WordPressOptimization and Security              Leeds, September 2012               http://gdig.de/think12   Bastian Grimm...
About me Background: PHP & Java  – Dev. CMS, shops & forums  – Wazap! Game Search Engine Online Marketing since 2004  – ...
Get the Slide-Deck             http://gdig.de/think12                                      3
Credits for facts & graphic: http://yoast.com/wordpress-stats/
Credits for facts & graphic: http://yoast.com/wordpress-stats/
Section #1: Configuration
#1 Settings > PermaLinks                           Get rid of those dates                           (IDs), they look awful...
#2 Settings > Privacy   Make sure you actually   allow search engine to   access your contents!                            8
#3 Fix your Themes’ Page Title                       Open header.php in your                         themes’ folder, searc...
Section #2: WordPress SEO
#4 WordPress SEO by Yoast 1/9                      Make sure to uncheck this!                       Enables setting noinde...
#4 WordPress SEO by Yoast 2/9                            You surely don‘t need paged                             archives,...
#4 WordPress SEO by Yoast 3/9                           Set proper page title &                          description, also...
#4 WordPress SEO by Yoast 4/9                                        Use help section to get                              ...
In addition: Post-level settings                       You can overwrite defaults                        on a per-post lev...
#4 WordPress SEO by Yoast 5/9                       Usually you just need one                        (unless having a HUGE...
#4 WordPress SEO by Yoast 6/9                      Especially w/ single-authored                      blogs, those are a 1...
#4 WordPress SEO by Yoast 7/9                       For larger sites, check to auto-                          generate XML...
#4 WordPress SEO by Yoast 8/9              Make absolutely sure               you‘re using these!
BTW: Clean those URL-Slugs                                    WP Permalauts            Especially important for           ...
#4 WordPress SEO by Yoast 9/9
Trust me… things change!Check out SEO data transporter    to switch SEO plug-ins!                                 22
Migration made easy: Painless switching!                              SEO Data Transporter              http://wordpress.o...
Section #3: Plug-ins                       24
Make absolutely sureyou only use plug-insfrom trusted authors!
#5 Fix your Pagination   Better crawl-ability, better                  WP-PageNavi indexation – what else u want? WordPres...
#6 Improve internal Cross-Linking                                      Yet Another Related                                ...
#7 Auto-optimize Image Attributes                          SEO Friendly Images                           Forces post title...
#8 Redirect old Contents                                       Redirection                  http://wordpress.org/extend/pl...
#9 Mask your Affiliate Links                       Eclipse Link Cloaker                               http://eclipsecloake...
Don’t forget to tweak your robots.txt                            We don‘t want some WPUser-Agent: *                specifi...
#10 Have Rich-Snippets if possible                                 Schema Creator                http://wordpress.org/exte...
Section #4: Security
#11 Never EVER do this!                           These sites are                          more than worse…
A quick peak into some theme files…                     LOL! „family friendly“                       links – my a*s…      ...
A quick peak into some theme files…                 functions.php: This theme                 won‘t be working without    ...
#12 Always use TAC to do a pre-check!                     Theme Authenticity                       Checker (TAC)          ...
It get’s worse: base64 encoded footer                 Are you really sure you want                  to see that footer.php...
Right… NICE FOOTER!                      39
If you are REALLY curious…   http://ottodestruct.com/decoder.php   http://www.tareeinternet.com/scripts/byterun.php   h...
PLEASE… stay awayfrom “free” WordPress themes – they’re not     free, really!
#13 Keep your installation clean   Remove all non-active plug-ins as well as themes!                                   42
#14 Do updates regularly! WP Updates Notifier to get emails  on out-dated components (core,  themes & plug-ins) for all b...
#15 Daily scan your Theme                                   WP AntiVirus                  http://wordpress.org/extend/plug...
#16 Harden your Security Settings                              Secure WordPress                  Most important: Remove ve...
#17 Protect wp-admin by .htaccess                            Put an .htaccess to your                             /wp-admi...
#18 Fix File & Folder Permissions                                 WP-Security Scan  Very important: chmod your wp-config.p...
