SlideShare ist ein Scribd-Unternehmen logo

Beyond the 5-minute Install: Tips for Security, Performance and Best Practices

Steve Taylor
Steve Taylor

The document provides tips and best practices for securing and optimizing a WordPress site beyond the basic installation. It discusses .htaccess configuration for redirects, file protection, and permalinks. It also covers hardening wp-config.php by changing passwords and salts, prefixing tables, and configuring database settings for different environments. Additional topics include plugins, revisions, debugging, and discussion settings. The presentation aims to advise beginners and developers on security, performance, and maintenance of WordPress sites.

TechnologieBusiness
1 von 36
Downloaden Sie, um offline zu lesen
Beyond the 5-minute Install Steve Taylor http://sltaylor.co.uk steve@sltaylor.co.uk @sltayloresque WordCamp Portsmouth UK 2011
Security & best practices ● .htaccess ● wp-config.php ● robots.txt ● functions.php / “functionality plugin” ● Plugins ● Other issues?
A bit about me ● Custom theme developer ● No themes released ● A few plugins This talk ● Advice for beginners  ● Tips for developers 
.htaccess ● “hypertext access” ●Controls requests to server before any PHP / WordPress processing ● Apache only (IIS?) ● Root of website (sub-directories?) ● Sometimes simple, sometimes complex! http://httpd.apache.org/docs/ http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/
www or not www? ● Personal choice / aesthetics ●Both should be accessible; one should redirect (301) to the other ● Tell Google Webmaster Tools!
www or not www? ● Personal choice / aesthetics ●Both should be accessible; one should redirect (301) to the other ● Tell Google Webmaster Tools! # Force no “www” RewriteCond %{HTTP_HOST} ^www.example.com$ [NC] RewriteRule ^(.*)$ http://example.com/$1 [R=301,L]
www or not www? ● Personal choice / aesthetics ●Both should be accessible; one should redirect (301) to the other ● Tell Google Webmaster Tools! # Force no “www” RewriteCond %{HTTP_HOST} ^www.example.com$ [NC] RewriteRule ^(.*)$ http://example.com/$1 [R=301,L] # Force “www” RewriteCond %{HTTP_HOST} ^example.com$ [NC] RewriteRule ^(.*)$ http://www.example.com/$1 [R=301,L]
Protect important files ●# Protect .htaccess files <Files .htaccess> order allow,deny deny from all </Files> ●# Protect wp-config.php <Files wp-config.php> order allow,deny deny from all </FilesMatch>
WordPress pretty permalinks
WordPress pretty permalinks Include at end of .htaccess: ●# BEGIN WordPress <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule> # END WordPress
WordPress pretty permalinks Really bad idea for big sites:
WordPress pretty permalinks Really bad idea for big sites: Better: http://ottopress.com/2010/category-in-permalinks-considered-harmful/ http://codex.wordpress.org/Using_Permalinks
wp-config.php ● Create your own wp-config-sample.php ●Check the file for new stuff in new versions of WordPress ● Edit and initialize BEFORE installing WordPress! http://codex.wordpress.org/Editing_wp-config.php http://digwp.com/2010/08/pimp-your-wp-config-php/
Server-dependent settings ●// ** MySQL settings - You can get this info from your web host ** // /** The name of the database for WordPress */ define('DB_NAME', 'database_name_here'); ●/** MySQL database username */ define('DB_USER', 'username_here'); ●/** MySQL database password */ define('DB_PASSWORD', 'password_here'); ●/** MySQL hostname */ define('DB_HOST', 'localhost');
Server-dependent settings ●switch ( $_SERVER['HTTP_HOST'] ) { case 'dev.example.com': { // Dev server define( 'DB_NAME', 'aef4RgX_mysitedev' ); define( 'DB_USER', 'aef4RgX_mysitedev' ); define( 'DB_PASSWORD', 'Jyt6v48jS9frkGgZyS5iIjif6LnosuYr' ); define( 'DB_HOST', 'localhost' ); break; } default: { // Live server define( 'DB_NAME', 'sd6FE2xc_mysitelive' ); define( 'DB_USER', 'sd6FE2xc_mysitelive' ); define( 'DB_PASSWORD', 'as3d56JvDlPisYwU7c1nfZ3Yct0NEiZR' ); define( 'DB_HOST', 'localhost' ); break; } } https://www.grc.com/passwords.htm
Authentication Keys and Salts Change them for every installation! define('AUTH_KEY', 'put your unique phrase here'); define('SECURE_AUTH_KEY', 'put your unique phrase here'); define('LOGGED_IN_KEY', 'put your unique phrase here'); define('NONCE_KEY', 'put your unique phrase here'); define('AUTH_SALT', 'put your unique phrase here'); define('SECURE_AUTH_SALT', 'put your unique phrase here'); define('LOGGED_IN_SALT', 'put your unique phrase here'); define('NONCE_SALT', 'put your unique phrase here'); https://api.wordpress.org/secret-key/1.1/salt/
