Speaker Profile:

Name: Bastian Grimm

Company: Grimm Digital




  • Things are officially kicking off
  • It seems that there are a few people in the audience who have had their WordPress sites hacked
  • Bastian runs Grimm Digital, Blue Fountain Group and Ads2People
  • for slide deck and links in the presso
  • Bastian is German and apologises for the bad accent – we love Germans here in Australia
  • WordPress are the most the targeted by Hackers due to the WordPress footprint
  • Setup WordPress properly
    • Use unique keys and salts to add random elements for encryption
    • Use a cryptic prefix to prevent automated scripts and SQL injections in the table prefix
    • $table_prefix = ‘wp_Vadsvdgadf_’;
    • Use the table rename plugin is it is too hard
  • Protect your wp-config.php file
    • Move the file outside of www
    • Add some code to the .htaccess to prevent external access
  • Remove the default “admin”
    • Setup new user as admin and delete the old one
    • Make sure to use a STRONG password
  • Lock out multiple failed login – limit login attempts plugin. Specify how many fail attempts and lock access for X hours/days
  • Watch out for free wordpress themes – links are usually sneakily embeded within the theme.
  • Generally if you try to remove those links, the theme breaks! Sneaky MOFOs
  • Always use Theme Authenticity Checker to do a pre-check. It checks for encryption, redirects, erroneous code, etc
  • AVOID FREE WordPress themes – they generally are dodgy with erroneous code
  • Make sure you run updates regularly – get WP Updates notifier to get email notifications
  • ManageWP can do on-click mass updates for all your blogs if you are managing multiple WordPress websites
  • Keep your installation clean – remove all non-active plugins as well as themes. It is a security and performance risk
  • Daily scan your theme with WP Antivirus plugin – it checks the theme for modification with email notification
  • Harden your security settings with Secure WordPress plugin which is FREE. It removes version numbers from all components and blocks malicious URL requests
  • Protect wp-admin – use Lockdown WP Admin plugin to protect PHP files
  • Fix file and folder permissions with WP-Security Scan plugin – chmod your wp-config.php to be read-only
  • Use SSL Logins & Administration – force SSL Login with some additional code – check the slide deck later
  • WordPress SEO by Yoast gets a plug – if you are using this plugin you are 80% there
  • Make sure you uncheck the security settings in the plugin
  • Noindex subpages of archives
  • Check all the options in the “Clean up the <head>” section
  • Make sure you are using the author meta-data information to bring in G+ authorship
  • Bastian suggests that we do not include date snippet preview unless you’re publishing news – users don’t like outdated content
  • Noindex and nofollow tags, they are useless pages
  • Disable the author archives – it automatically 3013 redirects to homepage
  • Remember to check for URL excludes to remove from XML sitemaps
  • Setup proper permalinks settings
  • Check out SEO data transporter – migrate one plugin to the other SEO plugin
  • Make sure you know who are the creators and authors of plugins
  • Fix pagination issues with wp-pagenavi plugin to solve it
  • Internal cross linking with Yet Another Related Posts Plugin – personal fav of Bastian
  • SEO friendly images plugin forces post title & image name to be used as img alt attribute – YES!
  • Redirection plugin to help redirect old contents – can use regular expressions – AWESOME!
  • Easily redirect 404 errors
  • Use Schema Creator from Raven tools
  • If you are running affiliate links use Eclipse Link Cloaker
  • Tweak your robots.txt file to block some folders and files
  • Responsive sliders for engagement soliloquy slider plugin
  • Ubermenu creates functional and engaging manu types, very flexible and scalable – SEO friendly
  • Do beautiful popups with Ninja Popups for call-to-actions (social shares, subscription, etc)
  • Use relevanssi search plugin to replace the default WordPress internal search – it is more relevant and recommended to just use the default settings
  • If you are selling digital goods use Easy Digital Downloads plugin
  • WPML is Bastian’s preference for multi-lingual blogs
  • Make it work on Mobile Devices with WPtouch plugin
  • Use theme test drive to do all your testing without changing user experience
  • Debug your WordPress with P3 plugin perf. profiler
  • Enable Akismet – enable and get an API
  • Use BackWPup to backup your database and files – ability to back up to Dropbox account – GREAT!
  • Maintain categories and tags with Term Management Tools plugin to mass merge and purge
  • Use WP to compress and optimise all the images for smaller file size and load time
  • TinyPNG and Jpegmini for image filesize optimisation
  • Setup a caching plugin with W3 Total Cache – can integrate with CDNs. It combines multiple CSS files, minify big files same goes for javascripts to reduce amount of requests
  • Do CSS sprites using SpriteMe
  • Bastian like to use edgecast as a CDN – they’ve integrated Google Pagespeed data
  • Offload JS libraries – user WP use google libraries
  • Check out Bastians slideshare account for more performance tips!

Please excuse the typos, broken links, incomplete sentences, etc.