WordPress update adds deferred script loading for faster page speeds and site performance.
- WordPress 6.4 loads scripts smarter to improve page speeds
- JavaScript files now load deferred or async to prevent blocking.
- These changes allow for future optimizations like content security policies.
The latest update to WordPress, version 6.4, includes changes to how scripts are loaded on the front end that will improve page load times and performance for many sites.
Script loading strategies are now incorporated into the core and bundled themes of WordPress, improving the performance of loading scripts with defer and async attributes.
These attributes instruct the browser to load scripts in the background (async) or after the rest of the page has loaded (defer), which can significantly speed up the time it takes for a page to become interactive.
Faster Page Loads With Intelligent Script Handling
Previously, JavaScript files included in WordPress themes and plugins were loaded without specifying that they should load asynchronously. This meant they blocked other downloads and delayed page rendering while they were fetched and executed.
For website visitors, pages with WordPress content will load faster after an update, specifically improving the CWV’s first contentful paint (FCP) metric, which affects how fast the page first appears.
Behind the Scenes: How WordPress Achieved This
JavaScript files for blocks like navigation menus and embedded media from now has ‘defer’ added when enque ued. The wp-embed script for displaying embedded posts now utilizes ‘defer.’
Previously, the ability to add these attributes wasn’t standardized. With the introduction of a dedicated API in WordPress 6.3 and the full implementation in 6.4, developers now have a standardized way to control when their scripts load.
Additionally, the update moves the most deferred scripts back into the <head> section since they no longer block rendering. This allows the browser to discover and cache them earlier, improving performance.
A few lower-priority scripts, like the one for comment replies, will remain in the footer but are loaded asynchronously with ‘async’ so they load in parallel with other resources
Real-World Impacts For Website Visitors
For website visitors, pages with WordPress content will load faster after updating. There will be less “jank” or shifting around of page elements after the page first appears.
tains +100 Performance Wins
×
Search Engine Journal – SEO, Search Marketing News and Tutorials
Search Engine Journal – SEO, Search Marketing News and Tutorials
Latest
SEO
Paid Media
Content
Social
Digital
Webinars
Ebooks
Resources
Advertise
Company
Do Not Sell My Personal Info
Get The Rundown
ADVERTISEMENT
SEJ
⋅
Web Dev SEO
WordPress Update Improves Page Speed With Smarter Script Loading
WordPress update adds deferred script loading for faster page speeds and site performance.
WordPress 6.4 loads scripts smarter to improve page speeds.
JavaScript files now load deferred or async to prevent blocking.
These changes allow for future optimizations like content security policies.
Matt G. Southern
SEJ STAFF
Matt G. Southern
October 18, 2023
2 min read
51
SHARES
1.4K
READS
WordPress Update Improves Page Speed With Smarter Script Loading
The latest update to WordPress, version 6.4, includes changes to how scripts are loaded on the front end that will improve page load times and performance for many sites.
Script loading strategies are now incorporated into the core and bundled themes of WordPress, improving the performance of loading scripts with defer and async attributes.
These attributes instruct the browser to load scripts in the background (async) or after the rest of the page has loaded (defer), which can significantly speed up the time it takes for a page to become interactive.
Faster Page Loads With Intelligent Script Handling
Previously, JavaScript files included in WordPress themes and plugins were loaded without specifying that they should load asynchronously. This meant they blocked other downloads and delayed page rendering while they were fetched and executed.
For website visitors, pages with WordPress content will load faster after an update, specifically improving the CWV’s first contentful paint (FCP) metric, which affects how fast the page first appears.
Behind the Scenes: How WordPress Achieved This
JavaScript files for blocks like navigation menus and embedded media from WordPress.com now has ‘defer’ added when enqueued. The wp-embed script for displaying embedded posts now utilizes ‘defer.’
Previously, the ability to add these attributes wasn’t standardized. With the introduction of a dedicated API in WordPress 6.3 and the full implementation in 6.4, developers now have a standardized way to control when their scripts load.
Additionally, the update moves the most deferred scripts back into the <head> section since they no longer block rendering. This allows the browser to discover and cache them earlier, improving performance.
A few lower-priority scripts, like the one for comment replies, will remain in the footer but are loaded asynchronously with ‘async’ so they load in parallel with other resources.
Real-World Impacts For Website Visitors
For website visitors, pages with WordPress content will load faster after updating. There will be less “jank” or shifting around of page elements after the page first appears.
These changes lay the groundwork for even better optimizations in the future.
Featured Image: Wirestock Creators/Shutterstock
Read the Next Article
SEO Professionals Should Delegate Website Management
Discover what John Mueller, Google Search Advocate, says about Wix SEO vs. WordPress, website tech, and preparing for change.
