SlideShare uma empresa Scribd logo
1 de 75
WordPress
Optimization & Security
     London Affiliate Conference
                February 2013



             http://gdig.de/lac13


  Bastian Grimm, Managing Partner - Grimm Digital
About me


SEO Trainings, Seminars & Strategy Consulting




WordPress Security, Consulting & Development



                                                @basgr
International „Expired Domains“ marketplace



                                                         2
Get the Slide-Deck




              http://gdig.de/lac13




                                     3
Who is running WordPress?!
See… that‘s the issue!
It’s the “hackers” most-loved target!
Section #1: Security
#1 Never EVER do this!




                          These sites are
                         more than worse…
A quick peak into some theme files…

                     LOL! „family friendly“
                       links – my a*s…




                                              8
A quick peak into some theme files…

                 functions.php: This theme
                 won‘t be working without
                        those links…




                                             9
#2 Always use TAC to do a pre-check!

                      Theme Authenticity
                        Checker (TAC)




                      http://builtbackwards.com/projects/tac/
It get’s worse: base64 encoded footer

                 Are you really sure you want
                  to see that footer.php file?




                                                 11
Right… NICE FOOTER!




                      12
If you are REALLY curious…
   http://ottodestruct.com/decoder.php
   http://www.tareeinternet.com/scripts/byterun.php
   http://www.tareeinternet.com/scripts/decrypt.php
   http://rot13-encoder-decoder.waraxe.us/


                               The PHP code isn’t “really”
                          encrypted, rather kind of obfuscated.
                                 Reversing is possible!
PLEASE… stay away
from “free” WordPress
 themes – they’re not
     free, really!
#3 Keep your installation clean



   Remove all non-active
 plug-ins as well as themes!




                                  15
#4 Do updates regularly!
 WP Updates Notifier to get emails
  on out-dated components (core,
  themes & plug-ins) for all blogs:
   – http://wordpress.org/extend/plugins
     /wp-updates-notifier/
 ManageWP can do one-click mass
  updates (core, themes, plug-ins
  again) for all your blogs:
   – http://managewp.com/features
#5 Daily scan your Theme

                                   WP AntiVirus




                  http://wordpress.org/extend/plugins/antivirus/
Register now!
                    Really, it’s free!




http://bluemonitor.net/en/
#6 Harden your Security Settings

                              Secure WordPress




                  Most important: Remove version
                  number from ALL components &
                   block malicious URL requests.


               http://wordpress.org/extend/plugins/secure-wordpress/
#7 Protect wp-admin by .htaccess


                            Put an .htaccess to your
                             /wp-admin/ for basic
                              passwd. protection.



                   You can also try the “Lockdown WP
                  Admin” plug-in to protect PHP files in
                   wp-admin as well as the login itself.


             http://wordpress.org/extend/plugins/lockdown-wp-admin/
#8 Fix File & Folder Permissions

                                 WP-Security Scan




  Very important: chmod your
 wp-config.php to be read-only!
                  http://wordpress.org/extend/plugins/wp-security-scan/
#9 Moving the “wp-content” folder

define('WP_CONTENT_DIR', $_SERVER['DOCUMENT_ROOT'].'/blog/my-wp-content');



                             WP_CONTENT_DIR points to “new”
                             the full local path (no trailing slash)


define('WP_CONTENT_URL', 'http://domain.com/blog/my-wp-content');



                             WP_CONTENT_URL points to “new”
                              full URI (no trailing slash either)
#10 SSL Logins & Administration

define('FORCE_SSL_LOGIN', true);



                                Set FORCE_SSL_LOGIN to “true” to
                                force all logins to happen over SSL.
                               (still allows non-SSL admin sessions)

define('FORCE_SSL_ADMIN', true);

                                   Use FORCE_SSL_ADMIN to force all
                                    logins and all admin sessions to
                                    happen over SSL (can be slow…)
BTW: How to do it?

                       Just find this
                          beast…


              … don’t use this
              piece of sh*t…

… and put directives
   before here!
Section #2: WordPress SEO
#11 WordPress SEO by Yoast


                      Make sure to uncheck this!
                       Enables setting noindex,
                      canonical & 301 (for users)
                         on a per-post basis
#11 WordPress SEO by Yoast


                            You surely don‘t need paged
                             archives, categories, etc. –
                             they‘re targeting the same
                                   keys anyways.




                   Affiliate sites mainly have
                    pages, no need for RSS.
                       Check all of them!
#11 WordPress SEO by Yoast

                     Set proper page title &
                    description, also choose
                     author for SERP listing
#11 WordPress SEO by Yoast




                                   Use help section to get
                                 details an all 30+ variables!

       Keep unchecked unless
       you’re publishing news.
        Default value has been
       changed w/ last update.
In addition: Post-level settings



                       You can overwrite defaults
                        on a per-post level using
                        the “Advanced” settings.




                                                    30
#11 WordPress SEO by Yoast




                  Usually you just need one
                   (unless having a HUGE
                    amount of content) –
                  “noindex” the other one!
#11 WordPress SEO by Yoast




                 Especially w/ single-authored
                 blogs, those are a 1:1 copy of
                        your homepage.
                  301 is the better solution!
#11 WordPress SEO by Yoast


                      For larger sites, check to auto-
                         generate XML sitemaps.
                      Remember to check excludes!
#11 WordPress SEO by Yoast
                     Make absolutely sure
                      you‘re using these!
BTW: Clean those URL-Slugs

                                    WP Permalauts




            Especially important for
             Germany, France, etc.


                 http://wordpress.org/extend/plugins/wp-permalauts/
#11 WordPress SEO by Yoast
Trust me… things change!




Check out SEO data transporter
    to switch SEO plug-ins!
Migration made easy: Painless switching!

                              SEO Data Transporter




              http://wordpress.org/extend/plugins/seo-data-transporter/
Section #3: Plug-ins
Credits: http://bit.ly/T8wMwO




  Make absolutely sure you only
use plug-ins from trusted authors!
#12 Fix your Pagination

   Better crawl-ability, better                  WP-PageNavi
 indexation – what else u want?




