Your site uses an outdated version of PHP

/0 Comments/in

This message indicates that the PHP version used by the server to process PHP is outdated.

How risky is an outdated PHP version?

If you’re only a month behind, it’s not a problem. Even a few months may not be a big issue. However, if you’re significantly behind on major PHP releases (a year or more), it becomes different. There is a risk of security vulnerabilities.

How can you update PHP to a new version?

Usually, your web host takes care of this for you. If you have a VPS (Virtual Private Server), you may need to update PHP yourself or request assistance from your web host. There may be associated costs involved.

You should remove inactive themes

/0 Comments/in

When creating a WordPress website, multiple themes are sometimes experimented with. No problem, of course, but once you have chosen a theme to continue with, it is good practice to remove the remaining inactive themes.

Why should I remove themes that are not active?!

The themes still exist on the server. Any data stored on the server can be used by a hacker or script to gain access to your website.

And there are several reasons to remove your inactive themes

  1. Themes you are not using take up space on the server
  2. Themes can serve as hiding places for backdoors created by viruses and hackers
  3. Themes need to be updated. They are recognized by WordPress, leading to update notifications every week/month, even though you are not using them!

I remove everything I don’t need, just like in my house.

Beware of your “child” theme!

Many frameworks have a child theme associated with them. Customizations are made within the child theme, and you wouldn’t want to lose those. Therefore, make sure your website is not using a child theme before removing any themes.

Have a default theme available

/0 Comments/in

I understand your concerns about having a default fallback theme available as a “fallback” option in WordPress.

Having a default theme, especially a WordPress Twenty- series theme, is something you may prefer not to have on your server. It goes against the logic of another diagnostic point we mentioned: you should remove inactive themes, where we explain that inactive themes can be potential entry points for hackers and scripts.

Yes, a fallback theme ensures that your website is still accessible in case of an error.

However, you may not want to see how your website looks with a default theme, and the potential risks associated with using an outdated default theme. In such cases, it may be preferable to see a blank page or an error message that you can address and resolve as quickly as possible.

Where can I find the Sitediagnosis of my WordPress website?

/0 Comments/in

The Site Health tool in WordPress can be found in your admin area under Tools > Site Health.

If your WordPress admin is in English, you can find the Site Health tool under Tools > Site Health.

The Site Health tool has been a built-in feature of WordPress since version 5.1, so you no longer need a plugin for it.

However, please note that plugin developers may use the Site Health tool to display their notifications. This means that the Site Health tool may show notifications that aim to encourage users to upgrade to a paid pro/premium version of the plugin.

As a result, the number of notifications displayed can quickly add up, but it doesn’t necessarily mean that something is wrong with your website.

At the time of writing, the Site Health tool is primarily relevant for checking if your PHP/MySQL server software is up to date and if you are not falling too far behind on updates.

Your site does not use HTTPS

/0 Comments/in

HTTPS is the secure connection that is established when you have an SSL certificate and your website is accessed via https://.

This is no longer a luxury; at the time of writing, HTTPS is a necessary setting if you want to ensure that Apple devices and various browsers display your website.

Google, as a search engine, also values HTTPS.

Does your website already have access to an HTTPS / SSL certificate or secure connection?

First, check if your web host has a certificate ready for you.
You can test this by finding your license.txt file and adding https:// in front of it.
Example: https://your-domain-name-here.nl/license.txt
If that file is accessible with a secure connection, you just need to switch WordPress to HTTPS.
Note: it may be possible that the license.txt file is not present. To confirm that this file exists on your server, search for it without HTTPS. So simply use http://

Switching your website to HTTPS when you already have an SSL certificate

One way is to install the “Really Simple SSL” plugin. (Via your admin > plugins > add new plugin)

If you don’t have an SSL certificate yet

If you don’t have an SSL certificate installed on your server, you can request one from your web host.
Sometimes a Let’s Encrypt certificate is available (often free), but sometimes you need to purchase an external certificate or order a certificate through your web host by choosing an option.

Your site is set up so that visitors can see error messages

/0 Comments/in

An apparently harmless notification. The error messages of code are visible to visitors.

However, these error messages can provide hackers and scripts with valuable information, such as file paths, used plugins, version numbers, your root address, and more!

disable debug mode in WordPress

If you encounter this notification, it means that the debug mode is set to TRUE in your wp-config.php file, and you need to change it to FALSE (capital or lowercase letters don’t matter).

One or more recommended modules are missing

/0 Comments/in

One or more recommended modules are missing… When you see this message in your site diagnosis, it usually means that the “imagick” module is missing or, more accurately, not being used by the server in 99% of WordPress websites.

Is it a big issue if the imagick module is missing?

No, in most cases, your server has an alternative (the GD module) for image manipulation and editing.

What does the imagick module do?

The imagick module allows for image manipulation, such as scaling, cropping, and resizing of images.

How can I make sure that the GD module is present on my website and replaces imagick?

How can I be certain that the absence of the imagick module doesn’t cause any issues?
Upload an image in WordPress and try editing it. If you can successfully make changes and save the file, it means that the alternative GD module is functioning properly. You can then ignore the notification about the missing imagick module.