2. Rachel McCollin
@rachelmccollin
By the end of this workshop you will
be able to:
Identify the areas you need to improve on in terms
of management of your site
Understand how you need to manage, publish and
publicise content
Know how to keep your site secure, updated and
backed up (and why it’s important)
Use plugins to improve your site’s performance
28. Rachel McCollin
@rachelmccollin
Secure site management and administration
Configuring your WordPress installation
Locking down part of your installation
Security by obscurity
Monitoring your site for attacks
30. Rachel McCollin
@rachelmccollin
Secure site management and administration
Configuring your WordPress installation
Locking down part of your installation
Security by obscurity
Monitoring your site for attacks
33. Rachel McCollin
@rachelmccollin
Secure site management and administration
Configuring your WordPress installation
Locking down part of your installation
Security by obscurity
Monitoring your site for attacks
35. Rachel McCollin
@rachelmccollin
Secure site management and administration
Configuring your WordPress installation
Locking down part of your installation
Security by obscurity
Monitoring your site for attacks
36. Rachel McCollin
@rachelmccollin
Secure site management and administration
Configuring your WordPress installation
Locking down part of your installation
Security by obscurity
Monitoring your site for attacks
38. Rachel McCollin
@rachelmccollin
By the end of this workshop you will
be able to:
Identify the areas you need to improve on in terms
of management of your site
Understand how you need to manage, publish and
publicise content
Know how to keep your site secure, updated and
backed up (and why it’s important)
Use plugins to improve your site’s performance
Intro
Self
Delegates:
what do you use WP for?
do you manage a site?
what do you want to get from today?
A caveat - lots of links to WPMU DEV - great resource for advanced users
Flipchart:
who has a publishing schedule? Who’s set one & not stuck to it?
How often do you need to publish to your site?
How do you share your content?
Do you research your target audience first?
Exercise:
Think about your target audience:
who are they? demographics?
when are they online?
what might they want from your site?
what social media do they use?
Managing comments
Flipchart:
who has commenting on their site?
how have you got it set up?
how often do people comment?
do people respond to each other?
how often / quickly do you reply? Does this work?
Share best practice & ideas. Bring up the Discussion settings screen.
Flipchart - do you know what version of WordPress your site is running?
Brainstorm - why is it important to keep WP up to date?
security, performance, compatibility, features
What stops you updating?
How to create a local copy of your site.
Updating themes and plugins
Show the update screen.
Flipchart - are all your themes and plugins up to date? Why is it important to keep them up to date?
Installing and finding themes and plugins
safe sources
free ones should ALWAYs be from wordpress.org
when buying paid, get recommendations
Brainstorm:
which plugins & themes do you use?
how did you find them?
how did you decide what to use?
Example for a client site - this output spammy links to completely unrelated sites which had paid the client’s previous developer to do this.
I’ve seen ‘free’ themes that do similar things or worse!
Brainstorm - do you know what caching is?
How many people use caching on their site? What plugin do you use?
Minifying: what is minifying?
Can reduce file size by 20-50%
Who uses minifying? What plugins do you use?
Coding standards
What do you know about them?
WordPress coding standrads
web standards
best practices for speed
Show page for WP coding standards
Show page for web standards (W3C)
All your themes and plugins should adhere to these standards - it’ll make your site more efficient, better for SEO and much better for accessibility. It will also reduce chances of an update breaking things.
Web standards:
markup your pages correctly
minimise http requests
load stylesheets at the top and scripts at the bottom
use external CSS and JavaScript
avoid redirects
use trailing slashes
WordPress standards:
use PHP correctly
call functions correctly and attach them to the right hook
minimise the number of queries on a page
DON’T use query_posts
Brainstorm:
who backs up their site?
who has it automated?
how often how does this compare to how often you’re adding content?
have you ever tried doing a restore? how easy is it?
I THINK THIS IS SOMETHING WORTH PAYING FOR.
Exercise:
research backup plugins
create a backup schedule
practice doing a restore - work out how to do it with your plugin
Site management and admin
PASSWORDS
Updates - WP, themes, plugins
Sourcing themes and plugins
SFTP
Brainstorm
do you let your users set their won passwords?
Do you give clients admin access?
Do you limit password strength?
Do you (be honest) use secure passwords yourself?
Configuring your WP installation
security keys
hardening WP
Locking down part of your installation
restrict access by IP address
password-protect the wp-admin directory (using CPanel)
disallow file editing via the dashboard
Security by obscurity
anyone know what this is?
how effective is it?
Examples:
database table names changing the $table_prefix value in your wp-config.php file.
usernames
Monitoring your site
who does this?
- think about the impact of your site being left not working for some time:
seo
reputation
possible loss of data