 WordPress pagination
  s*cks, replace it!




                            http://wordpress.org/extend/plugins/wp-pagenavi/
#13 Improve internal Cross-Linking

                                     Yet Another Related
                                         Posts Plugin




        http://wordpress.org/extend/plugins/yet-another-related-posts-plugin/
#14 Auto-optimize Image Attributes

                          SEO Friendly Images



                           Forces post title &
                         image name to be used
                           as img alt-attribute




                  http://wordpress.org/extend/plugins/seo-image/
#15 Redirect old Contents

                                       Redirection




                  http://wordpress.org/extend/plugins/redirection/
#16 Mask your Affiliate Links

                      Eclipse Link Cloaker




                                http://eclipsecloaker.com/
Don’t forget to tweak your robots.txt

                            We don‘t want some WP
User-Agent: *                specific files & folders
Disallow: /wp-admin/
Disallow: /feed/
Disallow: /comments/feed/
Disallow: /*/trackback/$
Disallow: /*/feed/$
Disallow: /*.css$           Adjust according to your
Disallow: /*.js$
Disallow: /r/
                             Link Cloaker settings.




                                                        46
#17 Have Rich-Snippets if possible

                                 Schema Creator




                http://wordpress.org/extend/plugins/schema-creator/
#18 Fix your Internal Search

                              Relevanssi Search




                   http://wordpress.org/extend/plugins/relevanssi/
If you make it multi-lingual…

                                WPML




                                   http://wpml.org/
Section #4: Mobile
#19 Make it work on Mobile Devices

                                      WPtouch




                  http://wordpress.org/extend/plugins/wptouch/
Or try: WordPress Mobile Pack

                                           Mobile Pack




                        Contains various add-ins such as
                      Mobile Theme, Widgets, Switcher, etc.




            http://wordpress.org/extend/plugins/wordpress-mobile-pack/
Section #5: Maintenance
                          53
#20 Do a Theme Test Drive

                        Live-Testing a new theme
                           without anyone else
                             noticing… nice!




               http://wordpress.org/extend/plugins/theme-test-drive/
#21 Debug your WordPress

                  P3 (Plugin Perf. Profiler)




                http://wordpress.org/extend/plugins/p3-profiler/
#21 Debug your WordPress

                  P3 (Plugin Perf. Profiler)




                http://wordpress.org/extend/plugins/p3-profiler/
#21 Debug your WordPress

                  P3 (Plugin Perf. Profiler)




                http://wordpress.org/extend/plugins/p3-profiler/
#21 Debug your WordPress

                                    Debug Objects




               http://wordpress.org/extend/plugins/debug-objects/
#22 Enable Akismet




                Just enable, get an API key
                and turn „auto-delete“ on!
#23 Backup Database & Files

                                       BackWPup




                  http://wordpress.org/extend/plugins/backwpup/
#24 Watch out for Errors
                            Knowledge is power
                            Use a 404 logger
                              – Analytics software
                              – Redirection (built-in)
                              – Webserver logs
                            Setup 301 redirects
                             accordingly using
                             “Redirection”, again.




                              Image-Credits: http://gdig.de/i
#25 Maintain Categories & Tags

                                    Term Mgmt. Tools




 Mass merge &
 change parents


             http://wordpress.org/extend/plugins/term-management-tools/
Section #6: Performance
Scoring domains by
performance; check it out!




        https://developers.google.com/pagespeed/
#26 Compress those Images

       13.2% savings                   WP Smush.it
      for one image!




                   http://wordpress.org/extend/plugins/wp-smushit/
Or try this one - if you don’t like Yahoo…

       Run‘s awesome                              CW Image
     image optimization                           Optimizer
      but requires Unix
         „littleutils“




                 http://wordpress.org/extend/plugins/cw-image-optimizer/
#27 Setup a Caching Plug-in

                                     W3 Total Cache




                http://wordpress.org/extend/plugins/w3-total-cache/
#28 Combine multiple CSS files
 Combine CSS files into one to
  reduce the number of HTTP requests
 Minify the big file by removing white-
  spaces, etc. to reduce file size per request
  – Check: W3Total > Performance > Minify!
 Same goes for JavaScript as well… and put those
  JS files into the footer, if possible!



                                                    68
#29 Do CSS-Sprites




                     http://spriteme.org/
#30 Off-load JS-Libs

                            WP Use Google Libraries




          Simply enable the plug-in &
        serve JS libs from Google‘s CDN!




                 http://wordpress.org/extend/plugins/use-google-libraries/
How to make your site lightning-fast…




            http://gdig.de/smxspeed

                                        71
OMCap 2011 - Online Marketing Konferenz Berlin




                      And that’s it! …
13.10.2011
                  Wait, still not enough?                     72
If you’re into automation…

                              Auto Poster




                             http://www.nextscripts.com/
WordPress Optimization & Security - LAC 2013, London
Thanks! Questions?
  mail@grimm-digital.com
  twitter.com/basgr
  linkedin.com/in/bastiangrimm
  facebook.com/grimm.digital

  http://gdig.de/lac13

 Bastian Grimm, Managing Partner - Grimm Digital

Mais conteúdo relacionado

Mais procurados

WordPress: Smart Ideas for Startup - SMW torino 2012
WordPress: Smart Ideas for Startup - SMW  torino 2012 WordPress: Smart Ideas for Startup - SMW  torino 2012
WordPress: Smart Ideas for Startup - SMW torino 2012 Maurizio Pelizzone
 
8 Most Common Joomla! Hacks and How to Avoid Them
8 Most Common Joomla! Hacks and How to Avoid Them8 Most Common Joomla! Hacks and How to Avoid Them
8 Most Common Joomla! Hacks and How to Avoid ThemDaniel Kanchev
 
Hardening WordPress - Friends of Search 2014 (WordPress Security)
Hardening WordPress - Friends of Search 2014 (WordPress Security)Hardening WordPress - Friends of Search 2014 (WordPress Security)
Hardening WordPress - Friends of Search 2014 (WordPress Security)Bastian Grimm
 
