WordPress Site Health score

The Site Health screen, nestled within your WordPress dashboard, is your roadmap to a better-performing site. It highlights critical areas needing attention, offering a pathway to enhance your site’s performance and security.

This tutorial will guide you through navigating to this screen and unraveling ten pragmatic tips to boost your Site Health score.

Before we start: How the Site Health score works in WordPress

The Site Health functionality in WordPress adds robust tools that help you identify potential issues that could affect your site’s performance or security, like outdated software or incorrect settings.

The Site Health tool runs a series of tests and then shares results and recommendations with you based on what it finds.

By using the Site Health screen, you can catch problems early and fix them, which helps keep your site safe and working well.

In your WordPress dashboard, you’ll find two pages under Tools > Site Health.

Tips to get 100% site health score - dashboard screenshot.

The first page displays your Site Health Status with results categorized as:

  • Critical
  • Recommended
  • Good

These tests are what WordPress uses to calculate your Site Health Score. Needless to say, the critical tests weigh more heavily, and not faring well in them can dampen your chances to get 100% Site Health score.

site health score.

👉 The health check results show critical information pertaining to both performance and security. The performance checks include checking for:

  • WordPress version
  • Latest PHP version
  • SQL server version
  • Installation of recommended PHP modules
  • UTF8MB4 support
  • Scheduled events
  • Working HTTP requests
  • REST API availability
  • Performing loopback requests

👉 The security checks include:

  • Active themes
  • Up to date plugins
  • HTTPS connection
  • Secure communication
  • Debug mode off
  • Communication with WordPress.org
  • Background updates enabled

The second page is the Site Health Info page that contains a load of information related to your site health. There’s a convenient button here that can copy all the information to your clipboard so that you can share it with a developer who’s supporting you. For example, if you’re asking a plugin author for help, this gives you a convenient way to provide them with information about your site:

SIte health info.

Ten tips to get a 100% Site Health score in WordPress

Now that you know the checks that WordPress runs to assess your website, here's what you can do to get a 100% Site Health score.

📚 Table of contents:

  1. Keep WordPress up to date
  2. Keep themes and plugins up to date
  3. Remove unused themes and plugins
  4. Use the latest SQL server version
  5. Upgrade to the latest PHP version
  6. Make sure debug mode is turned off
  7. Install SSL certificate and use HTTPS
  8. Leave the REST API enabled
  9. Make sure WP Cron is enabled
  10. Install all the recommended PHP modules

1. Keep WordPress up to date

We've heard this often enough, but in practice, not many of us pay attention to the update notifications that appear with (annoying!) frequency on our dashboard for major updates. Fortunately, updating WordPress is now just a one-click affair. By default, minor changes happen automatically.

Update WordPress.

And while it's possible to disable background updates, it's really better not to do so.

The test results will let you know if your site is up to date and if it's communicating with WordPress.org. For the best way to run these updates, check out our guide on how to safely update WordPress.

2. Keep themes and plugins up to date

Don't stop with updating the WordPress core. Go the whole distance and update all the themes and plugins as well. You can update these extensions from the regular WordPress updates area (Dashboard → Updates), as well as the respective Themes and Plugins areas:

Update plugins.

3. Remove unused themes and plugins

Beyond updating themes and plugins that you are using, you'll also want to remove any themes and plugins that you are not using. Themes and plugins that are not updated are a security risk, which is why it's safer to remove them.

There is one exception, though - leave the latest default theme installed, even if you're not using it (e.g. Twenty Twenty-Three).

4. Use the latest SQL server version

Your database server's software is what powers the database that WordPress uses to store your content and settings. There are two common options, depending on your host's configuration:

  1. MySQL
  2. MariaDB (a fork of MySQL)

To improve your site's performance and security (and Site Health score), you'll want to make sure you're using the latest version - WordPress recommends running MySQL version 5.7+ or MariaDB version 10.4+.

If you're not sure how to do this, the best way to get started is to reach out to your host's support.

