ITALIAN WORDPRESS CONFERENCE 2012

16th June 2012Turin - Italy

WORDPRESS

SECURITY AND PERFORMANCE

ITALIAN WORDPRESS CONFERENCE 2012

Happy Birthday!!! #WPCON2012

About me

37 years oldBorn in Turin (Italy)Co-Founder mavida.comWordPress Lover

http://maurizio.mavida.comhttp://www.linkedin.com/in/mauriziopelizzone

#WPCON2012

SECURITY

#WPCON2012

Protect wp-login.php

HTACCESS

HTACCESS #WPCON2012

<IfModule mod_rewrite.c>RewriteEngine OnRewriteBase /RewriteRule ^my-login wp-login.php?loginkey=HR5SKG&redirect_to=

http://%{SERVER_NAME}/wp-admin/index.php [L]

RewriteCond %{HTTP_REFERER} !^http://%{SERVER_NAME}/wp-adminRewriteCond %{HTTP_REFERER} !^http://%{SERVER_NAME}/wp-login\.phpRewriteCond %{HTTP_REFERER} !^http://%{SERVER_NAME}/my-loginRewriteCond %{QUERY_STRING} !^loginkey=HR5SKGRewriteCond %{QUERY_STRING} !^action=logoutRewriteCond %{REQUEST_METHOD} !POSTRewriteRule ^wp-login\.php http://%{SERVER_NAME}/? [R,L]

RewriteCond %{QUERY_STRING} ^loggedout=true RewriteRule . http://%{SERVER_NAME}/? [L]

</IfModule>

#WPCON2012

Deny .php execution

HTACCESS

HTACCESS #WPCON2012

Order Allow,DenyDeny from all<Files ~ "\.(xls|doc|rtf|pdf|zip|rar|mp3|flv|swf|png|gif|jpg|js|css)$">

Allow from all</Files>

## manage exception#<Files filename.php># Allow from all#</Files>

#WPCON2012

CHANGE DIRECTORY STRUCTURE

#WPCON2012WP-CONFIG.PHP

Rename wp-content

define( 'WP_CONTENT_DIR', dirname( __FILE__ ) . '/asset' );define( 'WP_CONTENT_URL', 'http://' . $_SERVER['HTTP_HOST'] . '/asset' );

#WPCON2012WP-ADMIN –> MEDIA

Change Upload Directory

#WPCON2012WP-CONFIG.PHP + INDEX.PHP

Move WordPress Core

/* * add to wp-config.php * /define( 'WP_SITEURL', 'http://' . $_SERVER['SERVER_NAME'] . '/wordpress-core/');define( 'WP_HOME', 'http://' . $_SERVER['SERVER_NAME']);

/* * change in index.php */define('WP_USE_THEMES', true);require('./wordpress-core/wp-blog-header.php');

#WPCON2012MY CUSTOM STRUCTURE

#WPCON2012

BLACKHOLE

BLACKHOLE #WPCON2012

http://perishablepress.com/blackhole-bad-bots/

#WPCON2012HTACCESS

RULES FOR BLACKHOLE

RewriteEngine On RewriteBase / RewriteRule ^(admin|wp-admin|wp-content)$ blackhole/ [L] RewriteRule ^(phpinfo|phpmyadmin)$ blackhole/ [L]

#WPCON2012PLUGIN

BLACKHOLE PLUGIN<?php/*Plugin Name: blackholePlugin URI: http://maurizio.mavida.com/Description: blackholeLicense: GPLVersion: 0.1Author: Maurizio PelizzoneAuthor URI: http://maurizio.mavida.com

*/

if (!is_admin()){include($_SERVER['DOCUMENT_ROOT'] . "/blackhole/blackhole.php"); }

#WPCON2012

FILE MONITOR

#WPCON2012FILEMONITOR PLUGIN

#WPCON2012

AVOID FTP

#WPCON2012

PERFORMACE

TITLE #WPCON2012

CACHE(storing cached data in the database)

#WPCON2012CACHE

TRANSIENT APIhttp://codex.wordpress.org/Transients_API

$posts = get_transient( $transient_name );

if (!$posts) {wp_reset_query();$the_query = new WP_Query(); $the_query->query( $args );

$posts = $the_query->posts;set_transient( $transient_name , $posts , $transient_expiration );

}

#WPCON2012CACHE

PLUGINS #WPCON2012

PLUGINS(less is better)

#WPCON2012PLUGINS

MINIFICATION #WPCON2012

js/css MINIFICATION

MINIFICATION #WPCON2012

CDN #WPCON2012

CLOUDFLARE CDN(as Reverse Proxy)

CDN #WPCON2012

TITLE #WPCON2012

SERVER TUNINGVARNISH

NGINXAPC

memcached

expire

deflate

MySqlTuner

#WPCON2012

?

Other #WPCON2012

Thank you

Maurizio Pelizzone@miziomonmaurizio@mavida.comhttp://maurizio.mavida.com