Intro to WordPress Plugin Development
Intro to WordPress Plugin DevelopmentIntro to WordPress Plugin Development
Intro to WordPress Plugin DevelopmentBrad Williams
 
WordPress security for everyone
WordPress security for everyoneWordPress security for everyone
WordPress security for everyoneVladimír Smitka
 
WordCamp Mid-Atlantic WordPress Security
WordCamp Mid-Atlantic WordPress SecurityWordCamp Mid-Atlantic WordPress Security
WordCamp Mid-Atlantic WordPress SecurityBrad Williams
 
Ako na vlastne WP temy
Ako na vlastne WP temyAko na vlastne WP temy
Ako na vlastne WP temyJuraj Kiss
 
Wordpress development: A Modern Approach
Wordpress development:  A Modern ApproachWordpress development:  A Modern Approach
Wordpress development: A Modern ApproachAlessandro Fiore
 
Webinar: 5 Tricks for WordPress web administrators
Webinar: 5 Tricks for WordPress web administratorsWebinar: 5 Tricks for WordPress web administrators
Webinar: 5 Tricks for WordPress web administratorsTomasz Dziuda
 
WordPress Security - WordCamp NYC 2009
WordPress Security - WordCamp NYC 2009WordPress Security - WordCamp NYC 2009
WordPress Security - WordCamp NYC 2009Brad Williams
 
WordPress Security Best Practices 2019 Update
WordPress Security Best Practices 2019 UpdateWordPress Security Best Practices 2019 Update
WordPress Security Best Practices 2019 UpdateZero Point Development
 
Beginning WordPress Plugin Development
Beginning WordPress Plugin DevelopmentBeginning WordPress Plugin Development
Beginning WordPress Plugin DevelopmentAizat Faiz
 
Technical SEO: Crawl Space Management - SEOZone Istanbul 2014
Technical SEO: Crawl Space Management - SEOZone Istanbul 2014Technical SEO: Crawl Space Management - SEOZone Istanbul 2014
Technical SEO: Crawl Space Management - SEOZone Istanbul 2014Bastian Grimm
 
Joomla! Plugin Development
Joomla! Plugin DevelopmentJoomla! Plugin Development
Joomla! Plugin DevelopmentYireo
 
MySQL Tips for WordPress
MySQL Tips for WordPressMySQL Tips for WordPress
MySQL Tips for WordPressdsero
 
Developers, Be a Bada$$ with WP-CLI
Developers, Be a Bada$$ with WP-CLIDevelopers, Be a Bada$$ with WP-CLI
Developers, Be a Bada$$ with WP-CLIWP Engine
 
Joomla 3 JLayout's - Joomladay Netherlands 2014 #jd14nl
Joomla 3 JLayout's - Joomladay Netherlands 2014 #jd14nlJoomla 3 JLayout's - Joomladay Netherlands 2014 #jd14nl
Joomla 3 JLayout's - Joomladay Netherlands 2014 #jd14nlPhilip Locke
 
WordPress Security Presentation from South Florida WordPress Meetup
WordPress Security Presentation from South Florida WordPress MeetupWordPress Security Presentation from South Florida WordPress Meetup
WordPress Security Presentation from South Florida WordPress MeetupJohn Carcutt
 
Plugins at WordCamp Phoenix
Plugins at WordCamp PhoenixPlugins at WordCamp Phoenix
Plugins at WordCamp PhoenixAndrew Ryno
 
Getting Started With WordPress Plugin Development
Getting Started With WordPress Plugin DevelopmentGetting Started With WordPress Plugin Development
Getting Started With WordPress Plugin DevelopmentThomas Vitale
 

Mais procurados (20)

WordPress: Smart Ideas for Startup - SMW torino 2012
WordPress: Smart Ideas for Startup - SMW  torino 2012 WordPress: Smart Ideas for Startup - SMW  torino 2012
WordPress: Smart Ideas for Startup - SMW torino 2012
 
8 Most Common Joomla! Hacks and How to Avoid Them
8 Most Common Joomla! Hacks and How to Avoid Them8 Most Common Joomla! Hacks and How to Avoid Them
8 Most Common Joomla! Hacks and How to Avoid Them
 
Hardening WordPress - Friends of Search 2014 (WordPress Security)
Hardening WordPress - Friends of Search 2014 (WordPress Security)Hardening WordPress - Friends of Search 2014 (WordPress Security)
Hardening WordPress - Friends of Search 2014 (WordPress Security)
 
Intro to WordPress Plugin Development
Intro to WordPress Plugin DevelopmentIntro to WordPress Plugin Development
Intro to WordPress Plugin Development
 
WordPress security for everyone
WordPress security for everyoneWordPress security for everyone
WordPress security for everyone
 
WordCamp Mid-Atlantic WordPress Security
WordCamp Mid-Atlantic WordPress SecurityWordCamp Mid-Atlantic WordPress Security
WordCamp Mid-Atlantic WordPress Security
 
Ako na vlastne WP temy
Ako na vlastne WP temyAko na vlastne WP temy
Ako na vlastne WP temy
 
Wordpress development: A Modern Approach
Wordpress development:  A Modern ApproachWordpress development:  A Modern Approach
Wordpress development: A Modern Approach
 
Webinar: 5 Tricks for WordPress web administrators
Webinar: 5 Tricks for WordPress web administratorsWebinar: 5 Tricks for WordPress web administrators
Webinar: 5 Tricks for WordPress web administrators
 
WordPress Security - WordCamp NYC 2009
WordPress Security - WordCamp NYC 2009WordPress Security - WordCamp NYC 2009
WordPress Security - WordCamp NYC 2009
 
WordPress Security Best Practices 2019 Update
WordPress Security Best Practices 2019 UpdateWordPress Security Best Practices 2019 Update
WordPress Security Best Practices 2019 Update
 
Beginning WordPress Plugin Development
Beginning WordPress Plugin DevelopmentBeginning WordPress Plugin Development
Beginning WordPress Plugin Development
 
Technical SEO: Crawl Space Management - SEOZone Istanbul 2014
Technical SEO: Crawl Space Management - SEOZone Istanbul 2014Technical SEO: Crawl Space Management - SEOZone Istanbul 2014
Technical SEO: Crawl Space Management - SEOZone Istanbul 2014
 
