WordPress in the WildDeployment, Performance, Optimization, and Security
Markku Seguerra / rebelpixel.com
It’s a wild world out there!
A guide to using WordPress in production environments, from small blogs to full-blown sites. Simplify deployment, optimize performance, and increase security with the most effective plugins and tweaks that help you get the most from your WordPress-powered blog.
4 Questions???
Question #1What is the most effective
way of deploying WordPress?
Question #2How do you maximize
performance of a WordPress blog?
Question #3How do you optimize your blog for search and your
target readers?
Question #4How do you protect your blog from malicious users and catastrophic failure?
#1 Deployment* Simple* Fast* Secure
Simple & Fast* Download/wget from wordpress.org
* Copying from existing install is troublesome
* Use local installer with important themes and plugins from official sources
Secure* Use only wordpress.org* For themes & plugins, inspect code if from other sources* Use SSH/SFTP for secure transfer if available; FTP is a last option
#2 PerformanceWhat limits performance?* WordPress is dynamic* WordPress is for everyone* WordPress is too popular
WordPress is dynamic* Every page view uses the database (and the CPU)* Use caching; WP Super Cache works best!
WordPress is for everyone
* Some features are built for the other half of its users* Stick to what you need and what works for you!
WordPress is too popular
* Almost automatically invites spam comments* Akismet takes care of the spam problem 99% of the time
More performance tricks
* Offload content (Amazon S3, Flickr, YouTube, etc.)* Use only necessary plugins* Use 3rd-party comments (Disqus, Intense Debate, etc.)
Beyond WordPress* Optimize MySQL (MyISAM only, query_cache tuning, etc.)* Optimize PHP (limit extensions, memory allocation, use memcache, etc.)* Replace Apache!
#3 Optimization“WordPress takes care of 80-90% of (the mechanics of)SEO.”
- Matt Cutts, Google
Highlight your Content!
Pretty permalinks
Highlight your Content!
All in One SEO Pack
Highlight your Content!
* Analytics360 + Google Analyticator* WordPress.com Stats* Google XML Sitemaps* FD Feedburner / Feedburner Feedsmith* Broken Link Checker
Content is King!
SEO can only do so much; it can only be as good as what’s on your blog.
#4 Security* Content theft* WordPress vulnerabilities* Server security* Database failure* Server/hosting failure
Content theft
RSS Footer* Blog about it!* Resume creating good content.* Report to search engines.* Report to host/ISP.
WordPress vulnerabilities
* More users invites more discoveries of flawed code* Widespread use attracts more mischief* Extensibility opens a back door
WordPress UpgradesWordPress is safe
only when up to date!
More WordPress security
* Remove “admin” username* Change table prefix (wp_)* Hide WP version* Secure /wp-admin/ with server passwords
More WordPress security
Server security* Timely upgrades saves you from pain!* Use proper file & directory permissions* Audit all installed apps
Security plugins
WP Security Scan
Security plugins
WP Exploit Scanner
Database failure
WordPress Database Backup
(or use PhpMyAdmin)
Database backups* Use onsite backups* Use offsite, online storage (Gmail is good)
Server/hosting failure* The end?* Regularly download full backups to local PC* Burn full backups to DVD!* Be prepared to restore from scratch!
Thank you!
Top Related