Docstoc

WordPress - PowerPoint

Document Sample
WordPress - PowerPoint Powered By Docstoc
					Installation and Optimization of
           Wordpress
How to build an easy to manage, elegant, secure and
                 reliable web site.
WordPress Configuration
 This presentation shows
  the steps followed for
  installing and configuring a
  WordPress fresh
  installation
WordPress Installation
I.- Installation & Basic Configuration
II.- Enabling Multilanguage (multisite)
III.-Theme Design Tips: Grid System + Artisteer Tool
IV.-Web Site Layout
V.- Apache errors handling
             I.- WordPress Prepare Installation
                                                                                      Cpanel : Database & User creation
   Contract Web Hosting Service: like
    http://www.justhost.com/ ( videotutorial:
    http://www.youtube.com/watch?v=q-pF1BBU7f0 )
   Upload and Unpack WordPress in your web host:
    http://wordpress.org/download/, (FTP client videotutorial for the               Wordpress wp-config.php creation
    upload: http://www.viddler.com/explore/mewebhost/videos/4/ )
                                                                                                              Wizard
   Create Database: thorugh Cpanel hosting service.
   Create new MySQL user/database through web hosting tools (Cpanel):
    hide any wordpress reference in the names, no clues for hackers
    (videotutorial: http://www.youtube.com/watch?v=rA4Uzs_VjGM ).
   Create wp-config.php:
   Launch WordPress Wizzard in your browser http://yoursite.com . Stop
                                                                                                  MyDatabase
    righ after the file creation (screen right after the one shown in the right)
                                                                                                   MyUser
   Edit wp-config.php manually: throught Cpanel web host tools.
                                                                                                   MyPassword
            Check Values:


             define('DB_NAME', ’MyDatabase');                                                      MyPrefix_
             define('DB_USER', ’MyUser');
             define('DB_PASSWORD', ’MyPassword');
             define('DB_HOST', 'localhost');
            Enabling multisite: for multilanguage support. Add these
             $table_prefix = ’MyPrefix_’;                               lines:


             define('WP_CACHE', true);
                                                                                   NOTE: edit wp-config right after pressing “send” in this
             define('EMPTY_TRASH_DAYS', 7 ); // 7 days
             define('WP_ALLOW_REPAIR', true);                                      window
             define('WP_ALLOW_MULTISITE', true);
             /* ¡That’s all, stop editing! Happy blogging */
                I.- WordPress Installation
                      (avoid Fantastico, avoid default values; easy to hack)


                                                                Wordpress Installation Wizard
 Launch the installer:
 with the proper wp-
 config-php
   Use very strong
   credentials: for this super
   Administrator profile.
 Login as super-
 administrator to the
 dashboard:
 http://yoursite.com/w
 p-admin
                                I.- Create First Users
 Create Editor Role User through the dashboard:
   Editor role = Wordpress publishing administrator : not
     unlimited rights as a blog Administrator role.
   Blogging Clients at PCs connect as Editor: never use
     Administrator role for blogging, better editor or author.
 Replace “admin” user (if required): never keep an
   Administrator called “admin”, make things easy to hack.
     Create new Administrator user: as Administrator of the site,
      create a difficult to guess username and strong password
     Delete “admin” account: better to keep just one
      Administrator role with very difficult credentials. Never use
      it for blogging.
 Hide Administrator nickname:
     Edit Administrator user
     Insert Name + Surname
     Show full name in public (not the nickname)
I.- General Settings
I.- Writting Settings
I.- Discussion Settings
                        I.- Permalinks Setup
 Setting proper permalink structure:              balance between search engine/ database friendly.
   Search engine likes key words: for indexing contents.
   Databases like numbers: unique key; very fast allocation.
   Conclusion: start links with unique numbers (timestamps), end with names (postname, category).
     Below an example. In my opinion, second option is the best, since longer timestamp, avoiding confusing
     entries.
                              II.- Enabling Multi-Site
                                          (for multilanguage support)

     Enable the WordPress Network: follow the steps below
1                                                       2
                                                                        3.- Copy/Paste this code
                                                                            to wp-config-php




                        2.- Install the                                    4.- Copy/Paste this code
                          Network                                                to .htaccess
          1.- Network
            Settings

     1
            II.- General Multi-Site Options
                             (multilanguage support)
 Enable uploads to sites: check the screenshot
                1.- Network Options
                                                  2.- Fill Site Properties
                          My Site

                         admin@mydomain.com




                                      3.- Check All

                                       4.- Uncheck
II.- One site per language
1.- Sites Settings




                                           2.- Site URL

                               deustche

                                                          3.- Site Name
                        My Site - German
                                                               4.- Editor’s email