Database table prefix The default: $table_prefix = 'wp_';
Database table prefix The default: $table_prefix = 'wp_'; Much better: $table_prefix = 'a3rfGtQ1_';
Database table prefix When coding database queries, don’t use hard-coded table names!
Database table prefix When coding database queries, don’t use hard-coded table names! A standard WP table: global $wpdb; $custom_query = $wpdb->get_results( “SELECT ID, post_title FROM $wpdb->posts” );
Database table prefix When coding database queries, don’t use hard-coded table names! A standard WP table: global $wpdb; $custom_query = $wpdb->get_results( “SELECT ID, post_title FROM $wpdb->posts” ); A custom table: global $wpdb; $custom_query = $wpdb->get_results( “SELECT field FROM ” . $wpdb->prefix . “table” ); http://codex.wordpress.org/Class_Reference/wpdb
Server needs FTP for upgrades? define( "FTP_HOST", "ftp.example.com" ); define( "FTP_USER", "myftpuser" ); define( "FTP_PASS", "hQfsSITtKteo1Ln2FEhHlPkXZ" );
Debugging define( 'WP_DEBUG', true );
Debugging define( 'WP_DEBUG', true ); http://dev.example.com/?debug=1 ●switch ( $_SERVER['HTTP_HOST'] ) { case 'dev.example.com': { // Dev server define( 'WP_DEBUG', isset( $_GET['debug'] ) ); break; } default: { // Live server define( 'WP_DEBUG', false ); break; } }
Control revisions and autosave // Only keep 3 revisions of each post define( 'WP_POST_REVISIONS', 3 );
Control revisions and autosave // Only keep 3 revisions of each post define( 'WP_POST_REVISIONS', 3 ); // Don’t keep revisions of posts define( 'WP_POST_REVISIONS', false );
Control revisions and autosave // Only keep 3 revisions of each post define( 'WP_POST_REVISIONS', 3 ); // Don’t keep revisions of posts define( 'WP_POST_REVISIONS', false ); // Autosave posts interval in seconds define( 'AUTOSAVE_INTERVAL', 60 );
Disable plugin and theme editing define( 'DISALLOW_FILE_EDIT', true );
robots.txt User-agent: * Disallow: /wp-admin Disallow: /wp-includes Disallow: /wp-content/plugins Disallow: /wp-content/cache Disallow: /wp-content/themes Disallow: /trackback Disallow: /feed Disallow: /comments Disallow: /category/*/* Disallow: */trackback Disallow: */feed Disallow: */comments Disallow: /*?* Disallow: /*? Allow: /wp-content/uploads Sitemap: http://example.com/sitemap.xml http://codex.wordpress.org/Search_Engine_Optimization_for_WordPress#Robots.txt_Optimization
Custom theme functions.php / “functionality” plugin ● Snippets not worth making into a plugin ● Plugin is more portable ● Check out /mu-plugins/ http://justintadlock.com/archives/2011/02/02/creating-a-custom-functions-plugin-for-end-users http://wpcandy.com/teaches/how-to-create-a-functionality-plugin http://codex.wordpress.org/Must_Use_Plugins
Disable upgrade notifications for people who can't do upgrades if ( ! current_user_can( 'update_core' ) ) { add_action( 'init', create_function( '$a', "remove_action( 'init', 'wp_version_check' );" ), 2 ); add_filter( 'pre_option_update_core', create_function( '$a', "return null;" ) ); }
Remove nofollow from comments remove_filter( 'pre_comment_content', 'wp_rel_nofollow' ); add_filter( 'get_comment_author_link', 'slt_dofollow' ); add_filter( 'post_comments_link', 'slt_dofollow' ); add_filter( 'comment_reply_link', 'slt_dofollow' ); add_filter( 'comment_text', 'slt_dofollow' ); function slt_dofollow( $str ) { $str = preg_replace( '~<a ([^>]*)s*(["|']{1}w*)s*nofollow([^>]*)>~U', '<a ${1}${2}${3}>', $str ); return str_replace( array( ' rel=""', " rel=''" ), '', $str ); } } http://digwp.com/2010/04/wordpress-custom-functions-php-template-part-2/
Better default display names add_action( 'user_register', 'slt_default_user_display_name' ); function slt_default_user_display_name( $user_id ) { $first = get_usermeta( $user_id, 'first_name' ); $last = get_usermeta( $user_id, 'last_name' ); $display = $first . " " . $last; wp_update_user( array( "ID" => $user_id, "display_name" => $display ) ); }
Plugins Force Strong Passwords. Copies WordPress's JavaScript password strength meter into PHP and forces “executive” users to have a strong password when updating their profile. http://wordpress.org/extend/plugins/force-strong-passwords/ Google XML Sitemaps (or equivalent). http://wordpress.org/extend/plugins/google-sitemap-generator/ Use Google Libraries. http://wordpress.org/extend/plugins/use-google-libraries/ WordPress Database Backup. http://wordpress.org/extend/plugins/wp-db-backup/
Other issues ● File permissions http://codex.wordpress.org/Hardening_WordPress#File_permissions ● .htpasswd for /wp-admin/ ● Settings > Discussion
Cheers! http://sltaylor.co.uk @sltayloresque

