ITALIAN WORDPRESS CONFERENCE 2012                        16th June 2012                            Turin - Italy
ITALIAN WORDPRESS CONFERENCE 2012          WORDPRESS                       SECURITY              AND PERFORMANCE
Happy Birthday!!!                                       #WPCON2012  About me        37 years old        Born in Turin (I...
#WPCON2012SECURITY
HTACCESS           #WPCON2012  Protect wp-login.php
HTACCESS                                                              #WPCON2012    <IfModule mod_rewrite.c>    RewriteEng...
HTACCESS           #WPCON2012   Deny .php execution
HTACCESS                                                                 #WPCON2012    Order Allow,Deny    Deny from all  ...
#WPCON2012CHANGE DIRECTORY   STRUCTURE
WP-CONFIG.PHP                                                            #WPCON2012    Rename wp-content    define( WP_CON...
WP-ADMIN –> MEDIA             #WPCON2012    Change Upload Directory
WP-CONFIG.PHP + INDEX.PHP                                                #WPCON2012    Move WordPress Core    /*     * add...
MY CUSTOM STRUCTURE   #WPCON2012
#WPCON2012BLACKHOLE
BLACKHOLE                                            #WPCON2012    http://perishablepress.com/blackhole-bad-bots/
HTACCESS                                                       #WPCON2012    RULES FOR BLACKHOLE    RewriteEngine On    Re...
PLUGIN                                                               #WPCON2012    BLACKHOLE PLUGIN    <?php    /*    Plug...
#WPCON2012FILE MONITOR
FILEMONITOR PLUGIN   #WPCON2012
#WPCON2012AVOID FTP
#WPCON2012PERFORMACE
TITLE                                   #WPCON2012                    CACHE        (storing cached data in the database)
CACHE                                                                      #WPCON2012   TRANSIENT API   http://codex.wordp...
CACHE   #WPCON2012
PLUGINS                      #WPCON2012          PLUGINS          (less is better)
PLUGINS   #WPCON2012
MINIFICATION        #WPCON2012    js/css MINIFICATION
MINIFICATION   #WPCON2012
CDN                           #WPCON2012      CLOUDFLARE CDN         (as Reverse Proxy)
CDN   #WPCON2012
TITLE                                     #WPCON2012          SERVER TUNING        VARNISH         deflate                ...
#WPCON2012?
Other                                  #WPCON2012  Thank you              Maurizio Pelizzone              @miziomon       ...
Upcoming SlideShare
Loading in …5
×

Security and Performance - Italian WordPress Conference

1,764 views

Published on

How to improve security and perfomace in your WordPress installation

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,764
On SlideShare
0
From Embeds
0
Number of Embeds
57
Actions
Shares
0
Downloads
21
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Security and Performance - Italian WordPress Conference

