Posts Tagged ‘tips’

Ways to Detect the version of WordPress

Ways-Detect-version-WordPress

How do you find out what version of WordPress a site is running if you don’t have access to the CMS? Of course  the most reliable way of finding the version of a WordPress site is to log into the CMS and look under ‘Updates’! But we don’t always have that luxury. There are plenty of reasons (both legitimate and nefarious) why you would want to do this:

  • You’ve been contacted by a new potential client and you want to  get an idea for how well their site has been maintained
  • You’re trying to diagnose server errors and want to see if an old WP version might be the cause
  • You’ve come across something you haven’t seen before and want to see if it’s related to a new WP version
  • Or, nefariously you might want to find sites with out of date WP installations that can be exploited
  • At wp.io, we want to find out the version to include in the free WordPress site scan reports we provide (e.g. http://wp.io/site-report/www-pragmatic-web-co-uk-5-22/)

Here are on  WordPress Statistics page some charts showing what sorts of systems people are running WordPress on.
(You’ll need Javascript enabled to see them.)

WordPress-Version-Stats

We’ve found five neat ways of determining the version of a site. They don’t all work all the time but it’s rare that none will work. Here they are, in ascending order of difficulty:

  1. Readme file

    The quickest and easiest way is just to look at the readme.html file which is automatically installedat the root of a WordPress site, e.g. http://wp.io/readme.html

  2. Feed generator tag

    WordPress feed generator

    WordPress feed generator

    If you can’t access the readme file (and it’s blocked by the more security-conscious hosting providers like WP Engine for that very reason), your next bet is to look at the source of the site’s RSS feed – this is always found at www.yoursite.com/feed/ - e.g. www.pragmatic-web.co.uk/feed/. Often, the feed’s source XML will include a <generator> tag which will give you the version as a ?v=x.x variable – as depicted above.

  3. Generator tag in HTML source

    Sometimes, you can just look at the HTML source of the page to find a generator tag like: <meta name="generator" content="WordPress 3.5" /> - but this is very much theme-specific so you’re safer looking in the feed first.

  4. Version of included files in HTML source

    This is a good one too. Look in the HTML source of a site’s homepage and there will nearly always be some script includes, a common one is the comment-reply file, which will look like this: <script type='text/javascript' src='http://www.yoursite.com/wp-includes/js/comment-reply.min.js?ver=3.5'></script>. Note the ?ver=3.5 on the end of the script source. When included correctly by a theme, a version of the included file is always appended to the end of the file source URL. If no version is specified, the current WordPress version is used by default. You’ll often find other version numbers ARE included, but the comment-reply is usually just the WP version.

  5. MD5 hash of publically-accessible files

    This is by far the most complex tactic, but sometimes necessary. As web software, WordPress must make at least some of its files available to browsers (stylesheets, JavaScript files, etc), for example the comment-reply script above. As WordPress evolves, over time many of these files are updated. By performing a MD5 hash of the various publicly-accessible files for different versions, it’s possible to deduce which version (or at least range of versions) a WP site is using. E.g. if one downloaded your site’s comment-reply.js file from http://www.yoursite.com/wp-includes/js/comment-reply.min.jsthen they can generate the MD5 hash of the file (which is a unique fingerprint of a particular file) and then compare that to a library of known hashes for various WP versions.

The easiest way to perform all of these checks is just to head over to wp.io and run a free site report on any WordPress site you’re interested in! wp.io connects WordPress sites, themes, users, professionals and industry benchmarks to create a unique database and network that maps the real, live world of WordPress. wp.io’s crawlers scan hundreds of thousands of WordPress sites, analyse and report on each one and then use the data connections between them to provide brand new insights into the WordPress ecosystem. wp.io offers:

  • a free WordPress site scanner
  • a dashboard to track and monitor your WordPress sites
  • a directory of WordPress professionals
  • a unique theme explorer

How to remove WordPress version
WordPress sites hacked, again!
Slow adoption rate of new WordPress versions
How to increase visitors and convert to customers
Check Your WordPress Version Without Logging In To Your Admin Section
How to Detect Mobile Devices using CSS3?
How to detect iPhone browser natively in WordPress

How to Protect Your WordPress Website from a Pharma Hack

WordPress-Pharma-Hack

WordPress is the best Content Management System (CMS) platform on the planet and with WordPress Developers can build all kind of websites for their clients.  Being a popular CMS platform, WordPress powered websites are most attractive for hackers. In 2010, Pharma hack was one of the serious threat to WordPress website. Although WordPress themes like The Thesis Theme team and WordPress core developers are trying to make it more secure, so its the best practice to keep your WordPress powered site always up to date  and use online tools like Sucuri to know more about latest threats and Malware to make it more safe and secure and use .

