Bastian Grimm presented 40 WordPress tips across 6 sections: security, SEO, engagement, maintenance, and performance. The tips included hardening security settings, optimizing images, caching plugins, offloading static content, and debugging. The overall presentation emphasized optimizing a WordPress site for speed, security, and SEO.
7. #1 Setup WordPress properly
Use unique keys and salts to add
random elements for encryption!
Use a cryptic prefix to prevent
automated scripts and SQL injections.
$table_prefix = âwp_VzQCxSJv7uL_ â;
https://api.wordpress.org/secret-key/1.1/salt/
8. #2 Protect your wp-config.php
<files wp-config.php>
order deny,allow
deny from all This needs to go into your WP rootsâ
</files> .htaccess file to prevent external access
Did you know this? Event better⊠move
wp-config.php outside of âwwwâ.
9. #3 Remove the default âadminâ
Setup new user as admin; logout.
Login w/ new admin; delete old one.
Make sure to use a STRONG
password, pleeaaasssseeee!
http://www.random.org/passwords/
17. If you are REALLY curiousâŠ
ï§ http://ottodestruct.com/decoder.php
ï§ http://www.tareeinternet.com/scripts/byterun.php
ï§ http://www.tareeinternet.com/scripts/decrypt.php
ï§ http://rot13-encoder-decoder.waraxe.us/
The PHP code isnât âreallyâ
encrypted, rather kind of obfuscated.
Reversing is possible!
19. #7 Update your blogs regularly!
ï§ WP Updates Notifier to get emails
on out-dated components
(core, themes & plug-ins) for all
blogs:
â http://wordpress.org/extend/plugins
/wp-updates-notifier/
ï§ ManageWP can do one-click mass
updates (core, themes, plug-ins
again) for all your blogs:
â http://managewp.com/features
20. #8 Keep your installation clean
Remove all inactive
plug-ins as well as themes!
20
21. #9 Scan your Theme daily
WP AntiVirus
http://wordpress.org/extend/plugins/antivirus/
22. #10 Harden your Security Settings
Secure WordPress
Most important: Remove version
number from ALL components &
block malicious URL requests.
http://wordpress.org/extend/plugins/secure-wordpress/
23. #11 Protect wp-admin
Recommended: Try the âLockdown
WP Adminâ plug-in to protect PHP files
in wp-admin as well as the login itself.
Put an .htaccess to your
/wp-admin/ for basic
passwd. protection.
http://wordpress.org/extend/plugins/lockdown-wp-admin/
24. #12 Fix File & Folder Permissions
WP-Security Scan
Very important: chmod your
wp-config.php to be read-only!
http://wordpress.org/extend/plugins/wp-security-scan/
25. #13 Move the âwp-contentâ folder
define('WP_CONTENT_DIR', $_SERVER['DOCUMENT_ROOT'].'/blog/my-wp-content');
WP_CONTENT_DIR points to ânewâ
the full local path (no trailing slash)
define('WP_CONTENT_URL', 'http://domain.com/blog/my-wp-content');
WP_CONTENT_URL points to ânewâ
full URI (no trailing slash either)
26. #14 SSL Logins & Administration
define('FORCE_SSL_LOGIN', true);
Set FORCE_SSL_LOGIN to âtrueâ to
force all logins to happen over SSL.
(still allows non-SSL admin sessions)
define('FORCE_SSL_ADMIN', true);
Use FORCE_SSL_ADMIN to force all
logins and all admin sessions to
happen over SSL (can be slowâŠ)
28. #15 WordPress SEO by Yoast
Make sure to uncheck this!
Enables setting
noindex, canonical & 301
(for users) on a per-post
basis
29. #15 WordPress SEO by Yoast
You surely donât need paged
archives, categories, etc. â
theyâre targeting the same
keys anyways.
Affiliate sites mainly have
pages, no need for RSS.
Check all of them!
30. #15 WordPress SEO by Yoast
Set proper a page title &
description, also choose
author for SERP listing
31. #15 WordPress SEO by Yoast
Use help section to get
details for all 30+ variables!
Keep unchecked unless
youâre publishing news.
