Fortunately, by implementing some simple security tactics and performing regular checks, you can make your site much less vulnerable to attack. This can help you avoid losing customers, traffic, revenue, or confidential information due to a preventable security breach.

In this post, we’ll discuss why protecting your WordPress site is more important than ever. We’ll then share nine of our top tips for boosting your site’s security. Let’s get started!

An Introduction to WordPress Security

WordPress powers over 40 percent of the web, which makes it an attractive target for hackers. If a malicious third party manages to identify a vulnerability with one WordPress website, they could potentially use that same security loophole against the millions of other websites that are built on the same platform.

With this mind, it’s unsurprising that attacks against WordPress are on the rise. Wordfence recorded 4.3 billion attempts to exploit vulnerabilities in 2020. When asked about web security, over 70 percent of developers, freelancers, and agencies confirmed that they are increasingly worried about their websites. In fact, 25 percent of respondents confirmed they’d had to deal with a hacked website in the month prior to participating in the survey.

The WordPress team has a strong track record of identifying and addressing vulnerabilities in the platform. However, no software is perfect. In addition, many website owners choose to extend WordPress core with themes and plugins. These third-party products can add new designs and features to your site – but can also add new security vulnerabilities.

According to Patchstack’s security whitepaper, third-party plugins and themes account for 96.22 percent of detected WordPress security vulnerabilities. The total number of active and vulnerable theme and plugin installations detected throughout 2020 came in at a staggering 70 million.

If a hacker does manage to take control of your site, the consequences could be disastrous. The attacker might deface your site, steal your data, or redirect your loyal customers to a spam website.

The impact of these malicious activities can be far-reaching. They may include a loss of trust amongst your customers and missed sales, right through to potential legal action due to your failure to protect your visitors’ information.

9 Ways to Keep Your WordPress Website Secure in 2021

WordPress may be a favorite target amongst hackers, but that’s no reason to switch to a different Content Management System (CMS). Let’s take a look at nine tips that you can use to harden and protect your WordPress website against common attacks.

1. Choose a Hosting Provider That Prioritizes Security

The most important way to keep your WordPress website safe is to choose a hosting provider that prioritizes security. Wherever possible, we recommend opting for a hosting solution that offers built-in security features and tools.

At GIWS, we take security seriously, which is why all of our hosting packages include the Cloudflare Web Application Firewall (WAF). This tool can help protect your site against brute-force attacks in which a hacker tries to submit many different passwords and usernames in the hopes of guessing the combination correctly.

Our hosting plans also come with the cPanel control panel and Softaculous installer. This popular installer provides access to a wide range of add-ons, tools, and software, including many that can help you protect your website.

Running outdated software can make your site more vulnerable to attack. If you do choose to install additional software via Softaculous, then we’ll email you every time an update becomes available. This ensures you won’t miss any critical security updates or bug fixes that can help bolster your site’s security.

If you do have a security concern, then it’s important to address it straight away. That’s why we also offer 24/7 customer support to all of our hosting customers.

2. Install a Secure Sockets Layer (SSL) Certificate

Without a Secure Socket Layer (SSL) certificate, malicious third parties may be able to intercept the data your website sends and receives. This includes login credentials and payment details. If a hacker manages to access this information, it could damage your reputation and destroy users’ trust in your website. It may even land you in legal hot water due to data protection laws.

An SSL certificate can help ensure your private data remains private by transferring information via Hypertext Transfer Protocol Secure (HTTPS) instead of Hypertext Transfer Protocol (HTTP). As the name suggests, HTTPS is more secure than HTTP, as it enables you to encrypt any data that flows in and out of your website.

To help you meet this important security requirement, we provide several different types of SSL certificates:

After procuring your SSL certificate, we’ll send you an SSL Token via email. You can install your certificate by adding it to your website.

If you’re a cPanel user, then you can log into your account and launch the SSL Status:

We’ll then ask some simple questions about your website and your certificate. After providing these details, AutoInstall SSL will upload your certificate and your data will be encrypted.

3. Implement a Content Delivery Network (CDN)

If a malicious third party manages to break into your site using a brute-force attack, they could wreak havoc. They might steal your data, deface your site, or even delete your WordPress website entirely.

You can help protect your site against brute-force attacks by using a long, complex password that features a mix of numbers and symbols, plus uppercase and lowercase letters. However, some hackers use automated scripts and bots to bombard your site with thousands of login credentials. Even if you follow password best practices, your site may still fall victim to a brute-force attack.

