Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

40 WordPress Tips: Security, Engagement, SEO & Performance - SMX Sydney 2013

33 435 vues

Publié le

My talk at #SMX Sydney 2013 featuring 40 tips on WordPress security, WordPress SEO as well as a huge set of plug-in recommendation to get the maximum out of WordPress.

Publié dans : Technologie
  • Great!
    Voulez-vous vraiment ?  Oui  Non
    Votre message apparaîtra ici
  • Hi Bastian, gute Infos in der Präsi. Die Präsi hätte sich wunderbar geeignet als Aufsatz zu meinem Vortrag auf der Campixx http://de.slideshare.net/markusmarkert/sicheres-rootserver-hosting ;)
    Voulez-vous vraiment ?  Oui  Non
    Votre message apparaîtra ici

40 WordPress Tips: Security, Engagement, SEO & Performance - SMX Sydney 2013

  1. 40 WordPress Tips- Security, Engagement, SEO & Performance - http://gdig.de/sydney1 Sydney, April 2013 Bastian Grimm, Managing Partner - Grimm Digital
  2. About meSEO Trainings, Seminars & Strategy ConsultingWordPress Security, Consulting & Development @basgrBerlin-based Full-Service Performance Marketing Agency 2
  3. http://gdig.de/sydney1
  4. Who is running WordPress?!
  5. See… that‘s the issue!You’re the “hackers” most-loved target!
  6. Section #1: Security
  7. #1 Setup WordPress properly Use unique keys and salts to add random elements for encryption! Use a cryptic prefix to prevent automated scripts and SQL injections. $table_prefix = ‘wp_VzQCxSJv7uL_ ‘; https://api.wordpress.org/secret-key/1.1/salt/
  8. #2 Protect your wp-config.php <files wp-config.php> order deny,allow deny from all This needs to go into your WP roots’ </files> .htaccess file to prevent external access Did you know this? Event better… move wp-config.php outside of „www“.
  9. #3 Remove the default „admin“ Setup new user as admin; logout. Login w/ new admin; delete old one. Make sure to use a STRONG password, pleeaaasssseeee! http://www.random.org/passwords/
  10. #4 Lock-out multiple failed logins Limit Login Attempts http://wordpress.org/extend/plugins/limit-login-attempts/
  11. #5 Never EVER do this! These sites are more than worse…
  12. A quick peak into some theme files… LOL! „family friendly“ links – my a*s… 12
  13. A quick peak into some theme files… functions.php: This theme won‘t be working without those links… 13
  14. #6 Always use TAC to do a pre-check! Theme Authenticity Checker (TAC) http://builtbackwards.com/projects/tac/
  15. It gets worse: base64 encoded footer Are you really sure you want to see that footer.php file? 15
  16. Right… NICE FOOTER! 16
  17. If you are REALLY curious… http://ottodestruct.com/decoder.php http://www.tareeinternet.com/scripts/byterun.php http://www.tareeinternet.com/scripts/decrypt.php http://rot13-encoder-decoder.waraxe.us/ The PHP code isn’t “really” encrypted, rather kind of obfuscated. Reversing is possible!
  18. PLEASE… stay awayfrom “free” WordPress themes – they’re not free, really!
  19. #7 Update your blogs regularly! WP Updates Notifier to get emails on out-dated components (core, themes & plug-ins) for all blogs: – http://wordpress.org/extend/plugins /wp-updates-notifier/ ManageWP can do one-click mass updates (core, themes, plug-ins again) for all your blogs: – http://managewp.com/features
  20. #8 Keep your installation clean Remove all inactive plug-ins as well as themes! 20
  21. #9 Scan your Theme daily WP AntiVirus http://wordpress.org/extend/plugins/antivirus/
  22. #10 Harden your Security Settings Secure WordPress Most important: Remove version number from ALL components & block malicious URL requests. http://wordpress.org/extend/plugins/secure-wordpress/
