Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

WordPress Optimization & Security - ThinkVisibility 2012, Leeds

9,235 views

Published on

Covering the full spectrum of WordPress Optimization possibilities as well as WordPress security.

Published in: Business, Technology
  • Do you want to speed up your WordPress site? Fast loading pages improve user experience, increase your pageviews. https://amazewiki.amazingworkz.com/is-your-wordpress-site-slow-follow-this-guide-to-boost-it-now/
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Hello, there's also a WordPress plugin named "WP Security Optimizer" (https://wordpress.org/plugins/wp-security-optimizer/). It prevent hackers to sabotage your rankings in search engines. Elude attackers that exploits your website and fight Negative SEO attacks made using Acunetix and WPScan and other penetration testing toolkit. Implement features preventing users to be enumerated, and in particular enumeration of installed themes (wpscan --enumerate t) and plugins (wpscan --enumerate vp), generating false positives and forwarding an alert to the site administrator when it detects a scan. And finally, can verify corrupted and infected PHP files stored into "wp-admin" and "wp-includes" folders. Hope it's useful
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

WordPress Optimization & Security - ThinkVisibility 2012, Leeds

  1. 1. WordPressOptimization and Security Leeds, September 2012 http://gdig.de/think12 Bastian Grimm, Managing Partner - Grimm Digital
  2. 2. About me Background: PHP & Java – Dev. CMS, shops & forums – Wazap! Game Search Engine Online Marketing since 2004 – SEO strategy consulting, in-house trainings & workshops, WordPress @basgr SEO, bla bla… Links, Links, Links…need some? Stuff to play with… 2
  3. 3. Get the Slide-Deck http://gdig.de/think12 3
  4. 4. Credits for facts & graphic: http://yoast.com/wordpress-stats/
  5. 5. Credits for facts & graphic: http://yoast.com/wordpress-stats/
  6. 6. Section #1: Configuration
  7. 7. #1 Settings > PermaLinks Get rid of those dates (IDs), they look awful! /%postname%/
  8. 8. #2 Settings > Privacy Make sure you actually allow search engine to access your contents! 8
  9. 9. #3 Fix your Themes’ Page Title Open header.php in your themes’ folder, search for “wp_title” – it’s going be the first match! <title><?php wp_title(); ?></title> That’s the ONLY thing you need! 9
  10. 10. Section #2: WordPress SEO
  11. 11. #4 WordPress SEO by Yoast 1/9 Make sure to uncheck this! Enables setting noindex, canonical & 301 (for users) on a per-post basis
  12. 12. #4 WordPress SEO by Yoast 2/9 You surely don‘t need paged archives, categories, etc. – they‘re targeting the same keys anyways. Affiliate sites mainly have pages, no need for RSS. Check all of them!
  13. 13. #4 WordPress SEO by Yoast 3/9 Set proper page title & description, also choose author for SERP listing
  14. 14. #4 WordPress SEO by Yoast 4/9 Use help section to get details an all 30+ variables! Keep unchecked unless you’re publishing news. Default value has been changed w/ last update.
  15. 15. In addition: Post-level settings You can overwrite defaults on a per-post level using the “Advanced” settings. 15
  16. 16. #4 WordPress SEO by Yoast 5/9 Usually you just need one (unless having a HUGE amount of content) – “noindex” the other one!
  17. 17. #4 WordPress SEO by Yoast 6/9 Especially w/ single-authored blogs, those are a 1:1 copy of your homepage. 301 is the better solution!
  18. 18. #4 WordPress SEO by Yoast 7/9 For larger sites, check to auto- generate XML sitemaps. Remember to check excludes!
  19. 19. #4 WordPress SEO by Yoast 8/9 Make absolutely sure you‘re using these!
  20. 20. BTW: Clean those URL-Slugs WP Permalauts Especially important for Germany, France, etc. http://wordpress.org/extend/plugins/wp-permalauts/
  21. 21. #4 WordPress SEO by Yoast 9/9
  22. 22. Trust me… things change!Check out SEO data transporter to switch SEO plug-ins! 22
  23. 23. Migration made easy: Painless switching! SEO Data Transporter http://wordpress.org/extend/plugins/seo-data-transporter/
  24. 24. Section #3: Plug-ins 24
