• Save
WordPress Optimization & Security - ThinkVisibility 2012, Leeds
Upcoming SlideShare
Loading in...5

WordPress Optimization & Security - ThinkVisibility 2012, Leeds



Covering the full spectrum of WordPress Optimization possibilities as well as WordPress security.

Covering the full spectrum of WordPress Optimization possibilities as well as WordPress security.



Total Views
Views on SlideShare
Embed Views



24 Embeds 1,750

http://www.analyticsseo.com 546
http://www.stateofsearch.com 475
http://tootle.pl 298
http://seoblog 203
http://www.scoop.it 63
https://twitter.com 58
http://www.stateofdigital.com 35
http://storify.com 28
http://lanyrd.com 22
http://client.tskab.com 4
http://pinterest.com 3
http://analyticsseo.com 2
https://si0.twimg.com 2
http://seo.test.analyticsseo.com 1
http://www.ebwayseoplatform.com 1
http://wp.analyticsseo.com 1
http://www.linkedin.com 1
http://www.coolryan.com 1
http://www.kred.com 1
http://brands.kred.com 1
http://kred.com 1
http://mdginternet.com 1
https://t.co 1
http://app.analyticsseo.com 1


Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

WordPress Optimization & Security - ThinkVisibility 2012, Leeds WordPress Optimization & Security - ThinkVisibility 2012, Leeds Presentation Transcript