                     5.- Add Site
        II.- Edit Properties of each site
     Edit Site:                Users Management:
1                              2                           2.- Change Editor user privileges
               1.- Edit Site
                               Super Admin                                                3.- Update
                               Editor


                                                                                         4.-Type “Super-
                                                                                           Admin” user
                                                                                        5.- Choose
                                                                                    “Administrator” Role
                                                                                            6.- Update

3
      Set Language Options:



                                            7.- Set the language
                                       en_US (english USA), es_ES (spanish, Spain),
                                   es_AR (spanish, Argentina), de_DE (german, Germany)
                                     III.- WordPress Look&Feel
   Buy Professional Theme : it worth to expend few euros in a professional theme:
       Choose Carefully:                                                                                                  Install Theme
            Based in a growing theme framework: your theme will be updated.
            In line with web site aim: magazine, shop, etc.; would include certain extra functionality.
            Proper levels of customization: page types, multilanguage support, , colors, effects, etc.
       Recommended Sites: they develop their own theme design framework
            StudioPress: http://www.studiopress.com/
            iThemes: http://ithemes.com/
       Theme’s Repositories: support and updates are not guaranteed:
            Theme Forest: http://themeforest.net/
            WooThemes: http://woothemes.com/
            Wordpress Graphics: http://www.wordpressgraphics.com/
   Adapt or create theme: based on a theme framework, professional theme or grid system.
     Design Tools (Artisteer): http://www.artisteer.com                                                   Enable theme for the network
     Theme Frameworks:
            Atahualpa(free) : http://wordpress.bytesforall.com/ ; videotutorial:
            Theme Frame: http://themeframe.com/
            Genesis: http://www.studiopress.com/themes/genesis
            iTheme Builder: http://ithemes.com/purchase/builder-theme/                                     4          6
       Grid Systems: very basic structure for designs not based in frameworks
         960 Grid System: http://960.gs/
         Golden Grid System: http://code.google.com/p/the-golden-grid/
         Resources: http://www.thegridsystem.org/                                                               5
   Install and enable theme in wordpress:
       Upload Theme: above screenshot.
       Enable Theme in the network: below screenshot
       Enable Theme on each site: visiting each independent dashboard
                                           III.- Rich Typography
                                                  (advance theme edition)
   FontServ Online Services: web publishing = limited fonts. Solution: online font services. Best for WordPress is
    FontServ.
           FontServ: http://fontserv.com/
           Font Burner : 1000+ free fonts http://www.fontburner.com
           Google Fonts: few free fonts http://code.google.com/webfonts
           TypeKit: not free http://typekit.com/
           TypeFront: not free, http://typefront.com/
 Create Account: http://typekit.com/
 AnyFont for WordPress Plugin: allows you to upload your own fonts and use FontServ online repository.
 Customize your CSS files: with artisteer SW or manually.
                                                                2
                               1.- FontServ Sign up
    1
                                                                                                  2.- FontServ
                                                                               3.- FontServ
                                                                                                    Settings
                                                                               API Number




                                                                                    1.- AnyFont        4.- Save
                                                                                      Settings         Settings
        IV.- Website Layout : Category & Pages
   Map Categories to Pages Plugin: allows to distribute blog contents into several pages. Basic concepts:
      Category = Magazine: you can tie a root category to a page, creating a new “magazine”.
      Subcategories = Magazine’s Sections/Subsections: each category can contain a complete tree of subcategories.
      Post = Articles, products, projects, etc.: is the basic element of any blog. Can contain anything.
   Create basic web layout: the sooner you know the basic navigation elements (=pages), the better. Think on main
    sections of your site. This will bring you to create content’s “buckets” and where to display them:
           ROOT CATEGORY (contents layer)                  PAGE LAYOUT(representation layer)
           Products                                       Shop Page
           Articles                                       Blog Page
           Projects                                       Portfolio Page
1                                                              2
    1.- Categories 2.- Long Name                                                     5.- Save & Preview

                                                                                         4.- Page Title

                                 3.- Short Name
                                 (search engines)                                                                 About
                                                                                                                  Empty

                                                                                      3.- Check Category          Products
                                                                                                                  Projects
                                                                                                                  Uncategorized