Empfohlen

Vagrant WordCamp Hamilton
Vagrant WordCamp HamiltonVagrant WordCamp Hamilton
Vagrant WordCamp HamiltonPaul Bearne
 
[Bristol WordPress] Supercharging WordPress Development
[Bristol WordPress] Supercharging WordPress Development[Bristol WordPress] Supercharging WordPress Development
[Bristol WordPress] Supercharging WordPress DevelopmentAdam Tomat
 
Web-Performance
Web-PerformanceWeb-Performance
Web-PerformanceWalter Ebert
 
Writing your Third Plugin
Writing your Third PluginWriting your Third Plugin
Writing your Third PluginJustin Ryan
 
Transients are good for you - WordCamp London 2016
Transients are good for you - WordCamp London 2016Transients are good for you - WordCamp London 2016
Transients are good for you - WordCamp London 2016Boiteaweb
 
Optimising Your Front End Workflow With Symfony, Twig, Bower and Gulp
Optimising Your Front End Workflow With Symfony, Twig, Bower and GulpOptimising Your Front End Workflow With Symfony, Twig, Bower and Gulp
Optimising Your Front End Workflow With Symfony, Twig, Bower and GulpMatthew Davis
 
深入淺出 MVC
深入淺出 MVC深入淺出 MVC
深入淺出 MVCJace Ju
 
Vue 淺談前端建置工具
Vue 淺談前端建置工具Vue 淺談前端建置工具
Vue 淺談前端建置工具andyyou
 

Empfohlen

Vagrant WordCamp Hamilton
Vagrant WordCamp HamiltonVagrant WordCamp Hamilton
Vagrant WordCamp HamiltonPaul Bearne
 
[Bristol WordPress] Supercharging WordPress Development
[Bristol WordPress] Supercharging WordPress Development[Bristol WordPress] Supercharging WordPress Development
[Bristol WordPress] Supercharging WordPress DevelopmentAdam Tomat
 
Web-Performance
Web-PerformanceWeb-Performance
Web-PerformanceWalter Ebert
 
Writing your Third Plugin
Writing your Third PluginWriting your Third Plugin
Writing your Third PluginJustin Ryan
 
Transients are good for you - WordCamp London 2016
Transients are good for you - WordCamp London 2016Transients are good for you - WordCamp London 2016
Transients are good for you - WordCamp London 2016Boiteaweb
 
Optimising Your Front End Workflow With Symfony, Twig, Bower and Gulp
Optimising Your Front End Workflow With Symfony, Twig, Bower and GulpOptimising Your Front End Workflow With Symfony, Twig, Bower and Gulp
Optimising Your Front End Workflow With Symfony, Twig, Bower and GulpMatthew Davis
 
深入淺出 MVC
深入淺出 MVC深入淺出 MVC
深入淺出 MVCJace Ju
 
Vue 淺談前端建置工具
Vue 淺談前端建置工具Vue 淺談前端建置工具
Vue 淺談前端建置工具andyyou
 
Head First Zend Framework - Part 1 Project & Application
Head First Zend Framework - Part 1 Project & ApplicationHead First Zend Framework - Part 1 Project & Application
Head First Zend Framework - Part 1 Project & ApplicationJace Ju
 
What happens in laravel 4 bootstraping
What happens in laravel 4 bootstrapingWhat happens in laravel 4 bootstraping
What happens in laravel 4 bootstrapingJace Ju
 
PyCon AU 2010 - Getting Started With Apache/mod_wsgi.
PyCon AU 2010 - Getting Started With Apache/mod_wsgi.PyCon AU 2010 - Getting Started With Apache/mod_wsgi.
PyCon AU 2010 - Getting Started With Apache/mod_wsgi.Graham Dumpleton
 
Mojolicious - A new hope
Mojolicious - A new hopeMojolicious - A new hope
Mojolicious - A new hopeMarcus Ramberg
 
Deploying
DeployingDeploying
Deployingsoon
 
Best Practices in Plugin Development (WordCamp Seattle)
Best Practices in Plugin Development (WordCamp Seattle)Best Practices in Plugin Development (WordCamp Seattle)
Best Practices in Plugin Development (WordCamp Seattle)andrewnacin
 
SocketStream
SocketStreamSocketStream
SocketStreamPaul Jensen
 
Cool like a Frontend Developer: Grunt, RequireJS, Bower and other Tools
Cool like a Frontend Developer: Grunt, RequireJS, Bower and other ToolsCool like a Frontend Developer: Grunt, RequireJS, Bower and other Tools
Cool like a Frontend Developer: Grunt, RequireJS, Bower and other ToolsRyan Weaver
 
Front End Performance
Front End PerformanceFront End Performance
Front End PerformanceKonstantin Käfer
 
Front end performance optimization
Front end performance optimizationFront end performance optimization
Front end performance optimizationStevie T
 
Puppet at janrain
Puppet at janrainPuppet at janrain
Puppet at janrainPuppet
 
WordCamp San Francisco 2011: Transients, Caching, and the Complexities of Mul...
WordCamp San Francisco 2011: Transients, Caching, and the Complexities of Mul...WordCamp San Francisco 2011: Transients, Caching, and the Complexities of Mul...
WordCamp San Francisco 2011: Transients, Caching, and the Complexities of Mul...andrewnacin
 
Front end performance tip
Front end performance tipFront end performance tip
Front end performance tipSteve Yu
 
Mehr Performance für WordPress - WordCamp Köln
Mehr Performance für WordPress - WordCamp KölnMehr Performance für WordPress - WordCamp Köln
Mehr Performance für WordPress - WordCamp KölnWalter Ebert
 
Extending the WordPress REST API - Josh Pollock
Extending the WordPress REST API - Josh PollockExtending the WordPress REST API - Josh Pollock
Extending the WordPress REST API - Josh PollockCaldera Labs
 
You Don't Know Query - WordCamp Portland 2011
You Don't Know Query - WordCamp Portland 2011You Don't Know Query - WordCamp Portland 2011
You Don't Know Query - WordCamp Portland 2011andrewnacin
 
자바 웹 개발 시작하기 (1주차 : 웹 어플리케이션 체험 실습)
자바 웹 개발 시작하기 (1주차 : 웹 어플리케이션 체험 실습)자바 웹 개발 시작하기 (1주차 : 웹 어플리케이션 체험 실습)
자바 웹 개발 시작하기 (1주차 : 웹 어플리케이션 체험 실습)DK Lee
 
