WordPress

WordPress powers a massive portion of the web, but running it at a professional level – especially on Windows/IIS or high-performance Linux stacks – requires specific expertise. This sub-category focuses on the technical side of the world’s most popular CMS: from MySQL/MariaDB tuning and PHP-FPM optimization to advanced caching strategies and security hardening.

Forget the basic plugin reviews; here we go under the hood. You’ll find guides on managing WordPress via WP-CLI, automating updates, and protecting your installation from the latest vulnerabilities. If you are looking to host WordPress with the speed and security of an enterprise-grade application, these battle-tested configurations are for you.

featured article

Query all WordPress posts in MySQL not having a Yoast SEO meta description

Latest articles

Disallow direct access to PHP files in wp-content/uploads/

2020-03-16

Securing the WordPress uploads folder is important. In many hacked WordPress sites, a PHP backdoor is found within the WP_CONTENT_DIR/uploads directory. Often because this is the location where uploads are placed automatically. From the backdoor within wp-content/uploads other backdoors are uploaded to various locations, and scripts are injected with malware.

Delete spam comments after three (3) days

2019-12-09

How to change Akismet interval to three days instead of 15 days for deleting spam comments using the akismet_delete_comment_interval filter.

Increase WordPress’ memory limit WP_MEMORY_LIMIT properly in wp-config.php

2018-02-26

How to increase the memory limit for your WordPress website, the right way. In this post I show you a correct way of setting WordPress WP_MEMORY_LIMIT and PHP memory_limit settings to improve Wordpress speed & performance.

Lego security officer keeping your sites secure

Protect WordPress from brute-force XML-RPC attacks

2017-06-02

How to protect your WordPress from brute-force XML-RPC attacks, because the WordPress XML-RPC API has been under attack for many years now.

Anime Dude with Retro-futuristic Jetpack Soaring Above Neon-lit Cityscape

Remove Jetpack email sharing service

2017-05-19

Remove Jetpack email sharing service using WordPress plugin or theme functions.php file. It's often abused by spammers

Check WordPress Core files integrity

2016-12-16

Check WordPress integrity and verify WordPress Core files' md5 checksums against WordPress' checksums API, using this standalone PHP file.

Clear PHP opcode caches before WordPress Updates: ease the updating process

2016-10-19

WordPress core-, plugin- and theme updates sometimes fail because of enabled opcode caches in PHP. Popular PHP opcode caches are OPcache, WinCache and APC. This little WordPress Must Use Plugin tries to flush opcode caches. Making your live a bit easier when updating WordPress Core, Plugins and Themes.

Tips to speed up WordPress, serve gzip compressed static HTML files

2016-09-05

Gzip compress and serve WP-Super-Cache or Cache Enabler static HTML files, to supercharge your WordPress blog!

Lego security officer keeping your sites secure

Akal Premium WordPress theme XSS vulnerability

2016-08-22

This post describes the Akal premium WordPress theme Cross Site Scripting (XSS) vulnerability. If you use this theme, delete it immediately!

Optimize(d) WordPress hosting (9+ practical tips)

2016-08-01

9+ Practical tips to optimize WordPress hosting - or for any other PHP web application for that matter. Learn optimizing your WordPress hosting

SSL in WordPress: how to move WordPress to HTTPS? The definitive guide

2016-07-15

Move WordPress to HTTPS correctly. Learn the Site Health switch, database search and replace, IIS/Apache redirects, HSTS hardening, and OpenSSL verification.

Optimize WordPress MySQL tables through Cron, behind the scenes

2016-03-04

Schedule WordPress database optimization with WP-Cron.

Minify WP-Super-Cache HTML cache files: WPSCMin a WP-Super-Cache plugin

2015-12-27

The WordPress WP-Super-Cache cache plugin doesn't minify HTML cache files, which I find a disadvantage. Knowing minify libraries, I went looking for an existing solution (why reinvent the wheel?), and found one: WPSCMin. Read on ...

My WordPress web.config

2015-06-22

Do you host your WordPress website on Windows Server IIS? And are you having trouble with your web.config? Here is mine :)

Disable WordPress comments (how-to)

2015-01-02

With thousands spam reactions, disabling (and removing) WordPress comments is often the only way to go. Here is how to disable WordPress comments in both the WordPress Dashboard interface and in your MySQL / MariaDB database.

comma separated custom taxonomies in WordPress

Display Commas in WordPress tags

2014-10-12

How to display commas in WordPress tags? And why have commas in WP taxonomies?

blue and white mail box on green grass field

Send authenticated SMTP email over TLS from WordPress

2014-07-29

Learn how to override wp-mail() and send secure email using authenticated SMTP and StartTLS from WordPress.

WordPress XMLRPC API

Huge increase in WordPress xmlrpc.php POST requests

2014-07-07

How to identify, block, mitigate and leverage xmlrpc.php scans, brute-force, and user enumeration attacks on WordPress sites... Secure WordPress xmlprc.php interface and reduce service disruption.

Block WordPress comment spammers manually

2013-11-30

The less spammers hit your WordPress blog, the better your blog performs, is one of my opinions. A second is, the less unnecessary plugins you use on your WordPress blog, the better. So, a little while ago I decided to remove plugins like Stop Spammer Registration Plugin and do its work myself.