SEO professionals have traditionally preferred WordPress over Wix due to its superior SEO capabilities and customizability.
Wix has improved its SEO functionalities, which could make it a viable alternative to WordPress for some users.
John Mueller suggests that most people should delegate website management to experts to avoid technical complications.
Kristi Hines
SEJ STAFF
Kristi Hines
August 2, 2023
3 min read
98
SHARES
6.6K
READS
SEO Professionals Should Delegate Website Management
Search engine optimization (SEO) professionals have long expressed dissatisfaction with platforms other than WordPress, mainly because they prefer WordPress’s comprehensive SEO capabilities and customizability.
However, this perception may be outdated as Wix develops more robust SEO functionality.
The debate was sparked recently by an insightful Reddit thread on why SEO professionals remain wary of Wix, with contributions from experienced marketing professionals and industry insiders like Google’s John Mueller.
Emerging Wix Developments
According to the original poster on Reddit, Wix markets itself as a user-friendly platform designed for those with limited coding skills who desire to create their own website.
Over the past few years, Wix has incorporated increased SEO functionalities to cater to the needs of its growing user base. It even added generative AI tools for website design.
Nevertheless, Wix’s past reputation still lingers, creating a barrier for users with unfavorable experiences with the platform.
This wariness has generated a preference for WordPress, a platform praised for its innate SEO capabilities and customization options.
Employing SEO features on Wix makes the platform viable for SEO.
Notably, the discussion underscores that while Wix has improved its SEO capabilities, it is ultimately up to the user to use them effectively.
Delegate Website Management
Instead of obsessing over granular details, he suggested that most people (and their clients) focus on the larger picture by delegating website management to a specialized team.
“The other (really for me: bigger) thing is that IMO most people should just not be running their own website or server, period. “
He argued that this mitigates risk, guarantees maintenance, and frees one from dealing with technicalities that experts could handle better.
“Speed, structured data, metaverse-ML, whatever the world throws at you – a platform will be able to do this for everyone, immediately, and they will fix it if it doesn’t work properly.”
SEO professionals should effectively stay in their own lane regarding website management.
“Let a professional do it, just like *you* are probably the professional when it comes to SEO.”
Nevertheless, Mueller’s view might be challenging for those who crave control and direct impact on results.
He maintained that in 2023, the web has evolved considerably, and clinging to older practices may leave one unable to adapt to future changes.
Prepare Ready For Change
Ultimately, Mueller hopes that SEO professionals will focus on staying at the forefront of technology.
“Y’all should be – and can be – at the forefront of technology, and sometimes that means letting experts do their things, just like you’re the expert of your things. The only constant is change, and there’s going to be more change in the future, and it’ll be harder to adapt if we try to hold it back and have to take a bigger jump.”
Does the “change” refer to advancements in AI for Google search, such as continued development of Search Generative Experience (SGE) capabilities? That remains to be seen.
As highlighted by this Reddit discussion, the final decision on website hosting and what to focus upon lies in what SEO professionals value more.
It also emphasizes the importance of evolving with changing web dynamics and staying up-to-date with platform developments to make informed decisions about marketing technology.
Featured image: Tada Images/Shutterstock
Read the Next Article
Google To Remove Inactive Accounts
Google will start removing inactive accounts that have been dormant for two years. Read more about the policy change and implications.
Google has updated its policy and will now delete personal accounts that have been inactive for two years, starting December 2023.
Businesses need to be aware, especially if they use personal Google accounts to integrate with third-party tools.
To keep a Google account active, you need to engage with it regularly, through actions like reading or sending emails, using Google Drive, or signing into third-party apps via Google.
Brooke Osmundson
VIP CONTRIBUTOR
Brooke Osmundson
May 18, 2023
3 min read
123
SHARES
5.1K
READS
Google To Remove Inactive Accounts
Google updated its inactivity policy for personal Google accounts.
It’s important to note how this could affect business protocols when using a Google account.
Read on to understand the new policy and any measures you should take.
The Policy Update Explained
According to the policy, accounts that haven’t been used or signed in for two years will be deemed an “inactive account.”
Why does this matter?
With the updated Inactive Accounts policy, Google can delete the account and any/all of its contents. This may include:
Gmail
Docs
Drive
Meet
Calendar
YouTube
Google Photos
It’s important to note that the policy change pertains to personal Google accounts only. Any accounts that are used for businesses or organizations will not be affected.
While the policy takes effect immediately, Google will not delete inactive accounts until December 2023.
Google will start deleting created and never used accounts before moving to other inactive accounts.
Google also noted that it would send multiple notices via email to both the account email address and the recovery email.
Why The Change?
Online security threats continue to be a big issue. While Google invests in technology to protect from account exposure or phishing scams, nothing is foolproof.
