Performance Tuning and Security Hardening using Drop-In and Must-Use Plugins by Sumpono Banuardinugroho
1. Performance Tuning and Security Hardening – Using Drop-In and Must-Use Plugin
Performance Tuning and Security
Hardening
using Drop-In and Must-Use
Plugins
WordCamp Jakarta, November 4th 2017
2. Performance Tuning and Security Hardening – Using Drop-In and Must-Use Plugin
https://diditho.com
PT Kompas Media Nusantara
https://id.linkedin.com/in/diditho
3. Performance Tuning and Security Hardening – Using Drop-In and Must-Use Plugin
Topic
•wp_option Indexing
•Drop-Ins Plugins
•Must-Use Plugins
4. Performance Tuning and Security Hardening – Using Drop-In and Must-Use Plugin
Non Cached WordPress
•Case Kompas.id
•Non (Page) Cached WordPress
• 500 rpm ( ruby response per
minutes)
• 6 request (page) / second
•Content Commerce PayWall
• Edit Flow
• WooCommerce
5. Performance Tuning and Security Hardening – Using Drop-In and Must-Use Plugin
Performance Tuning
Options Table
6. Performance Tuning and Security Hardening – Using Drop-In and Must-Use Plugin
Non-cachePerformance Tuning
• Index autoload field on wp_option table
7. Performance Tuning and Security Hardening – Using Drop-In and Must-Use Plugin
Non-cachePerformance Tuning
•Index autoload field on
wp_option table
“ 3,5s 2s “
8. Performance Tuning and Security Hardening – Using Drop-In and Must-Use Plugin
Non-cache Performance Tuning
•Index autoload field on
wp_option table
“ 2s 1.5s - 1s “
“ Manage Transient “
9. Performance Tuning and Security Hardening – Using Drop-In and Must-Use Plugin
Performance Tuning
Drop-In Plugins
10. Performance Tuning and Security Hardening – Using Drop-In and Must-Use Plugin
Drop-In Performance Tuning
•Drop-Ins Plugins
• /wp-content/… . php
• Some core functionality of the
WordPress core can be replaced by
so called Drop-Ins
• ie:
• advanced-cache.php
• LudicrousDB
11. Performance Tuning and Security Hardening – Using Drop-In and Must-Use Plugin
Drop-In Performance Tuning
12. Performance Tuning and Security Hardening – Using Drop-In and Must-Use Plugin
LudicrousDBDrop-InPerformance Tuning
https://github.com/stuttter/ludicrousdb
Write
Read
Read
13. Performance Tuning and Security Hardening – Using Drop-In and Must-Use Plugin
LudicrousDBDrop-InPerformance Tuning
WRITEREAD READ READ
14. Performance Tuning and Security Hardening – Using Drop-In and Must-Use Plugin
Performance Tuning
Must-Use (MU) Plugins
(Multi and single site )
15. Performance Tuning and Security Hardening – Using Drop-In and Must-Use Plugin
Drop-In Performance Tuning
•Must-Use (MU) Plugins
• /wp-content/mu-plugins/… .php
• Always-on, automatically enabled
on all sites in the installation
• Loaded before all other regular
plugins, and they can’t be
deactivated.
16. Performance Tuning and Security Hardening – Using Drop-In and Must-Use Plugin
Must-UsePerformance Tuning
17. Performance Tuning and Security Hardening – Using Drop-In and Must-Use Plugin
Must-Use Performance Tuning
•“Kill The Plugins”
• Case 1 :
• Editorial role do not need
WooCommerce Plugins, only need Edit
Flow.
• Marketing role do not need Edit Flow
Plugin, only WooCommerce.
• Case 2 :
• Not all page need all plugins. “Gravity
Plugins” only need run on specific
page.
18. Performance Tuning and Security Hardening – Using Drop-In and Must-Use Plugin
Must-Use Performance Tuning
20. Performance Tuning and Security Hardening – Using Drop-In and Must-Use Plugin
Must-Use Security Hardening
•“Protect”
• Case 1 :
• Limit user access by IP
• Case 2 :
• Limit user access by role
21. Performance Tuning and Security Hardening – Using Drop-In and Must-Use Plugin
Must-Use Security Hardening
“ Protect your wp-admin
by given access for
specific ip “
22. Performance Tuning and Security Hardening – Using Drop-In and Must-Use Plugin
Must-Use Security Hardening
Role Capabilities need “/pluggable.php”
current_user_can(“editor”) …
23. Performance Tuning and Security Hardening – Using Drop-In and Must-Use Plugin
Must-Use Performance Tuning
“ If user is logged in,
deactivate cache
plugin “