1. WordPressOptimization and Security Leeds, September 2012 http://gdig.de/think12 Bastian Grimm, Managing Partner - Grimm Digital
2. About me Background: PHP & Java – Dev. CMS, shops & forums – Wazap! Game Search Engine Online Marketing since 2004 – SEO strategy consulting, in-house trainings & workshops, WordPress @basgr SEO, bla bla… Links, Links, Links…need some? Stuff to play with… 2
3. Get the Slide-Deck http://gdig.de/think12 3
4. Credits for facts & graphic: http://yoast.com/wordpress-stats/
5. Credits for facts & graphic: http://yoast.com/wordpress-stats/
6. Section #1: Configuration
7. #1 Settings > PermaLinks Get rid of those dates (IDs), they look awful! /%postname%/
8. #2 Settings > Privacy Make sure you actually allow search engine to access your contents! 8
9. #3 Fix your Themes’ Page Title Open header.php in your themes’ folder, search for “wp_title” – it’s going be the first match! <title><?php wp_title(); ?></title> That’s the ONLY thing you need! 9
10. Section #2: WordPress SEO
11. #4 WordPress SEO by Yoast 1/9 Make sure to uncheck this! Enables setting noindex, canonical & 301 (for users) on a per-post basis
12. #4 WordPress SEO by Yoast 2/9 You surely don‘t need paged archives, categories, etc. – they‘re targeting the same keys anyways. Affiliate sites mainly have pages, no need for RSS. Check all of them!
13. #4 WordPress SEO by Yoast 3/9 Set proper page title & description, also choose author for SERP listing
14. #4 WordPress SEO by Yoast 4/9 Use help section to get details an all 30+ variables! Keep unchecked unless you’re publishing news. Default value has been changed w/ last update.
15. In addition: Post-level settings You can overwrite defaults on a per-post level using the “Advanced” settings. 15
16. #4 WordPress SEO by Yoast 5/9 Usually you just need one (unless having a HUGE amount of content) – “noindex” the other one!
17. #4 WordPress SEO by Yoast 6/9 Especially w/ single-authored blogs, those are a 1:1 copy of your homepage. 301 is the better solution!
18. #4 WordPress SEO by Yoast 7/9 For larger sites, check to auto- generate XML sitemaps. Remember to check excludes!
19. #4 WordPress SEO by Yoast 8/9 Make absolutely sure you‘re using these!
20. BTW: Clean those URL-Slugs WP Permalauts Especially important for Germany, France, etc. http://wordpress.org/extend/plugins/wp-permalauts/
21. #4 WordPress SEO by Yoast 9/9
22. Trust me… things change!Check out SEO data transporter to switch SEO plug-ins! 22
23. Migration made easy: Painless switching! SEO Data Transporter http://wordpress.org/extend/plugins/seo-data-transporter/
24. Section #3: Plug-ins 24
25. Make absolutely sureyou only use plug-insfrom trusted authors!
26. #5 Fix your Pagination Better crawl-ability, better WP-PageNavi indexation – what else u want? WordPress pagination s*cks, replace it! http://wordpress.org/extend/plugins/wp-pagenavi/
27. #6 Improve internal Cross-Linking Yet Another Related Posts Plugin http://wordpress.org/extend/plugins/yet-another-related-posts-plugin/
28. #7 Auto-optimize Image Attributes SEO Friendly Images Forces post title & image name to be used as img alt-attribute http://wordpress.org/extend/plugins/seo-image/
29. #8 Redirect old Contents Redirection http://wordpress.org/extend/plugins/redirection/
30. #9 Mask your Affiliate Links Eclipse Link Cloaker http://eclipsecloaker.com/
31. Don’t forget to tweak your robots.txt We don‘t want some WPUser-Agent: * specific files & foldersDisallow: /wp-admin/Disallow: /feed/Disallow: /comments/feed/Disallow: /*/trackback/$Disallow: /*/feed/$Disallow: /*.css$ Adjust according to yourDisallow: /*.js$Disallow: /r/ Link Cloaker settings. 31
32. #10 Have Rich-Snippets if possible Schema Creator http://wordpress.org/extend/plugins/schema-creator/
33. Section #4: Security
34. #11 Never EVER do this! These sites are more than worse…
35. A quick peak into some theme files… LOL! „family friendly“ links – my a*s… 35
36. A quick peak into some theme files… functions.php: This theme won‘t be working without those links… 36
37. #12 Always use TAC to do a pre-check! Theme Authenticity Checker (TAC) http://builtbackwards.com/projects/tac/
38. It get’s worse: base64 encoded footer Are you really sure you want to see that footer.php file? 38
39. Right… NICE FOOTER! 39
40. If you are REALLY curious… http://ottodestruct.com/decoder.php http://www.tareeinternet.com/scripts/byterun.php http://www.tareeinternet.com/scripts/decrypt.php http://rot13-encoder-decoder.waraxe.us/ The PHP code isn’t “really” encrypted, rather kind of obfuscated. Reversing is possible!
