Bastian Grimm presented 40 WordPress tips across 6 sections: security, SEO, engagement, maintenance, and performance. The tips included hardening security settings, optimizing images, caching plugins, offloading static content, and debugging. The overall presentation emphasized optimizing a WordPress site for speed, security, and SEO.
7. #1 Setup WordPress properly
Use unique keys and salts to add
random elements for encryption!
Use a cryptic prefix to prevent
automated scripts and SQL injections.
$table_prefix = ‘wp_VzQCxSJv7uL_ ‘;
https://api.wordpress.org/secret-key/1.1/salt/
8. #2 Protect your wp-config.php
<files wp-config.php>
order deny,allow
deny from all This needs to go into your WP roots’
</files> .htaccess file to prevent external access
Did you know this? Event better… move
wp-config.php outside of „www“.
9. #3 Remove the default „admin“
Setup new user as admin; logout.
Login w/ new admin; delete old one.
Make sure to use a STRONG
password, pleeaaasssseeee!
http://www.random.org/passwords/
17. If you are REALLY curious…
http://ottodestruct.com/decoder.php
http://www.tareeinternet.com/scripts/byterun.php
http://www.tareeinternet.com/scripts/decrypt.php
http://rot13-encoder-decoder.waraxe.us/
The PHP code isn’t “really”
encrypted, rather kind of obfuscated.
Reversing is possible!
19. #7 Update your blogs regularly!
WP Updates Notifier to get emails
on out-dated components
(core, themes & plug-ins) for all
blogs:
– http://wordpress.org/extend/plugins
/wp-updates-notifier/
ManageWP can do one-click mass
updates (core, themes, plug-ins
again) for all your blogs:
– http://managewp.com/features
20. #8 Keep your installation clean
Remove all inactive
plug-ins as well as themes!
20
21. #9 Scan your Theme daily
WP AntiVirus
http://wordpress.org/extend/plugins/antivirus/
22. #10 Harden your Security Settings
Secure WordPress
Most important: Remove version
number from ALL components &
block malicious URL requests.
http://wordpress.org/extend/plugins/secure-wordpress/
23. #11 Protect wp-admin
Recommended: Try the “Lockdown
WP Admin” plug-in to protect PHP files
in wp-admin as well as the login itself.
Put an .htaccess to your
/wp-admin/ for basic
passwd. protection.
http://wordpress.org/extend/plugins/lockdown-wp-admin/
24. #12 Fix File & Folder Permissions
WP-Security Scan
Very important: chmod your
wp-config.php to be read-only!
http://wordpress.org/extend/plugins/wp-security-scan/
25. #13 Move the “wp-content” folder
define('WP_CONTENT_DIR', $_SERVER['DOCUMENT_ROOT'].'/blog/my-wp-content');
WP_CONTENT_DIR points to “new”
the full local path (no trailing slash)
define('WP_CONTENT_URL', 'http://domain.com/blog/my-wp-content');
WP_CONTENT_URL points to “new”
full URI (no trailing slash either)
26. #14 SSL Logins & Administration
define('FORCE_SSL_LOGIN', true);
Set FORCE_SSL_LOGIN to “true” to
force all logins to happen over SSL.
(still allows non-SSL admin sessions)
define('FORCE_SSL_ADMIN', true);
Use FORCE_SSL_ADMIN to force all
logins and all admin sessions to
happen over SSL (can be slow…)
28. #15 WordPress SEO by Yoast
Make sure to uncheck this!
Enables setting
noindex, canonical & 301
(for users) on a per-post
basis
29. #15 WordPress SEO by Yoast
You surely don‘t need paged
archives, categories, etc. –
they‘re targeting the same
keys anyways.
Affiliate sites mainly have
pages, no need for RSS.
Check all of them!
30. #15 WordPress SEO by Yoast
Set proper a page title &
description, also choose
author for SERP listing
31. #15 WordPress SEO by Yoast
Use help section to get
details for all 30+ variables!
Keep unchecked unless
you’re publishing news.
Default value has been
changed w/ last update.
32. In addition: Post-level settings
You can overwrite defaults
on a per-post level using
the “Advanced” settings.
32
33. #15 WordPress SEO by Yoast
Usually you just need one
(unless having a HUGE
amount of content) –
“noindex” the other one!
34. #15 WordPress SEO by Yoast
Especially w/ single-authored
blogs, those are a 1:1 copy of
your homepage.
301 is the better solution!
35. #15 WordPress SEO by Yoast
For larger sites, check to auto-
generate XML sitemaps.
Remember to check excludes!
43. #16 Fix your Pagination
Better crawl-ability, better WP-PageNavi
indexation – what else u want?
WordPress pagination
s*cks, replace it!
http://wordpress.org/extend/plugins/wp-pagenavi/
44. #17 Improve internal Cross-Linking
Yet Another Related
Posts Plugin
http://wordpress.org/extend/plugins/yet-another-related-posts-plugin/
45. #18 Auto-optimize Image Attributes
SEO Friendly Images
Forces post title &
image name to be used
as img alt-attribute
http://wordpress.org/extend/plugins/seo-image/
46. #19 Redirect old Contents
Redirection
http://wordpress.org/extend/plugins/redirection/
47. #20 Have Rich-Snippets if possible
Schema Creator
http://wordpress.org/extend/plugins/schema-creator/
48. #21 Mask your Affiliate Links
Eclipse Link Cloaker
http://eclipsecloaker.com/
49. Don’t forget to tweak your robots.txt
We don‘t want some WP
User-Agent: * specific files & folders
Disallow: /wp-admin/
Disallow: /feed/
Disallow: /comments/feed/
Disallow: /*/trackback/$
Disallow: /*/feed/$
Disallow: /*.css$ Adjust according to your
Disallow: /*.js$
Disallow: /r/
Link Cloaker settings.
49
66. #34 Watch out for Errors
Knowledge is power
Use a 404 logger
– Analytics software
– Redirection (built-in)
– Webserver logs
Setup 301 redirects
accordingly using
“Redirection”, again.
Image-Credits: http://gdig.de/i
67. #35 Maintain Categories & Tags
Term Mgmt. Tools
Mass merge &
change parents
http://wordpress.org/extend/plugins/term-management-tools/
70. #36 Compress those Images
13.2% savings WP Smush.it
for one image!
http://wordpress.org/extend/plugins/wp-smushit/
71. Tip: Make images even smaller!
Use tinyPNG to optimize
PNG files without loosing in
quality (up to 70% savings)
JPEGmini does the same for JPEG
files and will reduce your images
massively (up to 80% smaller)!
http://tinypng.org/ & http://www.jpegmini.com/
72. #37 Setup a Caching Plug-in
W3 Total Cache
http://wordpress.org/extend/plugins/w3-total-cache/
73. #38 Combine multiple CSS files
Combine CSS files into one to
reduce the number of HTTP requests
Minify the big file by removing white-
spaces, etc. to reduce file size per request
– Check: W3Total > Performance > Minify!
Same goes for JavaScript as well… and put those
JS files into the footer, if possible!
73
75. Tip: Move static contents to a CDN
Latency is crucial – especially if you’re serving a global
audience, offloading statics to a CDN will give additional
performance.
CDN Overview: http://gdig.de/cdns
76. #40 Off-load JS-Libs
WP Use Google Libraries
Simply enable the plug-in &
serve JS libs from Google‘s CDN!
http://wordpress.org/extend/plugins/use-google-libraries/
77. How to make your site lightning-fast…
http://www.slideshare.net/bastiangrimm
78. OMCap 2011 - Online Marketing Konferenz Berlin
And that’s it! …
13.10.2011 78