Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.
WordPressOptimization and Security              Leeds, September 2012               http://gdig.de/think12   Bastian Grimm...
About me Background: PHP & Java  – Dev. CMS, shops & forums  – Wazap! Game Search Engine Online Marketing since 2004  – ...
Get the Slide-Deck             http://gdig.de/think12                                      3
Credits for facts & graphic: http://yoast.com/wordpress-stats/
Credits for facts & graphic: http://yoast.com/wordpress-stats/
Section #1: Configuration
#1 Settings > PermaLinks                           Get rid of those dates                           (IDs), they look awful...
#2 Settings > Privacy   Make sure you actually   allow search engine to   access your contents!                            8
#3 Fix your Themes’ Page Title                       Open header.php in your                         themes’ folder, searc...
Section #2: WordPress SEO
#4 WordPress SEO by Yoast 1/9                      Make sure to uncheck this!                       Enables setting noinde...
#4 WordPress SEO by Yoast 2/9                            You surely don‘t need paged                             archives,...
#4 WordPress SEO by Yoast 3/9                           Set proper page title &                          description, also...
#4 WordPress SEO by Yoast 4/9                                        Use help section to get                              ...
In addition: Post-level settings                       You can overwrite defaults                        on a per-post lev...
#4 WordPress SEO by Yoast 5/9                       Usually you just need one                        (unless having a HUGE...
#4 WordPress SEO by Yoast 6/9                      Especially w/ single-authored                      blogs, those are a 1...
#4 WordPress SEO by Yoast 7/9                       For larger sites, check to auto-                          generate XML...
#4 WordPress SEO by Yoast 8/9              Make absolutely sure               you‘re using these!
BTW: Clean those URL-Slugs                                    WP Permalauts            Especially important for           ...
#4 WordPress SEO by Yoast 9/9
Trust me… things change!Check out SEO data transporter    to switch SEO plug-ins!                                 22
Migration made easy: Painless switching!                              SEO Data Transporter              http://wordpress.o...
Section #3: Plug-ins                       24
Make absolutely sureyou only use plug-insfrom trusted authors!
#5 Fix your Pagination   Better crawl-ability, better                  WP-PageNavi indexation – what else u want? WordPres...
#6 Improve internal Cross-Linking                                      Yet Another Related                                ...
#7 Auto-optimize Image Attributes                          SEO Friendly Images                           Forces post title...
#8 Redirect old Contents                                       Redirection                  http://wordpress.org/extend/pl...
#9 Mask your Affiliate Links                       Eclipse Link Cloaker                               http://eclipsecloake...
Don’t forget to tweak your robots.txt                            We don‘t want some WPUser-Agent: *                specifi...
#10 Have Rich-Snippets if possible                                 Schema Creator                http://wordpress.org/exte...
Section #4: Security
#11 Never EVER do this!                           These sites are                          more than worse…
A quick peak into some theme files…                     LOL! „family friendly“                       links – my a*s…      ...
A quick peak into some theme files…                 functions.php: This theme                 won‘t be working without    ...
#12 Always use TAC to do a pre-check!                     Theme Authenticity                       Checker (TAC)          ...
It get’s worse: base64 encoded footer                 Are you really sure you want                  to see that footer.php...
Right… NICE FOOTER!                      39
If you are REALLY curious…   http://ottodestruct.com/decoder.php   http://www.tareeinternet.com/scripts/byterun.php   h...
PLEASE… stay awayfrom “free” WordPress themes – they’re not     free, really!
#13 Keep your installation clean   Remove all non-active plug-ins as well as themes!                                   42
#14 Do updates regularly! WP Updates Notifier to get emails  on out-dated components (core,  themes & plug-ins) for all b...
#15 Daily scan your Theme                                   WP AntiVirus                  http://wordpress.org/extend/plug...
#16 Harden your Security Settings                              Secure WordPress                  Most important: Remove ve...
#17 Protect wp-admin by .htaccess                            Put an .htaccess to your                             /wp-admi...
#18 Fix File & Folder Permissions                                 WP-Security Scan  Very important: chmod your wp-config.p...
Section #5: Maintenance                          48
#19 Do a Theme Test Drive                        Live-Testing a new theme                           without anyone else   ...