42. #13 Keep your installation clean Remove all non-active plug-ins as well as themes! 42
43. #14 Do updates regularly! WP Updates Notifier to get emails on out-dated components (core, themes & plug-ins) for all blogs: – http://wordpress.org/extend/plugins /wp-updates-notifier/ ManageWP can do one-click mass updates (core, themes, plug-ins again) for all your blogs: – http://managewp.com/features
44. #15 Daily scan your Theme WP AntiVirus http://wordpress.org/extend/plugins/antivirus/
45. #16 Harden your Security Settings Secure WordPress Most important: Remove version number from ALL components & block malicious URL requests. http://wordpress.org/extend/plugins/secure-wordpress/
46. #17 Protect wp-admin by .htaccess Put an .htaccess to your /wp-admin/ for basic passwd. protection. You can also try the “Lockdown WP Admin” plug-in to protect PHP files in wp-admin as well as the login itself. http://wordpress.org/extend/plugins/lockdown-wp-admin/
47. #18 Fix File & Folder Permissions WP-Security Scan Very important: chmod your wp-config.php to be read-only! http://wordpress.org/extend/plugins/wp-security-scan/
48. Section #5: Maintenance 48
49. #19 Do a Theme Test Drive Live-Testing a new theme without anyone else noticing… nice! http://wordpress.org/extend/plugins/theme-test-drive/
57. #24 Watch out for Errors Knowledge is power Use a 404 logger – Analytics software – Redirection (built-in) – Webserver logs Setup 301 redirects accordingly using “Redirection”, again. Image-Credits: http://gdig.de/i
58. #25 Maintain Categories & Tags Term Mgmt. Tools Mass merge & change parents http://wordpress.org/extend/plugins/term-management-tools/
59. Section #6: Performance
60. GWT Site Performance Info This is really not so good…! 60
61. Scoring domains byperformance; check it out! https://developers.google.com/pagespeed/
62. #26 Compress those Images 13.2% savings WP Smush.it for one image! http://wordpress.org/extend/plugins/wp-smushit/
63. Or try this one - if you don’t like Yahoo… Run‘s awesome CW Image image optimization Optimizer but requires Unix „littleutils“ http://wordpress.org/extend/plugins/cw-image-optimizer/
64. #27 Setup a Caching Plug-in W3 Total Cache http://wordpress.org/extend/plugins/w3-total-cache/
66. #29 Do CSS-Sprites http://spriteme.org/
67. #30 Off-load JS-Libs WP Use Google Libraries Simply enable the plug-in & serve JS libs from Google‘s CDN! http://wordpress.org/extend/plugins/use-google-libraries/
68. Section #7: Scale that Sh*t!
69. WordPress + Cloning Installations 1. Setup WP w/ optimized settings – Permalinks, Plug-ins, Settings, etc. 2. Use Xcloner to multiply setup – Easier vs. re-doing 1/ over & over again 3. Use ManageWP for maintenance – Perfect mass management solution 4. Or: Update using browser favorites – Just replace hostnames in your list 69
70. Maybe give xMarkPro a try? Looks very promising… But I didn’t find the time to test it in full detail yet, Sorry. http://xmarkpro.com/
71. WordPress + Multisites 1. Use default WordPress and install 2. Edit wp-config.php: – define(WP_ALLOW_MULTISITE, true); 3. Install WP “MU Domain Mapping” – Copy “sunrise.php” to “wp-content” 4. Edit wp-config.php, again: – define(SUNRISE, on); Bonus: “Clone Sites for WPMU“ http://codex.wordpress.org/Create_A_Network
72. OMCap 2011 - Online Marketing Konferenz Berlin And that’s it! …13.10.2011 Wait, still not enough? 72
73. Section #8: wp-config.php Tweaks
74. How to do it? Just find this beast… … don’t use this piece of sh*t…… and put directives before here!
75. Moving the “wp-content” folderdefine(WP_CONTENT_DIR, $_SERVER[DOCUMENT_ROOT]./blog/my-wp-content); WP_CONTENT_DIR points to “new” the full local path (no trailing slash)define(WP_CONTENT_URL, http://domain.com/blog/my-wp-content); WP_CONTENT_URL points to “new” full URI (no trailing slash either)
76. Auto-saving & Revision-handlingdefine(AUTOSAVE_INTERVAL, 160 ); WP uses Ajax to auto-save revisions to the post as you edit. Change the interval if necessary (default=60)define(WP_POST_REVISIONS, 3);… or (not recommended):define(WP_POST_REVISIONS, false); Limit WP to create a maximum number of revisions per post using WP_POST_REVISIONS
77. SSL Logins & Administrationdefine(FORCE_SSL_LOGIN, true); Set FORCE_SSL_LOGIN to “true” to force all logins to happen over SSL. (still allows non-SSL admin sessions)define(FORCE_SSL_ADMIN, true); Use FORCE_SSL_ADMIN to force all logins and all admin sessions to happen over SSL (can be slow…)
78. Enable DB Auto-Repair Go edit „wp-config.php“ and add this line – easy! define(WP_ALLOW_REPAIR, true); Afterwards, you need to call the repair script manually: http://example.com/wp-admin/maint/repair.php
79. OMCap 2011 - Online Marketing Konferenz Berlin Finally! …13.10.2011 Well, well… one more! 79