To protect against these automated scripts and bots, you may want to consider using a Content Delivery Network (CDN). Although this tool is often used to improve website performance, it can also block malicious requests from ever reaching your site.

This may prevent hackers from hammering your site with login credentials. At GIWS, we offer the Cloudflare CDN to all our customers:

In addition to offering brute-force protection, Cloudflare’s network is designed to monitor and mitigate Distributed Denial-of-Services (DDoS) attacks. In this scenario, a hacker floods your network with so much malicious traffic that it exceeds your website’s capacity to process requests, at which point legitimate requests may be ignored.

You can configure your Cloudflare CDN by logging into cPanel and navigating to Software > Cloudflare. You can then follow the onscreen instructions to ensure Cloudflare is set up correctly for your particular website.

4. Use Plugins and Themes Safely

WordPress has huge directories of themes and plugins that can help you create beautiful, feature-rich websites. However, these third-party extensions can also make your site vulnerable to attack. In 2019, 97.2 percent of WordPress vulnerabilities were related to plugins.

To help protect your website, you should only install plugins from reputable sources. Wherever possible, we recommend using the official WordPress Plugin Repository, as it has strict security guidelines:

Alternatively, you can purchase themes and plugins from reputable third-party marketplaces such as CodeCanyon. Even if you’re using a quality source, it’s still smart to evaluate the theme or plugin, including examining when it was last updated:

We also recommend checking the software’s reviews, particularly the most recent ones. A spate of negative comments may indicate a security issue with the latest release.

Themes and plugins also add code to your site, which may contain vulnerabilities. A responsible developer will work hard to close any security loopholes discovered in their theme or plugin, and will often release an update that contains a solution for any recently-discovered vulnerabilities. For this reason, it’s important to keep your themes and plugins up-to-date.

According to WPBeginner, 86 percent of sites are hacked due to outdated software. To minimize your risk, it’s important to install updates as soon as they become available:

At some point, you may no longer require a particular theme or plugin. If you simply deactivate the software in question, then hackers may still be able to exploit its code. For example, hackers commonly target individual PHP files within a specific plugin.

If you simply deactivate the theme or plugin, then those PHP files will remain accessible and will therefore still be exploitable. This means that it’s crucial to delete extensions that you no longer require.

5. Install a Web Application Firewall (WAF)

Themes and plugins can potentially introduce vulnerabilities to your website. Ideally, when such a problem is discovered, the theme or plugin developer will rush to patch the issue and release an update.

However, this isn’t always the case, as some complex vulnerabilities may take time to fix. While we’d always recommend removing insecure software, this isn’t always feasible. For example, perhaps the plugin in question delivers your website’s core functionality.

If you do need to continue using a vulnerable plugin, then you can make it more difficult for hackers to abuse these known security loopholes. One method is to use a Web Application Firewall (WAF) to filter out malicious requests before they reach your WordPress website. This can also protect your site against Cross-Site Scripting (XSS) attacks.

There are several WAF plugins available for WordPress. However, the Wordfence endpoint firewall is a popular option:

After installing and activating Wordfence, it’s a good idea to leave this plugin in Learning More for at least a week before enabling its firewall. This can help you avoid false positives, where Wordfence blocks legitimate activities.

While the plugin is in Learning Mode, you should perform as many different actions as possible on your WordPress website. This gives Wordfence the best possible chance of learning how to protect your site while also permitting normal activity and visitors through its firewall.

You can put Wordfence into Learning Mode by navigating to Wordfence > Firewall. Then open the Web Application Firewall Status dropdown and select Learning Mode:

Save your changes, and Wordfence will start monitoring your site. When you’re ready to take Wordfence out of Learning Mode, you can enable the firewall by navigating to Wordfence > Firewall. Then open the dropdown and select Enabled and Protecting.

6. Activate Two-Factor Authentication (2FA)

It’s important to protect your website with a strong password. However, there are some password-based attacks where the strength of your login credentials has no impact on whether that attack succeeds or fails.

This includes credential stuffing attacks, where a hacker attempts to break into your dashboard using thousands, or even millions of username and password combinations. There are even keystroke logging programs that can monitor your keyboard and record every single thing you type, including your password.

One way to protect against these attacks is to enable Two-Factor Authentication (2FA). After activating this feature, anyone trying to access your WordPress website will need to enter the correct login details and then pass an additional security check – such as responding to a push notification on their phone or entering a code sent to their email address – to access your site.