#20 Debug your WordPress #1                   P3 (Plugin Perf. Profiler)                 http://wordpress.org/extend/plugi...
#20 Debug your WordPress #1                 http://wordpress.org/extend/plugins/p3-profiler/
#20 Debug your WordPress #1                 http://wordpress.org/extend/plugins/p3-profiler/
#20 Debug your WordPress #1                 http://wordpress.org/extend/plugins/p3-profiler/
#21 Debug your WordPress #2                                    Debug Objects               http://wordpress.org/extend/plu...
#22 Enable Akismet                Just enable, get an API key                and turn „auto-delete“ on!
#23 Backup Database & Files                                       BackWPup                  http://wordpress.org/extend/pl...
#24 Watch out for Errors                            Knowledge is power                            Use a 404 logger      ...
#25 Maintain Categories & Tags                                    Term Mgmt. Tools Mass merge & change parents            ...
Section #6: Performance
GWT Site Performance Info              This is really not so good…!                                             60
Scoring domains byperformance; check it out!        https://developers.google.com/pagespeed/
#26 Compress those Images       13.2% savings                   WP Smush.it      for one image!                   http://w...
Or try this one - if you don’t like Yahoo…       Run‘s awesome                              CW Image     image optimizatio...
#27 Setup a Caching Plug-in                                     W3 Total Cache                http://wordpress.org/extend/...
#28 Combine multiple CSS files Combine CSS files into one to  reduce the number of HTTP requests Minify the big file by ...
#29 Do CSS-Sprites                     http://spriteme.org/
#30 Off-load JS-Libs                            WP Use Google Libraries          Simply enable the plug-in &        serve ...
Section #7: Scale that Sh*t!
WordPress + Cloning Installations         1. Setup WP w/ optimized settings            – Permalinks, Plug-ins, Settings, e...
Maybe give xMarkPro a try?                 Looks very promising…                 But I didn’t find the time to test it    ...
WordPress + Multisites         1. Use default WordPress and install         2. Edit wp-config.php:           – define(WP_A...
OMCap 2011 - Online Marketing Konferenz Berlin                      And that’s it! …13.10.2011                  Wait, stil...
Section #8: wp-config.php Tweaks
How to do it?                       Just find this                          beast…              … don’t use this          ...
Moving the “wp-content” folderdefine(WP_CONTENT_DIR, $_SERVER[DOCUMENT_ROOT]./blog/my-wp-content);                        ...
Auto-saving & Revision-handlingdefine(AUTOSAVE_INTERVAL, 160 );                               WP uses Ajax to auto-save re...
SSL Logins & Administrationdefine(FORCE_SSL_LOGIN, true);                                Set FORCE_SSL_LOGIN to “true” to ...
Enable DB Auto-Repair                              Go edit „wp-config.php“                              and add this line ...
OMCap 2011 - Online Marketing Konferenz Berlin                                Finally! …13.10.2011                   Well,...
Thanks! Questions?  mail@grimm-digital.com  twitter.com/basgr  linkedin.com/in/bastiangrimm  facebook.com/grimm.digital  h...
WordPress Optimization & Security - ThinkVisibility 2012, Leeds
Prochain SlideShare
Chargement dans…5
×

WordPress Optimization & Security - ThinkVisibility 2012, Leeds

9 302 vues

Publié le

Covering the full spectrum of WordPress Optimization possibilities as well as WordPress security.