  • WordPressOptimization and Security Leeds, September 2012 http://gdig.de/think12 Bastian Grimm, Managing Partner - Grimm Digital
  • About me Background: PHP & Java – Dev. CMS, shops & forums – Wazap! Game Search Engine Online Marketing since 2004 – SEO strategy consulting, in-house trainings & workshops, WordPress @basgr SEO, bla bla… Links, Links, Links…need some? Stuff to play with… 2
  • Get the Slide-Deck http://gdig.de/think12 3
  • Credits for facts & graphic: http://yoast.com/wordpress-stats/
  • Credits for facts & graphic: http://yoast.com/wordpress-stats/
  • Section #1: Configuration
  • #1 Settings > PermaLinks Get rid of those dates (IDs), they look awful! /%postname%/
  • #2 Settings > Privacy Make sure you actually allow search engine to access your contents! 8
  • #3 Fix your Themes’ Page Title Open header.php in your themes’ folder, search for “wp_title” – it’s going be the first match! <title><?php wp_title(); ?></title> That’s the ONLY thing you need! 9
  • Section #2: WordPress SEO
  • #4 WordPress SEO by Yoast 1/9 Make sure to uncheck this! Enables setting noindex, canonical & 301 (for users) on a per-post basis
  • #4 WordPress SEO by Yoast 2/9 You surely don‘t need paged archives, categories, etc. – they‘re targeting the same keys anyways. Affiliate sites mainly have pages, no need for RSS. Check all of them!
  • #4 WordPress SEO by Yoast 3/9 Set proper page title & description, also choose author for SERP listing
  • #4 WordPress SEO by Yoast 4/9 Use help section to get details an all 30+ variables! Keep unchecked unless you’re publishing news. Default value has been changed w/ last update.
  • In addition: Post-level settings You can overwrite defaults on a per-post level using the “Advanced” settings. 15
  • #4 WordPress SEO by Yoast 5/9 Usually you just need one (unless having a HUGE amount of content) – “noindex” the other one!
  • #4 WordPress SEO by Yoast 6/9 Especially w/ single-authored blogs, those are a 1:1 copy of your homepage. 301 is the better solution!
  • #4 WordPress SEO by Yoast 7/9 For larger sites, check to auto- generate XML sitemaps. Remember to check excludes!
  • #4 WordPress SEO by Yoast 8/9 Make absolutely sure you‘re using these!
  • BTW: Clean those URL-Slugs WP Permalauts Especially important for Germany, France, etc. http://wordpress.org/extend/plugins/wp-permalauts/
  • #4 WordPress SEO by Yoast 9/9
  • Trust me… things change!Check out SEO data transporter to switch SEO plug-ins! 22
  • Migration made easy: Painless switching! SEO Data Transporter http://wordpress.org/extend/plugins/seo-data-transporter/
  • Section #3: Plug-ins 24
  • Make absolutely sureyou only use plug-insfrom trusted authors!
  • #5 Fix your Pagination Better crawl-ability, better WP-PageNavi indexation – what else u want? WordPress pagination s*cks, replace it! http://wordpress.org/extend/plugins/wp-pagenavi/
  • #6 Improve internal Cross-Linking Yet Another Related Posts Plugin http://wordpress.org/extend/plugins/yet-another-related-posts-plugin/
  • #7 Auto-optimize Image Attributes SEO Friendly Images Forces post title & image name to be used as img alt-attribute http://wordpress.org/extend/plugins/seo-image/
  • #8 Redirect old Contents Redirection http://wordpress.org/extend/plugins/redirection/
  • #9 Mask your Affiliate Links Eclipse Link Cloaker http://eclipsecloaker.com/
  • Don’t forget to tweak your robots.txt We don‘t want some WPUser-Agent: * specific files & foldersDisallow: /wp-admin/Disallow: /feed/Disallow: /comments/feed/Disallow: /*/trackback/$Disallow: /*/feed/$Disallow: /*.css$ Adjust according to yourDisallow: /*.js$Disallow: /r/ Link Cloaker settings. 31
  • #10 Have Rich-Snippets if possible Schema Creator http://wordpress.org/extend/plugins/schema-creator/
  • Section #4: Security
  • #11 Never EVER do this! These sites are more than worse…
  • A quick peak into some theme files… LOL! „family friendly“ links – my a*s… 35
  • A quick peak into some theme files… functions.php: This theme won‘t be working without those links… 36
  • #12 Always use TAC to do a pre-check! Theme Authenticity Checker (TAC) http://builtbackwards.com/projects/tac/
  • It get’s worse: base64 encoded footer Are you really sure you want to see that footer.php file? 38
  • Right… NICE FOOTER! 39
  • If you are REALLY curious… http://ottodestruct.com/decoder.php http://www.tareeinternet.com/scripts/byterun.php http://www.tareeinternet.com/scripts/decrypt.php http://rot13-encoder-decoder.waraxe.us/ The PHP code isn’t “really” encrypted, rather kind of obfuscated. Reversing is possible!
  • PLEASE… stay awayfrom “free” WordPress themes – they’re not free, really!
  • #13 Keep your installation clean Remove all non-active plug-ins as well as themes! 42
  • #14 Do updates regularly! WP Updates Notifier to get emails on out-dated components (core, themes & plug-ins) for all blogs: – http://wordpress.org/extend/plugins /wp-updates-notifier/ ManageWP can do one-click mass updates (core, themes, plug-ins again) for all your blogs: – http://managewp.com/features
  • #15 Daily scan your Theme WP AntiVirus http://wordpress.org/extend/plugins/antivirus/
  • #16 Harden your Security Settings Secure WordPress Most important: Remove version number from ALL components & block malicious URL requests. http://wordpress.org/extend/plugins/secure-wordpress/