By activating 2FA, you can make it significantly more difficult for a third party to gain access to your website. You can set up 2FA using a mobile application such as Google Authenticator or Microsoft Authenticator:

After installing your chosen mobile app, GIWS customers can enable 2FA by logging into their accounts and navigating to Account > Edit Account Details. You can then select Security Settings in the left-hand menu:

On the subsequent page, select Click here to enable. You’ll then be guided through the process of linking your WordPress site to your authenticator mobile app:

As part of this process, we’ll provide you with a backup code. If you ever lose access to your authenticator app, then you can use this code to recover your WordPress website. To avoid getting locked out of your site, it’s vital that you make a note of this code and keep it somewhere safe.

7. Consider Disabling XML-RPC

Pingbacks are a way to notify other websites that you’ve linked to their content, and vice versa. By default, they’re enabled in WordPress. While this feature can make it easier to respond to comments that mention your site, it can also make your website more vulnerable to DDoS attacks.

WordPress pingbacks are made possible by the XML-RPC interface. However, an attacker might use this feature to bombard your site with pingbacks. This can overload your server and might even take your site offline. For this reason, you may want to consider disabling the XML-RPC interface using the REST XML-RPC Data Checker.

If you do decide to disable pingbacks, then install and activate this plugin in your WordPress dashboard. Then navigate to Settings > REST XML-RPC Data Checker. Next, select the XML-RPC tab and choose Disable XML-RPC API interface:

Now you just need to save your changes and pingbacks will be disabled for your website. If you don’t want to use a plugin, then you can block all incoming XML-RPC requests before they’re passed to your site.

This technique does require you to edit your site at the code level, so it’s wise to create a full backup before proceeding. If you’re an GIWS customer, we provide two backup tools that you can access via cPanel:

After creating a backup, connect to your server via File Transfer Protocol (FTP) using an FTP client such as FileZilla. You can then open your .htcaccess file for editing and add the following:

<Files xmlrpc.php>
order deny,allow
deny from all
</Files>

Don’t forget to save your changes and re-upload the file to your server. To verify that XML-RPC is now disabled, head over to XML-RPC Validator and enter your website’s URL. If XML-RPC is disabled, then the Validator should display an error message.

8. Remove the WordPress Theme Editor

By default, you can modify your theme using WordPress’ built-in theme editor. While this is helpful for creating custom themes, it’s also a way for hackers to inject malicious code into your website:

If you don’t need the theme editor, then you may want to consider disabling it. This requires you to edit your website’s code, so we recommend creating a backup before proceeding.

To disable the editor, you’ll need to connect to your server using an FTP client. You can then open your wp-config.php file and add the following after the line that reads “That’s all, stop editing! Happy publishing”:

define( 'DISALLOW_FILE_EDIT', true );

Save your changes and the theme editor will disappear from your WordPress dashboard. If you need to restore the theme editor at any point, then simply connect to your server using FTP and remove the line of DISALLOW_FILE_EDIT code.

9. Protect Your Database Against SQL Injection Attacks

A hacker may attempt to gain access to your WordPress account by injecting malicious SQL queries into your MySQL database. Hackers can launch these SQL injection attacks via any content that accepts user input. This includes many website staples, such as comment sections and contact forms.

Since MySQL is vulnerable to injection attacks, it’s important to keep your database up-to-date. It’s also important to protect your MySQL database with a strong password that has no connection to your website, company, or you as an individual. Here, it may help to use a password generator such as Strong Random Password Generator or LastPass:

You can also make it more difficult for hackers to identify your database by using a unique database name. GIWS customers can change their WordPress database name at any point by logging into cPanel and then accessing the phpMyAdmin tool.

In the left-hand menu, select the database that you want to rename. Then open the Operation tab:

Here, enter the name that you want to use and click on Go. When prompted, opt to reload your database.

Conclusion

As one of the world’s most popular Content Management Systems, hackers are always eager to uncover vulnerabilities in WordPress themes, plugins, and core. If a malicious third party does manage to identify a security loophole, they could potentially use it to launch attacks against millions of WordPress websites – including yours.

By following some simple security precautions, you can immediately make your site less vulnerable to attack. It’s important to start with the fundamentals by vetting all of your themes and plugins carefully and installing an SSL certificate. Once you have a strong foundation, we recommend exploring more advanced security tactics, such as enabling 2FA and disabling the theme editor and XML-RPC when possible.

Your choice of hosting provider is also crucial for security. All of our GIWS packages include features, tools, and add-ons specifically designed to help keep our customers safe, including HackScan Protection, Cloudflare, and a dual firewall. Check them out today!

