Five Absolutely Critical Website To‑Do’s
by Dawn Groves
Whether you like it or not, your patients, vendors, employees, and countless others can and will check you out online. Even if you’re a specialist, even if you only receive referrals directly from colleagues, you’ll still be checked digitally. Looking up someone online is our culture’s digital equivalent of shaking hands. A weak presence has the same impact as a weak handshake. Ewww.
A solid schedule of smart digital housecleaning tasks is the best way to keep everything tidy and accurate. The following 5 practices will address some of your most potentially damaging “weak links” and hopefully jumpstart a year of great success online and off.
1. Clean up your user list
Why
Every user access account is like an open door to the back end of your website. If you’re not using a door anymore, close it. Permanently.
How
Make sure that everyone who has editorial access to your website is:
- Still active and actually needs an account.
You may have names in the list that are no longer employed or were granted temporary administrative access. These kinds of users should be removed.
- Needs the level of access they have.
Not everyone needs to be able to change anything and everything. Downgrade unnecessary or figurehead administrators.
Important: If you delete a user, make sure to attribute their content to someone else. Otherwise, whatever they wrote could be deleted along with their access.
2. Get rid of Broken Links
Why
Because broken links erode authority and make you appear digitally unprofessional. Google hates them and so do visitors. They’re the digital equivalent of an overgrown, unkempt yard or a dirty car.
How
- If you use WordPress, install the free Broken Link Checker plugin from wordpress.org.
- If you can’t install a plugin, then visit the W3C Link Validator website. It’s more cumbersome than a plugin but it gets the job done.
3. Check all images on your site
Why
Visitors look at images before they read text. If your images are out of date, boring, poor quality or purposeless (like a stock image that just takes up space), you’re squandering one of the most visible, engaging aspects of your site.
How
Go page by page. Evaluate each image according to the following criterion:
- It is current?
- Does it reference old news or an event that’s passed?
- Is it boring or sterile like a stock photo that was used as filler and then forgotten?
- Does it add to the content or just sit there like cold scrambled eggs?
- Does the image have alt text attached? If it doesn’t, add it in. (This is an accessibility feature that Google now demands.)
4. Check for HTTPS
Why
HTTPS (indicated by the lock icon in the address bar) means that the connection to your website is encrypted. HTTPS is a big hairy deal because:
- It prevents intruders from exploiting any unprotected resource shared between your website and your visitors.
- It prevents tracking of behavior on your website.
- It’s a requirement for many newer browser features and enabling technologies.
- It makes Google happy. You want Google to like you.
How
Talk to your web administrator about it. If it isn’t HTTPS already, insist on getting it done right away.
5. Change your username/password
Why
One the easiest ways to break into a site is by figuring out the admin’s username and password. Bad guys love usernames that are email addresses or other simple, identifiable choices.
How
If your access that of user or editor, you’ll need to tell the website administrator to do it. If you have administrator access, you can do it yourself. Here’s how to do it in WordPress:
- Log into your admin account. We’ll call this Admin1.
- To change an existing user:
- Go to the Users page.
- Insert the new account information into the user record.
- To change your personal administrator username/password:
- As Admin1, create a new Admin username/password record. We’ll call this Admin2.
- Log yourself out as Admin1.
- Log yourself back in as Admin2.
- Go to the Users page and delete Admin1 from the list. Assign all content to Admin2. Voila!
Important: Be sure to record your Admin2 username/password combo somewhere else before logging out as Admin1. Don’t laugh, it’s easy have trouble logging back into the site because of forgetting the new username/password combo just created.
6. Hide your login URL
I lied. I said only five to-do’s. Number Six is less of a have-to and more of a good-idea-to.
Why
Most WordPress administrators still log into their websites using a wp‑admin or wp‑login path. If the path changes to something unexpected, it becomes another hoop for bad guys (or gals) to contend with.
How
There are a number of ways to change a WordPress login URL. Installing a plugin is typically the easiest method. Check first to see if the capability already exists in your current stable. For example, WP‑Forms includes it. Others may as well.
If you don’t see it, try downloading WPS Hide Login. This free, lightweight plugin works on any WordPress website. It doesn’t rename or change any files; neither does it add or rewrite any rules. It simply intercepts page requests. Everything goes back to the default if you deactivate it. Another good plugin, Hide My WP, costs money but covers a lot more ground.
I get pleasure from making it hard for bad people to break into websites. Take that, hackers!