Website health

WordPress checks for 30 items (approximate) to determine the “Site Health.” However, most websites passed many of them without any extra effort. But there are some cases where you need to fix issues to improve site health.

To check the report, log in to your WordPress dashboard and navigate to “Tools → Site Health” and see if there is any problem.

How to improve “Site Health?”

Below you’ll find the most common issues that negatively impact your site health & the ways to fix them.

Not all recommended security headers are installed

Security header SSL

If your website loads over SSL or if you are using “Really Simple SSL,” you will see this warning. To fix this issue, you have to manually add the security headers to your “.htaccess” file.

Let’s see how to fix it:

Go to the root directory of your WordPress installation and open the “.htaccess” file. And add the following code at the top.

# Really Simple SSL
Header always set Strict-Transport-Security: "max-age=31536000" env=HTTPS 
Header always set X-Content-Type-Options "nosniff"
Header always set X-XSS-Protection "1; mode=block"
Header always set Expect-CT "max-age=7776000, enforce"
Header always set Referrer-Policy: "no-referrer-when-downgrade"
Header always set Content-Security-Policy "upgrade-insecure-requests"
# End Really Simple SSL

Don’t forget to save your “.htaccess” file after.

You can edit the file from your hosting/cPanel or FTP. If you don’t know, see this post on how to create & use FTP.

Your site is running an outdated version of PHP


To fix the issue, you do need to update your PHP version.

The process of upgrading the version depends on the hosting environment that you are using. But generally, it can be found under the option “PHP Config” in cPanel.

Some cPanel has an option “PHP Version.” Otherwise, contact your hosting provider to upgrade the version for you.

It does not only help to increase your “Site Health” but also ensures the security of your website.

Your website does not use HTTPS

SSL infographic

Install an SSL certificate from an authentic source to fix the issue. There are some options to install SSL certificates for free but I don’t think it’s worth it.

So make sure you purchased the SSL from an authentic source. Not to mention, most hosting companies also sell SSL certificates.

However, if your hosting package comes with free SSL certificates that is a valid option, and feel free to use it.

You should remove inactive themes

Pretty straightforward & self-explanatory. Login to your WordPress website & Navigate to “Appearance » Themes” and remove all the inactive except for the one default WordPress theme. For example- Twenty Twenty-One.

This will keep your file system clean and make it lightweight.

Have a default theme available

As I mentioned above, you do need to install one default WordPress theme. It’s not necessary to activate the default theme. You just need a default theme available in your WordPress installation.

You need this default theme for safety precautions. If your current/active theme breaks for any reason, the default theme will be activated automatically.

Also, if you reset your website for any reason, a default theme is required for it. Otherwise, you’ll get a broken site after the reset process.

You should remove inactive plugins

Delete the plugins that you’re not using.

It will not only increase the “Site Health” but also improve the performance of your website.

WordPress update available

It means that you’re using an older version of WordPress. And now you need to update your website to the latest version. But be sure to take a complete backup of your website before updating.


Now you know the most common issues that cause negative “Site Health” and also you know how to fix them properly.

If you experiencing a different issue, let me know so I can improve the post.