Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

40 WordPress Tips: Security, Engagement, SEO & Performance - SMX Sydney 2013

32.940 Aufrufe

Veröffentlicht am

My talk at #SMX Sydney 2013 featuring 40 tips on WordPress security, WordPress SEO as well as a huge set of plug-in recommendation to get the maximum out of WordPress.

Veröffentlicht in: Technologie
  • Great!
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier
  • Hi Bastian, gute Infos in der Präsi. Die Präsi hätte sich wunderbar geeignet als Aufsatz zu meinem Vortrag auf der Campixx http://de.slideshare.net/markusmarkert/sicheres-rootserver-hosting ;)
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier

40 WordPress Tips: Security, Engagement, SEO & Performance - SMX Sydney 2013

  1. 40 WordPress Tips- Security, Engagement, SEO & Performance - http://gdig.de/sydney1 Sydney, April 2013 Bastian Grimm, Managing Partner - Grimm Digital
  2. About meSEO Trainings, Seminars & Strategy ConsultingWordPress Security, Consulting & Development @basgrBerlin-based Full-Service Performance Marketing Agency 2
  3. http://gdig.de/sydney1
  4. Who is running WordPress?!
  5. See… that‘s the issue!You’re the “hackers” most-loved target!
  6. Section #1: Security
  7. #1 Setup WordPress properly Use unique keys and salts to add random elements for encryption! Use a cryptic prefix to prevent automated scripts and SQL injections. $table_prefix = ‘wp_VzQCxSJv7uL_ ‘; https://api.wordpress.org/secret-key/1.1/salt/
  8. #2 Protect your wp-config.php <files wp-config.php> order deny,allow deny from all This needs to go into your WP roots’ </files> .htaccess file to prevent external access Did you know this? Event better… move wp-config.php outside of „www“.
  9. #3 Remove the default „admin“ Setup new user as admin; logout. Login w/ new admin; delete old one. Make sure to use a STRONG password, pleeaaasssseeee! http://www.random.org/passwords/
  10. #4 Lock-out multiple failed logins Limit Login Attempts http://wordpress.org/extend/plugins/limit-login-attempts/
  11. #5 Never EVER do this! These sites are more than worse…
  12. A quick peak into some theme files… LOL! „family friendly“ links – my a*s… 12
  13. A quick peak into some theme files… functions.php: This theme won‘t be working without those links… 13
  14. #6 Always use TAC to do a pre-check! Theme Authenticity Checker (TAC) http://builtbackwards.com/projects/tac/
  15. It gets worse: base64 encoded footer Are you really sure you want to see that footer.php file? 15
  16. Right… NICE FOOTER! 16
  17. If you are REALLY curious… http://ottodestruct.com/decoder.php http://www.tareeinternet.com/scripts/byterun.php http://www.tareeinternet.com/scripts/decrypt.php http://rot13-encoder-decoder.waraxe.us/ The PHP code isn’t “really” encrypted, rather kind of obfuscated. Reversing is possible!
  18. PLEASE… stay awayfrom “free” WordPress themes – they’re not free, really!
  19. #7 Update your blogs regularly! WP Updates Notifier to get emails on out-dated components (core, themes & plug-ins) for all blogs: – http://wordpress.org/extend/plugins /wp-updates-notifier/ ManageWP can do one-click mass updates (core, themes, plug-ins again) for all your blogs: – http://managewp.com/features
  20. #8 Keep your installation clean Remove all inactive plug-ins as well as themes! 20
  21. #9 Scan your Theme daily WP AntiVirus http://wordpress.org/extend/plugins/antivirus/
  22. #10 Harden your Security Settings Secure WordPress Most important: Remove version number from ALL components & block malicious URL requests. http://wordpress.org/extend/plugins/secure-wordpress/