What is Pharma hack:

If your website look like pharmacy related website instead of helpful Web resource or not displaying your own content on searching of keywords on Google or other search engines, Its mean your website site is effect by WordPress Pharma hack. The users when trying to search your site  with required keyword, the search engine will not display your website, it will display  pharmaceuticals companies related web pages.

According to Pearsonified: who was effect once and written a detail article on WordPress Pharma hack

The WordPress pharma hack quietly exploits your highest-ranking and most valuable pages by overriding the title tag and by inserting spammy links into the page content. Interestingly, the modified title tag and spammy links are only visible to search engines.

The three red arrows highlight <title> tags that were cloaked by the WordPress pharma hack. [Source: WordPress Pharma hack ]

This is the big lose for site owners because they tried enough to get  good traffic but they never know their traffic is not coming from search engines and traffic going down everyday because hackers have put their malicious code in your web pages that replacing your links and Google description by stealing search links.

There are lot of tutorials and articles on Preventing WordPress powered website (wparena’s: how to find remove and protect wordpress site from malware and Identifying removing and preventing malware on your WordPress site), but in today I am simple going to complie a list of useful articles and tutorials along with tips and tricks for diagnoses, fixes and prevention of  WordPress Pharma Hack.

Understanding WordPress Pharma Hack Penetration

There are different ways attackers insert the malicious code into  WordPress file to get control over the database, plugins files even on WordPress core file like adding code in .htaccess file.   According to Sucuri which can provide the best  protection service for your websites and  web servers, there are three parts for WordPress pharma hack to add malicious code:

  •  Backdoor that allows the attackers to insert files and modify the database.
  •  Backdoor inside one (or more) plugins to insert the spam.
  •  Backdoor inside the database used by the plugins.

If you fix one of the three, but forget about the rest, you’ll most likely be reinfected and the spam will continue to be indexed.

As always, we recommend that you update your WordPress instance to the latest version. This goes for all of your plugins, themes, etc. WordPress is typically very secure, it’s when you’re running old versions, and/or out of date plugins/themes that run into trouble. Keep your stuff up to date, and it will minimize the risk of infection significantly.

[Source: Understanding and Cleaning the Pharma hack on WordPress]

For all other Web page security Golem Technologies. On the other hand, according to Pearsonified, These kind of attacks happened in two parts: There are malicious files in the WordPress plugins folder which contain identifiable PHP functions like  eval() andbase64_decode()but this kind of hack is not exception for such kind of hack. The only difference with Pharma hack inclusion, these functions stored in the WordPress database as strings, and they’re encoded backwards!  which open the backdoor for further run the string from the database. At runtime, a hack file in the plugins folder pulls these strings from the database, flips ‘em, and then runs ‘em as functions, and that’s how the deed gets done.

The hack pings Google Blog Search with queries like this one to see how many links a particular page has, and then it stores the results in the database. At runtime, the hack uses the number of links to determine which pages to target. [Source: WordPress Pharma hack ]

WordPress Pharma Hack Affects

In most (not all) cases the spammy links and/or content is cloaked or hidden from your sites visitors, it is only visible to search engine bots.  When a search engine bot makes a request for a page on your site in addition to the page being requested a search engine bot will identify itself in the user agent field.  Scripting languages such as php and javascript can read this value and determine when the request is coming from a search engine bot.

The form of the pharma hack varies from site to site, it can hit a single page or 1000s of pages, on some sites the hackers add 100s of hidden links to on-line pharmacy sites to the legitimate pages of a site.  On other sites the hackers use a cloaked or conditional hack which returns the spammy content only to a search engine bot.  Another common method is to add a php file to the site that returns the spammy content. The methods for accomplishing a pharma hack also vary from site to site, from some generic methods effective against all sites, to more specific methods that target the sites’ CMS such as WordPress or Joomla. [Source: Spam Hacks, The Pharmacy Hack, The Porn Hack]

According to websitedefender a Pharma Hack typically affects websites in three ways:
1. Results are visible on search engines only
2. Very difficult to eliminate
3. Highest ranked pages are targeted
Detail: Web security – SEO poisoning- pharma hack

