Add Expires Headers to Improve WordPress Website performance

Sooner or later, you will deal with page speed, loading time, and other performance related subjects. Running developer tools, such as Yahoo YSlow, or Google Page Speed, “Add Expires Headers” can be one advice you won’t miss if you are running website by the default WordPress installation. In Google Page Speed, the term is “Leverage Browser Caching”.

Continue Reading →

WordPress Security Tip: Disable Theme and Plugin Editors in Admin Panel

WordPress administrators can modify Theme & Plugin files in build-in editor. The editor provides a convenient approach for site administrator to change something on the fly without going through FTP client. It also makes it possible for novice site owner to crash the site. As a security measure, it is recommended to disable the editor to improve security.

Continue Reading →

Seriously! How to Remove WordPress Version Number

A lot of us know that, “removing WordPress version number” is a fairly popular security trick. The purpose is to hide the WordPress version number embedded in the final rendered HTML code, so to reduce the risk of being targeted by hackers for known vulnerability.

Whether this trick has anything to do with security is still a myth, let’s take a look at how it works.

Continue Reading →

WordPress Security Tip: Lock Down File Access

WordPress is more than regular website, it is a Content Management System. It has more than 1000 files out of the box. After installation extra themes, plugins, and other uploads. There are few thousands of files under one roof. Default WordPress installation only setup basic file and folder permission. There are certain files you don’t like to expose to anyone. As one of the security tips, locking down public access to these special files is crucial.

Continue Reading →

WordPress Security Tip: Delete ReadMe after Installation

Finally, we upload the final touch-ups to the website and make the site go live. Before releasing myself from the project, I go over the usual routine for every site developed by our studio, or special request from clients. The routine is a security enhancement. One of these security enhancement, it to delete unwanted & unnecessary files.

Continue Reading →

Better Way to Defeat WordPress Brute Force Attack

It should be well-known throughout the WordPress community, that WordPress-powered websites are being targeted with brute force attacks. It targets website that still use “admin” as the primary administrator’s user name, with variation like “adm”, “administrator”, “admin1”, “Admin”, etc. The attack was peaked in April this year, but it didn’t stop. My website was under Brute Force Attack just few days ago. I got lucky, not because I don’t have “admin” account, but because I have better protection.

Continue Reading →

S2Member Causes Internal Server Error

S2Member is my favorite membership plugin for WordPress. I have spent quite some time digging this plugin, and been able to tailor some of its features to meet my clients’ requirement. I’ve done quite a few S2Member installations without any headache until just now.

I got the INTERNAL SERVER ERROR.

Continue Reading →

Failed to Log into Admin Panel after Upgrading to WordPress 3.5.2

Be very cautious on clicking the “Upgrade to 3.5.2” button on your WordPress website. I have 10 successful upgrades, but 8 failures. It is not a disaster, because it is easy to fix.

Continue Reading →

Improve WordPress Site Performance by Increasing Memory Limit

If you found yourself spending too much time watching the loading icon on your WordPress website, it is time to consider a performance optimization. WordPress loves memory! Insufficient memory can lead to slow response, and in the worst case (I’ve seen quite few), WSOD – the White Screen of Death.

Continue Reading →