5. Upgrade to the latest PHP version

PHP is the programming language that powers much of WordPress' functionality.

Upgrading to the latest version offers big performance improvements, as well as better security (because older versions no longer receive security updates).

Currently, WordPress recommends that you use PHP 7.4+.

Many WordPress hosts give you an option to choose your PHP version from your dashboard. Or, you can reach out to your host's support for help.

Either way, we'd recommend you follow our guide on how to safely upgrade your PHP version.

6. Make sure debug mode is turned off

WordPress has a few built-in debugging tools that generate helpful messages to developers. The most important tool is WP_DEBUG in your WordPress install.

However, on a live site, the debug mode should not be turned on because it can reveal a load of information about your website to visitors and is, therefore, a security risk. That's why WordPress will ding your Site Health score if you still have debug mode turned on.

To configure the debug mode, find this line in your wp-config.php file:

define( 'WP_DEBUG', true );

To turn it off, you can either change true to false, or just delete the entire line.

7. Install SSL certificate and use HTTPS

HTTPS (Secure HTTP) is a method of encryption that secures the communication between your server and the browser of any user visiting your website, and it's what gets you that trust-building green padlock in web browsers.

Google Chrome marks all non-HTTPS pages as "Not Secure:":

Insecure website.

To avoid this, and get your Site Health score up, you'll need to install an SSL certificate and then migrate your site to HTTPS.

Many hosts now offer free SSL certificates via Let's Encrypt that you can install with a few clicks, or you can find other free and cheap SSL certificates. Once you've installed your SSL certificate, follow our guide to safely move to HTTPS.

8. Leave the REST API enabled

The WP REST API helps your WordPress core communicate with the various web, desktop, and mobile applications on the internet. This helps WordPress work effectively as a content management system, storing and serving up content to be visible on the internet.

By default, the WP REST API is enabled, but some plugins (especially security plugins) and developers will disable it.

However, if you want to get a perfect WordPress Site Health score, you'll need to leave the WP REST API enabled. Most plugins or tools that disable the REST API will also give you a setting to leave it enabled.

9. Make sure WP Cron is enabled

Normally, WordPress handles a number of routine tasks such as backing up, publishing posts, or checking for updates. This function is handled by the cron job system, a special technology used by servers to handle scheduled tasks or recurring events. Many plugins also rely on the WordPress cron system to carry out tasks, but sometimes they hog most of the resources.

To check if WP Cron is working, you can use the free WP-Cron Status Checker plugin to get a new dashboard widget that tells you its status:

WP Cron.

If it's not working, you can check if the following line is in your wp-config.php file:

define('DISABLE_WP_CRON', true);

To re-enable WP Cron, you just need to remove that line. Or, if that's not the issue, you can reach out to your host's support for more help.

PHP modules play an important role in executing the tasks on the server that make your site run. The WordPress core relies on a list of PHP modules to help it execute tasks. If you don't have a certain module on your server, WordPress will either have to use a more inefficient method for that task, or it might just remove the functionality.

If you're missing one of the recommended and required modules, WordPress will tell you which module is missing and ding your Site Health Score:

Missing PHP module in Site Health score.

To fix this, ask your host's support if they can help you to install the module.

Don't stress about your WordPress Site Health score 👨‍⚕️

While it can be satisfying to see a perfect 100% score in the Site Health area, you don't need to get a perfect score to have a secure, functioning WordPress site, and some developers have expressed views against this new scoring methodology.

Overall, you should definitely fix the critical issues, and try to implement recommended issues. But don't stress yourself out if you can't eliminate every single recommended issue.

Do you have any questions about the new Site Health score feature in WordPress? Ask away in the comments!

Yay! 🎉 You made it to the end of the article!

0 Comments
Inline Feedbacks
View all comments

Or start the conversation in our Facebook group for WordPress professionals. Find answers, share tips, and get help from other WordPress experts. Join now (it’s free)!