security and performance - italian wordpress conference
DESCRIPTION
How to improve security and perfomace in your WordPress installationTRANSCRIPT
ITALIAN WORDPRESS CONFERENCE 2012
16th June 2012Turin - Italy
WORDPRESS
SECURITY AND PERFORMANCE
ITALIAN WORDPRESS CONFERENCE 2012
Happy Birthday!!! #WPCON2012
About me
37 years oldBorn in Turin (Italy)Co-Founder mavida.comWordPress Lover
http://maurizio.mavida.comhttp://www.linkedin.com/in/mauriziopelizzone
#WPCON2012
SECURITY
#WPCON2012
Protect wp-login.php
HTACCESS
HTACCESS #WPCON2012
<IfModule mod_rewrite.c>RewriteEngine OnRewriteBase /RewriteRule ^my-login wp-login.php?loginkey=HR5SKG&redirect_to=
http://%{SERVER_NAME}/wp-admin/index.php [L]
RewriteCond %{HTTP_REFERER} !^http://%{SERVER_NAME}/wp-adminRewriteCond %{HTTP_REFERER} !^http://%{SERVER_NAME}/wp-login\.phpRewriteCond %{HTTP_REFERER} !^http://%{SERVER_NAME}/my-loginRewriteCond %{QUERY_STRING} !^loginkey=HR5SKGRewriteCond %{QUERY_STRING} !^action=logoutRewriteCond %{REQUEST_METHOD} !POSTRewriteRule ^wp-login\.php http://%{SERVER_NAME}/? [R,L]
RewriteCond %{QUERY_STRING} ^loggedout=true RewriteRule . http://%{SERVER_NAME}/? [L]
</IfModule>
#WPCON2012
Deny .php execution
HTACCESS
HTACCESS #WPCON2012
Order Allow,DenyDeny from all<Files ~ "\.(xls|doc|rtf|pdf|zip|rar|mp3|flv|swf|png|gif|jpg|js|css)$">
Allow from all</Files>
## manage exception#<Files filename.php># Allow from all#</Files>
#WPCON2012
CHANGE DIRECTORY STRUCTURE
#WPCON2012WP-CONFIG.PHP
Rename wp-content
define( 'WP_CONTENT_DIR', dirname( __FILE__ ) . '/asset' );define( 'WP_CONTENT_URL', 'http://' . $_SERVER['HTTP_HOST'] . '/asset' );
#WPCON2012WP-ADMIN –> MEDIA
Change Upload Directory
#WPCON2012WP-CONFIG.PHP + INDEX.PHP
Move WordPress Core
/* * add to wp-config.php * /define( 'WP_SITEURL', 'http://' . $_SERVER['SERVER_NAME'] . '/wordpress-core/');define( 'WP_HOME', 'http://' . $_SERVER['SERVER_NAME']);
/* * change in index.php */define('WP_USE_THEMES', true);require('./wordpress-core/wp-blog-header.php');
#WPCON2012MY CUSTOM STRUCTURE
#WPCON2012
BLACKHOLE
BLACKHOLE #WPCON2012
http://perishablepress.com/blackhole-bad-bots/
#WPCON2012HTACCESS
RULES FOR BLACKHOLE
RewriteEngine On RewriteBase / RewriteRule ^(admin|wp-admin|wp-content)$ blackhole/ [L] RewriteRule ^(phpinfo|phpmyadmin)$ blackhole/ [L]
#WPCON2012PLUGIN
BLACKHOLE PLUGIN<?php/*Plugin Name: blackholePlugin URI: http://maurizio.mavida.com/Description: blackholeLicense: GPLVersion: 0.1Author: Maurizio PelizzoneAuthor URI: http://maurizio.mavida.com
*/
if (!is_admin()){include($_SERVER['DOCUMENT_ROOT'] . "/blackhole/blackhole.php"); }
#WPCON2012
FILE MONITOR
#WPCON2012FILEMONITOR PLUGIN
#WPCON2012
AVOID FTP
#WPCON2012
PERFORMACE
TITLE #WPCON2012
CACHE(storing cached data in the database)
#WPCON2012CACHE
TRANSIENT APIhttp://codex.wordpress.org/Transients_API
$posts = get_transient( $transient_name );
if (!$posts) {wp_reset_query();$the_query = new WP_Query(); $the_query->query( $args );
$posts = $the_query->posts;set_transient( $transient_name , $posts , $transient_expiration );
}
#WPCON2012CACHE
PLUGINS #WPCON2012
PLUGINS(less is better)
#WPCON2012PLUGINS
MINIFICATION #WPCON2012
js/css MINIFICATION
MINIFICATION #WPCON2012
CDN #WPCON2012
CLOUDFLARE CDN(as Reverse Proxy)
CDN #WPCON2012
TITLE #WPCON2012
SERVER TUNINGVARNISH
NGINXAPC
memcached
expire
deflate
MySqlTuner
#WPCON2012
?