Sharing IT Best Practices with youSharing IT Best Practices with you
WordPress
This article describes a way in which we can secure and accelerate non-WordPress sites, SaaS applications and other custom websites using WordPress. The original site remains unchanged, visitors and users will not notice any difference.
WordPress, I have had a love-hate relationship with it for years. I hated it because:
However, I also like WordPress for the following reasons:
Moreover, more and more of the mentioned problems are solved, making WP a stable and pleasant CMS.
In the past 20 years, I have designed and built many websites. In 50% of the cases, I used WordPress for that. Occasionally I bought a standard solution. For example for a Dating Website or a ticket system for a help desk. However, sometimes my ideas were so different that I had to build a site or app with PHP. In that case, I also had to program or implement scripts myself.
Last week I thought it would be nice if you could use the WordPress core to secure and accelerate your custom websites. WordPress has a lot of security and caching plugins. They can be installed at the touch of a button. In addition, they are easy to set up and configure from the standard dashboard. The end result would be a win-win situation.
The second Corona weekend I faced a number of choices. 1. Do the garden and cut the hedge. 2. Painting the stairs or 3. Testing whether customization and WordPress can be combined. Well, the choice was obvious.
For this project I chose www.webmasterslookup.com. That’s one of my older custom websites that once had PageRank 5 and still attracts quite a few visitors. Main technical features of this site are:
webmasterslookup.com(opent in een nieuwe tab)
Sometimes I noticed that webmasterslookup.com was used to send spam mail. Then I stopped that by modifying the mail script. Furthermore, I had absolutely no idea whether the site was attacked or misused to spread malware. www.webmasterslookup.com seemed to be the ideal test candidate.
At first, I did a few reflections and experiments to determine the best approach. Did I have to install WP in a separate folder? Or did the original website have to run in a sub-directory and WP in the root directory? Or did both have to run in the root directory? In the end, I chose the latter option because I wanted to have all the WordPress features available for the entire website.
We have to perform the following actions on beforehand.
WordPress is now running on our site and you have to check that everything is still working.
Since you are not going to use WordPress as a front end of a website, you do not need everything that you have installed by default. It is better to remove these things, then you will not take them as ballast for the rest of the site’s life.
The website is now ready to be secured and speed up. Just be sure to check the .htaccess file during the project from time to time and see if everything is in order.
To choose the right plugin I always use a few golden rules:
The creators of this kind of plugins will not let their product down so quickly. They have a responsibility to their users. Moreover, it is their income.
Most plugins can be configured using checkboxes. I will indicate that if we need to make changes or if something is important for this case.
Something you have to do regularly is make a backup of your website. In this case, I tested whether my standard backup plugin is suitable. And that is not the case. After all, you not only need to backup the WP files but also all other files and folders of the website. The same also applies to the tables in the database; you also need to backup the tables of the original site. It took some time to find a plugin but I ended up with Xcloner. You can make a full backup with it by NOT ticking all the checkboxes. But it is not necessary to backup the WP-file, you can always download them again. Note that “Backup only WP tables” must be set to “off”.
Further more I had to choose a high compression because Webmasterslookup runs on a Lite-Hosting environment.
Keeping the WP environment up-to-date can be automated. This is important because old software can contain breaches. WP plugins and theme files should always be updated as soon as possible. But NOT the WP-Core Files. These updates must be updated manualy. Because the update will overwrite the index.php. So when a core-update is done, we immidiately have to restore the original index.php.
I use the “Easy Updates Manager” plugin for this. In this case, you can check the plugin, theme and translate checkboxes to minimize the maintenance time. But remember to keep WordPress Core Updates on “Manually Update”.
The Sucuri plugin controls a large part of your security. For www.webmasterlookup.com I ticked some extra checkboxes:
Because I am a user of www.hackfence.com, I entered the HackFence e-mail address as the destination for the alerts. HackFence can handle that and you don’t have to worry about it anymore. You can also enter your own address. You can opt for a few extra alerts:
But turn off “Activation of a new theme” as an alert.
This is one of the most important and best security plugins I know. Again, I have the alerts mailed to www.hackfence.com. Tick the following checkboxes:
Regarding scanning, you can leave most checkboxes as is. Important is the following: “Scan Files Outside your WordPress installation” must be enabled. Then the plugin regularly scans for malware on your site. The files of the original site are also scanned in this way!
Optionally, you can enable the Performance option “Use low resource scanning” to avoid delays on your site.
The first scan of your site immediately reports that index.php has changed. That’s right because you did that in step 2, which was a restore from the original website. With this notification you can click on “Ignore changes”, then it will not come back.
After a while, check out “tools” to see if there have been any attacks.
Again, WordFence has modified your .htaccess file ..
I installed 2 plugins for this, but there is a wide choice of plugins you can use.
You must regularly optimize the tables in your database. Superfluous records are then cleaned and the indexes neatly lined up again. This not only strengthens the integrity of your website but also makes it faster. After all, the data is found faster. I always use the plugin “Optimize Database after Deleting Revisions”.
The extra checkboxes you can tick for your website are:
With the right caching plugin you can accelerate your website enormously. You have to realize that caching ensures that you store pages between your server and the visitor in all kinds of places. Also in the browser. This makes caching less suitable for dynamic websites on which the data often changes. The user can be presented with outdated information.
For www.webmasterslookup.com I choose the wp-fastest-cache plugin. I have had good experiences with this and it is easy to set up. Enable all checkboxes except the Mobile checkbox.
I spent 2 days on this entire project. But that also includes the research and selection of the plugins. Moreover, I hadn’t looked at Webmasterslookup in years and had to clean and straighten that website too. All in all, you should be able to do it in one day. If you find it too much work or don’t feel like doing it yourself, I can do it for you.
I’m glad I took this step and consider implementing WordPress on even more websites. By installing WordPress with 6 plugins my site is now safer and faster than ever since June 5, 2005. In addition, I have a great backup and optimization of my tables. Yes, I am a satisfied person. In fact, I offer webmasterslookup.com for sale! I will seriously consider reasonable bids …
Contact me thru LinkedIn, my profile is https://www.linkedin.com/in/wimhoogenraad/
Discussieer mee op LinkedIn. 
Mogelijk is dit een vertaling van Google Translate en kan fouten bevatten. Klik hier om mee te helpen met het verbeteren van vertalingen.