Upload
digamber-pradhan
View
117
Download
0
Embed Size (px)
Citation preview
WordPress:Speed and Security- DIGAMBER PRADHAN- W E BS I T E : H T T P : / / W W W. D I G A M B E R P R A D H A N . C O M . N P/
- T E A M L E A D @ W E B E X P E R T S N E PA L
Active and Passive Components of A Site
1. Speed ( Active )
2. Security ( Passive )
Speed1. In 2016 EVERYTHING is fast
2. The modern website viewer expects everything to load as quick as you can snap your finger
3. Site abandonment is a major problem
4. Transaction abandonment is a even bigger problem
https://blog.kissmetrics.com/loading-time/?wide=1
Different Aspects that Effect Speed
1. Page Size
2. Server Location
3. Number of HTTP Requests
4. Caching
5. Server Response Time
Tools to test Page Speed1. GTmetrix (https://gtmetrix.com/ )
2. pingdom (https://tools.pingdom.com/ )
3. PageSpeed Insights ( https://developers.google.com/speed/pagespeed/insights/ )
Something Controversial1. Ignore PageSpeed Insights
2. Yes Ignore PageSpeed Insights
3. PageSpeed Insights doesn’t actual measure speed
Lets Optimize1. Good Hosting
2. CDN
3. Minification
4. Caching
Good Hosting1. Do not ignore value of good hosting
2. A good server provides many features
3. If the server response time is slow your site is slow
Content Delivery Network
Minification1. As far as possible use minified scripts when you develop
2. The purpose of minified scripts is to reduce the page size
Minification Contd.1. Plugins
◦ Better WordPress Minify◦ Autoptimize
Caching1. Caching refers to storing content that repeats itself such as
=> Images=> CSS=> JS
2. These repeatedly used resources are cached (or stored temporarily to be re-used)
3. This saves multiple requests as they are loaded from the cache instead of requests to the server, and thus also saves bandwidth consumption
Plugins1. WP Super Cache (free)
2. WP Rocket ( premium )
3. W3 Total Cache (https://wordpress.org/plugins/w3-total-cache/ ) (free)
Security1. Prevention is ALWAYS better than cure
2. We don’t always think about security, but it’s the first thing that should be in our mind
3. Imagine if someone broke into your WordPress siteand compromised all your hard work
4. Imagine if someone hacked your E-Commerce site and used it to charge your clients
Why I call it the Passive Aspect
Is WordPress Secure ?1. In Short Yes (but its complicated)
2. The Core WordPress itself is secure
3. Easy to use, Difficult to Maintain
https://sucuri.net/website-security/website-hacked-report
Some Security Stats
Reason for Vulnerabilities1. Updates or more specifically lack there of
2. Plugins and ThemesExamples: rev-slider, gravity forms
3. Lack of Security Measures
4. Brute Force Attacks (most common form )
Have I been Hacked ?1. When I click my link on google I get redirected to another site
2. Google shows this site may be hacked on search results
3. Weird search results are showing up when I do [ site: http://www.mysitename.com/ ]
4. I can’t log in to my site
What we can do ?1. Regular Backups
2. Security Plugin
3. Security Measures ( Hardening )
Regular Backup1. Backups ensure that you don’t lose
valuable data
2. Have a cyclical process for backing up your site
3. The more detailed the backup the better
How to Backup1. Manual Backups
2. Plugins for regular Backupsa) https://wordpress.org/plugins/backupwordpress/b) https://wordpress.org/plugins/backwpup/
Security Plugins1. Wordfence
2. iThemes Security
3. Sucuri Scanner
Basic of Recover1. DO NOT PANIC!!!
2. Identify type of breach
3. Begin recovery
Conclusion
Resources:1. Kissmetrics: https://blog.kissmetrics.com/loading-time/?wide=1
2. Sucuri: https://sucuri.net/website-security/website-hacked-report
3. Plugins:
4. Better WordPress Minify : https://wordpress.org/plugins/bwp-minify/
5. Autoptimize : https://wordpress.org/plugins/autoptimize/
6. WP Super Cache: https://wordpress.org/plugins/wp-super-cache/
7. W3 Total Cache: https://wordpress.org/plugins/wp-super-cache/
8. WP Rocket: https://wp-rocket.me/
9. Wordfence: https : https://wordpress.org/plugins/wordfence/
10.iThemes Security : https://wordpress.org/plugins/better-wp-security/
11.sucuri scanner : https://wordpress.org/plugins/sucuri-scanner/
Get Started with Optimization1. https://codex.wordpress.org/WordPress_Optimization
2. https://developers.google.com/web/fundamentals/performance/
Resources for Securing WordPress
https://codex.wordpress.org/Hardening_WordPress
http://www.wpbeginner.com/wordpress-security/
http://wplift.com/why-wordpress-website-security-important