BP-6 Repository Customization Best Practices
BP-6 Repository Customization Best PracticesBP-6 Repository Customization Best Practices
BP-6 Repository Customization Best PracticesAlfresco Software
 
jQuery Plugin Creation
jQuery Plugin CreationjQuery Plugin Creation
jQuery Plugin Creationbenalman
 
Powershell: Tu nuevo mejor amigo
Powershell: Tu nuevo mejor amigoPowershell: Tu nuevo mejor amigo
Powershell: Tu nuevo mejor amigoGonzalo Balladares Rivera
 
A WordPress workshop at Cefalo
A WordPress workshop at Cefalo A WordPress workshop at Cefalo
A WordPress workshop at Cefalo Beroza Paul
 
Developers, Be a Bada$$ with WP-CLI
Developers, Be a Bada$$ with WP-CLIDevelopers, Be a Bada$$ with WP-CLI
Developers, Be a Bada$$ with WP-CLIWP Engine
 

Weitere ähnliche Inhalte

Was ist angesagt?

Head First Zend Framework - Part 1 Project & Application
Head First Zend Framework - Part 1 Project & ApplicationHead First Zend Framework - Part 1 Project & Application
Head First Zend Framework - Part 1 Project & ApplicationJace Ju
 
What happens in laravel 4 bootstraping
What happens in laravel 4 bootstrapingWhat happens in laravel 4 bootstraping
What happens in laravel 4 bootstrapingJace Ju
 
PyCon AU 2010 - Getting Started With Apache/mod_wsgi.
PyCon AU 2010 - Getting Started With Apache/mod_wsgi.PyCon AU 2010 - Getting Started With Apache/mod_wsgi.
PyCon AU 2010 - Getting Started With Apache/mod_wsgi.Graham Dumpleton
 
Mojolicious - A new hope
Mojolicious - A new hopeMojolicious - A new hope
Mojolicious - A new hopeMarcus Ramberg
 
Deploying
DeployingDeploying
Deployingsoon
 
Best Practices in Plugin Development (WordCamp Seattle)
Best Practices in Plugin Development (WordCamp Seattle)Best Practices in Plugin Development (WordCamp Seattle)
Best Practices in Plugin Development (WordCamp Seattle)andrewnacin
 
Cool like a Frontend Developer: Grunt, RequireJS, Bower and other Tools
Cool like a Frontend Developer: Grunt, RequireJS, Bower and other ToolsCool like a Frontend Developer: Grunt, RequireJS, Bower and other Tools
Cool like a Frontend Developer: Grunt, RequireJS, Bower and other ToolsRyan Weaver
 
Front end performance optimization
Front end performance optimizationFront end performance optimization
Front end performance optimizationStevie T
 
Puppet at janrain
Puppet at janrainPuppet at janrain
Puppet at janrainPuppet
 
WordCamp San Francisco 2011: Transients, Caching, and the Complexities of Mul...
WordCamp San Francisco 2011: Transients, Caching, and the Complexities of Mul...WordCamp San Francisco 2011: Transients, Caching, and the Complexities of Mul...
WordCamp San Francisco 2011: Transients, Caching, and the Complexities of Mul...andrewnacin
 
Front end performance tip
Front end performance tipFront end performance tip
Front end performance tipSteve Yu
 
Mehr Performance für WordPress - WordCamp Köln
Mehr Performance für WordPress - WordCamp KölnMehr Performance für WordPress - WordCamp Köln
Mehr Performance für WordPress - WordCamp KölnWalter Ebert
 
Extending the WordPress REST API - Josh Pollock
Extending the WordPress REST API - Josh PollockExtending the WordPress REST API - Josh Pollock
Extending the WordPress REST API - Josh PollockCaldera Labs
 
You Don't Know Query - WordCamp Portland 2011
You Don't Know Query - WordCamp Portland 2011You Don't Know Query - WordCamp Portland 2011
You Don't Know Query - WordCamp Portland 2011andrewnacin
 
자바 웹 개발 시작하기 (1주차 : 웹 어플리케이션 체험 실습)
자바 웹 개발 시작하기 (1주차 : 웹 어플리케이션 체험 실습)자바 웹 개발 시작하기 (1주차 : 웹 어플리케이션 체험 실습)
자바 웹 개발 시작하기 (1주차 : 웹 어플리케이션 체험 실습)DK Lee
 
BP-6 Repository Customization Best Practices
BP-6 Repository Customization Best PracticesBP-6 Repository Customization Best Practices
BP-6 Repository Customization Best PracticesAlfresco Software
 
jQuery Plugin Creation
jQuery Plugin CreationjQuery Plugin Creation
jQuery Plugin Creationbenalman
 

Was ist angesagt? (20)

Head First Zend Framework - Part 1 Project & Application
Head First Zend Framework - Part 1 Project & ApplicationHead First Zend Framework - Part 1 Project & Application
Head First Zend Framework - Part 1 Project & Application
 
What happens in laravel 4 bootstraping
What happens in laravel 4 bootstrapingWhat happens in laravel 4 bootstraping
What happens in laravel 4 bootstraping
 
PyCon AU 2010 - Getting Started With Apache/mod_wsgi.
PyCon AU 2010 - Getting Started With Apache/mod_wsgi.PyCon AU 2010 - Getting Started With Apache/mod_wsgi.
PyCon AU 2010 - Getting Started With Apache/mod_wsgi.
 
