WordPress Performance and Usability

I have created a handful of WordPress websites which are hosted on GoDaddy Managed WP. I did not choose the hosting environment – the customers did. Since GoDaddy will not allow me to use any caching plugins, another solution had to be found to solve performance issues.

I added several lines to .htaccess to force browser caching for various file types, and while this did speed up subsequent page loads, first time visitors were still loading slowly.

Finally I found the solution that cut the time the pages loaded in half. In a blog post on the Canonical SEO website, the author explains the inefficiencies in the default WordPress .htaccess code, and a very simple code replacement.



# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L] </IfModule>
# END WordPress

replace with:

# BEGIN WordPress
RewriteEngine on
# Unless you have set a different RewriteBase preceding this
# point, you may delete or comment-out the following
# RewriteBase directive:
RewriteBase /
# if this request is for "/" or has already been rewritten to WP
RewriteCond $1 ^(index\.php)?$ [OR] # or if request is for image, css, or js file
RewriteCond $1 \.(gif|jpg|css|js|ico)$ [NC,OR] # or if URL resolves to existing file
RewriteCond %{REQUEST_FILENAME} -f [OR] # or if URL resolves to existing directory
RewriteCond %{REQUEST_FILENAME} -d
# then skip the rewrite to WP
RewriteRule ^(.*)$ - [S=1] # else rewrite the request to WP
RewriteRule . /index.php [L] #
# END wordpress

Protecting WordPress Administration, or, DON’T GET HACKED!

One way of protecting wp-admin is by limiting the specific IP’s that can access it. I found this simple solution here. As long as you are not using a DNS filtering service, edit your .htaccess file thus (Replace 123\.123\.123\.xxx with your own IP addresses):

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR] RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.121$
RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.122$
RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.123$
RewriteRule ^(.*)$ - [R=403,L] </IfModule>

This will give anyone coming from another IP address a 403 error.

Additionally, to prevent access from bots without legitimate referrers or user agents from spammers:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI} .(wp-login)\.php*
RewriteCond %{HTTP_REFERER} !.** [OR] RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) http://%{REMOTE_ADDR}/$1 [R=301,L] </ifModule>

note: change
RewriteCond %{REQUEST_URI} .(wp-login)\.php*
RewriteCond %{REQUEST_URI} .(wp-comments-post|wp-login)\.php*

to also help protect your WordPress site from comment spammers.

Zorpia is a Pfishing Scam

Recently I have been receiving messages from a company called “Zorpia” informing me that “Rachel” had left me a private message. “Rachel” has my email address and my personal phone number, so I doubted she would leave me a message on a website I had never heard of. She doesn’t particularly like mainstream social networking, such as Facebook. I suspected, and my research has confirmed, that Zorpia is likely a pfishing scam, much like “ShoppyBag.”

It all started with PickyKidPix who opened the first Zorpia email from her friend Devin. Devin had no idea that such an email was sent out. No one does. I then got an email from my daughter that I had a message from her. Given that it was 11:00 pm and she was asleep, I opened the email. The only way to see the message was to allow it access to my Facebook.

Big mistake…

… Read More in PragmaticMom

Subsequently, I tweeted an article I found on the subject, and this reply came from Zorpia:

@susgeek In regards to the blog you’ve posted, we already answered and took actions regarding their blog post to us.

— Zorpia (@zorpiasupport) July 23, 2013

Then why did this appear in my inbox this morning??? I changed the links and the image to protect my coworker whose contacts were apparently phished from her. All Zorpia links are removed as well.

Hi Susan,
Rachel left you a private message

Rachel has left a private message for you. Click on the button below to view it:
View Private Message
The Zorpia Team

I know for a fact that Rachel did not leave me a private message on Zorpia. All I have to do is click on the links in my email and access to my email contacts would be granted to Zorpia.

Go Top