  1. 1. ITALIAN WORDPRESS CONFERENCE 2012 16th June 2012 Turin - Italy
  2. 2. ITALIAN WORDPRESS CONFERENCE 2012 WORDPRESS SECURITY AND PERFORMANCE
  3. 3. Happy Birthday!!! #WPCON2012 About me  37 years old  Born in Turin (Italy)  Co-Founder mavida.com  WordPress Lover  http://maurizio.mavida.com  http://www.linkedin.com/in/mauriziopelizzone
  4. 4. #WPCON2012SECURITY
  5. 5. HTACCESS #WPCON2012 Protect wp-login.php
  6. 6. HTACCESS #WPCON2012 <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^my-login wp-login.php?loginkey=HR5SKG&redirect_to= http://%{SERVER_NAME}/wp-admin/index.php [L] RewriteCond %{HTTP_REFERER} !^http://%{SERVER_NAME}/wp-admin RewriteCond %{HTTP_REFERER} !^http://%{SERVER_NAME}/wp-login.php RewriteCond %{HTTP_REFERER} !^http://%{SERVER_NAME}/my-login RewriteCond %{QUERY_STRING} !^loginkey=HR5SKG RewriteCond %{QUERY_STRING} !^action=logout RewriteCond %{REQUEST_METHOD} !POST RewriteRule ^wp-login.php http://%{SERVER_NAME}/? [R,L] RewriteCond %{QUERY_STRING} ^loggedout=true RewriteRule . http://%{SERVER_NAME}/? [L] </IfModule>
  7. 7. HTACCESS #WPCON2012 Deny .php execution
  8. 8. HTACCESS #WPCON2012 Order Allow,Deny Deny from all <Files ~ ".(xls|doc|rtf|pdf|zip|rar|mp3|flv|swf|png|gif|jpg|js|css)$"> Allow from all </Files> # # manage exception #<Files filename.php> # Allow from all #</Files>
  9. 9. #WPCON2012CHANGE DIRECTORY STRUCTURE
  10. 10. WP-CONFIG.PHP #WPCON2012 Rename wp-content define( WP_CONTENT_DIR, dirname( __FILE__ ) . /asset ); define( WP_CONTENT_URL, http:// . $_SERVER[HTTP_HOST] . /asset );
  11. 11. WP-ADMIN –> MEDIA #WPCON2012 Change Upload Directory
  12. 12. WP-CONFIG.PHP + INDEX.PHP #WPCON2012 Move WordPress Core /* * add to wp-config.php */ define( WP_SITEURL, http:// . $_SERVER[SERVER_NAME] . /wordpress-core/); define( WP_HOME, http:// . $_SERVER[SERVER_NAME]); /* * change in index.php */ define(WP_USE_THEMES, true); require(./wordpress-core/wp-blog-header.php);
  13. 13. MY CUSTOM STRUCTURE #WPCON2012
  14. 14. #WPCON2012BLACKHOLE
  15. 15. BLACKHOLE #WPCON2012 http://perishablepress.com/blackhole-bad-bots/
  16. 16. HTACCESS #WPCON2012 RULES FOR BLACKHOLE RewriteEngine On RewriteBase / RewriteRule ^(admin|wp-admin|wp-content)$ blackhole/ [L] RewriteRule ^(phpinfo|phpmyadmin)$ blackhole/ [L]
  17. 17. PLUGIN #WPCON2012 BLACKHOLE PLUGIN <?php /* Plugin Name: blackhole Plugin URI: http://maurizio.mavida.com/ Description: blackhole License: GPL Version: 0.1 Author: Maurizio Pelizzone Author URI: http://maurizio.mavida.com */ if (!is_admin()){ include($_SERVER[DOCUMENT_ROOT] . "/blackhole/blackhole.php"); }
  18. 18. #WPCON2012FILE MONITOR
  19. 19. FILEMONITOR PLUGIN #WPCON2012
  20. 20. #WPCON2012AVOID FTP
  21. 21. #WPCON2012PERFORMACE
  22. 22. TITLE #WPCON2012 CACHE (storing cached data in the database)
  23. 23. CACHE #WPCON2012 TRANSIENT API http://codex.wordpress.org/Transients_API $posts = get_transient( $transient_name ); if (!$posts) { wp_reset_query(); $the_query = new WP_Query(); $the_query->query( $args ); $posts = $the_query->posts; set_transient( $transient_name , $posts , $transient_expiration ); }
  24. 24. CACHE #WPCON2012
  25. 25. PLUGINS #WPCON2012 PLUGINS (less is better)
  26. 26. PLUGINS #WPCON2012
  27. 27. MINIFICATION #WPCON2012 js/css MINIFICATION
  28. 28. MINIFICATION #WPCON2012
  29. 29. CDN #WPCON2012 CLOUDFLARE CDN (as Reverse Proxy)
  30. 30. CDN #WPCON2012
  31. 31. TITLE #WPCON2012 SERVER TUNING VARNISH deflate memcached expire APC NGINX MySqlTuner
  32. 32. #WPCON2012?
  33. 33. Other #WPCON2012 Thank you Maurizio Pelizzone @miziomon maurizio@mavida.com http://maurizio.mavida.com

×