Mojolicious - A new hope
Mojolicious - A new hopeMojolicious - A new hope
Mojolicious - A new hope
 
Deploying
DeployingDeploying
Deploying
 
Best Practices in Plugin Development (WordCamp Seattle)
Best Practices in Plugin Development (WordCamp Seattle)Best Practices in Plugin Development (WordCamp Seattle)
Best Practices in Plugin Development (WordCamp Seattle)
 
SocketStream
SocketStreamSocketStream
SocketStream
 
Cool like a Frontend Developer: Grunt, RequireJS, Bower and other Tools
Cool like a Frontend Developer: Grunt, RequireJS, Bower and other ToolsCool like a Frontend Developer: Grunt, RequireJS, Bower and other Tools
Cool like a Frontend Developer: Grunt, RequireJS, Bower and other Tools
 
Front End Performance
Front End PerformanceFront End Performance
Front End Performance
 
Front end performance optimization
Front end performance optimizationFront end performance optimization
Front end performance optimization
 
Puppet at janrain
Puppet at janrainPuppet at janrain
Puppet at janrain
 
WordCamp San Francisco 2011: Transients, Caching, and the Complexities of Mul...
WordCamp San Francisco 2011: Transients, Caching, and the Complexities of Mul...WordCamp San Francisco 2011: Transients, Caching, and the Complexities of Mul...
WordCamp San Francisco 2011: Transients, Caching, and the Complexities of Mul...
 
Front end performance tip
Front end performance tipFront end performance tip
Front end performance tip
 
Mehr Performance für WordPress - WordCamp Köln
Mehr Performance für WordPress - WordCamp KölnMehr Performance für WordPress - WordCamp Köln
Mehr Performance für WordPress - WordCamp Köln
 
Extending the WordPress REST API - Josh Pollock
Extending the WordPress REST API - Josh PollockExtending the WordPress REST API - Josh Pollock
Extending the WordPress REST API - Josh Pollock
 
You Don't Know Query - WordCamp Portland 2011
You Don't Know Query - WordCamp Portland 2011You Don't Know Query - WordCamp Portland 2011
You Don't Know Query - WordCamp Portland 2011
 
자바 웹 개발 시작하기 (1주차 : 웹 어플리케이션 체험 실습)
자바 웹 개발 시작하기 (1주차 : 웹 어플리케이션 체험 실습)자바 웹 개발 시작하기 (1주차 : 웹 어플리케이션 체험 실습)
자바 웹 개발 시작하기 (1주차 : 웹 어플리케이션 체험 실습)
 
BP-6 Repository Customization Best Practices
BP-6 Repository Customization Best PracticesBP-6 Repository Customization Best Practices
BP-6 Repository Customization Best Practices
 
jQuery Plugin Creation
jQuery Plugin CreationjQuery Plugin Creation
jQuery Plugin Creation
 
Powershell: Tu nuevo mejor amigo
Powershell: Tu nuevo mejor amigoPowershell: Tu nuevo mejor amigo
Powershell: Tu nuevo mejor amigo
 

Ähnlich wie Beyond the 5-minute Install: Tips for Security, Performance and Best Practices

A WordPress workshop at Cefalo
A WordPress workshop at Cefalo A WordPress workshop at Cefalo
A WordPress workshop at Cefalo Beroza Paul
 
Developers, Be a Bada$$ with WP-CLI
Developers, Be a Bada$$ with WP-CLIDevelopers, Be a Bada$$ with WP-CLI
Developers, Be a Bada$$ with WP-CLIWP Engine
 
Making WordPress Your CMS and Automatically Updating a Self Hosted WordPress ...
Making WordPress Your CMS and Automatically Updating a Self Hosted WordPress ...Making WordPress Your CMS and Automatically Updating a Self Hosted WordPress ...
Making WordPress Your CMS and Automatically Updating a Self Hosted WordPress ...cehwitham
 
10 Things Every Plugin Developer Should Know (WordCamp Atlanta 2013)
10 Things Every Plugin Developer Should Know (WordCamp Atlanta 2013)10 Things Every Plugin Developer Should Know (WordCamp Atlanta 2013)
10 Things Every Plugin Developer Should Know (WordCamp Atlanta 2013)arcware
 
Manage WordPress with Awesome using wp cli
Manage WordPress with Awesome using wp cliManage WordPress with Awesome using wp cli
Manage WordPress with Awesome using wp cliGetSource
 
WordCamp Vancouver 2012 - Manage WordPress with Awesome using wp-cli
WordCamp Vancouver 2012 - Manage WordPress with Awesome using wp-cliWordCamp Vancouver 2012 - Manage WordPress with Awesome using wp-cli
WordCamp Vancouver 2012 - Manage WordPress with Awesome using wp-cliGetSource
 
Intro to WordPress Plugin Development
Intro to WordPress Plugin DevelopmentIntro to WordPress Plugin Development
Intro to WordPress Plugin DevelopmentBrad Williams
 
Apache and PHP: Why httpd.conf is your new BFF!
Apache and PHP: Why httpd.conf is your new BFF!Apache and PHP: Why httpd.conf is your new BFF!
Apache and PHP: Why httpd.conf is your new BFF!Jeff Jones
 
Laying the proper foundation for plugin and theme development
Laying the proper foundation for plugin and theme developmentLaying the proper foundation for plugin and theme development
Laying the proper foundation for plugin and theme developmentTammy Hart
 
WordPress Plugin development
WordPress Plugin developmentWordPress Plugin development
WordPress Plugin developmentMostafa Soufi
 
Creating Your First WordPress Plugin
Creating Your First WordPress PluginCreating Your First WordPress Plugin
Creating Your First WordPress PluginBrad Williams
 
WordPress Security - WordCamp NYC 2009
WordPress Security - WordCamp NYC 2009WordPress Security - WordCamp NYC 2009
WordPress Security - WordCamp NYC 2009Brad Williams
 
WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009Brad Williams
 
Presentation to SAIT Students - Dec 2013
Presentation to SAIT Students - Dec 2013Presentation to SAIT Students - Dec 2013
Presentation to SAIT Students - Dec 2013Think Media Inc.
 