Jaspal Sahota given detail WordPress Pharma hacks affacts on .htaccess file with other  vulnerabilities: Iif you know how to read .htaccess file, you’ll see that the planted code only works when the visitor is coming from Google, AOL or Yahoo):

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} (google|yahoo) [OR]
RewriteCond %{HTTP_REFERER} (google|aol|yahoo)
RewriteCond %{REQUEST_URI} /$ [OR]
RewriteCond %{REQUEST_FILENAME} (html|htm|php)$ [NC]
RewriteCond %{REQUEST_FILENAME} !common.php
RewriteCond /home/xyz/public_html/common.php -f
RewriteRule ^.*$ /common.php [L]
</IfModule>

Again, the final file (common.php) was planted. [Source: Pharmahack]

Protecting from WordPress Pharma Hack

There is very useful  article on WordPress prevention at FAQ_My_site_was_hacked. On the following list I have compiled a helpful articles which provide setp by step instruction about how to prevent from WordPress pharma hack attack:

How to Diagnose and Remove the WordPress Pharma Hack

You’ll have to dig through the two places where the hack is known to romp—your WordPress plugins folder and your WordPress database.

WordPress Pharma Hack

This is quite a different attack vector than say brute-forcing passwords on a WordPress site. If you know a little about what you’re doing, this is actually pretty straight forward. In fact, you can script these things pretty easily; this example was written by a hacker over a weekend.

Pharma Hack Fix for WordPress

It is really a brilliant plan.  If it weren’t so illegal - it would be perfect.  As far as I can tell, they employee a 3 stage process.  (Thanks for the help figuring this all out from my friend David, who is a super knowledgeable dude with this sort of stuff.)

How To Completely Clean Your Hacked WordPress Installation

Step by step process on how to completely clean out and restore a WordPress installation that has been hacked.

How to find a backdoor in a hacked WordPress

What’s a backdoor? Well, when somebody gets into your site, the very first thing that happens is that a backdoor is uploaded and installed. These are designed to allow the hacker to regain access after you find and remove him. Done craftily, these backdoors will often survive an upgrade as well, meaning that you stay vulnerable forever, until you find and clean the site up.

Top 5 WordPress Security Tips You Most Likely Don’t Follow

A list of the top 5 tips that most WordPress administrators do not do, but should:

How to increase the safety of WordPress

In this article we will see a series of technical and not that improve the safety of WordPress in a shared and dedicated, by changing some settings and adding the appropriate plugin.

Secure WordPress Themes providers:

StudioPress Premium WordPress Themes PageLines CMS WordPress Themes

How to Secure and Protect WordPress Website through .htaccess file

Protect-the-wp-config.php-File-in-WordPress-Blogs

With the help of a .htaccess (hypertext access) file you can get a directory-level configuration and it  allows you to decentralized the management of your web server configuration. As well it allow you to improve your blog’s security, and reduce bandwidth. Today, we compile a list of tips and hack to increase your WordPress website through .htaccess file.If you like these tips and hacks then please grab the WPArena RSS feed for keep yourself up to date!

Note: Be careful to make changes in this file because modifying the configuration of a server can cause security concerns if not set up properly. So Always have a Backup.

Restricting access to wp-admin

There are different ways to protect your  wp-admin. By using WordPress plugins ”Enhance WordPress security with two-factor authentication plugins” and through adding a .htaccess file into a wp-admin directory like:

By restricting the IP address and create a .htaccess file including following piece of code:

order deny,allow
allow from a.b.c.d # This is your static IP
deny from all

By restricting  the directory with a password:

AuthUserFile /etc/httpd/htpasswd
AuthType Basic
AuthName "restricted"
Order Deny,Allow
Deny from all
Require valid-user
Satisfy any

Source: You can read more about Hardening WordPress website with .htaccess file

Individually Blacklist IP Address

There are considerable number of spammers, scrapers, crackers, those need to be blacklisted to visit the website. Perishable Press every year blocked some IP address and they are giving solution on how to block IP address by using .htaccess file:

<Limit GET POST PUT> order allow,deny allow from all deny from 192.168.0.10 </LIMIT>

Source: Improve site security by protecting .htaccess-files

Ultimate IP Blocker

Want to ban a IP, but don’t know how to use .htaccess and only ban for some pages? Let ipBlocker help you, ban IP(s) with a easy way and many functions, no need any database supported.