The post 9 Ways to Keep Your WordPress Website Secure appeared first on GIWS Blog.

React is one of the most popular front end frameworks. Unsurprisingly, if you want to use React in your WordPress project, you have lots of options. If you’re feeling overwhelmed by so much choice, it’s understandable – but there’s no need to panic.

In this article, we’ll introduce four React frameworks that you can use in your WordPress projects. We’ll cover the pros and cons of each framework. We’ll also look at some common scenarios where you may want to use one React framework over the other. Let’s get started!

What Is a REST API?

An Application Programming Interface (API) is a set of programming instructions and standards for accessing web-based applications and tools. You can use APIs to communicate with other websites, applications, and services. This includes requesting data from third parties.

Many companies have released their APIs as products that third parties can use. For example, Google has released a wide range of APIs that provide access to their services, including APIs for YouTube, Street View, and Google Play.

REST (Representational State Transfer) APIs are distinct from other APIs. To be considered RESTful, an API must follow specific guidelines. These guidelines help ensure the resulting API is lightweight, flexible, extensible, and secure. These guidelines include a separation between the client and the server, the use of cacheable data wherever possible, and a uniform User Interface (UI).

WordPress has its own REST API. This API was originally developed as a separate feature plugin. However, elements of the REST API were added into the core platform as early as WordPress 4.4. The API was fully integrated into WordPress 4.7, which means that every version of WordPress since then has its own fully-functional REST API.

WordPress’ REST API provides data in JSON format. By default, every WordPress website has JSON data available. Unless the site owner has restricted access to it, it’s easy to see your website’s JSON output – simply enter its URL in the following format:

http://example.com/wp-json/wp/v2/posts

Your browser should now display a series of JSON data related to your site’s recent posts. This data isn’t particularly human-readable, but it’s compatible with a large number of web technologies. Similarly, you can see the JSON output of all your most recent pages, by replacing the /posts part of the URL with /pages.

What Does the REST API Mean for WordPress?

Traditionally, WordPress generated HTML using a theme based on PHP template files. However, the introduction of the REST API removed this dependency on the PHP rendering engine. This opened up lots of opportunities for WordPress developers.

The REST API makes it easier for WordPress to interact with other websites and web applications. This API lets you perform Create, Read, Update, and Delete (CRUD) actions on WordPress content, including posts, pages, and even custom post types. This gives developers an easy way to push and pull data out of WordPress.

WordPress’ REST API can also communicate and exchange data, regardless of the language an external program is using. This has made the WordPress platform far more flexible and powerful, as you’re not confined to any specific technologies or languages.

The REST API makes it easier for developers to display content from an individual website within a multisite setup. It is also possible to display content from separate WordPress websites.

Today, the WordPress REST API is commonly used to separate content from the front end, paving the way for developers to use WordPress as a headless Content Management System (CMS). This is where React comes in.

How React and WordPress Can Help You Create a High-Performing App

The React framework is a JavaScript library. Developers can use this library to build UIs for Single Page Applications (SPAs) within web and mobile environments.

The major aim of developing React was to improve JavaScript’s UI development. Though originally launched for use with Facebook, React is now enjoying a great rate of adoption across several industries. It is also gaining popularity with the WordPress community, particularly with developers who want to set up headless WordPress.

With a headless setup, you can use the WordPress CMS on the back end, then build your front end using practically any development technologies you’d like. React-based frameworks can use the WordPress REST API as an interface to access your website’s data from outside the WordPress framework. This means it’s possible to create an SPA using React, then control the content using the familiar WordPress back end.

React can also make your projects faster by eliminating the need to re-render. Rather than re-loading each page in its entirety, an SPA loads content dynamically. This means the fundamental code of a website is loaded just once. If the state of a component changes, React will re-render the necessary components only.

React has a large and active developer community. Major firms such as Facebook, Airbnb, Dropbox, Netflix, and Reddit use React to build many of their applications. This comes with a lot of perks in terms of development and expert base.

Some of the React frameworks we’ll cover in this article are relatively new. Using cutting-edge technologies may be exciting, but it can also pose problems if you encounter technical issues. You may struggle to find an expert who has the know-how required to help resolve your problem. However, by opting for a React framework, you can request assistance from the large, and growing React community.

What You Should Look for in a React Framework

When using any web technology, it’s important to choose the right framework. Every framework has its own unique set of features, strengths, and weaknesses. Some frameworks are also better suited to particular kinds of projects.