Joomla! Plugin Development
Joomla! Plugin DevelopmentJoomla! Plugin Development
Joomla! Plugin Development
 
MySQL Tips for WordPress
MySQL Tips for WordPressMySQL Tips for WordPress
MySQL Tips for WordPress
 
Developers, Be a Bada$$ with WP-CLI
Developers, Be a Bada$$ with WP-CLIDevelopers, Be a Bada$$ with WP-CLI
Developers, Be a Bada$$ with WP-CLI
 
Joomla 3 JLayout's - Joomladay Netherlands 2014 #jd14nl
Joomla 3 JLayout's - Joomladay Netherlands 2014 #jd14nlJoomla 3 JLayout's - Joomladay Netherlands 2014 #jd14nl
Joomla 3 JLayout's - Joomladay Netherlands 2014 #jd14nl
 
WordPress Security Presentation from South Florida WordPress Meetup
WordPress Security Presentation from South Florida WordPress MeetupWordPress Security Presentation from South Florida WordPress Meetup
WordPress Security Presentation from South Florida WordPress Meetup
 
Plugins at WordCamp Phoenix
Plugins at WordCamp PhoenixPlugins at WordCamp Phoenix
Plugins at WordCamp Phoenix
 
Getting Started With WordPress Plugin Development
Getting Started With WordPress Plugin DevelopmentGetting Started With WordPress Plugin Development
Getting Started With WordPress Plugin Development
 

Semelhante a WordPress Optimization & Security - LAC 2013, London

WordPress End-User Security
WordPress End-User SecurityWordPress End-User Security
WordPress End-User SecurityDre Armeda
 
WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009Brad Williams
 
WordPress 2.5 Overview - Rich Media Institute
WordPress 2.5 Overview - Rich Media InstituteWordPress 2.5 Overview - Rich Media Institute
WordPress 2.5 Overview - Rich Media InstituteBrendan Sera-Shriar
 
WordPress Plugin Development- Rich Media Institute Workshop
WordPress Plugin Development- Rich Media Institute WorkshopWordPress Plugin Development- Rich Media Institute Workshop
WordPress Plugin Development- Rich Media Institute WorkshopBrendan Sera-Shriar
 
WordPress Resources Nov 2014
WordPress Resources Nov 2014WordPress Resources Nov 2014
WordPress Resources Nov 2014Judy Wilson
 
Now That's What I Call WordPress Security 2010
Now That's What I Call WordPress Security 2010Now That's What I Call WordPress Security 2010
Now That's What I Call WordPress Security 2010Brad Williams
 
How To Get Started After Installing Wordpress ( Wordcamp, Delhi )
How To Get Started After Installing Wordpress ( Wordcamp, Delhi )How To Get Started After Installing Wordpress ( Wordcamp, Delhi )
How To Get Started After Installing Wordpress ( Wordcamp, Delhi )abhim12
 
WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012Angela Bowman
 
Presentation to SAIT Students - Dec 2013
Presentation to SAIT Students - Dec 2013Presentation to SAIT Students - Dec 2013
Presentation to SAIT Students - Dec 2013Think Media Inc.
 
Protect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutProtect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutSiteGround.com
 
WordPress Security - WordCamp Boston 2010
WordPress Security - WordCamp Boston 2010WordPress Security - WordCamp Boston 2010
WordPress Security - WordCamp Boston 2010Brad Williams
 
Making the Most of Plug-ins - WordCamp Toronto 2008
Making the Most of Plug-ins - WordCamp Toronto 2008Making the Most of Plug-ins - WordCamp Toronto 2008
Making the Most of Plug-ins - WordCamp Toronto 2008Brendan Sera-Shriar
 
WordPress Plugins and Security
WordPress Plugins and SecurityWordPress Plugins and Security
WordPress Plugins and SecurityThink Media Inc.
 
WordPress & Expired Domains: How To Do It Right!
WordPress & Expired Domains: How To Do It Right!WordPress & Expired Domains: How To Do It Right!
WordPress & Expired Domains: How To Do It Right!iGB Affiliate
 
Wordpress security issues
Wordpress security issuesWordpress security issues
Wordpress security issuesDeepu Thomas
 

Semelhante a WordPress Optimization & Security - LAC 2013, London (20)

WordPress Security
WordPress SecurityWordPress Security
WordPress Security
 
WordPress End-User Security
WordPress End-User SecurityWordPress End-User Security
WordPress End-User Security
 
WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009
 
WordPress 2.5 Overview - Rich Media Institute
WordPress 2.5 Overview - Rich Media InstituteWordPress 2.5 Overview - Rich Media Institute
WordPress 2.5 Overview - Rich Media Institute
 
WordPress Plugin Development- Rich Media Institute Workshop
WordPress Plugin Development- Rich Media Institute WorkshopWordPress Plugin Development- Rich Media Institute Workshop
WordPress Plugin Development- Rich Media Institute Workshop
 
WordPress Security Best Practices
WordPress Security Best PracticesWordPress Security Best Practices
WordPress Security Best Practices
 
WordPress Resources Nov 2014
WordPress Resources Nov 2014WordPress Resources Nov 2014
WordPress Resources Nov 2014
 
Now That's What I Call WordPress Security 2010
Now That's What I Call WordPress Security 2010Now That's What I Call WordPress Security 2010
Now That's What I Call WordPress Security 2010
 
How To Get Started After Installing Wordpress ( Wordcamp, Delhi )
How To Get Started After Installing Wordpress ( Wordcamp, Delhi )How To Get Started After Installing Wordpress ( Wordcamp, Delhi )
How To Get Started After Installing Wordpress ( Wordcamp, Delhi )
 
WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012WordPress Security Essentials WordCamp Denver 2012
WordPress Security Essentials WordCamp Denver 2012
 
Presentation to SAIT Students - Dec 2013
Presentation to SAIT Students - Dec 2013Presentation to SAIT Students - Dec 2013
Presentation to SAIT Students - Dec 2013
 