           4.- Description



                  5.- Add                                                  1.- Add Page 2.- PageType
IV.- Content Distribution within pages (widgets)
            and Home Page Design
                                        Drag & Drop   Elements of each
                 Contents to allocate
                                                         PageType
                                    V.- Apache Errors Handling
   Two different errors: two different ways to handle errors.
     Wordpress Errors: handle by theme. If can’t find a post, wrong URL, etc.
     Apache Errors: not handle by themes. If forbidden access to folder, service unavailable, server down, etc.
   Apache errors handling:
     Static error pages design: fobidden access (403) and server down errors (405,500 and 503) requires static pages designs
       usually not included in themes.You need to create them and allocate properly:
            Force Theme Error: type wrong URL and see error message.
            Copy/Paste HTML code into index.html file
            Tweak HTML for each error:
            Upload files to server : error/403/index.html, error/405/index.html, etc.
     Edit .htaccess: to add error redirections, here the code splited in columns for saving space:

      # BEGIN Error Redirections                     ErrorDocument 415 /index.php?error=415    ErrorDocument 502 /index.php?error=502
      ErrorDocument 403 /error/403/index.html        ErrorDocument 416 /index.php?error=416    ErrorDocument 503 /error/503/index.html
      ErrorDocument 404 /index.php?error=404         ErrorDocument 417 /index.php?error=417    ErrorDocument 504 /index.php?error=504
      ErrorDocument 405 /error/405/index.html        ErrorDocument 418 /index.php?error=418    ErrorDocument 505 /index.php?error=505
      ErrorDocument 406 /index.php?error=406         ErrorDocument 419 /index.php?error=419    ErrorDocument 506 /index.php?error=506
      ErrorDocument 407 /index.php?error=407         ErrorDocument 420 /index.php?error=420    ErrorDocument 507 /index.php?error=507
      ErrorDocument 408 /index.php?error=408         ErrorDocument 421 /index.php?error=421    ErrorDocument 508 /index.php?error=508
      ErrorDocument 409 /index.php?error=409         ErrorDocument 422 /index.php?error=422    ErrorDocument 509 /index.php?error=509
      ErrorDocument 410 /index.php?error=410         ErrorDocument 423 /index.php?error=423    ErrorDocument 510 /index.php?error=510
      ErrorDocument 411 /index.php?error=411         ErrorDocument 424 /index.php?error=424    # END Error Redirections
      ErrorDocument 412 /index.php?error=412         ErrorDocument 425 /index.php?error=425
      ErrorDocument 413 /index.php?error=413         ErrorDocument 426 /index.php?error=426
      ErrorDocument 414 /index.php?error=414         ErrorDocument 500 /error/500/index.html
                                                     ErrorDocument 501 /index.php?error=501
Performance Optimization
I.- Speed Optimization ( caching)
II.- Search Engine Optimization (SEO)
III.- Site Analytics
IV.- Content Distribution
                                 I.- Speed Optimization
   W3 Total Cache Plugin installation: keeps static copies of pages in memory, releasingWordPress to repeate creation of
    pages per request.
     DefaultValues are OK: for most installation. Take a look to the settings to see which options suits you.
     Run Compatibility Test: request your hosting provider to install the PHP modules required for the plugin.
     Content Delivery Network (CDN): already integrated in the plugin. Big sites need static heavy contents (multimedia, themes, etc.)
      in fast servers (Amazon S3 or Coral Networks, for instance) outside your hosting server. Here Amazon example:
           Amazon Cloud Front : enhance communications speed, reducing requests.
           Amazon S3 : enhance service response time.
   Enable site by site: language by language activation
         II.- SEO = Search Engine Optimization
   All in One SEO Pack plugin installation and activation:                       Google XML Sitemaps
    install and activate plugin. Then go to settings (see screenshot below):       Multisite plugin: generate xml
     Enable Plugin for the network                                                sitemap and send it periodically to
     Enter Site description for search engines                                    main search engines.
     Delete %blog_title% from everywhere
                              III.- Site Analytics
 Create Google Analytics Account for your website:
    Register at: http://www.google.com/intl/en/analytics/
 Google Analytics forWordPress Plugin (if not supported by your theme): it is required that
   something insert in all pages google code. Usually themes allows that, but also this plugin.
    Theme Options -> No box for Google analytics code -> Install plugin
    Copy/Paste Google Code into proper box
 Google Analytics Report Plugin : will integrate analytics into your dashboard.



