Your SlideShare is downloading. ×
40 WordPress Tips: Security, Engagement, SEO & Performance - SMX Sydney 2013
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

40 WordPress Tips: Security, Engagement, SEO & Performance - SMX Sydney 2013

7,175
views

Published on

My talk at #SMX Sydney 2013 featuring 40 tips on WordPress security, WordPress SEO as well as a huge set of plug-in recommendation to get the maximum out of WordPress.

My talk at #SMX Sydney 2013 featuring 40 tips on WordPress security, WordPress SEO as well as a huge set of plug-in recommendation to get the maximum out of WordPress.

Published in: Technology

2 Comments
21 Likes
Statistics
Notes
  • Great!
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Hi Bastian, gute Infos in der Präsi. Die Präsi hätte sich wunderbar geeignet als Aufsatz zu meinem Vortrag auf der Campixx http://de.slideshare.net/markusmarkert/sicheres-rootserver-hosting ;)
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total Views
7,175
On Slideshare
0
From Embeds
0
Number of Embeds
10
Actions
Shares
0
Downloads
0
Comments
2
Likes
21
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. 40 WordPress Tips- Security, Engagement, SEO & Performance - http://gdig.de/sydney1 Sydney, April 2013 Bastian Grimm, Managing Partner - Grimm Digital
  • 2. About meSEO Trainings, Seminars & Strategy ConsultingWordPress Security, Consulting & Development @basgrBerlin-based Full-Service Performance Marketing Agency 2
  • 3. http://gdig.de/sydney1
  • 4. Who is running WordPress?!
  • 5. See… that‘s the issue!You’re the “hackers” most-loved target!
  • 6. Section #1: Security
  • 7. #1 Setup WordPress properly Use unique keys and salts to add random elements for encryption! Use a cryptic prefix to prevent automated scripts and SQL injections. $table_prefix = ‘wp_VzQCxSJv7uL_ ‘; https://api.wordpress.org/secret-key/1.1/salt/
  • 8. #2 Protect your wp-config.php <files wp-config.php> order deny,allow deny from all This needs to go into your WP roots’ </files> .htaccess file to prevent external access Did you know this? Event better… move wp-config.php outside of „www“.
  • 9. #3 Remove the default „admin“ Setup new user as admin; logout. Login w/ new admin; delete old one. Make sure to use a STRONG password, pleeaaasssseeee! http://www.random.org/passwords/
  • 10. #4 Lock-out multiple failed logins Limit Login Attempts http://wordpress.org/extend/plugins/limit-login-attempts/
  • 11. #5 Never EVER do this! These sites are more than worse…
  • 12. A quick peak into some theme files… LOL! „family friendly“ links – my a*s… 12
  • 13. A quick peak into some theme files… functions.php: This theme won‘t be working without those links… 13
  • 14. #6 Always use TAC to do a pre-check! Theme Authenticity Checker (TAC) http://builtbackwards.com/projects/tac/
  • 15. It gets worse: base64 encoded footer Are you really sure you want to see that footer.php file? 15
  • 16. Right… NICE FOOTER! 16
  • 17. If you are REALLY curious… http://ottodestruct.com/decoder.php http://www.tareeinternet.com/scripts/byterun.php http://www.tareeinternet.com/scripts/decrypt.php http://rot13-encoder-decoder.waraxe.us/ The PHP code isn’t “really” encrypted, rather kind of obfuscated. Reversing is possible!
  • 18. PLEASE… stay awayfrom “free” WordPress themes – they’re not free, really!
  • 19. #7 Update your blogs regularly! WP Updates Notifier to get emails on out-dated components (core, themes & plug-ins) for all blogs: – http://wordpress.org/extend/plugins /wp-updates-notifier/ ManageWP can do one-click mass updates (core, themes, plug-ins again) for all your blogs: – http://managewp.com/features
  • 20. #8 Keep your installation clean Remove all inactive plug-ins as well as themes! 20
  • 21. #9 Scan your Theme daily WP AntiVirus http://wordpress.org/extend/plugins/antivirus/
  • 22. #10 Harden your Security Settings Secure WordPress Most important: Remove version number from ALL components & block malicious URL requests. http://wordpress.org/extend/plugins/secure-wordpress/
  • 23. #11 Protect wp-admin Recommended: Try the “Lockdown WP Admin” plug-in to protect PHP files in wp-admin as well as the login itself. Put an .htaccess to your /wp-admin/ for basic passwd. protection. http://wordpress.org/extend/plugins/lockdown-wp-admin/
  • 24. #12 Fix File & Folder Permissions WP-Security Scan Very important: chmod your wp-config.php to be read-only! http://wordpress.org/extend/plugins/wp-security-scan/
  • 25. #13 Move the “wp-content” folderdefine(WP_CONTENT_DIR, $_SERVER[DOCUMENT_ROOT]./blog/my-wp-content); WP_CONTENT_DIR points to “new” the full local path (no trailing slash)define(WP_CONTENT_URL, http://domain.com/blog/my-wp-content); WP_CONTENT_URL points to “new” full URI (no trailing slash either)
  • 26. #14 SSL Logins & Administrationdefine(FORCE_SSL_LOGIN, true); Set FORCE_SSL_LOGIN to “true” to force all logins to happen over SSL. (still allows non-SSL admin sessions)define(FORCE_SSL_ADMIN, true); Use FORCE_SSL_ADMIN to force all logins and all admin sessions to happen over SSL (can be slow…)
  • 27. Section #2: WordPress SEO
  • 28. #15 WordPress SEO by Yoast Make sure to uncheck this! Enables setting noindex, canonical & 301 (for users) on a per-post basis
  • 29. #15 WordPress SEO by Yoast You surely don‘t need paged archives, categories, etc. – they‘re targeting the same keys anyways. Affiliate sites mainly have pages, no need for RSS. Check all of them!
  • 30. #15 WordPress SEO by Yoast Set proper a page title & description, also choose author for SERP listing
  • 31. #15 WordPress SEO by Yoast Use help section to get details for all 30+ variables! Keep unchecked unless you’re publishing news. Default value has been changed w/ last update.
  • 32. In addition: Post-level settings You can overwrite defaults on a per-post level using the “Advanced” settings. 32
  • 33. #15 WordPress SEO by Yoast Usually you just need one (unless having a HUGE amount of content) – “noindex” the other one!
  • 34. #15 WordPress SEO by Yoast Especially w/ single-authored blogs, those are a 1:1 copy of your homepage. 301 is the better solution!
  • 35. #15 WordPress SEO by Yoast For larger sites, check to auto- generate XML sitemaps. Remember to check excludes!
  • 36. #15 WordPress SEO by Yoast Make absolutely sure you‘re using these!
  • 37. BTW: Clean those URL-Slugs WP Permalauts Especially important for Germany, France, etc. http://wordpress.org/extend/plugins/wp-permalauts/
  • 38. #15 WordPress SEO by Yoast
  • 39. Trust me… things change!Check out SEO data transporter to switch SEO plug-ins!
  • 40. Migration made easy: Painless switching! SEO Data Transporter http://wordpress.org/extend/plugins/seo-data-transporter/
  • 41. Section #3: More SEO…
  • 42. Credits: http://bit.ly/T8wMwO Make absolutely sure you onlyuse plug-ins from trusted authors!
  • 43. #16 Fix your Pagination Better crawl-ability, better WP-PageNavi indexation – what else u want? WordPress pagination s*cks, replace it! http://wordpress.org/extend/plugins/wp-pagenavi/
  • 44. #17 Improve internal Cross-Linking Yet Another Related Posts Plugin http://wordpress.org/extend/plugins/yet-another-related-posts-plugin/
  • 45. #18 Auto-optimize Image Attributes SEO Friendly Images Forces post title & image name to be used as img alt-attribute http://wordpress.org/extend/plugins/seo-image/
  • 46. #19 Redirect old Contents Redirection http://wordpress.org/extend/plugins/redirection/
  • 47. #20 Have Rich-Snippets if possible Schema Creator http://wordpress.org/extend/plugins/schema-creator/
  • 48. #21 Mask your Affiliate Links Eclipse Link Cloaker http://eclipsecloaker.com/
  • 49. Don’t forget to tweak your robots.txt We don‘t want some WPUser-Agent: * specific files & foldersDisallow: /wp-admin/Disallow: /feed/Disallow: /comments/feed/Disallow: /*/trackback/$Disallow: /*/feed/$Disallow: /*.css$ Adjust according to yourDisallow: /*.js$Disallow: /r/ Link Cloaker settings. 49
  • 50. Section #4: Engagement
  • 51. #22 Responsive WP-Slider in Seconds Soliloquy Slider http://soliloquywp.com/
  • 52. #23 Create an „UberMenu“ UberMenu http://gdig.de/ubermenu
  • 53. #24 Create beautiful Popups Ninja Popups http://gdig.de/npopup
  • 54. #25 Fix your Internal Search Relevanssi Search http://wordpress.org/extend/plugins/relevanssi/
  • 55. #26 Selling goods within WordPress? Easy Digital Downloads https://easydigitaldownloads.com/
  • 56. #27 Make it multi-lingual WPML http://wpml.org/
  • 57. #28 Make it work on Mobile Devices WPtouch http://wordpress.org/extend/plugins/wptouch/
  • 58. Section #5: Maintenance 58
  • 59. #29 Do a Theme Test Drive Live-Testing a new theme without anyone else noticing… nice! http://wordpress.org/extend/plugins/theme-test-drive/
  • 60. #30 Debug your WordPress P3 (Plugin Perf. Profiler) http://wordpress.org/extend/plugins/p3-profiler/
  • 61. #30 Debug your WordPress P3 (Plugin Perf. Profiler) http://wordpress.org/extend/plugins/p3-profiler/
  • 62. #30 Debug your WordPress P3 (Plugin Perf. Profiler) http://wordpress.org/extend/plugins/p3-profiler/
  • 63. #31 Debug your WordPress Debug Objects http://wordpress.org/extend/plugins/debug-objects/
  • 64. #32 Enable Akismet Just enable, get an API key and turn „auto-delete“ on!
  • 65. #33 Backup Database & Files BackWPup http://wordpress.org/extend/plugins/backwpup/
  • 66. #34 Watch out for Errors  Knowledge is power  Use a 404 logger – Analytics software – Redirection (built-in) – Webserver logs  Setup 301 redirects accordingly using “Redirection”, again. Image-Credits: http://gdig.de/i
  • 67. #35 Maintain Categories & Tags Term Mgmt. Tools Mass merge & change parents http://wordpress.org/extend/plugins/term-management-tools/
  • 68. Section #6: Performance
  • 69. Scoring domains byperformance; give it a try! https://developers.google.com/pagespeed/
  • 70. #36 Compress those Images 13.2% savings WP Smush.it for one image! http://wordpress.org/extend/plugins/wp-smushit/
  • 71. Tip: Make images even smaller! Use tinyPNG to optimize PNG files without loosing in quality (up to 70% savings)JPEGmini does the same for JPEGfiles and will reduce your images massively (up to 80% smaller)! http://tinypng.org/ & http://www.jpegmini.com/
  • 72. #37 Setup a Caching Plug-in W3 Total Cache http://wordpress.org/extend/plugins/w3-total-cache/
  • 73. #38 Combine multiple CSS files Combine CSS files into one to reduce the number of HTTP requests Minify the big file by removing white- spaces, etc. to reduce file size per request – Check: W3Total > Performance > Minify! Same goes for JavaScript as well… and put those JS files into the footer, if possible! 73
  • 74. #39 Do CSS-Sprites http://spriteme.org/
  • 75. Tip: Move static contents to a CDN Latency is crucial – especially if you’re serving a global audience, offloading statics to a CDN will give additional performance. CDN Overview: http://gdig.de/cdns
  • 76. #40 Off-load JS-Libs WP Use Google Libraries Simply enable the plug-in & serve JS libs from Google‘s CDN! http://wordpress.org/extend/plugins/use-google-libraries/
  • 77. How to make your site lightning-fast… http://www.slideshare.net/bastiangrimm
  • 78. OMCap 2011 - Online Marketing Konferenz Berlin And that’s it! …13.10.2011 78
  • 79. Thanks! Questions? mail@grimm-digital.com twitter.com/basgr linkedin.com/in/bastiangrimm facebook.com/grimm.digital http://gdig.de/sydney1 Bastian Grimm, Managing Partner - Grimm Digital