Using Geeklog as a Web Application Framework
Using Geeklog as a Web Application FrameworkUsing Geeklog as a Web Application Framework
Using Geeklog as a Web Application FrameworkDirk Haun
 
Childthemes ottawa-word camp-1919
Childthemes ottawa-word camp-1919Childthemes ottawa-word camp-1919
Childthemes ottawa-word camp-1919Paul Bearne
 
Hardcore URL Routing for WordPress - WordCamp Atlanta 2014 (PPT)
Hardcore URL Routing for WordPress - WordCamp Atlanta 2014 (PPT)Hardcore URL Routing for WordPress - WordCamp Atlanta 2014 (PPT)
Hardcore URL Routing for WordPress - WordCamp Atlanta 2014 (PPT)Mike Schinkel
 
Getting to The Loop - London Wordpress Meetup July 28th
Getting to The Loop - London Wordpress Meetup July 28thGetting to The Loop - London Wordpress Meetup July 28th
Getting to The Loop - London Wordpress Meetup July 28thChris Adams
 
Hardening WordPress - SAScon Manchester 2013 (WordPress Security)
Hardening WordPress - SAScon Manchester 2013 (WordPress Security)Hardening WordPress - SAScon Manchester 2013 (WordPress Security)
Hardening WordPress - SAScon Manchester 2013 (WordPress Security)Bastian Grimm
 
WordPress Configuration tips
WordPress Configuration tipsWordPress Configuration tips
WordPress Configuration tipsMasharul Pamir
 

Ähnlich wie Beyond the 5-minute Install: Tips for Security, Performance and Best Practices (20)

A WordPress workshop at Cefalo
A WordPress workshop at Cefalo A WordPress workshop at Cefalo
A WordPress workshop at Cefalo
 
Developers, Be a Bada$$ with WP-CLI
Developers, Be a Bada$$ with WP-CLIDevelopers, Be a Bada$$ with WP-CLI
Developers, Be a Bada$$ with WP-CLI
 
Making WordPress Your CMS and Automatically Updating a Self Hosted WordPress ...
Making WordPress Your CMS and Automatically Updating a Self Hosted WordPress ...Making WordPress Your CMS and Automatically Updating a Self Hosted WordPress ...
Making WordPress Your CMS and Automatically Updating a Self Hosted WordPress ...
 
10 Things Every Plugin Developer Should Know (WordCamp Atlanta 2013)
10 Things Every Plugin Developer Should Know (WordCamp Atlanta 2013)10 Things Every Plugin Developer Should Know (WordCamp Atlanta 2013)
10 Things Every Plugin Developer Should Know (WordCamp Atlanta 2013)
 
Manage WordPress with Awesome using wp cli
Manage WordPress with Awesome using wp cliManage WordPress with Awesome using wp cli
Manage WordPress with Awesome using wp cli
 
WordCamp Vancouver 2012 - Manage WordPress with Awesome using wp-cli
WordCamp Vancouver 2012 - Manage WordPress with Awesome using wp-cliWordCamp Vancouver 2012 - Manage WordPress with Awesome using wp-cli
WordCamp Vancouver 2012 - Manage WordPress with Awesome using wp-cli
 
Intro to WordPress Plugin Development
Intro to WordPress Plugin DevelopmentIntro to WordPress Plugin Development
Intro to WordPress Plugin Development
 
Apache and PHP: Why httpd.conf is your new BFF!
Apache and PHP: Why httpd.conf is your new BFF!Apache and PHP: Why httpd.conf is your new BFF!
Apache and PHP: Why httpd.conf is your new BFF!
 
Laying the proper foundation for plugin and theme development
Laying the proper foundation for plugin and theme developmentLaying the proper foundation for plugin and theme development
Laying the proper foundation for plugin and theme development
 
WordPress Plugin development
WordPress Plugin developmentWordPress Plugin development
WordPress Plugin development
 
Creating Your First WordPress Plugin
Creating Your First WordPress PluginCreating Your First WordPress Plugin
Creating Your First WordPress Plugin
 
WordPress Security - WordCamp NYC 2009
WordPress Security - WordCamp NYC 2009WordPress Security - WordCamp NYC 2009
WordPress Security - WordCamp NYC 2009
 
WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009
 
Presentation to SAIT Students - Dec 2013
Presentation to SAIT Students - Dec 2013Presentation to SAIT Students - Dec 2013
Presentation to SAIT Students - Dec 2013
 
Using Geeklog as a Web Application Framework
Using Geeklog as a Web Application FrameworkUsing Geeklog as a Web Application Framework
Using Geeklog as a Web Application Framework
 
Childthemes ottawa-word camp-1919
Childthemes ottawa-word camp-1919Childthemes ottawa-word camp-1919
Childthemes ottawa-word camp-1919
 