Publié dans : Business, Technologie
  • Do you want to speed up your WordPress site? Fast loading pages improve user experience, increase your pageviews. https://amazewiki.amazingworkz.com/is-your-wordpress-site-slow-follow-this-guide-to-boost-it-now/
       Répondre 
    Voulez-vous vraiment ?  Oui  Non
    Votre message apparaîtra ici
  • Hello, there's also a WordPress plugin named "WP Security Optimizer" (https://wordpress.org/plugins/wp-security-optimizer/). It prevent hackers to sabotage your rankings in search engines. Elude attackers that exploits your website and fight Negative SEO attacks made using Acunetix and WPScan and other penetration testing toolkit. Implement features preventing users to be enumerated, and in particular enumeration of installed themes (wpscan --enumerate t) and plugins (wpscan --enumerate vp), generating false positives and forwarding an alert to the site administrator when it detects a scan. And finally, can verify corrupted and infected PHP files stored into "wp-admin" and "wp-includes" folders. Hope it's useful
       Répondre 
    Voulez-vous vraiment ?  Oui  Non
    Votre message apparaîtra ici

WordPress Optimization & Security - ThinkVisibility 2012, Leeds

  1. 1. WordPressOptimization and Security Leeds, September 2012 http://gdig.de/think12 Bastian Grimm, Managing Partner - Grimm Digital
  2. 2. About me Background: PHP & Java – Dev. CMS, shops & forums – Wazap! Game Search Engine Online Marketing since 2004 – SEO strategy consulting, in-house trainings & workshops, WordPress @basgr SEO, bla bla… Links, Links, Links…need some? Stuff to play with… 2
  3. 3. Get the Slide-Deck http://gdig.de/think12 3
  4. 4. Credits for facts & graphic: http://yoast.com/wordpress-stats/
  5. 5. Credits for facts & graphic: http://yoast.com/wordpress-stats/
  6. 6. Section #1: Configuration
  7. 7. #1 Settings > PermaLinks Get rid of those dates (IDs), they look awful! /%postname%/
  8. 8. #2 Settings > Privacy Make sure you actually allow search engine to access your contents! 8
  9. 9. #3 Fix your Themes’ Page Title Open header.php in your themes’ folder, search for “wp_title” – it’s going be the first match! <title><?php wp_title(); ?></title> That’s the ONLY thing you need! 9
  10. 10. Section #2: WordPress SEO
  11. 11. #4 WordPress SEO by Yoast 1/9 Make sure to uncheck this! Enables setting noindex, canonical & 301 (for users) on a per-post basis
  12. 12. #4 WordPress SEO by Yoast 2/9 You surely don‘t need paged archives, categories, etc. – they‘re targeting the same keys anyways. Affiliate sites mainly have pages, no need for RSS. Check all of them!
  13. 13. #4 WordPress SEO by Yoast 3/9 Set proper page title & description, also choose author for SERP listing
  14. 14. #4 WordPress SEO by Yoast 4/9 Use help section to get details an all 30+ variables! Keep unchecked unless you’re publishing news. Default value has been changed w/ last update.
  15. 15. In addition: Post-level settings You can overwrite defaults on a per-post level using the “Advanced” settings. 15
  16. 16. #4 WordPress SEO by Yoast 5/9 Usually you just need one (unless having a HUGE amount of content) – “noindex” the other one!
  17. 17. #4 WordPress SEO by Yoast 6/9 Especially w/ single-authored blogs, those are a 1:1 copy of your homepage. 301 is the better solution!
  18. 18. #4 WordPress SEO by Yoast 7/9 For larger sites, check to auto- generate XML sitemaps. Remember to check excludes!
  19. 19. #4 WordPress SEO by Yoast 8/9 Make absolutely sure you‘re using these!
  20. 20. BTW: Clean those URL-Slugs WP Permalauts Especially important for Germany, France, etc. http://wordpress.org/extend/plugins/wp-permalauts/
  21. 21. #4 WordPress SEO by Yoast 9/9
  22. 22. Trust me… things change!Check out SEO data transporter to switch SEO plug-ins! 22
  23. 23. Migration made easy: Painless switching! SEO Data Transporter http://wordpress.org/extend/plugins/seo-data-transporter/
  24. 24. Section #3: Plug-ins 24
  25. 25. Make absolutely sureyou only use plug-insfrom trusted authors!
  26. 26. #5 Fix your Pagination Better crawl-ability, better WP-PageNavi indexation – what else u want? WordPress pagination s*cks, replace it! http://wordpress.org/extend/plugins/wp-pagenavi/
  27. 27. #6 Improve internal Cross-Linking Yet Another Related Posts Plugin http://wordpress.org/extend/plugins/yet-another-related-posts-plugin/
  28. 28. #7 Auto-optimize Image Attributes SEO Friendly Images Forces post title & image name to be used as img alt-attribute http://wordpress.org/extend/plugins/seo-image/
  29. 29. #8 Redirect old Contents Redirection http://wordpress.org/extend/plugins/redirection/
  30. 30. #9 Mask your Affiliate Links Eclipse Link Cloaker http://eclipsecloaker.com/
  31. 31. Don’t forget to tweak your robots.txt We don‘t want some WPUser-Agent: * specific files & foldersDisallow: /wp-admin/Disallow: /feed/Disallow: /comments/feed/Disallow: /*/trackback/$Disallow: /*/feed/$Disallow: /*.css$ Adjust according to yourDisallow: /*.js$Disallow: /r/ Link Cloaker settings. 31
  32. 32. #10 Have Rich-Snippets if possible Schema Creator http://wordpress.org/extend/plugins/schema-creator/
  33. 33. Section #4: Security
  34. 34. #11 Never EVER do this! These sites are more than worse…
  35. 35. A quick peak into some theme files… LOL! „family friendly“ links – my a*s… 35
  36. 36. A quick peak into some theme files… functions.php: This theme won‘t be working without those links… 36
  37. 37. #12 Always use TAC to do a pre-check! Theme Authenticity Checker (TAC) http://builtbackwards.com/projects/tac/
  38. 38. It get’s worse: base64 encoded footer Are you really sure you want to see that footer.php file? 38
  39. 39. Right… NICE FOOTER! 39
  40. 40. If you are REALLY curious… http://ottodestruct.com/decoder.php http://www.tareeinternet.com/scripts/byterun.php http://www.tareeinternet.com/scripts/decrypt.php http://rot13-encoder-decoder.waraxe.us/ The PHP code isn’t “really” encrypted, rather kind of obfuscated. Reversing is possible!
  41. 41. PLEASE… stay awayfrom “free” WordPress themes – they’re not free, really!
  42. 42. #13 Keep your installation clean Remove all non-active plug-ins as well as themes! 42
  43. 43. #14 Do updates regularly! WP Updates Notifier to get emails on out-dated components (core, themes & plug-ins) for all blogs: – http://wordpress.org/extend/plugins /wp-updates-notifier/ ManageWP can do one-click mass updates (core, themes, plug-ins again) for all your blogs: – http://managewp.com/features
  44. 44. #15 Daily scan your Theme WP AntiVirus http://wordpress.org/extend/plugins/antivirus/
  45. 45. #16 Harden your Security Settings Secure WordPress Most important: Remove version number from ALL components & block malicious URL requests. http://wordpress.org/extend/plugins/secure-wordpress/
  46. 46. #17 Protect wp-admin by .htaccess Put an .htaccess to your /wp-admin/ for basic passwd. protection. You can also try the “Lockdown WP Admin” plug-in to protect PHP files in wp-admin as well as the login itself. http://wordpress.org/extend/plugins/lockdown-wp-admin/
  47. 47. #18 Fix File & Folder Permissions WP-Security Scan Very important: chmod your wp-config.php to be read-only! http://wordpress.org/extend/plugins/wp-security-scan/
  48. 48. Section #5: Maintenance 48
  49. 49. #19 Do a Theme Test Drive Live-Testing a new theme without anyone else noticing… nice! http://wordpress.org/extend/plugins/theme-test-drive/
  50. 50. #20 Debug your WordPress #1 P3 (Plugin Perf. Profiler) http://wordpress.org/extend/plugins/p3-profiler/
  51. 51. #20 Debug your WordPress #1 http://wordpress.org/extend/plugins/p3-profiler/
  52. 52. #20 Debug your WordPress #1 http://wordpress.org/extend/plugins/p3-profiler/
  53. 53. #20 Debug your WordPress #1 http://wordpress.org/extend/plugins/p3-profiler/
  54. 54. #21 Debug your WordPress #2 Debug Objects http://wordpress.org/extend/plugins/debug-objects/
  55. 55. #22 Enable Akismet Just enable, get an API key and turn „auto-delete“ on!