Accounts that haven’t been active for extended periods are more vulnerable to being compromised or hijacked. Per Google, these types of funds are more likely to be compromised if:
Old or re-used passwords have been used
Two-factor authentication hasn’t been set up
Fewer security checks by the account owner
With the policy change, Google will start deleting inactive accounts to reduce a user’s risk of account compromise.
Additionally, deleting inactive accounts reduces the amount of personal information Google retains on users, further securing individuals.
So, what is considered an active account?
Google considers an account active if any of the following actions are taken:
Reading or sending an email through Gmail
Using Google Drive
Watching YouTube videos
Downloading an app on Google Play Store
Using Google Search (while logged into a Google account)
Signing into a third-party app via “Sign in with Google.”
What Businesses Need To Know
Many marketers set up Google accounts to tie third-party tools to an account, such as Looker Studio or other reporting tools. These accounts may not be set up as business accounts, which is why this policy update is important.
Here are some helpful tips that marketers can take action on now to ensure a Google account stays active:
Take inventory of any shared Google accounts used and document them (especially for agencies)
Log into any Google account and set up two-factor authentication
Document the dedicated recovery email set up for each account
Ensure all account settings are up-to-date
This ensures that all necessary information is in place, especially if there is turnover at a business or agency. The accounts can be used over the long term and reduce the impact of setting up new accounts due to a lack of shared internal information.
Summary
A standard process and documentation for accounts are vital for workplace (and personal) security.
Reduce the risk of dealing with an inactive account, or worse – a compromised account – by taking the actions above to ensure any pertinent Google accounts stay active and secure.
Featured Image: Iana Alter/Shutterstock
Read the Next Article
WordPress Hit With Multiple Vulnerabilities In Versions Prior To 6.0.3
WordPress announced a security release to fix more than a dozen vulnerabilities of varying severity
Roger Montti
SEJ STAFF
Roger Montti
December 5, 2022
3 min read
294
SHARES
12K
READS
WordPress Hit With Multiple Vulnerabilities In Versions Prior To 6.0.3
WordPress published a security release to address multiple vulnerabilities discovered in versions of WordPress prior to 6.0.3. WordPress also updated all versions since WordPress 3.7.
Cross Site Scripting (XSS) Vulnerability
The U.S. Government National Vulnerability Database published warnings of multiple vulnerabilities affecting WordPress.
There are multiple kinds of vulnerabilities affecting WordPress, including a type known as a Cross Site Scripting, often referred to as XSS.
A cross site scripting vulnerability typically arises when a web application like WordPress doesn’t properly check (sanitize) what is input into a form or uploaded through an upload input.
An attacker can send a malicious script to a user who visits the site which then executes the malicious script, thereupon providing sensitive information or cookies containing user credentials to the attacker.
Another vulnerability discovered is called a Stored XSS, which is generally considered to be worse than a regular XSS attack.
With a stored XSS attack, the malicious script is stored on the website itself and is executed when a user or logged-in user visits the website.
A third kind vulnerability discovered is called a Cross-Site Request Forgery (CSRF).
The non-profit Open Web Application Security Project (OWASP) security website describes this kind of vulnerability:
“Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated.
With a little help of social engineering (such as sending a link via email or chat), an attacker may trick the users of a web application into executing actions of the attacker’s choosing.
If the victim is a normal user, a successful CSRF attack can force the user to perform state changing requests like transferring funds, changing their email address, and so forth.
These are the vulnerabilities discovered:
(1)If the victim is an administrative account, CSRF can compromise the entire web application.”
(2) These are the vulnerabilities discovered:
(3) Stored XSS via wp-mail.php (post by email)
(4) Open redirect in `wp_nonce_ays`
Sender’s email address is exposed in wp-mail.php
(5) Media Library – Reflected XSS via SQLi
(6) Cross-Site Request Forgery (CSRF) in wp-trackback.php
(7) Stored XSS via the Customizer
Revert shared user instances introduced in 50790
(9) Stored XSS in WordPress Core via Comment Editing
(11) Data exposure via the REST Terms/Tags Endpoint
(13) Content from multipart emails leaked
SQL Injection due to improper
( 14) sanitization in `WP_Date_Query`
RSS Widget: Stored XSS issue
Stored XSS in the search block
(15) Feature Image Block: XSS issue
RSS Block: Stored XSS issue
Fix widget block XSS
Recommended Action
WordPress recommended that all
users update their websites
immediately.
The official WordPress
announcement stated;
WordPress recommended that all
users update their websites
immediately.
The official WordPress
announcement stated
This release features
several security fixes.
Because this is a
security release, it is
recommended that you update your sites
immediatel
All versions since WordPress 3.7
have also been updated.”
Read the official
WordPressannouncement here: