Your SlideShare is downloading. ×
40 WordPress Tips: Security, Engagement, SEO & Performance - SMX Sydney 2013
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

40 WordPress Tips: Security, Engagement, SEO & Performance - SMX Sydney 2013


Published on

My talk at #SMX Sydney 2013 featuring 40 tips on WordPress security, WordPress SEO as well as a huge set of plug-in recommendation to get the maximum out of WordPress.

My talk at #SMX Sydney 2013 featuring 40 tips on WordPress security, WordPress SEO as well as a huge set of plug-in recommendation to get the maximum out of WordPress.

Published in: Technology

  • Great!
    Are you sure you want to  Yes  No
    Your message goes here
  • Hi Bastian, gute Infos in der Präsi. Die Präsi hätte sich wunderbar geeignet als Aufsatz zu meinem Vortrag auf der Campixx ;)
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. 40 WordPress Tips- Security, Engagement, SEO & Performance - Sydney, April 2013 Bastian Grimm, Managing Partner - Grimm Digital
  • 2. About meSEO Trainings, Seminars & Strategy ConsultingWordPress Security, Consulting & Development @basgrBerlin-based Full-Service Performance Marketing Agency 2
  • 3.
  • 4. Who is running WordPress?!
  • 5. See… that‘s the issue!You’re the “hackers” most-loved target!
  • 6. Section #1: Security
  • 7. #1 Setup WordPress properly Use unique keys and salts to add random elements for encryption! Use a cryptic prefix to prevent automated scripts and SQL injections. $table_prefix = ‘wp_VzQCxSJv7uL_ ‘;
  • 8. #2 Protect your wp-config.php <files wp-config.php> order deny,allow deny from all This needs to go into your WP roots’ </files> .htaccess file to prevent external access Did you know this? Event better… move wp-config.php outside of „www“.
  • 9. #3 Remove the default „admin“ Setup new user as admin; logout. Login w/ new admin; delete old one. Make sure to use a STRONG password, pleeaaasssseeee!
  • 10. #4 Lock-out multiple failed logins Limit Login Attempts
  • 11. #5 Never EVER do this! These sites are more than worse…
  • 12. A quick peak into some theme files… LOL! „family friendly“ links – my a*s… 12
  • 13. A quick peak into some theme files… functions.php: This theme won‘t be working without those links… 13
  • 14. #6 Always use TAC to do a pre-check! Theme Authenticity Checker (TAC)
  • 15. It gets worse: base64 encoded footer Are you really sure you want to see that footer.php file? 15
  • 16. Right… NICE FOOTER! 16
  • 17. If you are REALLY curious… The PHP code isn’t “really” encrypted, rather kind of obfuscated. Reversing is possible!
  • 18. PLEASE… stay awayfrom “free” WordPress themes – they’re not free, really!
  • 19. #7 Update your blogs regularly! WP Updates Notifier to get emails on out-dated components (core, themes & plug-ins) for all blogs: – /wp-updates-notifier/ ManageWP can do one-click mass updates (core, themes, plug-ins again) for all your blogs: –
  • 20. #8 Keep your installation clean Remove all inactive plug-ins as well as themes! 20
  • 21. #9 Scan your Theme daily WP AntiVirus
  • 22. #10 Harden your Security Settings Secure WordPress Most important: Remove version number from ALL components & block malicious URL requests.
  • 23. #11 Protect wp-admin Recommended: Try the “Lockdown WP Admin” plug-in to protect PHP files in wp-admin as well as the login itself. Put an .htaccess to your /wp-admin/ for basic passwd. protection.
  • 24. #12 Fix File & Folder Permissions WP-Security Scan Very important: chmod your wp-config.php to be read-only!
  • 25. #13 Move the “wp-content” folderdefine(WP_CONTENT_DIR, $_SERVER[DOCUMENT_ROOT]./blog/my-wp-content); WP_CONTENT_DIR points to “new” the full local path (no trailing slash)define(WP_CONTENT_URL,; WP_CONTENT_URL points to “new” full URI (no trailing slash either)
  • 26. #14 SSL Logins & Administrationdefine(FORCE_SSL_LOGIN, true); Set FORCE_SSL_LOGIN to “true” to force all logins to happen over SSL. (still allows non-SSL admin sessions)define(FORCE_SSL_ADMIN, true); Use FORCE_SSL_ADMIN to force all logins and all admin sessions to happen over SSL (can be slow…)
  • 27. Section #2: WordPress SEO
  • 28. #15 WordPress SEO by Yoast Make sure to uncheck this! Enables setting noindex, canonical & 301 (for users) on a per-post basis
  • 29. #15 WordPress SEO by Yoast You surely don‘t need paged archives, categories, etc. – they‘re targeting the same keys anyways. Affiliate sites mainly have pages, no need for RSS. Check all of them!
  • 30. #15 WordPress SEO by Yoast Set proper a page title & description, also choose author for SERP listing
  • 31. #15 WordPress SEO by Yoast Use help section to get details for all 30+ variables! Keep unchecked unless you’re publishing news. Default value has been changed w/ last update.
  • 32. In addition: Post-level settings You can overwrite defaults on a per-post level using the “Advanced” settings. 32
  • 33. #15 WordPress SEO by Yoast Usually you just need one (unless having a HUGE amount of content) – “noindex” the other one!
  • 34. #15 WordPress SEO by Yoast Especially w/ single-authored blogs, those are a 1:1 copy of your homepage. 301 is the better solution!
  • 35. #15 WordPress SEO by Yoast For larger sites, check to auto- generate XML sitemaps. Remember to check excludes!
  • 36. #15 WordPress SEO by Yoast Make absolutely sure you‘re using these!
  • 37. BTW: Clean those URL-Slugs WP Permalauts Especially important for Germany, France, etc.
  • 38. #15 WordPress SEO by Yoast
  • 39. Trust me… things change!Check out SEO data transporter to switch SEO plug-ins!
  • 40. Migration made easy: Painless switching! SEO Data Transporter
  • 41. Section #3: More SEO…
  • 42. Credits: Make absolutely sure you onlyuse plug-ins from trusted authors!
  • 43. #16 Fix your Pagination Better crawl-ability, better WP-PageNavi indexation – what else u want? WordPress pagination s*cks, replace it!
  • 44. #17 Improve internal Cross-Linking Yet Another Related Posts Plugin
  • 45. #18 Auto-optimize Image Attributes SEO Friendly Images Forces post title & image name to be used as img alt-attribute
  • 46. #19 Redirect old Contents Redirection
  • 47. #20 Have Rich-Snippets if possible Schema Creator
  • 48. #21 Mask your Affiliate Links Eclipse Link Cloaker
  • 49. Don’t forget to tweak your robots.txt We don‘t want some WPUser-Agent: * specific files & foldersDisallow: /wp-admin/Disallow: /feed/Disallow: /comments/feed/Disallow: /*/trackback/$Disallow: /*/feed/$Disallow: /*.css$ Adjust according to yourDisallow: /*.js$Disallow: /r/ Link Cloaker settings. 49
  • 50. Section #4: Engagement
  • 51. #22 Responsive WP-Slider in Seconds Soliloquy Slider
  • 52. #23 Create an „UberMenu“ UberMenu
  • 53. #24 Create beautiful Popups Ninja Popups
  • 54. #25 Fix your Internal Search Relevanssi Search
  • 55. #26 Selling goods within WordPress? Easy Digital Downloads
  • 56. #27 Make it multi-lingual WPML
  • 57. #28 Make it work on Mobile Devices WPtouch
  • 58. Section #5: Maintenance 58
  • 59. #29 Do a Theme Test Drive Live-Testing a new theme without anyone else noticing… nice!
  • 60. #30 Debug your WordPress P3 (Plugin Perf. Profiler)
  • 61. #30 Debug your WordPress P3 (Plugin Perf. Profiler)
  • 62. #30 Debug your WordPress P3 (Plugin Perf. Profiler)
  • 63. #31 Debug your WordPress Debug Objects
  • 64. #32 Enable Akismet Just enable, get an API key and turn „auto-delete“ on!
  • 65. #33 Backup Database & Files BackWPup
  • 66. #34 Watch out for Errors  Knowledge is power  Use a 404 logger – Analytics software – Redirection (built-in) – Webserver logs  Setup 301 redirects accordingly using “Redirection”, again. Image-Credits:
  • 67. #35 Maintain Categories & Tags Term Mgmt. Tools Mass merge & change parents
  • 68. Section #6: Performance
  • 69. Scoring domains byperformance; give it a try!
  • 70. #36 Compress those Images 13.2% savings WP for one image!
  • 71. Tip: Make images even smaller! Use tinyPNG to optimize PNG files without loosing in quality (up to 70% savings)JPEGmini does the same for JPEGfiles and will reduce your images massively (up to 80% smaller)! &
  • 72. #37 Setup a Caching Plug-in W3 Total Cache
  • 73. #38 Combine multiple CSS files Combine CSS files into one to reduce the number of HTTP requests Minify the big file by removing white- spaces, etc. to reduce file size per request – Check: W3Total > Performance > Minify! Same goes for JavaScript as well… and put those JS files into the footer, if possible! 73
  • 74. #39 Do CSS-Sprites
  • 75. Tip: Move static contents to a CDN Latency is crucial – especially if you’re serving a global audience, offloading statics to a CDN will give additional performance. CDN Overview:
  • 76. #40 Off-load JS-Libs WP Use Google Libraries Simply enable the plug-in & serve JS libs from Google‘s CDN!
  • 77. How to make your site lightning-fast…
  • 78. OMCap 2011 - Online Marketing Konferenz Berlin And that’s it! …13.10.2011 78
  • 79. Thanks! Questions? Bastian Grimm, Managing Partner - Grimm Digital