  23. #11 Protect wp-admin Recommended: Try the “Lockdown WP Admin” plug-in to protect PHP files in wp-admin as well as the login itself. Put an .htaccess to your /wp-admin/ for basic passwd. protection. http://wordpress.org/extend/plugins/lockdown-wp-admin/
  24. #12 Fix File & Folder Permissions WP-Security Scan Very important: chmod your wp-config.php to be read-only! http://wordpress.org/extend/plugins/wp-security-scan/
  25. #13 Move the “wp-content” folderdefine(WP_CONTENT_DIR, $_SERVER[DOCUMENT_ROOT]./blog/my-wp-content); WP_CONTENT_DIR points to “new” the full local path (no trailing slash)define(WP_CONTENT_URL, http://domain.com/blog/my-wp-content); WP_CONTENT_URL points to “new” full URI (no trailing slash either)
  26. #14 SSL Logins & Administrationdefine(FORCE_SSL_LOGIN, true); Set FORCE_SSL_LOGIN to “true” to force all logins to happen over SSL. (still allows non-SSL admin sessions)define(FORCE_SSL_ADMIN, true); Use FORCE_SSL_ADMIN to force all logins and all admin sessions to happen over SSL (can be slow…)
  27. Section #2: WordPress SEO
  28. #15 WordPress SEO by Yoast Make sure to uncheck this! Enables setting noindex, canonical & 301 (for users) on a per-post basis
  29. #15 WordPress SEO by Yoast You surely don‘t need paged archives, categories, etc. – they‘re targeting the same keys anyways. Affiliate sites mainly have pages, no need for RSS. Check all of them!
  30. #15 WordPress SEO by Yoast Set proper a page title & description, also choose author for SERP listing
  31. #15 WordPress SEO by Yoast Use help section to get details for all 30+ variables! Keep unchecked unless you’re publishing news. Default value has been changed w/ last update.
  32. In addition: Post-level settings You can overwrite defaults on a per-post level using the “Advanced” settings. 32
  33. #15 WordPress SEO by Yoast Usually you just need one (unless having a HUGE amount of content) – “noindex” the other one!
  34. #15 WordPress SEO by Yoast Especially w/ single-authored blogs, those are a 1:1 copy of your homepage. 301 is the better solution!
  35. #15 WordPress SEO by Yoast For larger sites, check to auto- generate XML sitemaps. Remember to check excludes!
  36. #15 WordPress SEO by Yoast Make absolutely sure you‘re using these!
  37. BTW: Clean those URL-Slugs WP Permalauts Especially important for Germany, France, etc. http://wordpress.org/extend/plugins/wp-permalauts/
  38. #15 WordPress SEO by Yoast
  39. Trust me… things change!Check out SEO data transporter to switch SEO plug-ins!
  40. Migration made easy: Painless switching! SEO Data Transporter http://wordpress.org/extend/plugins/seo-data-transporter/
  41. Section #3: More SEO…
  42. Credits: http://bit.ly/T8wMwO Make absolutely sure you onlyuse plug-ins from trusted authors!
  43. #16 Fix your Pagination Better crawl-ability, better WP-PageNavi indexation – what else u want? WordPress pagination s*cks, replace it! http://wordpress.org/extend/plugins/wp-pagenavi/
  44. #17 Improve internal Cross-Linking Yet Another Related Posts Plugin http://wordpress.org/extend/plugins/yet-another-related-posts-plugin/
  45. #18 Auto-optimize Image Attributes SEO Friendly Images Forces post title & image name to be used as img alt-attribute http://wordpress.org/extend/plugins/seo-image/
  46. #19 Redirect old Contents Redirection http://wordpress.org/extend/plugins/redirection/
  47. #20 Have Rich-Snippets if possible Schema Creator http://wordpress.org/extend/plugins/schema-creator/
  48. #21 Mask your Affiliate Links Eclipse Link Cloaker http://eclipsecloaker.com/