Section #5: Maintenance                          48
#19 Do a Theme Test Drive                        Live-Testing a new theme                           without anyone else   ...
#20 Debug your WordPress #1                   P3 (Plugin Perf. Profiler)                 http://wordpress.org/extend/plugi...
#20 Debug your WordPress #1                 http://wordpress.org/extend/plugins/p3-profiler/
#20 Debug your WordPress #1                 http://wordpress.org/extend/plugins/p3-profiler/
#20 Debug your WordPress #1                 http://wordpress.org/extend/plugins/p3-profiler/
#21 Debug your WordPress #2                                    Debug Objects               http://wordpress.org/extend/plu...
#22 Enable Akismet                Just enable, get an API key                and turn „auto-delete“ on!
#23 Backup Database & Files                                       BackWPup                  http://wordpress.org/extend/pl...
#24 Watch out for Errors                            Knowledge is power                            Use a 404 logger      ...
#25 Maintain Categories & Tags                                    Term Mgmt. Tools Mass merge & change parents            ...
Section #6: Performance
GWT Site Performance Info              This is really not so good…!                                             60
Scoring domains byperformance; check it out!        https://developers.google.com/pagespeed/
#26 Compress those Images       13.2% savings                   WP Smush.it      for one image!                   http://w...
Or try this one - if you don’t like Yahoo…       Run‘s awesome                              CW Image     image optimizatio...
#27 Setup a Caching Plug-in                                     W3 Total Cache                http://wordpress.org/extend/...
#28 Combine multiple CSS files Combine CSS files into one to  reduce the number of HTTP requests Minify the big file by ...
#29 Do CSS-Sprites                     http://spriteme.org/
#30 Off-load JS-Libs                            WP Use Google Libraries          Simply enable the plug-in &        serve ...
Section #7: Scale that Sh*t!
WordPress + Cloning Installations         1. Setup WP w/ optimized settings            – Permalinks, Plug-ins, Settings, e...
Maybe give xMarkPro a try?                 Looks very promising…                 But I didn’t find the time to test it    ...
WordPress + Multisites         1. Use default WordPress and install         2. Edit wp-config.php:           – define(WP_A...
OMCap 2011 - Online Marketing Konferenz Berlin                      And that’s it! …13.10.2011                  Wait, stil...
Section #8: wp-config.php Tweaks
How to do it?                       Just find this                          beast…              … don’t use this          ...
Moving the “wp-content” folderdefine(WP_CONTENT_DIR, $_SERVER[DOCUMENT_ROOT]./blog/my-wp-content);                        ...
Auto-saving & Revision-handlingdefine(AUTOSAVE_INTERVAL, 160 );                               WP uses Ajax to auto-save re...
SSL Logins & Administrationdefine(FORCE_SSL_LOGIN, true);                                Set FORCE_SSL_LOGIN to “true” to ...
Enable DB Auto-Repair                              Go edit „wp-config.php“                              and add this line ...
OMCap 2011 - Online Marketing Konferenz Berlin                                Finally! …13.10.2011                   Well,...
Thanks! Questions?  mail@grimm-digital.com  twitter.com/basgr  linkedin.com/in/bastiangrimm  facebook.com/grimm.digital  h...
WordPress Optimization & Security - ThinkVisibility 2012, Leeds
Upcoming SlideShare
Loading in...5
×

WordPress Optimization & Security - ThinkVisibility 2012, Leeds

7,095

Published on

Covering the full spectrum of WordPress Optimization possibilities as well as WordPress security.