Hardcore URL Routing for WordPress - WordCamp Atlanta 2014 (PPT)
Hardcore URL Routing for WordPress - WordCamp Atlanta 2014 (PPT)Hardcore URL Routing for WordPress - WordCamp Atlanta 2014 (PPT)
Hardcore URL Routing for WordPress - WordCamp Atlanta 2014 (PPT)
 
Getting to The Loop - London Wordpress Meetup July 28th
Getting to The Loop - London Wordpress Meetup July 28thGetting to The Loop - London Wordpress Meetup July 28th
Getting to The Loop - London Wordpress Meetup July 28th
 
Hardening WordPress - SAScon Manchester 2013 (WordPress Security)
Hardening WordPress - SAScon Manchester 2013 (WordPress Security)Hardening WordPress - SAScon Manchester 2013 (WordPress Security)
Hardening WordPress - SAScon Manchester 2013 (WordPress Security)
 
WordPress Configuration tips
WordPress Configuration tipsWordPress Configuration tips
WordPress Configuration tips
 

Kürzlich hochgeladen

GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 

Kürzlich hochgeladen (20)

GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 

Beyond the 5-minute Install: Tips for Security, Performance and Best Practices

  • 1. Beyond the 5-minute Install Steve Taylor http://sltaylor.co.uk steve@sltaylor.co.uk @sltayloresque WordCamp Portsmouth UK 2011
  • 2. Security & best practices ● .htaccess ● wp-config.php ● robots.txt ● functions.php / “functionality plugin” ● Plugins ● Other issues?
  • 3. A bit about me ● Custom theme developer ● No themes released ● A few plugins This talk ● Advice for beginners  ● Tips for developers 
  • 4. .htaccess ● “hypertext access” ●Controls requests to server before any PHP / WordPress processing ● Apache only (IIS?) ● Root of website (sub-directories?) ● Sometimes simple, sometimes complex! http://httpd.apache.org/docs/ http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/
  • 5. www or not www? ● Personal choice / aesthetics ●Both should be accessible; one should redirect (301) to the other ● Tell Google Webmaster Tools!
  • 6. www or not www? ● Personal choice / aesthetics ●Both should be accessible; one should redirect (301) to the other ● Tell Google Webmaster Tools! # Force no “www” RewriteCond %{HTTP_HOST} ^www.example.com$ [NC] RewriteRule ^(.*)$ http://example.com/$1 [R=301,L]
  • 7. www or not www? ● Personal choice / aesthetics ●Both should be accessible; one should redirect (301) to the other ● Tell Google Webmaster Tools! # Force no “www” RewriteCond %{HTTP_HOST} ^www.example.com$ [NC] RewriteRule ^(.*)$ http://example.com/$1 [R=301,L] # Force “www” RewriteCond %{HTTP_HOST} ^example.com$ [NC] RewriteRule ^(.*)$ http://www.example.com/$1 [R=301,L]
  • 8. Protect important files ●# Protect .htaccess files <Files .htaccess> order allow,deny deny from all </Files> ●# Protect wp-config.php <Files wp-config.php> order allow,deny deny from all </FilesMatch>
  • 10. WordPress pretty permalinks Include at end of .htaccess: ●# BEGIN WordPress <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule> # END WordPress
  • 11. WordPress pretty permalinks Really bad idea for big sites:
  • 12. WordPress pretty permalinks Really bad idea for big sites: Better: http://ottopress.com/2010/category-in-permalinks-considered-harmful/ http://codex.wordpress.org/Using_Permalinks
  • 13. wp-config.php ● Create your own wp-config-sample.php ●Check the file for new stuff in new versions of WordPress ● Edit and initialize BEFORE installing WordPress! http://codex.wordpress.org/Editing_wp-config.php http://digwp.com/2010/08/pimp-your-wp-config-php/
  • 14. Server-dependent settings ●// ** MySQL settings - You can get this info from your web host ** // /** The name of the database for WordPress */ define('DB_NAME', 'database_name_here'); ●/** MySQL database username */ define('DB_USER', 'username_here'); ●/** MySQL database password */ define('DB_PASSWORD', 'password_here'); ●/** MySQL hostname */ define('DB_HOST', 'localhost');
  • 15. Server-dependent settings ●switch ( $_SERVER['HTTP_HOST'] ) { case 'dev.example.com': { // Dev server define( 'DB_NAME', 'aef4RgX_mysitedev' ); define( 'DB_USER', 'aef4RgX_mysitedev' ); define( 'DB_PASSWORD', 'Jyt6v48jS9frkGgZyS5iIjif6LnosuYr' ); define( 'DB_HOST', 'localhost' ); break; } default: { // Live server define( 'DB_NAME', 'sd6FE2xc_mysitelive' ); define( 'DB_USER', 'sd6FE2xc_mysitelive' ); define( 'DB_PASSWORD', 'as3d56JvDlPisYwU7c1nfZ3Yct0NEiZR' ); define( 'DB_HOST', 'localhost' ); break; } } https://www.grc.com/passwords.htm
  • 16. Authentication Keys and Salts Change them for every installation! define('AUTH_KEY', 'put your unique phrase here'); define('SECURE_AUTH_KEY', 'put your unique phrase here'); define('LOGGED_IN_KEY', 'put your unique phrase here'); define('NONCE_KEY', 'put your unique phrase here'); define('AUTH_SALT', 'put your unique phrase here'); define('SECURE_AUTH_SALT', 'put your unique phrase here'); define('LOGGED_IN_SALT', 'put your unique phrase here'); define('NONCE_SALT', 'put your unique phrase here'); https://api.wordpress.org/secret-key/1.1/salt/