Optimize wordpress
Optimize wordpressOptimize wordpress
Optimize wordpress
 
Protect Your WordPress From The Inside Out
Protect Your WordPress From The Inside OutProtect Your WordPress From The Inside Out
Protect Your WordPress From The Inside Out
 
WordPress Security - WordCamp Boston 2010
WordPress Security - WordCamp Boston 2010WordPress Security - WordCamp Boston 2010
WordPress Security - WordCamp Boston 2010
 
Making the Most of Plug-ins - WordCamp Toronto 2008
Making the Most of Plug-ins - WordCamp Toronto 2008Making the Most of Plug-ins - WordCamp Toronto 2008
Making the Most of Plug-ins - WordCamp Toronto 2008
 
WordPress Plugins and Security
WordPress Plugins and SecurityWordPress Plugins and Security
WordPress Plugins and Security
 
Website security
Website securityWebsite security
Website security
 
WordPress & Expired Domains: How To Do It Right!
WordPress & Expired Domains: How To Do It Right!WordPress & Expired Domains: How To Do It Right!
WordPress & Expired Domains: How To Do It Right!
 
WordPress Security Best Practices
WordPress Security Best PracticesWordPress Security Best Practices
WordPress Security Best Practices
 
Wordpress security issues
Wordpress security issuesWordpress security issues
Wordpress security issues
 

Mais de Bastian Grimm

Migration Best Practices - Peak Ace on Air
Migration Best Practices - Peak Ace on AirMigration Best Practices - Peak Ace on Air
Migration Best Practices - Peak Ace on AirBastian Grimm
 
SEOday Köln 2020 - Surprise, Surprise - 5 SEO secrets
SEOday Köln 2020 - Surprise, Surprise - 5 SEO secretsSEOday Köln 2020 - Surprise, Surprise - 5 SEO secrets
SEOday Köln 2020 - Surprise, Surprise - 5 SEO secretsBastian Grimm
 
Technical SEO vs. User Experience - Bastian Grimm, Peak Ace AG
Technical SEO vs. User Experience - Bastian Grimm, Peak Ace AGTechnical SEO vs. User Experience - Bastian Grimm, Peak Ace AG
Technical SEO vs. User Experience - Bastian Grimm, Peak Ace AGBastian Grimm
 
Advanced data-driven technical SEO - SMX London 2019
Advanced data-driven technical SEO - SMX London 2019Advanced data-driven technical SEO - SMX London 2019
Advanced data-driven technical SEO - SMX London 2019Bastian Grimm
 
Migration Best Practices - SMX West 2019
Migration Best Practices - SMX West 2019Migration Best Practices - SMX West 2019
Migration Best Practices - SMX West 2019Bastian Grimm
 
Migration Best Practices - Search Y 2019, Paris
Migration Best Practices - Search Y 2019, ParisMigration Best Practices - Search Y 2019, Paris
Migration Best Practices - Search Y 2019, ParisBastian Grimm
 
Migration Best Practices - SEOkomm 2018
Migration Best Practices - SEOkomm 2018Migration Best Practices - SEOkomm 2018
Migration Best Practices - SEOkomm 2018Bastian Grimm
 
Data-driven Technical SEO: Logfile Auditing - SEOkomm 2018
Data-driven Technical SEO: Logfile Auditing - SEOkomm 2018Data-driven Technical SEO: Logfile Auditing - SEOkomm 2018
Data-driven Technical SEO: Logfile Auditing - SEOkomm 2018Bastian Grimm
 
The need for Speed: Advanced #webperf - SEOday 2018
The need for Speed: Advanced #webperf - SEOday 2018The need for Speed: Advanced #webperf - SEOday 2018
The need for Speed: Advanced #webperf - SEOday 2018Bastian Grimm
 
OK Google, Whats next? - OMT Wiesbaden 2018
OK Google, Whats next? - OMT Wiesbaden 2018OK Google, Whats next? - OMT Wiesbaden 2018
OK Google, Whats next? - OMT Wiesbaden 2018Bastian Grimm
 
Super speed around the globe - SearchLeeds 2018
Super speed around the globe - SearchLeeds 2018Super speed around the globe - SearchLeeds 2018
Super speed around the globe - SearchLeeds 2018Bastian Grimm
 
Migration Best Practices - SMX London 2018
Migration Best Practices - SMX London 2018Migration Best Practices - SMX London 2018
Migration Best Practices - SMX London 2018Bastian Grimm
 
Welcome to a new reality - DeepCrawl Webinar 2018
Welcome to a new reality - DeepCrawl Webinar 2018Welcome to a new reality - DeepCrawl Webinar 2018
Welcome to a new reality - DeepCrawl Webinar 2018Bastian Grimm
 
Web Performance Madness - brightonSEO 2018
Web Performance Madness - brightonSEO 2018Web Performance Madness - brightonSEO 2018
Web Performance Madness - brightonSEO 2018Bastian Grimm
 
Digitale Assistenzsysteme - SMX München 2018
Digitale Assistenzsysteme - SMX München 2018Digitale Assistenzsysteme - SMX München 2018
Digitale Assistenzsysteme - SMX München 2018Bastian Grimm
 
AMP - SMX München 2018
AMP - SMX München 2018AMP - SMX München 2018
AMP - SMX München 2018Bastian Grimm
 
How fast is fast enough - SMX West 2018
How fast is fast enough - SMX West 2018How fast is fast enough - SMX West 2018
How fast is fast enough - SMX West 2018Bastian Grimm
 
Whats Next in SEO & CRO - 3XE Conference 2018 Dublin
Whats Next in SEO & CRO - 3XE Conference 2018 DublinWhats Next in SEO & CRO - 3XE Conference 2018 Dublin
Whats Next in SEO & CRO - 3XE Conference 2018 DublinBastian Grimm
 
Migration Best-Practices: So gelingt der erfolgreiche Relaunch - SEOkomm 2017
Migration Best-Practices: So gelingt der erfolgreiche Relaunch - SEOkomm 2017Migration Best-Practices: So gelingt der erfolgreiche Relaunch - SEOkomm 2017
Migration Best-Practices: So gelingt der erfolgreiche Relaunch - SEOkomm 2017Bastian Grimm
 