  25. 25. Make absolutely sureyou only use plug-insfrom trusted authors!
  26. 26. #5 Fix your Pagination Better crawl-ability, better WP-PageNavi indexation – what else u want? WordPress pagination s*cks, replace it! http://wordpress.org/extend/plugins/wp-pagenavi/
  27. 27. #6 Improve internal Cross-Linking Yet Another Related Posts Plugin http://wordpress.org/extend/plugins/yet-another-related-posts-plugin/
  28. 28. #7 Auto-optimize Image Attributes SEO Friendly Images Forces post title & image name to be used as img alt-attribute http://wordpress.org/extend/plugins/seo-image/
  29. 29. #8 Redirect old Contents Redirection http://wordpress.org/extend/plugins/redirection/
  30. 30. #9 Mask your Affiliate Links Eclipse Link Cloaker http://eclipsecloaker.com/
  31. 31. Don’t forget to tweak your robots.txt We don‘t want some WPUser-Agent: * specific files & foldersDisallow: /wp-admin/Disallow: /feed/Disallow: /comments/feed/Disallow: /*/trackback/$Disallow: /*/feed/$Disallow: /*.css$ Adjust according to yourDisallow: /*.js$Disallow: /r/ Link Cloaker settings. 31
  32. 32. #10 Have Rich-Snippets if possible Schema Creator http://wordpress.org/extend/plugins/schema-creator/
  33. 33. Section #4: Security
  34. 34. #11 Never EVER do this! These sites are more than worse…
  35. 35. A quick peak into some theme files… LOL! „family friendly“ links – my a*s… 35
  36. 36. A quick peak into some theme files… functions.php: This theme won‘t be working without those links… 36
  37. 37. #12 Always use TAC to do a pre-check! Theme Authenticity Checker (TAC) http://builtbackwards.com/projects/tac/
  38. 38. It get’s worse: base64 encoded footer Are you really sure you want to see that footer.php file? 38
  39. 39. Right… NICE FOOTER! 39
  40. 40. If you are REALLY curious… http://ottodestruct.com/decoder.php http://www.tareeinternet.com/scripts/byterun.php http://www.tareeinternet.com/scripts/decrypt.php http://rot13-encoder-decoder.waraxe.us/ The PHP code isn’t “really” encrypted, rather kind of obfuscated. Reversing is possible!
  41. 41. PLEASE… stay awayfrom “free” WordPress themes – they’re not free, really!
  42. 42. #13 Keep your installation clean Remove all non-active plug-ins as well as themes! 42
  43. 43. #14 Do updates regularly! WP Updates Notifier to get emails on out-dated components (core, themes & plug-ins) for all blogs: – http://wordpress.org/extend/plugins /wp-updates-notifier/ ManageWP can do one-click mass updates (core, themes, plug-ins again) for all your blogs: – http://managewp.com/features
  44. 44. #15 Daily scan your Theme WP AntiVirus http://wordpress.org/extend/plugins/antivirus/
  45. 45. #16 Harden your Security Settings Secure WordPress Most important: Remove version number from ALL components & block malicious URL requests. http://wordpress.org/extend/plugins/secure-wordpress/
  46. 46. #17 Protect wp-admin by .htaccess Put an .htaccess to your /wp-admin/ for basic passwd. protection. You can also try the “Lockdown WP Admin” plug-in to protect PHP files in wp-admin as well as the login itself. http://wordpress.org/extend/plugins/lockdown-wp-admin/
  47. 47. #18 Fix File & Folder Permissions WP-Security Scan Very important: chmod your wp-config.php to be read-only! http://wordpress.org/extend/plugins/wp-security-scan/
  48. 48. Section #5: Maintenance 48
  49. 49. #19 Do a Theme Test Drive Live-Testing a new theme without anyone else noticing… nice! http://wordpress.org/extend/plugins/theme-test-drive/
  50. 50. #20 Debug your WordPress #1 P3 (Plugin Perf. Profiler) http://wordpress.org/extend/plugins/p3-profiler/
  51. 51. #20 Debug your WordPress #1 http://wordpress.org/extend/plugins/p3-profiler/
  52. 52. #20 Debug your WordPress #1 http://wordpress.org/extend/plugins/p3-profiler/
  53. 53. #20 Debug your WordPress #1 http://wordpress.org/extend/plugins/p3-profiler/
  54. 54. #21 Debug your WordPress #2 Debug Objects http://wordpress.org/extend/plugins/debug-objects/
  55. 55. #22 Enable Akismet Just enable, get an API key and turn „auto-delete“ on!
  56. 56. #23 Backup Database & Files BackWPup http://wordpress.org/extend/plugins/backwpup/
