentOS (at least for now). Eventually, the goal is to migrate from CentOS to Rocky Linux as easy as using a single, one-line command. The ETA for initial release isn’t quite set in stone, but I can personally vouch for how hard the community is working.

[See, full disclosure here… after writing this article, I joined the Rocky Linux documentation team.]

So Yeah, You Have Options

Some are out now, and others will be soon. Again, CentOS 8 will be supported until the end of 2021. CentOS 7, weirdly, will be supported until June 2024.

Migration shouldn’t be too complicated. Still, a pain in the rear that we have to do this at all, though.

Source

The post How CentOS Became 2020’s Final Victim first appeared on Webdesigner Depot.


Source de l’article sur Webdesignerdepot

/par

10 Reasons Your WordPress Site Will Get Hacked (and How to Stop It)

,

A hacked WordPress site is as damaging as having your home burgled. It can completely shatter your peace of mind and adversely impact your online business. 

Why do hackers target WordPress sites? The answer is relatively simple: WordPress is the single biggest platform for website creation these days, so there’s a larger base to attack; this attracts the attention of online criminals. 

So, how can a hack impact your website? 

Depending on the type of attack, your website could suffer any of the following:

  • It could be defaced completely;
  • It could load or operate very slowly on any device;
  • It could completely crash and malfunction;
  • It could display the dreadful “White Screen of Death”;
  • Its incoming visitors could be redirected to other suspicious websites;
  • It could lose all your valuable customer data.

This list is not exhaustive but you get the idea.

Now that we know how a successful hack can impact your website and online business, let us look at the top 10 reasons behind WP hacks and prevent them.

1. An Insecure Web Host 

Like any website, WordPress is hosted on a web host or server. Unfortunately, most site owners do not pay much attention to the web host they select and choose the cheapest they can find. For example, it is more affordable to host a website on a shared hosting plan — one that shares its server resources with many other websites like yours.

This can make your site vulnerable to hackers as a successful hack into any website on the shared server. A single hacked site can consume the overall server bandwidth and impact all the other sites’ performance.

The only way to fix this problem is to opt for a reliable host and a virtual or dedicated server.

Pro tip: If you’re already using a shared hosting plan, check with your hosts if they offer VPS hosting and make the switch.

2. Use of Weak Passwords

Weak passwords are the main reason behind successful brute force attacks that target your account. Even to this day, users continue to use weak and common passwords like “password” or “123456”; if you’re one of them, your website could land in trouble!

Guessing weak passwords allows hackers to enter the admin accounts where they can inflict the maximum damage.

How do you fix this problem? Simple, ensure all your account users (including admin users) configure strong passwords for their login credentials. With at least 8 characters, passwords must be a mix of upper- and lower-case alphabets, numbers, and symbols. 

For added safety, install a password management tool that can automatically generate and store strong passwords.

Pro tip: You can use a plugin to reset passwords for all your users.

3. An Outdated WP Version

Outdated software is among the most common reasons why websites get hacked. Despite being free to download, most site users defer updating their site to the latest version, for fears of updates causing their site to crash.

Hackers take advantage of any vulnerability or bug in an older version and cause issues like SQL Injections, WP-VCD Malware, SEO Spam & other major issues like website redirecting to another site.

How do you solve this problem? When you see a notification about an update on your dashboard, update your site as soon as possible.

Pro tip: If you are worried about updates crashing your live website, you can first test the updates on a staging site.

4. Outdated WP Plugins and Themes

Similar to the previous point, hackers also take advantage of outdated, unused, or abandoned plugins and themes installed on websites. With over 55,000 plugins and themes that are available, it is easy to install a plugin or theme, even from unsafe or untrusted websites. 

Plus, many users do not update their installed plugins/themes to the latest version or do not find the updated version. This makes it easier for hackers to do their job & infect sites.

How do you avoid this problem? As with the core WP version, update each of your installed plugins/themes on your site regularly. Take stock of all the unused ones and remove them or replace them with better alternatives.

You can update your plugins/themes from your hosting account.

Pro tip: We suggest setting aside time every week to run updates. Test them on a staging site and then update your site.

5. Common Admin Usernames 

In addition to weak passwords, users also create common usernames that are easy to guess. 

This includes common usernames for admin users like – “admin”, “admin1”, or “admin123”. Common admin usernames make it easier for hackers to get into admin accounts and control backend files in your WP installation.