  56. 56. #23 Backup Database & Files BackWPup http://wordpress.org/extend/plugins/backwpup/
  57. 57. #24 Watch out for Errors  Knowledge is power  Use a 404 logger – Analytics software – Redirection (built-in) – Webserver logs  Setup 301 redirects accordingly using “Redirection”, again. Image-Credits: http://gdig.de/i
  58. 58. #25 Maintain Categories & Tags Term Mgmt. Tools Mass merge & change parents http://wordpress.org/extend/plugins/term-management-tools/
  59. 59. Section #6: Performance
  60. 60. GWT Site Performance Info This is really not so good…! 60
  61. 61. Scoring domains byperformance; check it out! https://developers.google.com/pagespeed/
  62. 62. #26 Compress those Images 13.2% savings WP Smush.it for one image! http://wordpress.org/extend/plugins/wp-smushit/
  63. 63. Or try this one - if you don’t like Yahoo… Run‘s awesome CW Image image optimization Optimizer but requires Unix „littleutils“ http://wordpress.org/extend/plugins/cw-image-optimizer/
  64. 64. #27 Setup a Caching Plug-in W3 Total Cache http://wordpress.org/extend/plugins/w3-total-cache/
  65. 65. #28 Combine multiple CSS files Combine CSS files into one to reduce the number of HTTP requests Minify the big file by removing white- spaces, etc. to reduce file size per request – Check: W3Total > Performance > Minify! Same goes for JavaScript as well… and put those JS files into the footer, if possible! 65
  66. 66. #29 Do CSS-Sprites http://spriteme.org/
  67. 67. #30 Off-load JS-Libs WP Use Google Libraries Simply enable the plug-in & serve JS libs from Google‘s CDN! http://wordpress.org/extend/plugins/use-google-libraries/
  68. 68. Section #7: Scale that Sh*t!
  69. 69. WordPress + Cloning Installations 1. Setup WP w/ optimized settings – Permalinks, Plug-ins, Settings, etc. 2. Use Xcloner to multiply setup – Easier vs. re-doing 1/ over & over again 3. Use ManageWP for maintenance – Perfect mass management solution 4. Or: Update using browser favorites – Just replace hostnames in your list 69
  70. 70. Maybe give xMarkPro a try? Looks very promising… But I didn’t find the time to test it in full detail yet, Sorry. http://xmarkpro.com/
  71. 71. WordPress + Multisites 1. Use default WordPress and install 2. Edit wp-config.php: – define(WP_ALLOW_MULTISITE, true); 3. Install WP “MU Domain Mapping” – Copy “sunrise.php” to “wp-content” 4. Edit wp-config.php, again: – define(SUNRISE, on); Bonus: “Clone Sites for WPMU“ http://codex.wordpress.org/Create_A_Network
  72. 72. OMCap 2011 - Online Marketing Konferenz Berlin And that’s it! …13.10.2011 Wait, still not enough? 72
  73. 73. Section #8: wp-config.php Tweaks
  74. 74. How to do it? Just find this beast… … don’t use this piece of sh*t…… and put directives before here!
  75. 75. Moving the “wp-content” folderdefine(WP_CONTENT_DIR, $_SERVER[DOCUMENT_ROOT]./blog/my-wp-content); WP_CONTENT_DIR points to “new” the full local path (no trailing slash)define(WP_CONTENT_URL, http://domain.com/blog/my-wp-content); WP_CONTENT_URL points to “new” full URI (no trailing slash either)
  76. 76. Auto-saving & Revision-handlingdefine(AUTOSAVE_INTERVAL, 160 ); WP uses Ajax to auto-save revisions to the post as you edit. Change the interval if necessary (default=60)define(WP_POST_REVISIONS, 3);… or (not recommended):define(WP_POST_REVISIONS, false); Limit WP to create a maximum number of revisions per post using WP_POST_REVISIONS
  77. 77. SSL Logins & Administrationdefine(FORCE_SSL_LOGIN, true); Set FORCE_SSL_LOGIN to “true” to force all logins to happen over SSL. (still allows non-SSL admin sessions)define(FORCE_SSL_ADMIN, true); Use FORCE_SSL_ADMIN to force all logins and all admin sessions to happen over SSL (can be slow…)
  78. 78. Enable DB Auto-Repair Go edit „wp-config.php“ and add this line – easy! define(WP_ALLOW_REPAIR, true); Afterwards, you need to call the repair script manually: http://example.com/wp-admin/maint/repair.php
  79. 79. OMCap 2011 - Online Marketing Konferenz Berlin Finally! …13.10.2011 Well, well… one more! 79
  80. 80. Thanks! Questions? mail@grimm-digital.com twitter.com/basgr linkedin.com/in/bastiangrimm facebook.com/grimm.digital http://gdig.de/think12 Bastian Grimm, Managing Partner - Grimm Digital

×