Let's Talk About WordPress

Talk about anything WordPress related here that you think does not necessarily need an individual topic.

Let’s go :slight_smile:

2 Likes

What are you favourite WordPress security plugins (preferably free)?

I really like: https://wpsecurityninja.com/

Is this better than Wordfence, given that Wordfence free have malware scanner on free version ?

Most security flaws are discovered in plugins, hence I’m not using any. There’s plenty of security plugins that actually contain security flaws. I keep plugins to a minimum and only use decent plugins.

1 Like

This.

There’s plenty of good plugins out there but the amount of times I’ve seen some old plugin that hasn’t been updated in 4 years used to achieve something any good dev could add too the theme (without compromising security) is sad.

It’s the same with caching IMO - caching at a server level is a lot better than at a PHP level. While I get that it’s not always possible with shared hosting, if it’s on a server you have control off adding plugins to speed the site up doesn’t make sense to me lol.

1 Like

Well it is easier for not knowledgrable people like me . i mean cache+autoptimize+cloudflare. Which is your config?

Ditched all of them in favor of ApisCP.
@nem can you pitch in?

1 Like

I like wordpress.

Almost all editable websites I make, I build them with WP with templates coded by myself from scratch.

What I don’t like are the bloated templates that make WP slow, requiring a lot of plugins, but that’s what clients want to use (but they don’t need) and what they want to pay.

2 Likes

Well, CF for the DNS is for certain. CDN depends on the site but I can tell you that it doens’t always favor the website. It really depends.
Have you tested your website with and withou CDN?

As for optimization plugins, I am currently using ApisCP Web APP optimization. But I’ll be introducing a plugin soon. Not yet sure which.

There are two plugins that I always install.
ShortPixel Plugin to optimize images. You might go by with their free account.

Happyfiles to manege the media. Altgough it can help grouping pages, posts etc… as well. A worthy LTD to buy. @Ympker

2 Likes

I’ve used caching plugins before, and they do make it easier - but when the web servers gets the request it’s more efficient if the web server knows if the page is cached or not and serves it than handing it off to PHP to check if its cached or not.

I use a couple of custom scripts to automatically optimise images and generate webp versions of images, and they get served if the browser supports webp (and an image exists). Caching is done either by nginx or varnish. If the majority of the visitors are from the same country the site is based in, then IMO cloudflare isn’t needed unless you need to hide the servers IP. Same with CDNs - if it’s all from the same country and the server can cope with the load, a CDN just adds another DNS lookup.

Tweaking MySQL/MariaDB config can help too, but again this doesn’t apply to shared hosting.

2 Likes

Fair enough. Although I remember you bought a lifetime deal from WP Security Ninja iirc?

I think WP Security Ninja (free) is great for installing once initially to fix WP security related suggestions, then uninstall.

Well yes i have tried it but i prefer to hide the ip of my website for security reasons. I guess that it would me far faster i am aware of it but my site charges in 0.9 second (london gtmetrix server based on hetzner) so i can not complain about that. Make it simple and fast. Could be faster may be but is enough for me. What is that optimizstion plugin? Well i am using tinypng for the images

True well i am using cf to hide the ip as well. May be the speed is slower but i like it in that way. Well i am using centminmod for the server and i have not knowledge how to cache it on nginx level .so i guess i am better with the cache level. Just for curiosity do you have a guide how to cache the pages on nginx? May be i could try it or at least learn something. If is complicated to be done then nothing

It’s not a plugin, it’s the server hosting panel. ApisCP has a lot of built in optimization features.

1 Like

Thanks i should give it a try thanks for sharing it

1 Like

Would you share the rules you use for Varnish cache? If not possible, you have any tips about that?

I’ve experimented really slow times while saving posts, about 30 seconds.

Wordpress is good, though it is day by day becoming a platform not suitable for shared hosting.

Plugins are getting heavy, themes are getting heavy leaving you with no choice or either to upgrade your wordpress website to a VPS or have as less plugins activated as possible.

[Personal experience]

I thought HostMantis is doing a great job for shared hosting considering their very generous resource allocation. There is a trend of sites going over to offering “WordPress Hosting” instead of Shared to make it its own category.

Btw what has happened wirh siteground? After all the changes and ignoring wordpress customers and affiliates. It sounds like they wish to sell the company or it is radical change in their politics and behaviour to save some money . Who knows let s see

It’s generally site specific to be honest. I exclude the admin area from all caching usually, so it might be worth checking that varnish/nginx/etc is just passing anything wp-admin (or if you’ve changed the directory make sure it allows for this) over to PHP.

I’m not suggesting CF is slow, just that it’s not always needed. There’s some good tips on 9 Tips to Improve WordPress Performance with NGINX for using nginx - but as you’re using ApisCP I believe they do have some good Apache rules for optimisation.

If you’ve got caching/etc setup then after that concentrate on whatever PageSpeed or GTmetrix has to say - even with a good TTFB they might know you down in other areas.

1 Like