1. WordPress in the Wild
Deployment, Performance,
Optimization, and Security
Markku Seguerra / rebelpixel.com

2. It’s a wild world out there!

3. A guide to using WordPress in production
environments, from small blogs to full-
blown sites. Simplify deployment,
optimize performance, and increase
security with the most effective plugins
and tweaks that help you get the most
from your WordPress-powered blog.

4. 4 Questions
???

5. Question #1
What is the most effective way of
deploying WordPress?

6. Question #2
How do you maximize performance
of a WordPress blog?

7. Question #3
How do you optimize your blog for
search and your target readers?

8. Question #4
How do you protect your blog from
malicious users and catastrophic
failure?

9. #1 Deployment
* Simple
* Fast
* Secure

10. Simple & Fast
* Download/wget from wordpress.org
* Copying from existing install is
troublesome
* Use local installer with important
themes and plugins from official
sources

11. Secure
* Use only wordpress.org
* For themes & plugins, inspect code if
from other sources
* Use SSH/SFTP for secure transfer if
available; FTP is a last option

12. #2 Performance
What limits performance?
* WordPress is dynamic
* WordPress is for everyone
* WordPress is too popular

13. WordPress is dynamic
* Every page view uses the
database (and the CPU)
* Use caching; WP Super
Cache works best!

15. WordPress is for everyone
* Some features are built for
the other half of its users
* Stick to what you need and
what works for you!

16. WordPress is too popular
* Almost automatically invites
spam comments
* Akismet takes care of the
spam problem 99% of the time

17. More performance tricks
* Offload content (Amazon
S3, Flickr, YouTube, etc.)
* Use only necessary plugins
* Use 3rd-party comments
(Disqus, Intense Debate, etc.)

18. Beyond WordPress
* Optimize MySQL (MyISAM
only, query_cache tuning, etc.)
* Optimize PHP (limit
extensions, memory allocation,
use memcache, etc.)
* Replace Apache!

19. #3 Optimization
“WordPress takes care of
80-90% of (the mechanics of)
SEO.”
- Matt Cutts, Google

20. Highlight your Content!
Pretty permalinks

21. Highlight your Content!
All in One SEO Pack

22. Highlight your Content!
* Analytics360 + Google Analyticator
* WordPress.com Stats
* Google XML Sitemaps
* FD Feedburner / Feedburner Feedsmith
* Broken Link Checker

23. Content is King!
SEO can only do so much; it
can only be as good as what’s
on your blog.

24. #4 Security
* Content theft
* WordPress vulnerabilities
* Server security
* Database failure
* Server/hosting failure

25. Content theft
RSS Footer
* Blog about it!
* Resume creating good content.
* Report to search engines.
* Report to host/ISP.

26. WordPress vulnerabilities
* More users invites more
discoveries of awed code
* Widespread use attracts more
mischief
* Extensibility opens a back door

27. WordPress Upgrades
WordPress is safe only
when up to date!

28. More WordPress security
* Remove “admin” username
* Change table pre x (wp_)
* Hide WP version
* Secure /wp-admin/ with server
passwords

29. More WordPress security

30. Server security
* Timely upgrades saves you from
pain!
* Use proper le & directory
permissions
* Audit all installed apps

31. Security plugins
WP Security Scan

32. Security plugins
WP Exploit Scanner

33. Database failure
WordPress Database Backup
(or use PhpMyAdmin)

34. Database backups
* Use onsite backups
* Use offsite, online storage
(Gmail is good)

35. Server/hosting failure
* The end?
* Regularly download full
backups to local PC
* Burn full backups to DVD!
* Be prepared to restore from
scratch!

36. Thank you!