![[Live] SMX Sydney ’13 – 40 WordPress Tips: Security, Engagement, SEO & Performance](https://www.jasonmun.com/wp-content/uploads/2013/04/bastiangrimm-smx-sydney-13-150x150.jpg)
Speaker Profile:
Name: Bastian Grimm
Twitter: https://twitter.com/basgr
Google+: https://plus.google.com/111367517659623076437/posts
Notes:
- Things are officially kicking off
- It seems that there are a few people in the audience who have had their WordPress sites hacked
- Bastian runs Grimm Digital, Blue Fountain Group and Ads2People
- gdig.de/sydney1 for slide deck and links in the presso
- Bastian is German and apologises for the bad accent – we love Germans here in Australia
- WordPress are the most the targeted by Hackers due to the WordPress footprint
- Setup WordPress properly
- Use unique keys and salts to add random elements for encryption
- Use a cryptic prefix to prevent automated scripts and SQL injections in the table prefix
- $table_prefix = ‘wp_Vadsvdgadf_’;
- Use the table rename plugin is it is too hard
- Protect your wp-config.php file
- Move the file outside of www
- Add some code to the .htaccess to prevent external access
- Remove the default “admin”
- Setup new user as admin and delete the old one
- Make sure to use a STRONG password
- Lock out multiple failed login – limit login attempts plugin. Specify how many fail attempts and lock access for X hours/days
- Watch out for free wordpress themes – links are usually sneakily embeded within the theme.
- Generally if you try to remove those links, the theme breaks! Sneaky MOFOs
- Always use Theme Authenticity Checker to do a pre-check. It checks for encryption, redirects, erroneous code, etc
- AVOID FREE WordPress themes – they generally are dodgy with erroneous code
- Make sure you run updates regularly – get WP Updates notifier to get email notifications
- ManageWP can do on-click mass updates for all your blogs if you are managing multiple WordPress websites
- Keep your installation clean – remove all non-active plugins as well as themes. It is a security and performance risk
- Daily scan your theme with WP Antivirus plugin – it checks the theme for modification with email notification
- Harden your security settings with Secure WordPress plugin which is FREE. It removes version numbers from all components and blocks malicious URL requests
- Protect wp-admin – use Lockdown WP Admin plugin to protect PHP files
- Fix file and folder permissions with WP-Security Scan plugin – chmod your wp-config.php to be read-only
- Use SSL Logins & Administration – force SSL Login with some additional code – check the slide deck later
- WordPress SEO by Yoast gets a plug – if you are using this plugin you are 80% there
- Make sure you uncheck the security settings in the plugin
- Noindex subpages of archives
- Check all the options in the “Clean up the <head>” section
- Make sure you are using the author meta-data information to bring in G+ authorship
- Bastian suggests that we do not include date snippet preview unless you’re publishing news – users don’t like outdated content
- Noindex and nofollow tags, they are useless pages
- Disable the author archives – it automatically 3013 redirects to homepage
- Remember to check for URL excludes to remove from XML sitemaps
- Setup proper permalinks settings
- Check out SEO data transporter – migrate one plugin to the other SEO plugin
- Make sure you know who are the creators and authors of plugins
- Fix pagination issues with wp-pagenavi plugin to solve it
- Internal cross linking with Yet Another Related Posts Plugin – personal fav of Bastian
- SEO friendly images plugin forces post title & image name to be used as img alt attribute – YES!
- Redirection plugin to help redirect old contents – can use regular expressions – AWESOME!
- Easily redirect 404 errors
- Use Schema Creator from Raven tools
- If you are running affiliate links use Eclipse Link Cloaker
- Tweak your robots.txt file to block some folders and files
- Responsive sliders for engagement soliloquy slider plugin
- Ubermenu creates functional and engaging manu types, very flexible and scalable – SEO friendly
- Do beautiful popups with Ninja Popups for call-to-actions (social shares, subscription, etc)
- Use relevanssi search plugin to replace the default WordPress internal search – it is more relevant and recommended to just use the default settings
- If you are selling digital goods use Easy Digital Downloads plugin
- WPML is Bastian’s preference for multi-lingual blogs
- Make it work on Mobile Devices with WPtouch plugin
- Use theme test drive to do all your testing without changing user experience
- Debug your WordPress with P3 plugin perf. profiler
- Enable Akismet – enable and get an API
- Use BackWPup to backup your database and files – ability to back up to Dropbox account – GREAT!
- Maintain categories and tags with Term Management Tools plugin to mass merge and purge
- Use WP SMush.it to compress and optimise all the images for smaller file size and load time
- TinyPNG and Jpegmini for image filesize optimisation
- Setup a caching plugin with W3 Total Cache – can integrate with CDNs. It combines multiple CSS files, minify big files same goes for javascripts to reduce amount of requests
- Do CSS sprites using SpriteMe
- Bastian like to use edgecast as a CDN – they’ve integrated Google Pagespeed data
- Offload JS libraries – user WP use google libraries
- Check out Bastians slideshare account for more performance tips!
Disclaimer:
Please excuse the typos, broken links, incomplete sentences, etc.