Digitale Assistenten - OMX 2017
Digitale Assistenten - OMX 2017Digitale Assistenten - OMX 2017
Digitale Assistenten - OMX 2017Bastian Grimm
 

Mais de Bastian Grimm (20)

Migration Best Practices - Peak Ace on Air
Migration Best Practices - Peak Ace on AirMigration Best Practices - Peak Ace on Air
Migration Best Practices - Peak Ace on Air
 
SEOday Köln 2020 - Surprise, Surprise - 5 SEO secrets
SEOday Köln 2020 - Surprise, Surprise - 5 SEO secretsSEOday Köln 2020 - Surprise, Surprise - 5 SEO secrets
SEOday Köln 2020 - Surprise, Surprise - 5 SEO secrets
 
Technical SEO vs. User Experience - Bastian Grimm, Peak Ace AG
Technical SEO vs. User Experience - Bastian Grimm, Peak Ace AGTechnical SEO vs. User Experience - Bastian Grimm, Peak Ace AG
Technical SEO vs. User Experience - Bastian Grimm, Peak Ace AG
 
Advanced data-driven technical SEO - SMX London 2019
Advanced data-driven technical SEO - SMX London 2019Advanced data-driven technical SEO - SMX London 2019
Advanced data-driven technical SEO - SMX London 2019
 
Migration Best Practices - SMX West 2019
Migration Best Practices - SMX West 2019Migration Best Practices - SMX West 2019
Migration Best Practices - SMX West 2019
 
Migration Best Practices - Search Y 2019, Paris
Migration Best Practices - Search Y 2019, ParisMigration Best Practices - Search Y 2019, Paris
Migration Best Practices - Search Y 2019, Paris
 
Migration Best Practices - SEOkomm 2018
Migration Best Practices - SEOkomm 2018Migration Best Practices - SEOkomm 2018
Migration Best Practices - SEOkomm 2018
 
Data-driven Technical SEO: Logfile Auditing - SEOkomm 2018
Data-driven Technical SEO: Logfile Auditing - SEOkomm 2018Data-driven Technical SEO: Logfile Auditing - SEOkomm 2018
Data-driven Technical SEO: Logfile Auditing - SEOkomm 2018
 
The need for Speed: Advanced #webperf - SEOday 2018
The need for Speed: Advanced #webperf - SEOday 2018The need for Speed: Advanced #webperf - SEOday 2018
The need for Speed: Advanced #webperf - SEOday 2018
 
OK Google, Whats next? - OMT Wiesbaden 2018
OK Google, Whats next? - OMT Wiesbaden 2018OK Google, Whats next? - OMT Wiesbaden 2018
OK Google, Whats next? - OMT Wiesbaden 2018
 
Super speed around the globe - SearchLeeds 2018
Super speed around the globe - SearchLeeds 2018Super speed around the globe - SearchLeeds 2018
Super speed around the globe - SearchLeeds 2018
 
Migration Best Practices - SMX London 2018
Migration Best Practices - SMX London 2018Migration Best Practices - SMX London 2018
Migration Best Practices - SMX London 2018
 
Welcome to a new reality - DeepCrawl Webinar 2018
Welcome to a new reality - DeepCrawl Webinar 2018Welcome to a new reality - DeepCrawl Webinar 2018
Welcome to a new reality - DeepCrawl Webinar 2018
 
Web Performance Madness - brightonSEO 2018
Web Performance Madness - brightonSEO 2018Web Performance Madness - brightonSEO 2018
Web Performance Madness - brightonSEO 2018
 
Digitale Assistenzsysteme - SMX München 2018
Digitale Assistenzsysteme - SMX München 2018Digitale Assistenzsysteme - SMX München 2018
Digitale Assistenzsysteme - SMX München 2018
 
AMP - SMX München 2018
AMP - SMX München 2018AMP - SMX München 2018
AMP - SMX München 2018
 
How fast is fast enough - SMX West 2018
How fast is fast enough - SMX West 2018How fast is fast enough - SMX West 2018
How fast is fast enough - SMX West 2018
 
Whats Next in SEO & CRO - 3XE Conference 2018 Dublin
Whats Next in SEO & CRO - 3XE Conference 2018 DublinWhats Next in SEO & CRO - 3XE Conference 2018 Dublin
Whats Next in SEO & CRO - 3XE Conference 2018 Dublin
 
Migration Best-Practices: So gelingt der erfolgreiche Relaunch - SEOkomm 2017
Migration Best-Practices: So gelingt der erfolgreiche Relaunch - SEOkomm 2017Migration Best-Practices: So gelingt der erfolgreiche Relaunch - SEOkomm 2017
Migration Best-Practices: So gelingt der erfolgreiche Relaunch - SEOkomm 2017
 
Digitale Assistenten - OMX 2017
Digitale Assistenten - OMX 2017Digitale Assistenten - OMX 2017
Digitale Assistenten - OMX 2017
 

Último

COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
The Kubernetes Gateway API and its role in Cloud Native API Management
The Kubernetes Gateway API and its role in Cloud Native API ManagementThe Kubernetes Gateway API and its role in Cloud Native API Management
The Kubernetes Gateway API and its role in Cloud Native API ManagementNuwan Dias
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
IEEE Computer Society’s Strategic Activities and Products including SWEBOK Guide
IEEE Computer Society’s Strategic Activities and Products including SWEBOK GuideIEEE Computer Society’s Strategic Activities and Products including SWEBOK Guide
IEEE Computer Society’s Strategic Activities and Products including SWEBOK GuideHironori Washizaki
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
UiPath Clipboard AI: "A TIME Magazine Best Invention of 2023 Unveiled"
UiPath Clipboard AI: "A TIME Magazine Best Invention of 2023 Unveiled"UiPath Clipboard AI: "A TIME Magazine Best Invention of 2023 Unveiled"
UiPath Clipboard AI: "A TIME Magazine Best Invention of 2023 Unveiled"DianaGray10
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
All in AI: LLM Landscape & RAG in 2024 with Mark Ryan (Google) & Jerry Liu (L...
All in AI: LLM Landscape & RAG in 2024 with Mark Ryan (Google) & Jerry Liu (L...All in AI: LLM Landscape & RAG in 2024 with Mark Ryan (Google) & Jerry Liu (L...
All in AI: LLM Landscape & RAG in 2024 with Mark Ryan (Google) & Jerry Liu (L...Daniel Zivkovic
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 