In this article, we’ll share four React frameworks that have plenty to offer WordPress developers. However, the right framework will vary depending on your project. With this mind, here are some things to consider, when deciding whether a particular React framework is right for you:

• The setup process. Some frameworks are easier to setup than others. In particular, you should check whether the framework is pre-configured to work with WordPress. It’s also a good idea to verify whether the framework provides any additional tools needed to build your project.
• The learning curve. Mastering a new technology always requires time and effort, but some frameworks have a steeper learning curve than others. In particular, you should investigate whether there are any additional technologies you’ll need to learn, such as Redux, Webpack, Babel, and GraphQL.
• Compatibility or optimization. All the frameworks in this article are compatible with WordPress. However, some may require additional optimization, in order to deliver the best possible experience. Other frameworks, such as Frontity, are designed with WordPress firmly in mind. Frameworks that are optimized for WordPress shouldn’t require any major additional configuration.
• Flexibility or ease-of-use. Choice is a good thing, but all those extra settings can be confusing. When exploring new technologies, it’s smart to opt for a framework that’s beginner-friendly. However, it’s a good idea to consider how you might use this framework in the future. A framework should offer the advanced features and flexibility you’ll need to support your growing projects.

There’s another major decision to make when choosing your framework. This is the choice between Server-Side Rendering (SSR) and Client-Side Rendering (CSR).

Client Side Rendering or Server Side Rendering?

There are two approaches to rendering content: client-side, and server-side. Both have their own unique strengths and weaknesses.

CSR is where content renders in the browser. Instead of receiving all the content from a HTML document, the browser receives a bare-bones HTML document with a JavaScript file. The rest of the content will then render inside the web browser.

With CSR, the initial page load is typically slower, but subsequent page loads will be faster. A CSR framework can update the UI by re-rendering only the affected DOM element. You don’t have to reload the entire UI following every call to the server. This means the CSR is well-suited to websites that provide rich user interactions, or that feature lots of dynamic content.

The opposite of client-side, is server-side. With SSR, the user makes a request and the server prepares an HTML package for that specific user. The server sends this data to the user’s machine, and the browser then constructs the content and displays the webpage.

The process of fetching data, creating the HTML package, and delivering it to the browser happens very quickly. This means the initial page load is faster, which results in a better user experience.

By reducing page load times, SSR may provide a Search Engine Optimization (SEO) boost. SSR is also good for SEO, as it doesn’t require search engine bots to render JavaScript.

However, with SSR the page rendering is typically slower. New content will also require full page reloads, which can have a significant impact on your website’s performance. For this reason, SSR is better suited to static websites. It also isn’t ideal for sites that feature lots of complex user interactions, or dynamic content.

4 of the Best React Frameworks for WordPress Development

There are lots of React frameworks to choose from. Every project is different, but we’ve collected four React frameworks that we believe have plenty to offer WordPress developers.

1. Frontity

Frontity is an open source framework for React. Unlike other React frameworks that are compatible with WordPress, Frontity was designed specifically for WordPress.org and WordPress.com. This means that Frontity is pre-configured to provide the best possible experience for WordPress users.

As a server-side framework, Frontity stores all your content in HTML, then responds to requests with a fully populated and well-formed HTML page that’s immediately usable. This minimizes your site’s initial load time. The HTML file is also served to search engine crawlers. This keeps search engines such as Google happy, and helps you avoid SEO penalties.

Even if you’re using WordPress for a headless setup, you may still want to use the meta tags generated by a third-party SEO plugin. To help preserve your SEO, the Frontity team has created a REST API – Head Tags plugin. This plugin adds all the meta tags in your website’s HEAD section, to the REST API’s responses.

In addition, Frontity uses Serverless Pre-Rendering (SPR) to render HTML on the fly. By taking this approach, the Frontity team aims to combine the speed and reliability of static rendering with the versatility of dynamic data rendering. A Content Delivery Network (CDN) saves the HTML and serves it as static content.

Frontity is designed to be easy to use. This framework has its own state manager and uses Emotion for the CSS, so you don’t have to learn the complexities of technologies such as Redux. This makes Frontity a good choice for React newcomers, or anyone who’s looking to launch a project quickly without necessarily having to master additional technologies. In fact, you can build a web application using Frontity and WordPress in five easy steps.

2. Gatsby.js

According to a study by Critical Case, a one second increase in page load time can result in 11 percent less page views. If you’re concerned about your site’s performance, Gatsby is a static site generator that places the focus firmly on speed.

Gatsby builds your project into static HTML files that are optimized for performance, and also loads only the necessary CSS, HTML and JavaScript. After your website is loaded, Gatsby will then call upon any additional resources that it requires. This results in faster page loading speeds.