                                   2                           1




                                   3
                                   Click after
                                   each step

          1
  IV.- Content Distribution through Social Networks

 Social Neworks Profiles: create
  profiles for your site in the main              2
  socialnetworks
    Facebook: http://www.facebook.com
    Twitter: http://twitter.com
    Linked In: http://www.linkedin.com
 Ping.fm Profile: distribution
  service over all social networks
    Register at: http://ping.fm            1
    Get service key:
     http://ping.fm/key/.
    Copy/Paste to plugin:
 CR Post to Ping.fm Plugin:
  automatically send all post to Ping.fm,
  then distributed over social networks.
                                            3
Reliability Optimization
Database Optimization
Remote Back-Up Scheduling
                   Database Optimization
 Edit wp-config.php file: add those lines
# Database Automatic Optimization
define('WP_ALLOW_REPAIR', true);


# Clean Trash periodically
define('EMPTY_TRASH_DAYS', 30 ); // 30 days

 WP-Optimize Plugin: manual database optimization.
                 Remote Back-Up Scheduling
 Two different policies here:
   Host provider daily backup: leave this          2
     problem to your hosting provider for low
     price.                                         3
    Enable Wordpress for remote full
     backups: in Amazon S3, or Dropbox.             4
     Below procedure for Amazon S3 remote
     backup
 Enable remote space for backups:
   outside yout hosting server
    Amazon S3: create Account and Bucket               5
     at http://aws.amazon.com/s3/.
                                                1
    Dropbox:                                           Click after
     http://www.dropbox.com/tour                        each step
 Backup scheduling:
   Daily local database backup: to private
     folder using DBC Backup plugin.
    Weekly/Monthly full backup: to Amazon
     S3 using Automatic WordPress Backup
     plugin
Publishing Optimization
Blogging PC Clients
Anti-Spam
Lab Environment
           Blogging PC Clients installation
   Install Blogging Client in your PC:
     Microsoft Windows Live:
       Download: http://explore.live.com/windows-live-writer?os=other
       Tutorial: http://www.youtube.com/watch?v=SBrXU3O-wYU
     BlogJet: http://www.codingrobots.com/blogjet/


   Configure blog accounts: later security enhancement will make very difficult for PC clients to detect blog
    details and theme.
       Tutorial: http://www.dragonblogger.com/wordpress-windows-live-writer/
       One Editor account at least per language
       One Author account at least per language
       NO ADMIN ACCOUNT
                               Multimedia Handling
 Video Management: upload your videos to Youtube or Vimeo, then link them in your blog.
    Youtube Channel:
      Creation : http://www.youtube.com/watch?v=gQ9JXbK5quU
      Playslist creation: http://www.youtube.com/watch?v=9DWTF7MJ6H4
      UploadVideo: http://www.youtube.com/watch?v=9w-gQAwS2uc
    Vimeo Channel:
      Creation & Upload: http://www.vimeo.com/groups/20334/videos/5760343
    Windows Live Writer plugins:
      YouTube : supported by default.
      Vimeo:
 Image Management:
    Flickr Image Hosting: for widely repeated images, just repeat the link over your posts.
      Account Creation: http://www.flickr.com/ , videotutorial: http://www.youtube.com/watch?v=sqLDafebAv4
      Windows LiveWriter Plugins:
          Upload: http://gallery.live.com/liveItemDetail.aspx?li=4d65ba39-74c5-4c57-a679-9301d757f8cb&bt=9&pl=8
          Insert: http://gallery.live.com/liveItemDetail.aspx?li=9cc421ec-b22e-45b6-98c4-3fae3846705e&bt=9&pl=8
    PC Images: if images size below 10 MB, insert images as you would do with any Text editor.See tutorials
      below.

       Windows Live Writer Tutorials:
              Add Plugins: http://www.youtube.com/watch?v=1WpelCTA0mM
              Insert Images/Videos: http://www.youtube.com/watch?v=3Fw3RMs1u58&feature=related
                              I.- AntiSpam : Akismet Plugin
   Get Akismet key:
       Registered at : http://akismet.com/
       Get free code in your email: personal blogs get free antispam service.
   Activate and configure Akismet WordPress Plugin:
       Single site activation:                                      2
1




       Multilanguage activation: edit wp-config.php file, add:

    /** Define Akismet WordPress.com API Key */
    define('WPCOM_API_KEY','your_api_key');
                            Lab Environment (1/2):
                try out everything before moving to live (advance)
 Replicate Live Installation: due to a) PC clients previews are not as real posts; b) new
  plugins need to be tested before putting in live servers, it is a good idea to install a testing
  environment in your PC.
    Web Server environment installation:
      Windows (WAMP): http://www.wampserver.com/en/
      Mac OS (MAMP): http://www.mamp.info/en/index.html
      Linux (LAMP): https://help.ubuntu.com/community/ApacheMySQLPHP
    Html_public folder replication (live/test): just download the folder through FTP and place it in
     your PC web folder.
    Database replication: using phpMyAdmin
       Export remote database to file : phpMyAdmin in hosting service (videotutorial:
        http://www.68classifieds.com/tutorials/phpmyadmin-backup.mov )
       Download SQL file to your PC through FTP client (Filezilla)
       Import SQL file using your PC phpMyAdmin