Último (20)

201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
The Kubernetes Gateway API and its role in Cloud Native API Management
The Kubernetes Gateway API and its role in Cloud Native API ManagementThe Kubernetes Gateway API and its role in Cloud Native API Management
The Kubernetes Gateway API and its role in Cloud Native API Management
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
IEEE Computer Society’s Strategic Activities and Products including SWEBOK Guide
IEEE Computer Society’s Strategic Activities and Products including SWEBOK GuideIEEE Computer Society’s Strategic Activities and Products including SWEBOK Guide
IEEE Computer Society’s Strategic Activities and Products including SWEBOK Guide
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
UiPath Clipboard AI: "A TIME Magazine Best Invention of 2023 Unveiled"
UiPath Clipboard AI: "A TIME Magazine Best Invention of 2023 Unveiled"UiPath Clipboard AI: "A TIME Magazine Best Invention of 2023 Unveiled"
UiPath Clipboard AI: "A TIME Magazine Best Invention of 2023 Unveiled"
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
All in AI: LLM Landscape & RAG in 2024 with Mark Ryan (Google) & Jerry Liu (L...
All in AI: LLM Landscape & RAG in 2024 with Mark Ryan (Google) & Jerry Liu (L...All in AI: LLM Landscape & RAG in 2024 with Mark Ryan (Google) & Jerry Liu (L...
All in AI: LLM Landscape & RAG in 2024 with Mark Ryan (Google) & Jerry Liu (L...
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 

