A slow website will lose visitors. A cache speeds up your site by delivering saved copies of your content, instead of WordPress generating a new page for every visit. The only downside of caching is visitors may not see the latest version of a page for your cache timeout, unless they press CTRL+F5. A fifteen minute cache timeout is standard, so unless you’re running a news agency that’s not really an issue.

WordPress has no caching by default so I chose WP Super Cache as it’s free, very popular and was highly rated in this detailed analysis. I also have a related plugin ‘clear all cache’ which provides a button to empty the cache so you know everything is bang up to date, which can be useful for fault diagnosis.

All websites should avoid broken links. Pages get moved all the time on the web, whole sites disappear and YouTube videos are taken down without warning. Broken links are frustrating for visitors and having more than a couple on your site gives the impression content was published, then forgotten about.

A broken link plugin will do periodic scans then alert you by email and the WordPress dashboard so you can fix and republish your content. They don’t always get it right, and if you manually check the link it may actually be fine, but the occasional false positive is better than having broken links go unnoticed for months. The suitably named Broken Link Checker performs this task for my site.

Automated checks can watch your site 24/7 while you’re busy doing other stuff.

My hosting company ran a script which kept taking my site offline because a WordPress admin script ran on too long. After a couple of incidents I found the answer (increase the memory allocated to WordPress and set a global limit on script execution time). If the downtime happens again I’ll know because the uptime check visits my site every 5 minutes and emails me if it becomes unavailable, and mails again when it comes back up. I can look at the history of these checks and know if my site has gone offline, suggesting a problem with the hosting or suggesting my site may have been hacked.

Uptimerobot.com gives you 50 free checks. I have one check looking at the homepage, a second at a blog page. Searching for a specific word or phrase on the page is the most reliable method. You can login to your account directly or via a the uptime robot monitor plugin, allowing you to view the data on the WordPress admin console. Also the free checks don’t have to point at sites you own – so if the broken link checker tells you an external site down frequently, you could have uptimerobot.com check the link, and decide if you want to remove your link.

Professionally I have also used Pingdom.com and found the UI and support to be very good, but they don’t seem to be offering any free options currently.

Social media is key to maximising your readership. I think readers may be more inclined to share your work if they see a nice set buttons displaying logos for Facebook, twitter, tumblr etc in a size and style that compliments your site.

I use Simple Share Buttons plugin which works well enough for me, although I did need to tweak my stylesheets to prevent the logos displaying underlined.

Open Graph data determines the image and summary text that appears when someone shares your post. This can be a bit hit and miss without a good plugin. Before adding a plugin all my post shares were displaying the homepage banner image, which is fine as a banner but not usually relevant to the subject of the post.

I tried a few Open Graph plugins which either didn’t work or were intermittent and eventually settled on WebZunder open graph plugin.

Even with a dedicated contact form you’ll get some spam mail from companies trying to sell you web design and promotion, but far fewer than if you displayed your email to every spammer on a contact page, so use a contact to hide your email address. With some contact forms you can enable Captchas, but Captchas have a negative impact on user experience and accessibility. Unless you get large volumes of spam through your contact form, I would do without them.

I found Contact form 7 was easy to set up and has a suitable range of options.

Top of your security ‘todo’ list should be renaming your admin user and moving your login page to a less obvious path. You can change the main admin user name at any time from the WordPress dashboard. Having a custom location for the door into your website should really be a core feature of WordPress in my opinion, but it’s not so you will need a plugin. It’s necessary because even if you remove all mention of WordPress, hackers can easily identify a WordPress site and they will try breaking in from standard routes like /wp-admin or /login.php. Of course make sure you have your new admin name, login page location and recovery information recorded somewhere safe in case you clear your browser cache or your pc breaks down!

Also before you change your login page remove the WordPress ‘meta’ menu from your site. You can’t edit this menu and it contains a link to the login page, so if it’s life it may display your freshly hidden login location to all and sundry! Hide my WP seems to be get checked for compatibility with the WordPress core updates more frequently than most, and I found it easy to set up.

Visitor statistics have a value but website stats are like any other, i.e. usually found in the same ball park as those lies and damned lies. I use a plugin for stats and see several visitors per day (unique IP addresses). But drilling down into the stats many of these are classified as ‘adult entertainment’ meaning they come mostly from bots, spam referrers and hackers – not porn stars fascinated by my insights into the meaning of life. On the other hand, these non-visitors will probably remain at a fairly constant level, so if you publish a great new post or do some promotion, then soon after see a noticable increase in traffic, you can use the stats to confirm you have genuinely reached more of your target audience. See stats as a relative rather than absolute tool.

Many blogs use Google analytics, which is a free and a very mature analytic tool, but relies on your site issuing a tracking cookie to the user. According to EU law you should ask visitors before setting any cookie, and browsers might display off-putting security warnings to the user. That’s not really an issue for a large well known organisation, but for a small site doing without cookies for everything except taking payments or user login is desirable. For this reason I use the statistics plugin New Stats Press in preference to Google Analytics. It displays some useful information and has a nice graphical layout.

And recommendation number 9½ is a separate plugin to block what’s called spam referrers – they visit your site hoping you’ll see their visit, then make the return visit to a site containing hostile code, or perhaps even display a list of ‘top referrers’ on your homepage, even though no-one does that anymore… it’s just so 1990s. Spam referrers can be simply ignored but they mess up your stats so I use WP referrer spam blacklist to limit such traffic. These can only be partially successful as spam referrers keep changing their IP addresses and some will always find a way through.