Default value has been
changed w/ last update.
32. In addition: Post-level settings
You can overwrite defaults
on a per-post level using
the âAdvancedâ settings.
32
33. #15 WordPress SEO by Yoast
Usually you just need one
(unless having a HUGE
amount of content) â
ânoindexâ the other one!
34. #15 WordPress SEO by Yoast
Especially w/ single-authored
blogs, those are a 1:1 copy of
your homepage.
301 is the better solution!
35. #15 WordPress SEO by Yoast
For larger sites, check to auto-
generate XML sitemaps.
Remember to check excludes!
36. #15 WordPress SEO by Yoast
Make absolutely sure
youâre using these!
37. BTW: Clean those URL-Slugs
WP Permalauts
Especially important for
Germany, France, etc.
http://wordpress.org/extend/plugins/wp-permalauts/
43. #16 Fix your Pagination
Better crawl-ability, better WP-PageNavi
indexation â what else u want?
WordPress pagination
s*cks, replace it!
http://wordpress.org/extend/plugins/wp-pagenavi/
44. #17 Improve internal Cross-Linking
Yet Another Related
Posts Plugin
http://wordpress.org/extend/plugins/yet-another-related-posts-plugin/
45. #18 Auto-optimize Image Attributes
SEO Friendly Images
Forces post title &
image name to be used
as img alt-attribute
http://wordpress.org/extend/plugins/seo-image/
46. #19 Redirect old Contents
Redirection
http://wordpress.org/extend/plugins/redirection/
47. #20 Have Rich-Snippets if possible
Schema Creator
http://wordpress.org/extend/plugins/schema-creator/
48. #21 Mask your Affiliate Links
Eclipse Link Cloaker
http://eclipsecloaker.com/
49. Donât forget to tweak your robots.txt
We donât want some WP
User-Agent: * specific files & folders
Disallow: /wp-admin/
Disallow: /feed/
Disallow: /comments/feed/
Disallow: /*/trackback/$
Disallow: /*/feed/$
Disallow: /*.css$ Adjust according to your
Disallow: /*.js$
Disallow: /r/
Link Cloaker settings.
49
66. #34 Watch out for Errors
ï§ Knowledge is power
ï§ Use a 404 logger
â Analytics software
â Redirection (built-in)
â Webserver logs
ï§ Setup 301 redirects
accordingly using
âRedirectionâ, again.
Image-Credits: http://gdig.de/i
67. #35 Maintain Categories & Tags
Term Mgmt. Tools
Mass merge &
change parents
http://wordpress.org/extend/plugins/term-management-tools/
70. #36 Compress those Images
13.2% savings WP Smush.it
for one image!
http://wordpress.org/extend/plugins/wp-smushit/
71. Tip: Make images even smaller!
Use tinyPNG to optimize
PNG files without loosing in
quality (up to 70% savings)
JPEGmini does the same for JPEG
files and will reduce your images
massively (up to 80% smaller)!
http://tinypng.org/ & http://www.jpegmini.com/
72. #37 Setup a Caching Plug-in
W3 Total Cache
http://wordpress.org/extend/plugins/w3-total-cache/
73. #38 Combine multiple CSS files
ï§ Combine CSS files into one to
reduce the number of HTTP requests
ï§ Minify the big file by removing white-
spaces, etc. to reduce file size per request
â Check: W3Total > Performance > Minify!
ï§ Same goes for JavaScript as well⊠and put those
JS files into the footer, if possible!
73
75. Tip: Move static contents to a CDN
Latency is crucial â especially if youâre serving a global
audience, offloading statics to a CDN will give additional
performance.
CDN Overview: http://gdig.de/cdns
76. #40 Off-load JS-Libs
WP Use Google Libraries
Simply enable the plug-in &
serve JS libs from Googleâs CDN!
http://wordpress.org/extend/plugins/use-google-libraries/
77. How to make your site lightning-fastâŠ
http://www.slideshare.net/bastiangrimm
78. OMCap 2011 - Online Marketing Konferenz Berlin
And thatâs it! âŠ
13.10.2011 78