As a follow-up to my previous post about tracking down a WordPress hack that plagued a site, the next step was to be proactive in making sure these hacks did not occur again. There were also some site optimizations that needed to go into place, since the load time was extremely slow.
Again, I'll admit that I'm no WordPress guru, but I knew the mechanics of the web, and I knew what was needed to get a page to load fast. That said, here are the plug-ins I wound up installing on the Evangelical Outpost site that has really improved things:
On the security frontÂ…
SI CAPTCHA Anti-Spam
Are you getting too many messages clogging up your posts? This typically occurs by scripts or bots that can easily walk in, fill out the comment fields, and move on to your next post. What CAPTCHA does is provide some “obfuscated text” that a robot cannot read, and requires some form of intervention to interact with before the commented it submitted.
WordPress Exploit Scanner
This plug-in can be run from the admin panel and will look over all your files and folders for folder permission issues and other items that can open security holes in your site. Don't run this during the middle of the day, since this scanner will take up a bit of time and resources.
On the performance frontÂ…
W3 Total Cache
W3 Total Cache provides a wide variety of ways to improve the performance of your site. It will allow you to compress your JavaScript and CSS files on the fly. It has several methods of caching posts, which include memcaching if you have the capabilities to do so on your hosting account. It will distribute your content over a CDN if you have one. It also caches database queries to optimize performance. Enabling the total cache after installation shows great improvement, but taking a bit more time to add your CSS and JavaScript files for minification and altering compression algorithms will make things work even better.
Add Meta Tags
This plug-in is a simple tag that allows you to insert the proper meta tags into the head of your front page and/or post pages. There are no frills to it, but if you need to put a tracking code in and not worry about doing it across themes, this plug-in works great.
PC Robots.txt
The default robots.txt file does not help at all for getting your search engine details in place. It also was causing a few problems during our spam problems because the cached content was getting consumed by GoogleBot as well. Since the file is dynamically generated by WordPress, this plug-in allows you to configure what your robots.txt file will look like to the crawlers to your site. You can read up on various configurations for your robots.txt file and configure yours accordingly.
Google XML Sitemaps
Having a sitemap file that Google reads does wonders to your site. It helps with your search results, and it also helps generate “site links” that appear right below your main site link to help users dig deeper into your site. Unless you have your own complete site map or index generator, odds are your older posts will slowly get lost within your site, and only a rare search will pull it up again into the Google cache. This plug-in will generate a compressed sitemap file that includes ALL of your posts and topics, plus it includes the proper refresh keywords to make sure things are updated within Google frequently. Our previous sitemap was only grabbing about 20 items. Setting up this plug-in submitted all 3000+ articles for indexing/caching on Google.
All of these plug-ins installed quickly and most required little to no configuration details to get running. Having these items installed has helped both our security and performance on the site. I hope they help you as well.
Have you found any plug-ins that are helping performance/security on your WordPress install? I'm always looking for new ones, so let me know!