WordPress in the WildDeployment, Performance, Optimization, and Security

Markku Seguerra / rebelpixel.com

It’s a wild world out there!

A guide to using WordPress in production environments, from small blogs to full-blown sites. Simplify deployment, optimize performance, and increase security with the most effective plugins and tweaks that help you get the most from your WordPress-powered blog.

4 Questions???

Question #1What is the most effective

way of deploying WordPress?

Question #2How do you maximize

performance of a WordPress blog?

Question #3How do you optimize your blog for search and your

target readers?

Question #4How do you protect your blog from malicious users and catastrophic failure?

#1 Deployment* Simple* Fast* Secure

Simple & Fast* Download/wget from wordpress.org

* Copying from existing install is troublesome

* Use local installer with important themes and plugins from official sources

Secure* Use only wordpress.org* For themes & plugins, inspect code if from other sources* Use SSH/SFTP for secure transfer if available; FTP is a last option

#2 PerformanceWhat limits performance?* WordPress is dynamic* WordPress is for everyone* WordPress is too popular

WordPress is dynamic* Every page view uses the database (and the CPU)* Use caching; WP Super Cache works best!

WordPress is for everyone

* Some features are built for the other half of its users* Stick to what you need and what works for you!

WordPress is too popular

* Almost automatically invites spam comments* Akismet takes care of the spam problem 99% of the time

More performance tricks

* Offload content (Amazon S3, Flickr, YouTube, etc.)* Use only necessary plugins* Use 3rd-party comments (Disqus, Intense Debate, etc.)

Beyond WordPress* Optimize MySQL (MyISAM only, query_cache tuning, etc.)* Optimize PHP (limit extensions, memory allocation, use memcache, etc.)* Replace Apache!

#3 Optimization“WordPress takes care of 80-90% of (the mechanics of)SEO.”

- Matt Cutts, Google

Highlight your Content!

Pretty permalinks

Highlight your Content!

All in One SEO Pack

Highlight your Content!

* Analytics360 + Google Analyticator* WordPress.com Stats* Google XML Sitemaps* FD Feedburner / Feedburner Feedsmith* Broken Link Checker

Content is King!

SEO can only do so much; it can only be as good as what’s on your blog.

#4 Security* Content theft* WordPress vulnerabilities* Server security* Database failure* Server/hosting failure

Content theft

RSS Footer* Blog about it!* Resume creating good content.* Report to search engines.* Report to host/ISP.

WordPress vulnerabilities

* More users invites more discoveries of flawed code* Widespread use attracts more mischief* Extensibility opens a back door

WordPress UpgradesWordPress is safe

only when up to date!

More WordPress security

* Remove “admin” username* Change table prefix (wp_)* Hide WP version* Secure /wp-admin/ with server passwords

More WordPress security

Server security* Timely upgrades saves you from pain!* Use proper file & directory permissions* Audit all installed apps

Security plugins

WP Security Scan

Security plugins

WP Exploit Scanner

Database failure

WordPress Database Backup

(or use PhpMyAdmin)

Database backups* Use onsite backups* Use offsite, online storage (Gmail is good)

Server/hosting failure* The end?* Regularly download full backups to local PC* Burn full backups to DVD!* Be prepared to restore from scratch!

Thank you!