Protecting WordPress wp-config file

Josiah Cole giving solution on how to secure your own Website by editing or creating own .htaccess file in the following manners:

1. Protects itself (security)
2. Turns the digital signature off (security)
3. Limits upload size (security)
4. Protects wp-config.php (security)
5. Gives access permission to all visitors with exceptions (security, usability)
6. Specifies custom error documents (usability)
7. Disables directory browsing (security)
8. Redirect old pages to new (optional)
9. Disables image hotlinking (bandwidth)
10. Enables PHP compression (bandwidth)
11. Sets the canonical or “standard” url for your site (seo, usability)

Add the following piece of code in .htaccess file to protect he wp-config file:

# protect wpconfig.php <files wp-config.php> order allow,deny deny from all </files>

Other useful links: How To Secure WordPress configuration file

Add the following code to Disable Directory Browsing:

# disable directory browsing Options All -Indexes

 Disables image hotlinking:

#disable hotlinking of images with forbidden or custom image option
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?wparena.com/.*$ [NC]
#RewriteRule \.(gif|jpg)$ – [F]
#RewriteRule \.(gif|jpg)$ http://www.wparena.com/yourimage.gif [R,L]

Source- Almost Perfect htaccess File for WordPress Blogsa

Redirect WordPress Feeds to Feedburner via .htaccess (Redux)

.htaccess is a powerful tool which also help to redirect WordPress feeds to feedburner.

Redirecting your WordPress feeds to Feedburner enables you to take advantage of their many freely provided, highly useful tracking and statistical services. Although there are a few important things to consider beforeoptimizing your feeds and switching to Feedburner, many WordPress users redirect their blog’s two main feeds — “main content” and “all comments” — using either a plugin or directly via htaccess.

For those of us using Feedburner for all content and comment feeds, we have consolidated the previous htaccess code into a single redirect. Additionally, we improve functionality by verifying the requested URI and simplifying the regex used to match the target string. Check it out:

# temp redirect wordpress content feeds to feedburner 
<IfModule mod_rewrite.c> 
RewriteEngine on 
RewriteCond %{HTTP_USER_AGENT} !FeedBurner [NC] 
RewriteCond %{HTTP_USER_AGENT} !FeedValidator [NC] 
RewriteRule ^feed/?([_0-9a-z-]+)?/?$ http://feeds.feedburner.com/wordpressarena [R=302,NC,L]
</IfModule>

Source: Perishable Press | How to switch RSS to feedburner in Thematic

How To Stop Image Hotlinking through .htaccess | WP Recipes

IP Delivery to Stop RSS “Content Thieves”

Quads Zilla at Seo Black Hat explained how to know IP address who is stealing your RSS Feed and how to block IP address through .htaccess file.

RewriteEngine on
RewriteCond %{REMOTE_ADDR} ^69.16.226.12
RewriteRule ^(.*)$ http://newfeedurl.com/feed

How to maintenance page with a. Htaccess file?

You want to migrate your blog , switch themes , or to update WordPress , why not redirect your visitors to a maintenance page.

RewriteEngine on
RewriteCond %{REQUEST_URI} !/maintenance.html$
RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.123
RewriteRule $ /maintenance.html [R=302,L]

Source – CatsWhoCode | Woueb.net | Protecting the WordPress wp-admin folder

Deny no referer requests [stop spam comments!]

If there are lots of spam comments on your blog, along with akismet, you can stop spam comments with .htaccess to prevent spammers posting comments on your blog.

RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.*yourblog.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]

Source – How to: Deny comment posting to no referrer requests

Force “File Save As” Prompt

By using this code you can force user not to open downloadable files instead you force them to save as:

AddType application/octet-stream .avi .mpg .mov .pdf .xls .mp4

Source – AskApache: THE Ultimate Htaccess | Forcing a Download with Apache and .htaccess

Improve Site Security by Protecting HTAccess Files

 presents on Perishable Press different  methods to protect .htaccess file. The following code below prevents external access to any file with .htaccess. Add the code below in your domain’s root .htaccess file.

Case-sensitive protection:

# CASE SENSITIVE METHOD
<Files .htaccess>
order allow,deny
deny from all
</Files>

Weak pattern matching

# WEAK PATTERN MATCHING
<Files ~ "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</Files>

Strong pattern matching

# STRONG HTACCESS PROTECTION
<Files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</Files>

.htaccess – gzip and cache for faster loading and bandwidth saving

In order to speed up site and save bandwidth, you can use.htaccess file to gzip text based files and optimize cache HTTP headers.