Published in: Business, Technology

WordPress Optimization & Security - ThinkVisibility 2012, Leeds

  1. 1. WordPressOptimization and Security Leeds, September 2012 http://gdig.de/think12 Bastian Grimm, Managing Partner - Grimm Digital
  2. 2. About me Background: PHP & Java – Dev. CMS, shops & forums – Wazap! Game Search Engine Online Marketing since 2004 – SEO strategy consulting, in-house trainings & workshops, WordPress @basgr SEO, bla bla… Links, Links, Links…need some? Stuff to play with… 2
  3. 3. Get the Slide-Deck http://gdig.de/think12 3
  4. 4. Credits for facts & graphic: http://yoast.com/wordpress-stats/
  5. 5. Credits for facts & graphic: http://yoast.com/wordpress-stats/
  6. 6. Section #1: Configuration
  7. 7. #1 Settings > PermaLinks Get rid of those dates (IDs), they look awful! /%postname%/
  8. 8. #2 Settings > Privacy Make sure you actually allow search engine to access your contents! 8
  9. 9. #3 Fix your Themes’ Page Title Open header.php in your themes’ folder, search for “wp_title” – it’s going be the first match! <title><?php wp_title(); ?></title> That’s the ONLY thing you need! 9
  10. 10. Section #2: WordPress SEO
  11. 11. #4 WordPress SEO by Yoast 1/9 Make sure to uncheck this! Enables setting noindex, canonical & 301 (for users) on a per-post basis
  12. 12. #4 WordPress SEO by Yoast 2/9 You surely don‘t need paged archives, categories, etc. – they‘re targeting the same keys anyways. Affiliate sites mainly have pages, no need for RSS. Check all of them!
  13. 13. #4 WordPress SEO by Yoast 3/9 Set proper page title & description, also choose author for SERP listing
  14. 14. #4 WordPress SEO by Yoast 4/9 Use help section to get details an all 30+ variables! Keep unchecked unless you’re publishing news. Default value has been changed w/ last update.
  15. 15. In addition: Post-level settings You can overwrite defaults on a per-post level using the “Advanced” settings. 15
  16. 16. #4 WordPress SEO by Yoast 5/9 Usually you just need one (unless having a HUGE amount of content) – “noindex” the other one!
  17. 17. #4 WordPress SEO by Yoast 6/9 Especially w/ single-authored blogs, those are a 1:1 copy of your homepage. 301 is the better solution!
  18. 18. #4 WordPress SEO by Yoast 7/9 For larger sites, check to auto- generate XML sitemaps. Remember to check excludes!
  19. 19. #4 WordPress SEO by Yoast 8/9 Make absolutely sure you‘re using these!
  20. 20. BTW: Clean those URL-Slugs WP Permalauts Especially important for Germany, France, etc. http://wordpress.org/extend/plugins/wp-permalauts/
  21. 21. #4 WordPress SEO by Yoast 9/9
  22. 22. Trust me… things change!Check out SEO data transporter to switch SEO plug-ins! 22
  23. 23. Migration made easy: Painless switching! SEO Data Transporter http://wordpress.org/extend/plugins/seo-data-transporter/
  24. 24. Section #3: Plug-ins 24
  25. 25. Make absolutely sureyou only use plug-insfrom trusted authors!
  26. 26. #5 Fix your Pagination Better crawl-ability, better WP-PageNavi indexation – what else u want? WordPress pagination s*cks, replace it! http://wordpress.org/extend/plugins/wp-pagenavi/
  27. 27. #6 Improve internal Cross-Linking Yet Another Related Posts Plugin http://wordpress.org/extend/plugins/yet-another-related-posts-plugin/
  28. 28. #7 Auto-optimize Image Attributes SEO Friendly Images Forces post title & image name to be used as img alt-attribute http://wordpress.org/extend/plugins/seo-image/
  29. 29. #8 Redirect old Contents Redirection http://wordpress.org/extend/plugins/redirection/
  30. 30. #9 Mask your Affiliate Links Eclipse Link Cloaker http://eclipsecloaker.com/
  31. 31. Don’t forget to tweak your robots.txt We don‘t want some WPUser-Agent: * specific files & foldersDisallow: /wp-admin/Disallow: /feed/Disallow: /comments/feed/Disallow: /*/trackback/$Disallow: /*/feed/$Disallow: /*.css$ Adjust according to yourDisallow: /*.js$Disallow: /r/ Link Cloaker settings. 31
  32. 32. #10 Have Rich-Snippets if possible Schema Creator http://wordpress.org/extend/plugins/schema-creator/
  33. 33. Section #4: Security
  34. 34. #11 Never EVER do this! These sites are more than worse…
  35. 35. A quick peak into some theme files… LOL! „family friendly“ links – my a*s… 35
  36. 36. A quick peak into some theme files… functions.php: This theme won‘t be working without those links… 36
  37. 37. #12 Always use TAC to do a pre-check! Theme Authenticity Checker (TAC) http://builtbackwards.com/projects/tac/
  38. 38. It get’s worse: base64 encoded footer Are you really sure you want to see that footer.php file? 38
  39. 39. Right… NICE FOOTER! 39
  40. 40. If you are REALLY curious… http://ottodestruct.com/decoder.php http://www.tareeinternet.com/scripts/byterun.php http://www.tareeinternet.com/scripts/decrypt.php http://rot13-encoder-decoder.waraxe.us/ The PHP code isn’t “really” encrypted, rather kind of obfuscated. Reversing is possible!