              Export database
                                                                   Import database
                                      Lab Environment (2/2):
                     try out everything before moving to live (advance)
   Edit wp-config.php:
       Add the lines:
    define('WP_SITEURL', 'http://' . $_SERVER['HTTP_HOST'] );
    define('WP_HOME', 'http://' . $_SERVER['HTTP_HOST'] );
       Change the domain line (if multisite):
    define( 'DOMAIN_CURRENT_SITE', ’localhost' );
   Edit Database Tables Manually: through phpMyAdmin,
    edit those values                                                            Edit database value
     Table: MyPrefix_site ; Values: domain = localhost
     Table: MyPrefix_sitemeta ; Values: siteurl = http://localhost
     Table: MyPrefix_siteoptions ; Values: {siteurl, home} = http://localhost
     Table: MyPrefix_meta ; Values: sourcedomain = localhost
     (Multisite) Table: MyPrefix_blog ; Values: site = {http://localhost,
      http://localhost/en, …}

   Clean .htaccess: just leave the WordPress section, delete the
    rest of the lines.
   Deactivate Plugins: login into the dashboard and deactivate
    all plugins, excepting Map-Categories-To-Pages.
   Create Account in Blog PC client: enable PC clients to
    update local blog.
   Keep Live/Test environment synchronized:
     Automatic WordPress BackUp Plugin (Linux/MAC): restore a
      live blog backup from Amazon S3 server. After each restore,
      deactivate the plugin. See “Reliability Optimization” section.
     Manually replicate database/web folder (Windows): replicate
      live installation process described above.
Security Optimization
Avoid Robots: Nucaptcha
Tweaking URLs
SSL Encription: login & dashboard
Tweaking Login
Edit .htaccess file
Security by Obscurity
                         Avoid Robots: Nucaptcha
 Install Nucaptcha Plugin: add image/sound for human validation to forms (comments,
  registration, login), avoiding robots action.
    Create Account: through plugin.
    Configure Nucaptcha: where to use human validation. Never in login if you are using PC blog clients.
   NOTE: there are some incompatibities between catching and recaptcha, not seen in nucaptcha.


              Create Account                                          Nucaptcha Configuration




                                                                                   1
                                                                         2
                                                2
                                                                                                 Uncheck if
                                                                                                 using blog
                         3                                                                       PC clients