How do you avoid this problem? If you are using any such usernames that are easy to guess, change them immediately to a unique username. The easiest way of doing it is through your hosting account’s user management tool, by deleting the previous admin user and creating a new admin user with a unique username.

As the first step, change the default username of your admin user and limit users who have administrator privileges.

Pro tip: WordPress has 6 different user roles with limited permissions. Only grant admin access to users who really need it.

6. Use of Nulled Plugins/Themes 

Coming back to the importance of plugins/themes, users have access to many websites that sell nulled or pirated copies of popular and paid plugins and themes. While these are free to use, they are often riddled with malware. They can compromise your website’s overall security and make it easier for hackers to exploit. 

Being a pirated copy, nulled plugins/themes do not have any available updates from its development team, hence will not have any security fixes.

How do you fix this problem? Simple, for a start, only download original plugins and themes from trusted websites and marketplaces.

Pro tip: If you don’t wish to pay for paid or premium plugins and themes, opt for a free version of the same tools that will have limited features but are still safer to use than the nulled version. 

7. Unprotected Access to wp-admin Folder

To take control of your site, hackers often try to break into and control your wp-admin folder in your installation. As the website owner, you must take measures to protect your wp-admin directory.

How can you protect your wp-admin folder? First, restrict the number of users having access to this critical folder. Additionally, apply for password protection as an added layer of security for access to the wp-admin folder. You can do this using the “Password Protection Directories” feature of the cPanel in your web host account.

Pro tip: Besides these fixes, you can also implement Two Factor Authentication (or 2FA) protection for all your admin accounts.

8. Non-SSL Website

You can easily migrate your HTTP website to HTTPS by installing an SSL certificate on your site. SSL (or Secure Socket Layer) is a secure mode of encrypting any data transmission between your web server and the client browser.

Without this encryption, hackers can intercept the data and steal it. Plus, a non-secure website can have many negative implications for your business – lower SEO ranking, loss of customer trust, or a drop in incoming traffic.

How do you fix this problem? You can quickly obtain an SSL certificate from your hosting company or SSL providers. It encrypts all data that is sent from and received by your website. 

Pro tip: You can get a free SSL certificate from places like Let’s Encrypt, but these provide limit protection that will only be sufficient for a starter site or small site.

9. No Firewall Protection

Lack of firewall protection is another common reason why hackers can bypass website security measures and infiltrate the backend resources. Firewalls are the last line of defence against hackers and work like the security alarm installed on your house. Firewalls monitor web requests coming from various IP addresses, including the suspicious (or bad) ones. 

They can identify and block requests that are known to be malicious in the past, thus preventing easy access for hackers to your website domain. Web application firewalls can thwart various attacks, including brute force attacks, XSS, and SQL injections.

Pro tip: A firewall provides much-needed security and is  your first line of defence. But it’s important to also have a malware scanner installed.

10. Lack of WordPress Hardening Measures

Typically, hackers target the most vulnerable areas or weaknesses within a WP installation, to illegally access or damage the website. The WordPress team has identified these vulnerable areas and has devised a list of 12 hardening measures recommended for every website.

A few of these include:

  • Disabling the File Editor;
  • Preventing PHP execution in untrusted folders;
  • Changing the security keys;
  • Disallowing plugin installations;
  • Automatic logout of inactive users;

How do you implement these hardening measures? While some steps are easy to understand, others require the technical expertise of how WordPress works. 

Pro tip: You can implement hardening measures on your own. However, some measures require technical expertise so in these cases, it’s much easier and safer to use a plugin.

 

Featured image via Pexels.

Source


Source de l’article sur Webdesignerdepot

/par

Setting Up Your Own Arduino IoT Cloud Server

,

If you have had a chance to play around with some of the new Arduino-enabled hardware platforms such as the ESP8266 Wi-Fi SoC, you may already have used an online IoT service for your project. In this article, we will show you how to setup your own online service by setting up a Virtual Private Server (VPS) and server software for your Arduino IoT project.

In addition to setting up your own VPS, we will show you how to install a simple example that lets you control LEDs, lights, etc., by using a browser. The following figure shows how any number of devices can be controlled in real time by navigating to your own VPS using a browser. The online VPS functions as a proxy and makes it possible for any number of users to control the devices via the online server.

Source de l’article sur DZONE

/0 Commentaires/par