  • #17 Protect wp-admin by .htaccess Put an .htaccess to your /wp-admin/ for basic passwd. protection. You can also try the “Lockdown WP Admin” plug-in to protect PHP files in wp-admin as well as the login itself. http://wordpress.org/extend/plugins/lockdown-wp-admin/
  • #18 Fix File & Folder Permissions WP-Security Scan Very important: chmod your wp-config.php to be read-only! http://wordpress.org/extend/plugins/wp-security-scan/
  • Section #5: Maintenance 48
  • #19 Do a Theme Test Drive Live-Testing a new theme without anyone else noticing… nice! http://wordpress.org/extend/plugins/theme-test-drive/
  • #20 Debug your WordPress #1 P3 (Plugin Perf. Profiler) http://wordpress.org/extend/plugins/p3-profiler/
  • #20 Debug your WordPress #1 http://wordpress.org/extend/plugins/p3-profiler/
  • #20 Debug your WordPress #1 http://wordpress.org/extend/plugins/p3-profiler/
  • #20 Debug your WordPress #1 http://wordpress.org/extend/plugins/p3-profiler/
  • #21 Debug your WordPress #2 Debug Objects http://wordpress.org/extend/plugins/debug-objects/
  • #22 Enable Akismet Just enable, get an API key and turn „auto-delete“ on!
  • #23 Backup Database & Files BackWPup http://wordpress.org/extend/plugins/backwpup/
  • #24 Watch out for Errors  Knowledge is power  Use a 404 logger – Analytics software – Redirection (built-in) – Webserver logs  Setup 301 redirects accordingly using “Redirection”, again. Image-Credits: http://gdig.de/i
  • #25 Maintain Categories & Tags Term Mgmt. Tools Mass merge & change parents http://wordpress.org/extend/plugins/term-management-tools/
  • Section #6: Performance
  • GWT Site Performance Info This is really not so good…! 60
  • Scoring domains byperformance; check it out! https://developers.google.com/pagespeed/
  • #26 Compress those Images 13.2% savings WP Smush.it for one image! http://wordpress.org/extend/plugins/wp-smushit/
  • Or try this one - if you don’t like Yahoo… Run‘s awesome CW Image image optimization Optimizer but requires Unix „littleutils“ http://wordpress.org/extend/plugins/cw-image-optimizer/
  • #27 Setup a Caching Plug-in W3 Total Cache http://wordpress.org/extend/plugins/w3-total-cache/
  • #28 Combine multiple CSS files Combine CSS files into one to reduce the number of HTTP requests Minify the big file by removing white- spaces, etc. to reduce file size per request – Check: W3Total > Performance > Minify! Same goes for JavaScript as well… and put those JS files into the footer, if possible! 65
  • #29 Do CSS-Sprites http://spriteme.org/
  • #30 Off-load JS-Libs WP Use Google Libraries Simply enable the plug-in & serve JS libs from Google‘s CDN! http://wordpress.org/extend/plugins/use-google-libraries/
  • Section #7: Scale that Sh*t!
  • WordPress + Cloning Installations 1. Setup WP w/ optimized settings – Permalinks, Plug-ins, Settings, etc. 2. Use Xcloner to multiply setup – Easier vs. re-doing 1/ over & over again 3. Use ManageWP for maintenance – Perfect mass management solution 4. Or: Update using browser favorites – Just replace hostnames in your list 69
  • Maybe give xMarkPro a try? Looks very promising… But I didn’t find the time to test it in full detail yet, Sorry. http://xmarkpro.com/
  • WordPress + Multisites 1. Use default WordPress and install 2. Edit wp-config.php: – define(WP_ALLOW_MULTISITE, true); 3. Install WP “MU Domain Mapping” – Copy “sunrise.php” to “wp-content” 4. Edit wp-config.php, again: – define(SUNRISE, on); Bonus: “Clone Sites for WPMU“ http://codex.wordpress.org/Create_A_Network
  • OMCap 2011 - Online Marketing Konferenz Berlin And that’s it! …13.10.2011 Wait, still not enough? 72
  • Section #8: wp-config.php Tweaks
  • How to do it? Just find this beast… … don’t use this piece of sh*t…… and put directives before here!
  • Moving the “wp-content” folderdefine(WP_CONTENT_DIR, $_SERVER[DOCUMENT_ROOT]./blog/my-wp-content); WP_CONTENT_DIR points to “new” the full local path (no trailing slash)define(WP_CONTENT_URL, http://domain.com/blog/my-wp-content); WP_CONTENT_URL points to “new” full URI (no trailing slash either)
  • Auto-saving & Revision-handlingdefine(AUTOSAVE_INTERVAL, 160 ); WP uses Ajax to auto-save revisions to the post as you edit. Change the interval if necessary (default=60)define(WP_POST_REVISIONS, 3);… or (not recommended):define(WP_POST_REVISIONS, false); Limit WP to create a maximum number of revisions per post using WP_POST_REVISIONS
  • SSL Logins & Administrationdefine(FORCE_SSL_LOGIN, true); Set FORCE_SSL_LOGIN to “true” to force all logins to happen over SSL. (still allows non-SSL admin sessions)define(FORCE_SSL_ADMIN, true); Use FORCE_SSL_ADMIN to force all logins and all admin sessions to happen over SSL (can be slow…)
  • Enable DB Auto-Repair Go edit „wp-config.php“ and add this line – easy! define(WP_ALLOW_REPAIR, true); Afterwards, you need to call the repair script manually: http://example.com/wp-admin/maint/repair.php
  • OMCap 2011 - Online Marketing Konferenz Berlin Finally! …13.10.2011 Well, well… one more! 79
  • Thanks! Questions? mail@grimm-digital.com twitter.com/basgr linkedin.com/in/bastiangrimm facebook.com/grimm.digital http://gdig.de/think12 Bastian Grimm, Managing Partner - Grimm Digital