  57. 57. #24 Watch out for Errors  Knowledge is power  Use a 404 logger – Analytics software – Redirection (built-in) – Webserver logs  Setup 301 redirects accordingly using “Redirection”, again. Image-Credits: http://gdig.de/i
  58. 58. #25 Maintain Categories & Tags Term Mgmt. Tools Mass merge & change parents http://wordpress.org/extend/plugins/term-management-tools/
  59. 59. Section #6: Performance
  60. 60. GWT Site Performance Info This is really not so good…! 60
  61. 61. Scoring domains byperformance; check it out! https://developers.google.com/pagespeed/
  62. 62. #26 Compress those Images 13.2% savings WP Smush.it for one image! http://wordpress.org/extend/plugins/wp-smushit/
  63. 63. Or try this one - if you don’t like Yahoo… Run‘s awesome CW Image image optimization Optimizer but requires Unix „littleutils“ http://wordpress.org/extend/plugins/cw-image-optimizer/
  64. 64. #27 Setup a Caching Plug-in W3 Total Cache http://wordpress.org/extend/plugins/w3-total-cache/
  65. 65. #28 Combine multiple CSS files Combine CSS files into one to reduce the number of HTTP requests Minify the big file by removing white- spaces, etc. to reduce file size per request – Check: W3Total > Performance > Minify! Same goes for JavaScript as well… and put those JS files into the footer, if possible! 65
  66. 66. #29 Do CSS-Sprites http://spriteme.org/
  67. 67. #30 Off-load JS-Libs WP Use Google Libraries Simply enable the plug-in & serve JS libs from Google‘s CDN! http://wordpress.org/extend/plugins/use-google-libraries/
  68. 68. Section #7: Scale that Sh*t!
  69. 69. WordPress + Cloning Installations 1. Setup WP w/ optimized settings – Permalinks, Plug-ins, Settings, etc. 2. Use Xcloner to multiply setup – Easier vs. re-doing 1/ over & over again 3. Use ManageWP for maintenance – Perfect mass management solution 4. Or: Update using browser favorites – Just replace hostnames in your list 69
  70. 70. Maybe give xMarkPro a try? Looks very promising… But I didn’t find the time to test it in full detail yet, Sorry. http://xmarkpro.com/
  71. 71. WordPress + Multisites 1. Use default WordPress and install 2. Edit wp-config.php: – define(WP_ALLOW_MULTISITE, true); 3. Install WP “MU Domain Mapping” – Copy “sunrise.php” to “wp-content” 4. Edit wp-config.php, again: – define(SUNRISE, on); Bonus: “Clone Sites for WPMU“ http://codex.wordpress.org/Create_A_Network
  72. 72. OMCap 2011 - Online Marketing Konferenz Berlin And that’s it! …13.10.2011 Wait, still not enough? 72
  73. 73. Section #8: wp-config.php Tweaks
  74. 74. How to do it? Just find this beast… … don’t use this piece of sh*t…… and put directives before here!
  75. 75. Moving the “wp-content” folderdefine(WP_CONTENT_DIR, $_SERVER[DOCUMENT_ROOT]./blog/my-wp-content); WP_CONTENT_DIR points to “new” the full local path (no trailing slash)define(WP_CONTENT_URL, http://domain.com/blog/my-wp-content); WP_CONTENT_URL points to “new” full URI (no trailing slash either)
  76. 76. Auto-saving & Revision-handlingdefine(AUTOSAVE_INTERVAL, 160 ); WP uses Ajax to auto-save revisions to the post as you edit. Change the interval if necessary (default=60)define(WP_POST_REVISIONS, 3);… or (not recommended):define(WP_POST_REVISIONS, false); Limit WP to create a maximum number of revisions per post using WP_POST_REVISIONS
  77. 77. SSL Logins & Administrationdefine(FORCE_SSL_LOGIN, true); Set FORCE_SSL_LOGIN to “true” to force all logins to happen over SSL. (still allows non-SSL admin sessions)define(FORCE_SSL_ADMIN, true); Use FORCE_SSL_ADMIN to force all logins and all admin sessions to happen over SSL (can be slow…)
  78. 78. Enable DB Auto-Repair Go edit „wp-config.php“ and add this line – easy! define(WP_ALLOW_REPAIR, true); Afterwards, you need to call the repair script manually: http://example.com/wp-admin/maint/repair.php
  79. 79. OMCap 2011 - Online Marketing Konferenz Berlin Finally! …13.10.2011 Well, well… one more! 79
  80. 80. Thanks! Questions? mail@grimm-digital.com twitter.com/basgr linkedin.com/in/bastiangrimm facebook.com/grimm.digital http://gdig.de/think12 Bastian Grimm, Managing Partner - Grimm Digital

×