  23. #11 Protect wp-admin Recommended: Try the “Lockdown WP Admin” plug-in to protect PHP files in wp-admin as well as the login itself. Put an .htaccess to your /wp-admin/ for basic passwd. protection. http://wordpress.org/extend/plugins/lockdown-wp-admin/
  24. #12 Fix File & Folder Permissions WP-Security Scan Very important: chmod your wp-config.php to be read-only! http://wordpress.org/extend/plugins/wp-security-scan/
  25. #13 Move the “wp-content” folderdefine(WP_CONTENT_DIR, $_SERVER[DOCUMENT_ROOT]./blog/my-wp-content); WP_CONTENT_DIR points to “new” the full local path (no trailing slash)define(WP_CONTENT_URL, http://domain.com/blog/my-wp-content); WP_CONTENT_URL points to “new” full URI (no trailing slash either)
  26. #14 SSL Logins & Administrationdefine(FORCE_SSL_LOGIN, true); Set FORCE_SSL_LOGIN to “true” to force all logins to happen over SSL. (still allows non-SSL admin sessions)define(FORCE_SSL_ADMIN, true); Use FORCE_SSL_ADMIN to force all logins and all admin sessions to happen over SSL (can be slow…)
  27. Section #2: WordPress SEO
  28. #15 WordPress SEO by Yoast Make sure to uncheck this! Enables setting noindex, canonical & 301 (for users) on a per-post basis
  29. #15 WordPress SEO by Yoast You surely don‘t need paged archives, categories, etc. – they‘re targeting the same keys anyways. Affiliate sites mainly have pages, no need for RSS. Check all of them!
  30. #15 WordPress SEO by Yoast Set proper a page title & description, also choose author for SERP listing
  31. #15 WordPress SEO by Yoast Use help section to get details for all 30+ variables! Keep unchecked unless you’re publishing news. Default value has been changed w/ last update.
  32. In addition: Post-level settings You can overwrite defaults on a per-post level using the “Advanced” settings. 32
  33. #15 WordPress SEO by Yoast Usually you just need one (unless having a HUGE amount of content) – “noindex” the other one!
  34. #15 WordPress SEO by Yoast Especially w/ single-authored blogs, those are a 1:1 copy of your homepage. 301 is the better solution!
  35. #15 WordPress SEO by Yoast For larger sites, check to auto- generate XML sitemaps. Remember to check excludes!
  36. #15 WordPress SEO by Yoast Make absolutely sure you‘re using these!
  37. BTW: Clean those URL-Slugs WP Permalauts Especially important for Germany, France, etc. http://wordpress.org/extend/plugins/wp-permalauts/
  38. #15 WordPress SEO by Yoast
  39. Trust me… things change!Check out SEO data transporter to switch SEO plug-ins!
  40. Migration made easy: Painless switching! SEO Data Transporter http://wordpress.org/extend/plugins/seo-data-transporter/
  41. Section #3: More SEO…
  42. Credits: http://bit.ly/T8wMwO Make absolutely sure you onlyuse plug-ins from trusted authors!
  43. #16 Fix your Pagination Better crawl-ability, better WP-PageNavi indexation – what else u want? WordPress pagination s*cks, replace it! http://wordpress.org/extend/plugins/wp-pagenavi/
  44. #17 Improve internal Cross-Linking Yet Another Related Posts Plugin http://wordpress.org/extend/plugins/yet-another-related-posts-plugin/
  45. #18 Auto-optimize Image Attributes SEO Friendly Images Forces post title & image name to be used as img alt-attribute http://wordpress.org/extend/plugins/seo-image/
  46. #19 Redirect old Contents Redirection http://wordpress.org/extend/plugins/redirection/
  47. #20 Have Rich-Snippets if possible Schema Creator http://wordpress.org/extend/plugins/schema-creator/
  48. #21 Mask your Affiliate Links Eclipse Link Cloaker http://eclipsecloaker.com/