  41. 41. PLEASE… stay awayfrom “free” WordPress themes – they’re not free, really!
  42. 42. #13 Keep your installation clean Remove all non-active plug-ins as well as themes! 42
  43. 43. #14 Do updates regularly! WP Updates Notifier to get emails on out-dated components (core, themes & plug-ins) for all blogs: – http://wordpress.org/extend/plugins /wp-updates-notifier/ ManageWP can do one-click mass updates (core, themes, plug-ins again) for all your blogs: – http://managewp.com/features
  44. 44. #15 Daily scan your Theme WP AntiVirus http://wordpress.org/extend/plugins/antivirus/
  45. 45. #16 Harden your Security Settings Secure WordPress Most important: Remove version number from ALL components & block malicious URL requests. http://wordpress.org/extend/plugins/secure-wordpress/
  46. 46. #17 Protect wp-admin by .htaccess Put an .htaccess to your /wp-admin/ for basic passwd. protection. You can also try the “Lockdown WP Admin” plug-in to protect PHP files in wp-admin as well as the login itself. http://wordpress.org/extend/plugins/lockdown-wp-admin/
  47. 47. #18 Fix File & Folder Permissions WP-Security Scan Very important: chmod your wp-config.php to be read-only! http://wordpress.org/extend/plugins/wp-security-scan/
  48. 48. Section #5: Maintenance 48
  49. 49. #19 Do a Theme Test Drive Live-Testing a new theme without anyone else noticing… nice! http://wordpress.org/extend/plugins/theme-test-drive/
  50. 50. #20 Debug your WordPress #1 P3 (Plugin Perf. Profiler) http://wordpress.org/extend/plugins/p3-profiler/
  51. 51. #20 Debug your WordPress #1 http://wordpress.org/extend/plugins/p3-profiler/
  52. 52. #20 Debug your WordPress #1 http://wordpress.org/extend/plugins/p3-profiler/
  53. 53. #20 Debug your WordPress #1 http://wordpress.org/extend/plugins/p3-profiler/
  54. 54. #21 Debug your WordPress #2 Debug Objects http://wordpress.org/extend/plugins/debug-objects/
  55. 55. #22 Enable Akismet Just enable, get an API key and turn „auto-delete“ on!