         1                                                                     3
               SSL Encription: login & dashboard
               (avoid “man in the middle attack” not sending credentials in clear text format)
 Get Dedicated IP for your server: SSL requires dedicated IP.
 Install SSL public and private keys:
    Get SSL key pairs: SSL wildcard if using subdomains .
      Your own generated keys: using different commands or even web services you can generate
       these files.Your customers will get the message “untrusted site” when using https pages.
      Get certificate from well known sites: such as VeriSign, RapidSSL, etc.You can buy through your
       web hosting service directly.
   Install SSL files: ask your hosting service to do so.
 Check SSL connection: try to visit https://yoursite.com, if works, SSL is working.
 Replace authentication section in wp-config.php :
   Go to:https://api.wordpress.org/secret-key/1.1/salt/
   You should have a section like this in wp-config.php: based on the results of the link above
   /**#@+
    * Unique Authentication keys.
    * @since 2.6.0
    */
   define('FORCE_SSL_ADMIN', true);
   define('AUTH_KEY',        'r5p;k;o3_EQX4or(n(_vB;CMS|I9w.e{{wlC-%dtxAfI5$tOsl ~Hp.+fh?&9iK@');
   define('SECURE_AUTH_KEY', 'g1u<u=bgQ[)ELq]S,u3]cj<bUanC|zmVj1;*YPW/),5kln,g;$n<?dO8FNG}9<.1');
   define('LOGGED_IN_KEY', 'xTRQ -KM,(=8[j?9];T%dT]qN:wfC!H<}4{{.FdEvjZ4EuI$n_/Y_jc<V{kZA:W.');
   define('NONCE_KEY',         ':7v+mxT$ZWhu4%2+Lw:ZdpvpLBFZ{=bC+=?a%QiVckyNPgf#oAtJ>dp.FU3*S`H>');
   define('AUTH_SALT',        '>sP:1N|mZ[l;,axBBV-31ACCn5.uR6XdNn+ZP`$D^KV?HGD !Bk`BEM5T+Q:L5jv');
   define('SECURE_AUTH_SALT', 'nzMUG_ZsVlC-NlnJDa,R9{P-B=9=X]M%XYXV~dg;Y}fYr:xbml`-5?X.9tRM,sR5');
   define('LOGGED_IN_SALT', ';|YyssK!PT*FK)}p(vn02bgc}cTd)+2e`6]%bXCt?>il=3[ ]mRqewRX*xVE.C]j');
   define('NONCE_SALT',         'iQC-5b5xX^~_vkVNbQ`#Nc?%,N{I%wg|afiQt83nN.E/HnkU:==cFb2B8K@8W^UR');
                                        Tweaking Login
 Limit Login Attempts Plugin : limit rate of login attempts, make much more difficult brute force and
  dictionary attacks.
 (Advance Users) Protect wp-admin folder:
     HTTP Authentication (Apache web servers): recommended by WordPress, ask password before access the wp-
       admin forlder.
          Create .htpasswd file: with the credentials. From the command line execute this:
                     cd /path/to/auth/file
                     htpasswd -c .htpasswd username
                     Adding password for username.
                     New password:
                     password
                     Re-type new password:
                     password
          Edit wp-admin/.htaccess: add these lines:
                     AuthUserFile /path/to/auth/file/.htpasswd
                     AuthGroupFile /dev/null
                     AuthName "Somewhere.com's Secret Section"
                     AuthType Basic
                     <Limit GET POST>
                     require valid-user
                     </Limit>
     (Not Supported yet) Change wp-admin folder: to a difficult to guess name.
     (Not Supported yet) Dashboard in SSL subdomain: public/internal structures are different, making harder to
       locate access to the dashboard.
   (Advance Users) Customizing Login Window:
     Dedicated Login Window better for SSL: https is very slow, better to just use it in a dedicated login Window.
     Hide anyWordpress clues in login: with a completely own design.
    http://www.problogdesign.com/wordpress/custom-wordpress-login-screen
                          Security by Obscurity
 Protect folders and images:
   Disable folder browsing on .htaccess: see next slide.
   Disable hotlinking on .htaccess: avoid linking directly your files
    (jpg,png,gif,bmp,js,css,avi,mov,mp3), see next slide.
   Check file permissions:644 for files, 744 for folders.
 Hide wp-config.php :
   Limit access to the least (440 = r--r-----): restrict permissions inside the
    filesystem.
   Move one folder over Wordpress root: outside the public domain (public_html).
   Deny access through .htaccess: see next slide
 Hide that you are using WordPress:
   Disable “is proudly power byWordpress” message:
     dashboard -> settings -> general
     theme settings.
   Disable WordPress version in page headers: go to wp-
    contents/theme/your_theme:
      Edit functions.php: add this line
     <?php remove_action('wp_head', 'wp_generator'); ?>
                              Edit .htaccess file (Apache web servers)
Security (add):                                                                                                            Performance(add):
                                                                                                                         # BEGIN Define Mime Types
# BEGIN Block Script Injections                                                                                          # (in case /etc/mime.types is poorly
<IfModule mod_rewrite.c>                                                                                                 # configured or incorrect)
Options +FollowSymLinks                                                                                                  <IfModule mod_mime.c>
RewriteEngine On                                                                                                         AddType application/x-javascript .js
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]                                                           AddType application/x-shockwave-flash .swf
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]                                                           AddType image/bmp .bmp
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})                                                               AddType image/gif .gif
RewriteRule ^(.*)$ index.php [F,L]                                                                                       AddType image/jpeg .jpeg
</IfModule>                                                                                                              AddType image/jpg .jpg
# END Block Script Injections                                                                                            AddType image/png .png
                                                                                                                         AddType image/svg+xml .svg
# WPhtC: Disable ServerSignature on generated error pages                                                                AddType image/tif .tif
ServerSignature Off                                                                                                      AddType image/tiff .tiff
                                                                                                                         AddType image/x-icon .ico
# WPhtC: Disable directory browsing                                                                                      AddType text/css .css
Options All -Indexes                                                                                                     AddType text/htm .htm
                                                                                                                         AddType text/html .html
# WPhtC: Protect WP-config.php                                                                                           AddType text/plain .txt
<files wp-config.php>                                                                                                    AddType text/xml .xml
order allow,deny                                                                                                         AddType text/xsd .xsd
deny from all                                                                                                            AddType text/xsl .xsl
</files>                                                                                                                 </IfModule>
                                                                                                                         # END Define Mime Types
# WPhtC: Protect .htaccess file
<files ~ "^.*\.([Hh][Tt][Aa])">                                                                                          # BEGIN Headers: Ensure browser
order allow,deny                                                                                                         # caching of objects for 3 days
deny from all                                                                                                            # Set Expires header