  49. Don’t forget to tweak your robots.txt We don‘t want some WPUser-Agent: * specific files & foldersDisallow: /wp-admin/Disallow: /feed/Disallow: /comments/feed/Disallow: /*/trackback/$Disallow: /*/feed/$Disallow: /*.css$ Adjust according to yourDisallow: /*.js$Disallow: /r/ Link Cloaker settings. 49
  50. Section #4: Engagement
  51. #22 Responsive WP-Slider in Seconds Soliloquy Slider http://soliloquywp.com/
  52. #23 Create an „UberMenu“ UberMenu http://gdig.de/ubermenu
  53. #24 Create beautiful Popups Ninja Popups http://gdig.de/npopup
  54. #25 Fix your Internal Search Relevanssi Search http://wordpress.org/extend/plugins/relevanssi/
  55. #26 Selling goods within WordPress? Easy Digital Downloads https://easydigitaldownloads.com/
  56. #27 Make it multi-lingual WPML http://wpml.org/
  57. #28 Make it work on Mobile Devices WPtouch http://wordpress.org/extend/plugins/wptouch/
  58. Section #5: Maintenance 58
  59. #29 Do a Theme Test Drive Live-Testing a new theme without anyone else noticing… nice! http://wordpress.org/extend/plugins/theme-test-drive/
  60. #30 Debug your WordPress P3 (Plugin Perf. Profiler) http://wordpress.org/extend/plugins/p3-profiler/
  61. #30 Debug your WordPress P3 (Plugin Perf. Profiler) http://wordpress.org/extend/plugins/p3-profiler/
  62. #30 Debug your WordPress P3 (Plugin Perf. Profiler) http://wordpress.org/extend/plugins/p3-profiler/
  63. #31 Debug your WordPress Debug Objects http://wordpress.org/extend/plugins/debug-objects/
  64. #32 Enable Akismet Just enable, get an API key and turn „auto-delete“ on!
  65. #33 Backup Database & Files BackWPup http://wordpress.org/extend/plugins/backwpup/
  66. #34 Watch out for Errors  Knowledge is power  Use a 404 logger – Analytics software – Redirection (built-in) – Webserver logs  Setup 301 redirects accordingly using “Redirection”, again. Image-Credits: http://gdig.de/i
  67. #35 Maintain Categories & Tags Term Mgmt. Tools Mass merge & change parents http://wordpress.org/extend/plugins/term-management-tools/
  68. Section #6: Performance
  69. Scoring domains byperformance; give it a try! https://developers.google.com/pagespeed/
  70. #36 Compress those Images 13.2% savings WP Smush.it for one image! http://wordpress.org/extend/plugins/wp-smushit/
  71. Tip: Make images even smaller! Use tinyPNG to optimize PNG files without loosing in quality (up to 70% savings)JPEGmini does the same for JPEGfiles and will reduce your images massively (up to 80% smaller)! http://tinypng.org/ & http://www.jpegmini.com/
  72. #37 Setup a Caching Plug-in W3 Total Cache http://wordpress.org/extend/plugins/w3-total-cache/
  73. #38 Combine multiple CSS files Combine CSS files into one to reduce the number of HTTP requests Minify the big file by removing white- spaces, etc. to reduce file size per request – Check: W3Total > Performance > Minify! Same goes for JavaScript as well… and put those JS files into the footer, if possible! 73
  74. #39 Do CSS-Sprites http://spriteme.org/
  75. Tip: Move static contents to a CDN Latency is crucial – especially if you’re serving a global audience, offloading statics to a CDN will give additional performance. CDN Overview: http://gdig.de/cdns
  76. #40 Off-load JS-Libs WP Use Google Libraries Simply enable the plug-in & serve JS libs from Google‘s CDN! http://wordpress.org/extend/plugins/use-google-libraries/
  77. How to make your site lightning-fast… http://www.slideshare.net/bastiangrimm
  78. OMCap 2011 - Online Marketing Konferenz Berlin And that’s it! …13.10.2011 78
  79. Thanks! Questions? mail@grimm-digital.com twitter.com/basgr linkedin.com/in/bastiangrimm facebook.com/grimm.digital http://gdig.de/sydney1 Bastian Grimm, Managing Partner - Grimm Digital