If your hosting provider like HostGator has mod_gzip module enabled, the best way to compress your content is to add the following lines to your .htaccess file:

mod_gzip_on Yes
  mod_gzip_dechunk Yes
  mod_gzip_item_include file \.(html?|txt|css|js|php|pl)$
  mod_gzip_item_include handler ^cgi-script$
  mod_gzip_item_include mime ^text/.*
  mod_gzip_item_include mime ^application/x-javascript.*
  mod_gzip_item_exclude mime ^image/.*
  mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*

Source – There are other different ways for fast loading and saving bandwidth on:
.htaccess – gzip and cache your site for faster loading and bandwidth saving
WordPress Super Cache: Makes WordPress Faster

WordPress Safer Admin Plugin

Have you ever wondered how you can hide your WordPress Admin Panel so possible attackers won’t be able to find it and gain access to your WordPress site?

If you want to ensure that no one knows where your WordPress Admin Panel is, then this WP Safer Admin Plugin is the right tool for you!

Detail

WP-Restrict

WP-Restrict is a WordPress plugin that allows WordPress admins to restrict access to their web site based on IP addresses.

Detail

Redirecting Subdirectories to the Root Directory via HTAccess

One of the most useful techniques in my HTAccess toolbox involves URL redirection using Apache’s RedirectMatch directive. With RedirectMatch, you get the powerful regex pattern matching available in the mod_alias module combined with the simplicity and effectiveness of the Redirect directive.

RedirectMatch 301 ^/blog/.*$ http://domain.tld/target.html 

Source – Perishable Press | How to redirect the spammers where you want

Removing Category Base from WordPress URLs

The below .htaccess code illustrates 2 different ways to redirect any request for /category/slug/ to /slug/. You should only redirect after applying the php hacks described earlier, otherwise you could end up creating a loop.

RedirectMatch 301 ^/category/(.+)$ http://www.askapache.com/$1
# OR
RewriteRule ^category/(.+)$ http://www.askapache.com/$1 [R=301,L]

Source: AskApache

Valiantly automatically fix URL spelling mistakes

This directive can be useful to auto-correct simple spelling errors in the URL

<IfModule mod_speling.c>
CheckSpelling On
</IfModule>

Source – Vortex Mind

Redirect the spammers where you want

Here is the script to add to your WordPress blogs (or into your site’s) .htaccess file:

# block comment spam by denying access to no-referrer requests
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.*wparena.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule ^(.*)$ ^http://the-site-where-you-want-to-send-spammers.com/$ [R=301,L]

Easily rename your .htaccess file

# rename htaccess files AccessFileName ht.access

Source: Stupid htaccess tricks | How to redirect the spammers where you want

20 htaccess hacks to prevent your wordpress site from hacking

Make your wp-login.php page xenophobic

Here’s the code that you should be copy paste to your root .htaccess file (where wp-login.php exist).

# Redirect wp-admin and wp-login to specified address if not from specific ip
# Btw you're free to add additional directory as you see fit
# Note: This'll break your site if you have plugins/themes that depend on accessing admin-ajax.php
RewriteCond %{REQUEST_URI} wp-login|wp-admin
RewriteCond %{REMOTE_ADDR} !^123.456.789.
RewriteRule . http://www.domain.com/ [R,L]

# Or .. if you prefer to return 404 Not found instead of redirecting it, use below code instead
RewriteCond %{REQUEST_URI} wp-login.php|wp-admin
RewriteCond %{REMOTE_ADDR} !^123.456.789.
RewriteRule . - [R=404,L]

Source – Hardening WordPress with Mod Rewrite and htaccess | 7 Tools For Fighting Spam In WordPress

The easiest way to ban a WordPress spammer

Require password for 1 file

<Files login.php>
   AuthName "Prompt"
   AuthType Basic
   AuthUserFile /home/askapache.com/.htpasswd
   Require valid-user
</Files>

Protect multiple files

<FilesMatch "^(exec|env|doit|phpinfo|w)\.*$">
   AuthName "Development"
   AuthUserFile /.htpasswd
   AuthType basic
   Require valid-user
</FilesMatch>

Source: ultimate htaccess code snippets

Speed up your site by compressing and caching your content with .htaccess

In the following series you can compress and cache your site content with Apache and .htaccess file.

compress text files

<ifModule mod_deflate.c>
  <filesMatch "\.(css|js|x?html?|php)$">
    SetOutputFilter DEFLATE
  </filesMatch>
</ifModule>