  49. Don’t forget to tweak your robots.txt We don‘t want some WPUser-Agent: * specific files & foldersDisallow: /wp-admin/Disallow: /feed/Disallow: /comments/feed/Disallow: /*/trackback/$Disallow: /*/feed/$Disallow: /*.css$ Adjust according to yourDisallow: /*.js$Disallow: /r/ Link Cloaker settings. 49
  50. Section #4: Engagement
  51. #22 Responsive WP-Slider in Seconds Soliloquy Slider http://soliloquywp.com/
  52. #23 Create an „UberMenu“ UberMenu http://gdig.de/ubermenu
  53. #24 Create beautiful Popups Ninja Popups http://gdig.de/npopup
  54. #25 Fix your Internal Search Relevanssi Search http://wordpress.org/extend/plugins/relevanssi/
  55. #26 Selling goods within WordPress? Easy Digital Downloads https://easydigitaldownloads.com/
  56. #27 Make it multi-lingual WPML http://wpml.org/
  57. #28 Make it work on Mobile Devices WPtouch http://wordpress.org/extend/plugins/wptouch/
  58. Section #5: Maintenance 58
  59. #29 Do a Theme Test Drive Live-Testing a new theme without anyone else noticing… nice! http://wordpress.org/extend/plugins/theme-test-drive/
  60. #30 Debug your WordPress P3 (Plugin Perf. Profiler) http://wordpress.org/extend/plugins/p3-profiler/
  61. #30 Debug your WordPress P3 (Plugin Perf. Profiler) http://wordpress.org/extend/plugins/p3-profiler/
  62. #30 Debug your WordPress P3 (Plugin Perf. Profiler) http://wordpress.org/extend/plugins/p3-profiler/
  63. #31 Debug your WordPress Debug Objects http://wordpress.org/extend/plugins/debug-objects/
  64. #32 Enable Akismet Just enable, get an API key and turn „auto-delete“ on!
  65. #33 Backup Database & Files BackWPup http://wordpress.org/extend/plugins/backwpup/
  66. #34 Watch out for Errors  Knowledge is power  Use a 404 logger – Analytics software – Redirection (built-in) – Webserver logs  Setup 301 redirects accordingly using “Redirection”, again. Image-Credits: http://gdig.de/i
  67. #35 Maintain Categories & Tags Term Mgmt. Tools Mass merge & change parents http://wordpress.org/extend/plugins/term-management-tools/
  68. Section #6: Performance
  69. Scoring domains byperformance; give it a try! https://developers.google.com/pagespeed/
  70. #36 Compress those Images 13.2% savings WP Smush.it for one image! http://wordpress.org/extend/plugins/wp-smushit/
  71. Tip: Make images even smaller! Use tinyPNG to optimize PNG files without loosing in quality (up to 70% savings)JPEGmini does the same for JPEGfiles and will reduce your images massively (up to 80% smaller)! http://tinypng.org/ & http://www.jpegmini.com/
  72. #37 Setup a Caching Plug-in W3 Total Cache http://wordpress.org/extend/plugins/w3-total-cache/
  73. #38 Combine multiple CSS files Combine CSS files into one to reduce the number of HTTP requests Minify the big file by removing white- spaces, etc. to reduce file size per request – Check: W3Total > Performance > Minify! Same goes for JavaScript as well… and put those JS files into the footer, if possible! 73
  74. #39 Do CSS-Sprites http://spriteme.org/
  75. Tip: Move static contents to a CDN Latency is crucial – especially if you’re serving a global audience, offloading statics to a CDN will give additional performance. CDN Overview: http://gdig.de/cdns
  76. #40 Off-load JS-Libs WP Use Google Libraries Simply enable the plug-in & serve JS libs from Google‘s CDN! http://wordpress.org/extend/plugins/use-google-libraries/
  77. How to make your site lightning-fast… http://www.slideshare.net/bastiangrimm
  78. OMCap 2011 - Online Marketing Konferenz Berlin And that’s it! …13.10.2011 78
  79. Thanks! Questions? mail@grimm-digital.com twitter.com/basgr linkedin.com/in/bastiangrimm facebook.com/grimm.digital http://gdig.de/sydney1 Bastian Grimm, Managing Partner - Grimm Digital