However, Gatsby is geared towards displaying static content. While it does allow for client side code, it has a steep learning curve compared to some other solutions. If you need to display large amounts of dynamic content, Gatsby may not be the best framework for your project.

For newcomers, the Gatsby team provides a helpful starter default project. This project contains code related to your website’s front end, including a site header and page template. It also automatically installs all the modules of code that your project will depend upon. This can save you a considerable amount of time when getting started. If you choose Gatsby as your framework, we’d recommend using the starter default project wherever possible.

However, if you opt for Gatsby you’ll need to trigger a build whenever you update your content. One solution is to deploy your website using the Netlify platform. You can use Netlify to create webhooks that will rebuild your project automatically whenever a new commit is pushed or merged to your repository’s master branch.

Alternatively, you can trigger a build using a WordPress plugin, such as WP Trigger Netlify Build. However, this rebuild process can add considerable complexity to your WordPress projects.

3. Next.js

Next.js is a minimalistic React framework. This framework renders applications on the client-side, but Next.js also supports SSR. This can help preserve your SEO, while also improving your project’s performance. Next.js can deliver an additional performance boost, thanks to its automatic server rendering and code splitting.

However, Next.js is an opinionated framework. This means the framework is designed to be easy to use – as long as you follow the path laid out for you. Deviate from this path, and an opinionated framework can suddenly become much less user-friendly.

This means Next.js isn’t the most flexible solution. For example, you may struggle to use a different router with your Next.js setup.

Before choosing Next.js as your framework, it’s a smart idea to consider how you might develop your project in the future. You can then read through the Next.js documentation, to decide whether this framework is compatible with your project’s roadmap.

If you do decide to use Next.js, you can install all the necessary software and start the development server from the command line. You’ll find detailed, step-by-step instructions, over at the official Next.js documentation.

4. Create React App (CRA)

The Create React App (CRA) is designed to get your React project up and running as quickly as possible. This tool offers a modern build setup with zero configuration. You just need to run a single command, and CRA will set up all the tools you need to start developing.

When you create a project with Create React App, it installs the latest version of React and React-DOM. It also installs the latest version of react-scripts, which is a development dependency that manages the other dependencies involved in starting, testing, and building your application.

CRA generates only the files needed to build your React project. You won’t have access to configuration files such as Webpack, Babel, and ESLint. This is great for anyone who wants to create a project without having to master additional technologies. Since CRA handles much of the configuration and setup for you, you’re free to concentrate on what really matters – building your project.

However, at some point you may need to perform more complex tasks that require access to these configuration files. Although CRA doesn’t provide these files by default, it does have an eject command. This copies all the configuration files and transitive dependencies into your project. However, this is a one-way operation that adds a significant amount of complexity to your project.

CRA projects are rendered on the client-side only. This means CRA isn’t suitable for developing highly-interactive websites, or projects that feature dynamic content. There’s also no code splitting, which is bad news for performance.

CRA is designed with ease-of-use in mind. If you do choose CRA as your React framework, you can create a new CRA project using only a handful of commands.

How to Host Your Completed React Project

Once you’re happy with your web application, you’ll want to share it with the world. Your options may vary depending on which React framework you chose to use in your project.

To provide users with the widest possible choice, the Frontity team ensures that their server code is small enough to work with serverless technologies. This means you can deploy your Frontity project to any Node.js server or serverless provider, including Vercel and AWS Lambda. Alternatively, since you’re using WordPress as the back end you may want to opt for your favorite WordPress hosting solution.

Conclusion

React is a hugely popular front end framework. However, with popularity comes lots of options – and choosing the best React framework for your project can feel overwhelming.

If you’re not sure where to start looking for a React framework, then check out any of the four choices we recommended earlier:

• Frontity. An open source, server-side framework that’s optimized for WordPress.
• Gatsby. A static site generator that prioritizes performance without sacrificing Search Engine Optimization (SEO).
• Next.js. A performance-focused, opinionated framework that transparently handles SSR.
• Create React App (CRA). A zero-configuration framework for when you need to create a React project, fast.

Technologies such as React can significantly boost your project’s performance, but why stop there? By opting for a hosting provider that prioritizes performance, you can supercharge your React project. If you’re lucky, then your hosting plan may even provide Web Hosting Services that are 20X faster than competing WordPress hosting providers.

The post 4 of the Best React Frameworks for WordPress Development appeared first on GIWS Blog.