WordPress Optimization & Security - LAC 2013, London

  • 1. WordPress Optimization & Security London Affiliate Conference February 2013 http://gdig.de/lac13 Bastian Grimm, Managing Partner - Grimm Digital
  • 2. About me SEO Trainings, Seminars & Strategy Consulting WordPress Security, Consulting & Development @basgr International „Expired Domains“ marketplace 2
  • 3. Get the Slide-Deck http://gdig.de/lac13 3
  • 4. Who is running WordPress?!
  • 5. See… that‘s the issue! It’s the “hackers” most-loved target!
  • 7. #1 Never EVER do this! These sites are more than worse…
  • 8. A quick peak into some theme files… LOL! „family friendly“ links – my a*s… 8
  • 9. A quick peak into some theme files… functions.php: This theme won‘t be working without those links… 9
  • 10. #2 Always use TAC to do a pre-check! Theme Authenticity Checker (TAC) http://builtbackwards.com/projects/tac/
  • 11. It get’s worse: base64 encoded footer Are you really sure you want to see that footer.php file? 11
  • 13. If you are REALLY curious…  http://ottodestruct.com/decoder.php  http://www.tareeinternet.com/scripts/byterun.php  http://www.tareeinternet.com/scripts/decrypt.php  http://rot13-encoder-decoder.waraxe.us/ The PHP code isn’t “really” encrypted, rather kind of obfuscated. Reversing is possible!
  • 14. PLEASE… stay away from “free” WordPress themes – they’re not free, really!
  • 15. #3 Keep your installation clean Remove all non-active plug-ins as well as themes! 15
  • 16. #4 Do updates regularly!  WP Updates Notifier to get emails on out-dated components (core, themes & plug-ins) for all blogs: – http://wordpress.org/extend/plugins /wp-updates-notifier/  ManageWP can do one-click mass updates (core, themes, plug-ins again) for all your blogs: – http://managewp.com/features
  • 17. #5 Daily scan your Theme WP AntiVirus http://wordpress.org/extend/plugins/antivirus/
  • 18. Register now! Really, it’s free! http://bluemonitor.net/en/
  • 19. #6 Harden your Security Settings Secure WordPress Most important: Remove version number from ALL components & block malicious URL requests. http://wordpress.org/extend/plugins/secure-wordpress/
  • 20. #7 Protect wp-admin by .htaccess Put an .htaccess to your /wp-admin/ for basic passwd. protection. You can also try the “Lockdown WP Admin” plug-in to protect PHP files in wp-admin as well as the login itself. http://wordpress.org/extend/plugins/lockdown-wp-admin/
  • 21. #8 Fix File & Folder Permissions WP-Security Scan Very important: chmod your wp-config.php to be read-only! http://wordpress.org/extend/plugins/wp-security-scan/
  • 22. #9 Moving the “wp-content” folder define('WP_CONTENT_DIR', $_SERVER['DOCUMENT_ROOT'].'/blog/my-wp-content'); WP_CONTENT_DIR points to “new” the full local path (no trailing slash) define('WP_CONTENT_URL', 'http://domain.com/blog/my-wp-content'); WP_CONTENT_URL points to “new” full URI (no trailing slash either)
  • 23. #10 SSL Logins & Administration define('FORCE_SSL_LOGIN', true); Set FORCE_SSL_LOGIN to “true” to force all logins to happen over SSL. (still allows non-SSL admin sessions) define('FORCE_SSL_ADMIN', true); Use FORCE_SSL_ADMIN to force all logins and all admin sessions to happen over SSL (can be slow…)
  • 24. BTW: How to do it? Just find this beast… … don’t use this piece of sh*t… … and put directives before here!
  • 26. #11 WordPress SEO by Yoast Make sure to uncheck this! Enables setting noindex, canonical & 301 (for users) on a per-post basis
  • 27. #11 WordPress SEO by Yoast You surely don‘t need paged archives, categories, etc. – they‘re targeting the same keys anyways. Affiliate sites mainly have pages, no need for RSS. Check all of them!
  • 28. #11 WordPress SEO by Yoast Set proper page title & description, also choose author for SERP listing
  • 29. #11 WordPress SEO by Yoast Use help section to get details an all 30+ variables! Keep unchecked unless you’re publishing news. Default value has been changed w/ last update.
  • 30. In addition: Post-level settings You can overwrite defaults on a per-post level using the “Advanced” settings. 30
  • 31. #11 WordPress SEO by Yoast Usually you just need one (unless having a HUGE amount of content) – “noindex” the other one!
  • 32. #11 WordPress SEO by Yoast Especially w/ single-authored blogs, those are a 1:1 copy of your homepage. 301 is the better solution!
  • 33. #11 WordPress SEO by Yoast For larger sites, check to auto- generate XML sitemaps. Remember to check excludes!
  • 34. #11 WordPress SEO by Yoast Make absolutely sure you‘re using these!
  • 35. BTW: Clean those URL-Slugs WP Permalauts Especially important for Germany, France, etc. http://wordpress.org/extend/plugins/wp-permalauts/
  • 36. #11 WordPress SEO by Yoast
  • 37. Trust me… things change! Check out SEO data transporter to switch SEO plug-ins!
  • 38. Migration made easy: Painless switching! SEO Data Transporter http://wordpress.org/extend/plugins/seo-data-transporter/
  • 40. Credits: http://bit.ly/T8wMwO Make absolutely sure you only use plug-ins from trusted authors!
  • 41. #12 Fix your Pagination Better crawl-ability, better WP-PageNavi indexation – what else u want? WordPress pagination s*cks, replace it! http://wordpress.org/extend/plugins/wp-pagenavi/
  • 42. #13 Improve internal Cross-Linking Yet Another Related Posts Plugin http://wordpress.org/extend/plugins/yet-another-related-posts-plugin/
  • 43. #14 Auto-optimize Image Attributes SEO Friendly Images Forces post title & image name to be used as img alt-attribute http://wordpress.org/extend/plugins/seo-image/
  • 44. #15 Redirect old Contents Redirection http://wordpress.org/extend/plugins/redirection/
  • 45. #16 Mask your Affiliate Links Eclipse Link Cloaker http://eclipsecloaker.com/
  • 46. Don’t forget to tweak your robots.txt We don‘t want some WP User-Agent: * specific files & folders Disallow: /wp-admin/ Disallow: /feed/ Disallow: /comments/feed/ Disallow: /*/trackback/$ Disallow: /*/feed/$ Disallow: /*.css$ Adjust according to your Disallow: /*.js$ Disallow: /r/ Link Cloaker settings. 46
  • 47. #17 Have Rich-Snippets if possible Schema Creator http://wordpress.org/extend/plugins/schema-creator/
  • 48. #18 Fix your Internal Search Relevanssi Search http://wordpress.org/extend/plugins/relevanssi/
  • 49. If you make it multi-lingual… WPML http://wpml.org/
  • 51. #19 Make it work on Mobile Devices WPtouch http://wordpress.org/extend/plugins/wptouch/
  • 52. Or try: WordPress Mobile Pack Mobile Pack Contains various add-ins such as Mobile Theme, Widgets, Switcher, etc. http://wordpress.org/extend/plugins/wordpress-mobile-pack/
  • 54. #20 Do a Theme Test Drive Live-Testing a new theme without anyone else noticing… nice! http://wordpress.org/extend/plugins/theme-test-drive/
  • 55. #21 Debug your WordPress P3 (Plugin Perf. Profiler) http://wordpress.org/extend/plugins/p3-profiler/
  • 56. #21 Debug your WordPress P3 (Plugin Perf. Profiler) http://wordpress.org/extend/plugins/p3-profiler/
  • 57. #21 Debug your WordPress P3 (Plugin Perf. Profiler) http://wordpress.org/extend/plugins/p3-profiler/
  • 58. #21 Debug your WordPress Debug Objects http://wordpress.org/extend/plugins/debug-objects/
  • 59. #22 Enable Akismet Just enable, get an API key and turn „auto-delete“ on!
  • 60. #23 Backup Database & Files BackWPup http://wordpress.org/extend/plugins/backwpup/
  • 61. #24 Watch out for Errors  Knowledge is power  Use a 404 logger – Analytics software – Redirection (built-in) – Webserver logs  Setup 301 redirects accordingly using “Redirection”, again. Image-Credits: http://gdig.de/i
  • 62. #25 Maintain Categories & Tags Term Mgmt. Tools Mass merge & change parents http://wordpress.org/extend/plugins/term-management-tools/
  • 64. Scoring domains by performance; check it out! https://developers.google.com/pagespeed/
  • 65. #26 Compress those Images 13.2% savings WP Smush.it for one image! http://wordpress.org/extend/plugins/wp-smushit/
  • 66. Or try this one - if you don’t like Yahoo… Run‘s awesome CW Image image optimization Optimizer but requires Unix „littleutils“ http://wordpress.org/extend/plugins/cw-image-optimizer/
  • 67. #27 Setup a Caching Plug-in W3 Total Cache http://wordpress.org/extend/plugins/w3-total-cache/
  • 68. #28 Combine multiple CSS files  Combine CSS files into one to reduce the number of HTTP requests  Minify the big file by removing white- spaces, etc. to reduce file size per request – Check: W3Total > Performance > Minify!  Same goes for JavaScript as well… and put those JS files into the footer, if possible! 68
  • 69. #29 Do CSS-Sprites http://spriteme.org/
  • 70. #30 Off-load JS-Libs WP Use Google Libraries Simply enable the plug-in & serve JS libs from Google‘s CDN! http://wordpress.org/extend/plugins/use-google-libraries/
  • 71. How to make your site lightning-fast… http://gdig.de/smxspeed 71
  • 72. OMCap 2011 - Online Marketing Konferenz Berlin And that’s it! … 13.10.2011 Wait, still not enough? 72
  • 73. If you’re into automation… Auto Poster http://www.nextscripts.com/
  • 75. Thanks! Questions? mail@grimm-digital.com twitter.com/basgr linkedin.com/in/bastiangrimm facebook.com/grimm.digital http://gdig.de/lac13 Bastian Grimm, Managing Partner - Grimm Digital