</files>                                                                                                                 <IfModule mod_expires.c>
                                                                                                                         ExpiresActive On
# --- BEGIN hotlinking protection ---                                                                                    ExpiresByType application/x-javascript A259200
RewriteCond %{HTTP_REFERER} !^http://mysite.com/.*$             [NC]                                                     ExpiresByType application/x-shockwave-flash A259200
RewriteCond %{HTTP_REFERER} !^http://mysite.com$              [NC]                                                       ExpiresByType application/wlwmanifest+xml A259200
RewriteCond %{HTTP_REFERER} !^http://www.mysite.com/.*$              [NC]                                                ExpiresByType image/bmp A259200
RewriteCond %{HTTP_REFERER} !^http://www.mysite.com$               [NC]                                                  ExpiresByType image/gif A259200
RewriteCond %{HTTP_REFERER} !^https://mysite.com/.*$             [NC]                                                    ExpiresByType image/jpeg A259200
RewriteCond %{HTTP_REFERER} !^https://mysite.com$              [NC]                                                      ExpiresByType image/jpg A259200
RewriteCond %{HTTP_REFERER} !^https://www.mysite.com/.*$              [NC]                                               ExpiresByType image/png A259200
RewriteCond %{HTTP_REFERER} !^https://www.mysite.com$               [NC]                                                 ExpiresByType image/svg+xml A259200
RewriteRule .*\.(css|js|jpg|jpeg|tiff|png|gif|bmp|wmv|mov|avi|mp3)$ http://www. mysite.com/error/403/index.html [R,NC]   ExpiresByType image/tif A259200
# --- END hotlinking protection ---                                                                                      ExpiresByType image/tiff A259200
                                                                                                                         ExpiresByType image/x-icon A259200
                                                                                                                         ExpiresByType text/css A259200
                                                                                                                         ExpiresByType text/htm A259200
                                                                                                                         ExpiresByType text/html A259200
                                                                                                                         ExpiresByType text/plain A259200
                                                                                                                         ExpiresByType text/xml A259200
                                                                                                                         ExpiresByType text/xsd A259200
                                                                                                                         ExpiresByType text/xsl A259200
                                                                                                                         </IfModule>
                                    Edit .htaccess file (Apache web servers)
Performance (add):                                                                                  Replace:                         # BEGIN WordPress
                                                                                                                                     <IfModule mod_rewrite.c>
                                                                                                                                     RewriteEngine On
# BEGIN Define Mime Types (in                                                                                                        RewriteBase /
<FilesMatch "\.(bmp|css|ico|html?|js|tiff?|gif|jpe?g|png|svgz?|swf|txt|xsd|xsl|xml)$">                                               RewriteCond %{REQUEST_FILENAME} !-f
<IfModule mod_headers.c>                                                                                                             RewriteCond %{REQUEST_FILENAME} !-d
# Set Pragma header                                                                                                                  RewriteRule . /index.php [L]
Header set Pragma "public"                                                                                                           </IfModule>
# Set Cache-Control header                                                                                                           # END WordPress
Header append Cache-Control "public, must-revalidate, proxy-revalidate"
</IfModule>                                                                                          For (single site):
# Set Entity Tag header
FileETag MTime Size                                                                                  # BEGIN WordPress
</FilesMatch>                                                                                        RewriteEngine on
# END Headers: Ensure client-side caching of objects                                                 # Unless you have set a different point,
                                                                                                     # RewriteBase preceding this you may delete or comment-out
# WPhtC: Setting mod_gzip                                                                            # the following RewriteBase directive:
<ifModule mod_gzip.c>                                                                                RewriteBase /
mod_gzip_on Yes                                                                                      # if this request is for "/" or has already been rewritten # RewriteCond $1 ^(index\.php)?$ [OR]
mod_gzip_dechunk Yes                                                                                 # or if request is for image, css, or js file
mod_gzip_item_include file \.(html?|txt|css|js|php|pl)$                                              RewriteCond $1 \.(gif|jpg|jpeg|png|css|js|ico)$ [NC,OR]
mod_gzip_item_include handler ^cgi-script$                                                           # or if URL resolves to existing file
mod_gzip_item_include mime ^text/.*                                                                  RewriteCond %{REQUEST_FILENAME} -f [OR]
mod_gzip_item_include mime ^application/x-javascript.*                                               # or if URL resolves to existing directory
mod_gzip_item_exclude mime ^image/.*                                                                 RewriteCond %{REQUEST_FILENAME} -d
mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*                                           # then skip the rewrite to WP
</ifModule>                                                                                          RewriteRule ^(.*)$ - [S=1]
                                                                                                     # else rewrite the request to WP
                                                                                                     RewriteRule . /index.php [L]
# WPhtC: Setting mod_deflate
                                                                                                     # END Wordpress
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/xml application/xml application/xhtml+xml
text/javascript text/css application/x-javascript
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4.0[678] no-gzip
                                                                                                    For (multisite):
                                                                                                    # --- BEGIN WordPress ---
BrowserMatch bMSIE !no-gzip !gzip-only-text/html                                                    <IfModule mod_rewrite.c>
Header append Vary User-Agent env=!dont-vary                                                        RewriteEngine On
</IfModule>                                                                                         RewriteBase /
                                                                                                    RewriteRule ^index\.php$ - [L]

