Back in September, I had the chance to talk about a technology topic I’ve always loved long before it became a household name — WordPress. If you recall in 2008, I was also at WordCamp Philippines and discussed Developing WordPress Plugins, this time around my talk was WordPress in the Wild: Deployment, Performance, Optimization, and Security.
Before we go further, you might want to browse through my slides:
Weeks before WordCamp Philippines 2009, I never thought I could join with all the work on the 2009 Philippine Blog Awards looming large. In fact I forgot to register, so I personally messaged Blogie if I could still attend without a proper registration. But when he mentioned there was still one speaker slot available due to a cancellation, I volunteered to speak anyway. I figured I could share my experiences and tips on running WordPress optimally.
WordPress used to simply be a blogging app and not much more. It’s growth in the past few years though has pushed it to adapt a more extensible structure to allow for other uses beyond blogging as well as various other customizations. These changes made it more appealing to a wider range of users, but at the same time it also introduced some performance bottlenecks that become apparent when your blog rises to be just a bit too popular. Ah, the price of success.
Let me be clear about this: there is nothing wrong with WordPress. It does its job well. However, in shared hosting environments, where every bit of CPU and RAM is a costly resource, WordPress users with fairly popular blogs are commonly flagged for “using more than its fair share of resources.” Ouch, as if these web hosting services allocate their resources fairly.
Since many WordPress users are on shared hosting, it’s good advice to play good neighbor to everyone and make sure your blog uses only the resources it actually needs. That’s the easier thing to do anyway, instead of complaining how unfair oversold shared hosting is.
My presentation’s goal was to answer four pressing questions that I believe are necessary to running a tip–top WordPress blog:
- What is the most effective way of deploying WordPress?
- How do you maximize performance of a WordPress blog?
- How do you optimize your blog for search and your target readers?
- How do you protect your blog from malicious users and catastrophic failure?
Just briefly, I’ll go through some of the points you’ll see in the slides.
- Should be simple, fast, and secure.
- Use official repositories (wordpress.org) for the app and plugins.
- Avoid copying files from an existing installation.
- Use SSH/SFTP when possible.
- WordPress dynamically generates everything, which is both good and bad. Use WP Super Cache if most of your content is static or rarely changes.
- Use only the features you need.
- Use Akismet to save yourself from all the comment spam trouble. (And yes, WordPress does invite a lot of comment spam!)
- For more performance, consider offloading content to a CDN and using 3rd–party discussion plugins like Intense Debate and Disqus.
- Other performance tricks beyond WordPress involves optimizing PHP and MySQL as well as replacing Apache with Nginx or other lightweight web servers.
- The truth is, you don’t really have to try too hard, as Google’s Matt Cutts would say:
“WordPress takes care of 80-90% of (the mechanics of) SEO.”
- Use pretty permalinks for descriptive URI’s—make your readers know what’s on the page before they even click on the link.
- All in One SEO Pack handles the other things you’ll need SEO–wise.
- Analytics360 + Google Analyticator along with WordPress.com Stats is good for identifying your site’s popular content and monitoring your growth.
- Google XML Sitemaps helps search engines make indexing your site easier.
- FD Feedburner offloads your feeds and makes sure they’re universally compatible through the Feedburner service.
- Broken Link Checker finds dead links in your content so you could update them as necessary, helping your readers follow what you write without interruption.
- Content is king!
- Content theft is a significant issue, but you can’t change your blog or content just to make it harder for thieves. Focus on writing more good content instead.
- RSS Footer “brands” your posts in case someone else scrapes them through your RSS or Atom feeds.
- Because WordPress is very popular, the sheer volume of users makes for discoveries of vulnerable code, faster. Just the same, its extensibility makes it flexible but open to mischief. The best way to stay secure is to always keep WordPress up to date!
- There are other “security hacks” you can use to make it just a bit harder for malicious users to compromise your site.
- Just as you secure WordPress, make sure your server and relevant apps are kept up–to–date.
- Use proper file permissions for everything.
- Some helpful security–focused WordPress plugins: WP Security Scan, WP Exploit Scanner, WordPress Database Backup.
- Don’t keep your backups in one place. Offline backups are not optional.
So there it is, most of what I mentioned in my WordCamp talk. It’s rather long but I hope you find most of it useful. I’ll try to keep this updated for other WordPress–related information that would be helpful to everyone.