Select Page

It is estimated that somewhere between 25 and 50% of modern websites run on or utilize a WordPress install. Not bad for a program that was started by a 19-year old soon-to-be-college-dropout just 16 years ago.

Of course, much like Steve Jobs, while Matt Mullenweg was the face of WordPress, he was assisted by Zed1 founder, programmer Mike Little – who connected with Mullenweg after Matt commented on one of Mike’s blog posts.

Mullenweg’s company Automattic is now the driving force behind the for-profit WordPress.com site, along with Jetpack, WooCommerce, Simplenote, Longreads and more, making it all but ubiquitous in the Internet realm. The company’s quest? To make the Internet a better place.

A Brief Timeline

As you might expect, a company like Automattic, with the WordPress.com site, as well as the separate, open-source WordPress platform, which is used on so many other websites (including this one!), makes for a pretty big for hackers. These attackers, both real and automated, attempt to find and exploit holes in WordPress itself, along with all the related code found in plugins, themes, and connected systems.

In 2013, automatic security updates were added to the WordPress software to ensure that any potential holes were patched for everyone, immediately. This was a major leap forward, because previously all updates had to be applied manually. Beginning with version 3.7 of WordPress, background updates came to all WordPress sites, meaning that maintenance & security updates would automatically be applied to the WordPress core (version upgrades still required manual intervention, as did any updates to WordPress plugins and themes).

Unfortunately, in 2016, a vulnerability was introduced in an automatic update, leaving WordPress users open to attack – using the very automatic update feature they relied on to keep them safe. And because of the settings, users couldn’t stop or rollback the update – or any malware that might have already come through the cracked window.

Within a week of the problem’s discovery, WordPress had pushed out an additional update that fixed the problem. And, as far as they know, no ne’er-do-wells discovered the issue and exploited it, although they (Automattic, in this case) did pay a “bounty” to WordFence for alerting them of the problem.

But clearly some changes needed to be made.

The WordPress core team rolled out some changes right away, allowing automatic updates to be limited to crucial security fixes. Eventually, the code was amended to allow even those to be shut off – but that’s not recommended.

Even before the issues with automatic updates, the WordPress community had begun developing “Health Check and Troubleshooting,” a plugin for ensuring the best WordPress install, despite many web hosting companies still persisting in limiting installs, PHP and MySQL database access. The functionality of the original plugin allowed site owners to see technical details of their site’s setup, such as PHP & MySQL versions, without going into the server side of things.

At WordCamp US in 2018, as part of a larger initiative known as ServeHappy, a serious push was made to urge WordPress site owners to move away from older versions of PHP which were reaching their end of life (EOL) and would therefore no longer receive support. As part of Contributor Day at WCUS 2018, work was done to add protection against the dreaded “White Screen of Death” (“WSOD”) and other related issues, which resulted in the ServeHappy project being renamed the Site Health Check project.

Beginning with WordPress 5.1 in early 2019, major features of the Health Check & Troubleshooting plugin were merged into WordPress core and became available in every WordPress install without the need to add the plugin. Other features arrived in version 5.2, and now the Site Health status page is a useful feature of every current WordPress site. Simply go to Tools → Site Health to check it out.

Note: Today, while many features of the plugin are available in WordPress core, there are still some advantages to installing and activating the plugin. The rest of this post is geared toward using the WordPress Health Check & Troubleshooting plugin in addition to the tools found in every WordPress installation.

No More Downtime

One of the biggest features of the WordPress Health Check is that it allows you to check and suggest fixes to your website – without taking it offline or making it vulnerable to hackers.

Compatibility, appearance, redirection, themes, database errors, plugins, outdated and otherwise, are many of the many variables that influence today’s sites. It becomes hard to narrow problems down quickly and easily without (hopefully) temporarily taking your site down…a hard pill to swallow for businesses that rely on their sites for countless operations, including sales.

In the old days, often times you would need to deactivate plugins, switch to a default theme, and/or completely shut your site down to check for issues. Now with Health Check being part of the native WordPress system, it can run the checks and account for several variables in the background – never leaving your customers or Google with a negative experience or a 404 error.

So It Begins…

As soon as you click on the Site Health tab in the Tools submenu, the plugin runs your site through a series of checks, offering you an overview of the site health status.

These are divided into “Critical Issues” and “Recommended Improvements.” And the process labels each issue as a “Security” or a “Performance” issue. At the bottom of the “Status” screen, you will see a button that either says Passed or Failed tests. If you click the arrow in the button, it expands to show you the entirety of the checks completed.

For non-techies, each test also has a drop down arrow that can explain what each test verifies and why it matters. Some even have popout links to give more detailed information on why the item checked is important to the life of your site. There are some of these tests that you want to fail, because doing so keeps your site more secure, so ask your IT person or subcontractor before changing any of the settings.

Oh, and don’t assume that a score of less than 100% is bad – as long as you’ve passed, you’re good and, again, some of the things the plugin checks may be limited for IT security purposes.  Always double check.

But Wait, There’s More…

After the first time you run the check, there will be more tabs to explore.

Site Health Info offers a multitude of information about your specific WordPress install, from Users to Permissions, even specifying limits on changes and file sizes.

Troubleshooting offers you the ultimate backdoor to check your site for inconsistencies and errors and allows you to narrow any issues down to the root cause. Essentially, when you click the button at the bottom to “Enable Troubleshooting Mode”, your login and your login alone becomes isolated from the system. Then WordPress returns it to the old school default mode I talked about earlier, without affecting any other users, site guests or your online presence.

Now that you’re in Troubleshooting Mode, a new item appears on your top admin bar. From there, you see an overview of plugins enabled or disabled, and can toggle them on or off. You can also swap between themes. That’s also where you switch off Troubleshooting Mode.

Finally, the Tools tab gives you access to even more ways to check the details of your site. You can check File Integrity of the WordPress core installation. You can check and send a test email to ensure mail works properly. And you can see detailed information on the plugins installed, their version, and the required PHP (which stands for Hypertext Preprocessor, if you were wondering) to run each plugin. This is helpful for debugging plugin issues, but also for making sure your site still works if you or your site hosting company is planning to update/upgrade the PHP.

**At the time of this writing, the latest version of PHP was 7.3 and it was not only safer, but loaded sites 2-3 times faster than the previous version.

Even with the occasional vulnerability – which, honestly, Automattic fixes a lot quicker than most – WordPress is still the top platform for hosting your content blog, if not your entire business site. We keep our site there, as well as the sites of most of our clients, for a variety of reasons – security, ease of use and Google, er, find-ability, just for starters. If you haven’t tried it, check it out.

To get the most out of WordPress’s features for your business website, you need to know who your ideal customer is and what they’re looking for (online or off) that brings new business to you. Grow the Dream has been working for more than 10 years helping businesses be their best on the Internet, and we can help you too, from getting you started with strategy, to creating the ongoing content you need to stay on top of Google rankings. Reach out to us for a free 25 minute consultation to find out more!