                                                                                                    # uploaded files
                                                                                                    RewriteRule ^([_0-9a-zA-Z-]+/)?files/(.+) wp-includes/ms-files.php?file=$2 [L]

                                                                                                    # add a trailing slash to /wp-admin
                                                                                                    RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]

                                                                                                    RewriteCond %{REQUEST_FILENAME} -f [OR]
                                                                                                    RewriteCond %{REQUEST_FILENAME} -d
                                                                                                    RewriteRule ^ - [L]
                                                                                                    RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L]
                                                                                                    RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L]
                                                                                                    RewriteRule . index.php [L]
                                                                                                    </IfModule>
                                                                                                    # --- END WordPress ---
Adding Functionality
I.- e-Commerce Solutions
II.- Membership Site : sell your contents
III.- Reservation & Appointments
IV.- Multilanguage
V.- HelpDesk : tickets & live chat
VI.- Monetizing the blog: Advertising & Affiliation
                  I.- e-Commerce
 Payment Services: you need to create a seller account in
 one payment platform with all the security requirements
 each will required from you, such:
   Paypal: https://www.paypal.com
   Google Checkout: http://checkout.google.com/sell
 Internet Service: small or big inventories
   Sign-Up at Ecwid: http://www.ecwid.com/
   Install Ecwid Shopping Cart Plugin:
   http://wordpress.org/extend/plugins/ecwid-shopping-cart/
                II.- Membership Site
                        (selling contents)


 WP WishList Plugin: very powerful and the easiest to use.
 Not free. http://member.wishlistproducts.com/
 Magic Members Plugin: a bit more complex, very
 powerful. Not free.
 http://www.magicmembers.com/?affid=47
 MemberWing Plugin: the most complex plugin with a
 free version. http://www.memberwing.com/
      III.- Reservation & Appointments
 AppointyWeb Service: free for simple sites, and certain fee
  for more complex service (hotels, etc.)
   Get Appointy Account: http://www.appointy.com/Web/index.asp
   Appointy WordPress Plugin: add new page template for appointy
    integration into your blog.
                                 V.- HelpDesk :
                              customer support & live chat

 HelpDesk Cloud Service :       this feature is so complex that
 it is better to use an online service. Most popular services:
   Mojo HelpDesk: great features with free version for small bussiness.
   ZenDesk: very powerful helpdesk service. Price starting at 9 EUR per
    Agent and month.
 WordPress integration:
   No plugins: you have to find your manual blog integration way
    (subdomains, redirections, own designed pages).
   User Managerment: becomes more difficult.
     Blog & Cloud Services Users Repositories makes integration difficult
     OpenID credentials might be the solution: use Gmail,Yahoo or other services credentials
      in your blog.
                            VI.- Monetizing the blog
                                  Advertising & Affiliation
 Google AdSense : Google advertising service. Google will help you to locate
  the advertising inside your site.
    Google AdSense Account: https://www.google.com/adsense/
    Advertising Manager Plugin: able to manage differente advertising networks within your blog
    Google Adsense Dashboard Plugin: you can see your AdSense earnings in the WordPress dashboard.
 Amazon Affiliates: you can either link to amazon products or directly sell them in your
  sites, getting a fee per sell.
    Amazon Affiliates Program: https://affiliate-program.amazon.com/
    Advertising:
      Amazon Affiliate Link Localizer Plugin: fee for each link to amazon product. Discrete way to monetize your
       blog.
      WP-Amazon-Carousel Plugin: creates a widget hat shows, at any part of your blog, a sequence of products.
    Affiliate shop: integrate the Amazon aShop into your blog.
      Create aShop with the prooducts of your interest: http://www.youtube.com/watch?v=8tVWNFTt0eM
      Amazon Store Plugin: integrates aShop in WordPress.

				
DOCUMENT INFO
Shared By:
Categories:
Stats:
views:2159
posted:1/28/2011
language:English
pages:46