  56. 56. #23 Backup Database & Files BackWPup http://wordpress.org/extend/plugins/backwpup/
  57. 57. #24 Watch out for Errors  Knowledge is power  Use a 404 logger – Analytics software – Redirection (built-in) – Webserver logs  Setup 301 redirects accordingly using “Redirection”, again. Image-Credits: http://gdig.de/i
  58. 58. #25 Maintain Categories & Tags Term Mgmt. Tools Mass merge & change parents http://wordpress.org/extend/plugins/term-management-tools/
  59. 59. Section #6: Performance
  60. 60. GWT Site Performance Info This is really not so good…! 60
  61. 61. Scoring domains byperformance; check it out! https://developers.google.com/pagespeed/
  62. 62. #26 Compress those Images 13.2% savings WP Smush.it for one image! http://wordpress.org/extend/plugins/wp-smushit/
  63. 63. Or try this one - if you don’t like Yahoo… Run‘s awesome CW Image image optimization Optimizer but requires Unix „littleutils“ http://wordpress.org/extend/plugins/cw-image-optimizer/
  64. 64. #27 Setup a Caching Plug-in W3 Total Cache http://wordpress.org/extend/plugins/w3-total-cache/
  65. 65. #28 Combine multiple CSS files Combine CSS files into one to reduce the number of HTTP requests Minify the big file by removing white- spaces, etc. to reduce file size per request – Check: W3Total > Performance > Minify! Same goes for JavaScript as well… and put those JS files into the footer, if possible! 65
  66. 66. #29 Do CSS-Sprites http://spriteme.org/
  67. 67. #30 Off-load JS-Libs WP Use Google Libraries Simply enable the plug-in & serve JS libs from Google‘s CDN! http://wordpress.org/extend/plugins/use-google-libraries/
  68. 68. Section #7: Scale that Sh*t!
  69. 69. WordPress + Cloning Installations 1. Setup WP w/ optimized settings – Permalinks, Plug-ins, Settings, etc. 2. Use Xcloner to multiply setup – Easier vs. re-doing 1/ over & over again 3. Use ManageWP for maintenance – Perfect mass management solution 4. Or: Update using browser favorites – Just replace hostnames in your list 69
  70. 70. Maybe give xMarkPro a try? Looks very promising… But I didn’t find the time to test it in full detail yet, Sorry. http://xmarkpro.com/
  71. 71. WordPress + Multisites 1. Use default WordPress and install 2. Edit wp-config.php: – define(WP_ALLOW_MULTISITE, true); 3. Install WP “MU Domain Mapping” – Copy “sunrise.php” to “wp-content” 4. Edit wp-config.php, again: – define(SUNRISE, on); Bonus: “Clone Sites for WPMU“ http://codex.wordpress.org/Create_A_Network
  72. 72. OMCap 2011 - Online Marketing Konferenz Berlin And that’s it! …13.10.2011 Wait, still not enough? 72
  73. 73. Section #8: wp-config.php Tweaks
  74. 74. How to do it? Just find this beast… … don’t use this piece of sh*t…… and put directives before here!
  75. 75. Moving the “wp-content” folderdefine(WP_CONTENT_DIR, $_SERVER[DOCUMENT_ROOT]./blog/my-wp-content); WP_CONTENT_DIR points to “new” the full local path (no trailing slash)define(WP_CONTENT_URL, http://domain.com/blog/my-wp-content); WP_CONTENT_URL points to “new” full URI (no trailing slash either)
  76. 76. Auto-saving & Revision-handlingdefine(AUTOSAVE_INTERVAL, 160 ); WP uses Ajax to auto-save revisions to the post as you edit. Change the interval if necessary (default=60)define(WP_POST_REVISIONS, 3);… or (not recommended):define(WP_POST_REVISIONS, false); Limit WP to create a maximum number of revisions per post using WP_POST_REVISIONS
  77. 77. SSL Logins & Administrationdefine(FORCE_SSL_LOGIN, true); Set FORCE_SSL_LOGIN to “true” to force all logins to happen over SSL. (still allows non-SSL admin sessions)define(FORCE_SSL_ADMIN, true); Use FORCE_SSL_ADMIN to force all logins and all admin sessions to happen over SSL (can be slow…)
  78. 78. Enable DB Auto-Repair Go edit „wp-config.php“ and add this line – easy! define(WP_ALLOW_REPAIR, true); Afterwards, you need to call the repair script manually: http://example.com/wp-admin/maint/repair.php
  79. 79. OMCap 2011 - Online Marketing Konferenz Berlin Finally! …13.10.2011 Well, well… one more! 79
  80. 80. Thanks! Questions? mail@grimm-digital.com twitter.com/basgr linkedin.com/in/bastiangrimm facebook.com/grimm.digital http://gdig.de/think12 Bastian Grimm, Managing Partner - Grimm Digital

×