  • 17. Database table prefix The default: $table_prefix = 'wp_';
  • 18. Database table prefix The default: $table_prefix = 'wp_'; Much better: $table_prefix = 'a3rfGtQ1_';
  • 19. Database table prefix When coding database queries, don’t use hard-coded table names!
  • 20. Database table prefix When coding database queries, don’t use hard-coded table names! A standard WP table: global $wpdb; $custom_query = $wpdb->get_results( “SELECT ID, post_title FROM $wpdb->posts” );
  • 21. Database table prefix When coding database queries, don’t use hard-coded table names! A standard WP table: global $wpdb; $custom_query = $wpdb->get_results( “SELECT ID, post_title FROM $wpdb->posts” ); A custom table: global $wpdb; $custom_query = $wpdb->get_results( “SELECT field FROM ” . $wpdb->prefix . “table” ); http://codex.wordpress.org/Class_Reference/wpdb
  • 22. Server needs FTP for upgrades? define( "FTP_HOST", "ftp.example.com" ); define( "FTP_USER", "myftpuser" ); define( "FTP_PASS", "hQfsSITtKteo1Ln2FEhHlPkXZ" );
  • 24. Debugging define( 'WP_DEBUG', true ); http://dev.example.com/?debug=1 ●switch ( $_SERVER['HTTP_HOST'] ) { case 'dev.example.com': { // Dev server define( 'WP_DEBUG', isset( $_GET['debug'] ) ); break; } default: { // Live server define( 'WP_DEBUG', false ); break; } }
  • 25. Control revisions and autosave // Only keep 3 revisions of each post define( 'WP_POST_REVISIONS', 3 );
  • 26. Control revisions and autosave // Only keep 3 revisions of each post define( 'WP_POST_REVISIONS', 3 ); // Don’t keep revisions of posts define( 'WP_POST_REVISIONS', false );
  • 27. Control revisions and autosave // Only keep 3 revisions of each post define( 'WP_POST_REVISIONS', 3 ); // Don’t keep revisions of posts define( 'WP_POST_REVISIONS', false ); // Autosave posts interval in seconds define( 'AUTOSAVE_INTERVAL', 60 );
  • 28. Disable plugin and theme editing define( 'DISALLOW_FILE_EDIT', true );
  • 29. robots.txt User-agent: * Disallow: /wp-admin Disallow: /wp-includes Disallow: /wp-content/plugins Disallow: /wp-content/cache Disallow: /wp-content/themes Disallow: /trackback Disallow: /feed Disallow: /comments Disallow: /category/*/* Disallow: */trackback Disallow: */feed Disallow: */comments Disallow: /*?* Disallow: /*? Allow: /wp-content/uploads Sitemap: http://example.com/sitemap.xml http://codex.wordpress.org/Search_Engine_Optimization_for_WordPress#Robots.txt_Optimization
  • 30. Custom theme functions.php / “functionality” plugin ● Snippets not worth making into a plugin ● Plugin is more portable ● Check out /mu-plugins/ http://justintadlock.com/archives/2011/02/02/creating-a-custom-functions-plugin-for-end-users http://wpcandy.com/teaches/how-to-create-a-functionality-plugin http://codex.wordpress.org/Must_Use_Plugins
  • 31. Disable upgrade notifications for people who can't do upgrades if ( ! current_user_can( 'update_core' ) ) { add_action( 'init', create_function( '$a', "remove_action( 'init', 'wp_version_check' );" ), 2 ); add_filter( 'pre_option_update_core', create_function( '$a', "return null;" ) ); }
  • 32. Remove nofollow from comments remove_filter( 'pre_comment_content', 'wp_rel_nofollow' ); add_filter( 'get_comment_author_link', 'slt_dofollow' ); add_filter( 'post_comments_link', 'slt_dofollow' ); add_filter( 'comment_reply_link', 'slt_dofollow' ); add_filter( 'comment_text', 'slt_dofollow' ); function slt_dofollow( $str ) { $str = preg_replace( '~<a ([^>]*)s*(["|']{1}w*)s*nofollow([^>]*)>~U', '<a ${1}${2}${3}>', $str ); return str_replace( array( ' rel=""', " rel=''" ), '', $str ); } } http://digwp.com/2010/04/wordpress-custom-functions-php-template-part-2/
  • 33. Better default display names add_action( 'user_register', 'slt_default_user_display_name' ); function slt_default_user_display_name( $user_id ) { $first = get_usermeta( $user_id, 'first_name' ); $last = get_usermeta( $user_id, 'last_name' ); $display = $first . " " . $last; wp_update_user( array( "ID" => $user_id, "display_name" => $display ) ); }
  • 34. Plugins Force Strong Passwords. Copies WordPress's JavaScript password strength meter into PHP and forces “executive” users to have a strong password when updating their profile. http://wordpress.org/extend/plugins/force-strong-passwords/ Google XML Sitemaps (or equivalent). http://wordpress.org/extend/plugins/google-sitemap-generator/ Use Google Libraries. http://wordpress.org/extend/plugins/use-google-libraries/ WordPress Database Backup. http://wordpress.org/extend/plugins/wp-db-backup/
  • 35. Other issues ● File permissions http://codex.wordpress.org/Hardening_WordPress#File_permissions ● .htpasswd for /wp-admin/ ● Settings > Discussion