Expire headers

<ifModule mod_expires.c>
  ExpiresActive On
  ExpiresDefault "access plus 1 seconds"
  ExpiresByType image/x-icon "access plus 2592000 seconds"
  ExpiresByType image/jpeg "access plus 2592000 seconds"
  ExpiresByType image/png "access plus 2592000 seconds"
  ExpiresByType image/gif "access plus 2592000 seconds"
  ExpiresByType application/x-shockwave-flash "access plus 2592000 seconds"
  ExpiresByType text/css "access plus 604800 seconds"
  ExpiresByType text/javascript "access plus 216000 seconds"
  ExpiresByType application/javascript "access plus 216000 seconds"
  ExpiresByType application/x-javascript "access plus 216000 seconds"
  ExpiresByType text/html "access plus 600 seconds"
  ExpiresByType application/xhtml+xml "access plus 600 seconds"
</ifModule>

Cache-control headers

<ifModule mod_headers.c>
  <filesMatch "\.(ico|jpe?g|png|gif|swf)$">
    Header set Cache-Control "max-age=2592000, public"
  </filesMatch>
  <filesMatch "\.(css)$">
    Header set Cache-Control "max-age=604800, public"
  </filesMatch>
  <filesMatch "\.(js)$">
    Header set Cache-Control "max-age=216000, private"
  </filesMatch>
  <filesMatch "\.(x?html?|php)$">
    Header set Cache-Control "max-age=600, private, must-revalidate"
  </filesMatch>
</ifModule>

Turn etags off

<ifModule mod_headers.c>
  Header unset ETag
</ifModule>
FileETag None

Remove last-modified header

<ifModule mod_headers.c>
  Header unset Last-Modified
</ifModule>

Source: More on compressing and caching your site with .htaccess

Performance Optimizer Plugin for WordPress

The plugin will help you increase the performance of your WordPress website. We aim to do this by optimizing key features of the website’s loading process thus increasing the loading speed and limiting the bandwidth consumption.

Detail

References and other Useful Resource:


Protect your WordPress site .htaccess
Using htaccess Files for Pretty URLS
Web security: what is an .htaccess file
How to protect and secure your WordPress site
A to Z of WordPress .htaccess Hacks
Comprehensive guide to .htaccess
Introduction to .htaccess
Forcing a Download with Apache and .htaccess
Hardening WordPress with htaccess

.htaccess Builder

To quickly and effortlessly deliver an htaccess file without having to remember anything about the apache server language used to construct the htaccess file!

htaccess Builder! is complete as is – however – depending on requests and sales it has the potential to grow to cover just about every function of htaccess.

Detail

How To Speed Up Your WordPress Websites Loading Times

Wordpress-Caching-and-Speed-Optimization-for-Advanced-Cloud-Setup

Every website owner want to speed up their website load time. Even the search engines like Googl love the website load time when considering for indexing and page ranking means Web search ranking also depends on site speed . As well all Internet users like fast loading website and spend more time on surfing. On top of that Site owners can reduces operating costs, increasing and improving the performance of website, means  increasing revenue while driving down operating costs. (video,slides).

We are going to look up how to optimize website to increase the load time and before taking steps you should analyse your site speed, to obtain a better picture of site speed issues. so first we look at Online Tools for Website speed testing for all kind of website than there are tips and ticks to improve the site load time along with a list of WordPress Plugins to speed up WordPress site.

Free Online Tools for Website Speed Testing


There are lots of source which help to determine the speed of a website relative to other sites and web masters and authors  can take proper measure to  making your site faster. Following are the Free Tools to to evaluate the speed of any website:

Page Speed Online

An open source Firefox/Firebug add-on that evaluates the performance of web pages and gives suggestions for improvement. An open source Firefox/Firebug add-on that evaluates the performance of web pages and gives suggestions for improvement.

Pingdom Tools

Pingdom has a very strong and narrow focus. That focus lies on covering the uptime monitoring needs of 90% of the companies in the world. Instead of branching out into other areas, we will instead place all our efforts into maintaining the best uptime monitoring service available.

Free Website Performance Test

Try free instant website performance test. Test your site from around the globe. See how fast your pages load from San Francisco to Ireland; from Singapore.

Which loads faster?

This can be a simple tool for comparing whether your website performs better or worse than competing sites. This open source tool (view the source on GitHub) was originally created to promote the importance of web performance.

WebPagetest

WebPagetest is an open source project that is primarily being developed and supported by Google as part of our efforts to make the web faster.

WebPagetest is a tool that was originally developed by AOL for use internally and was open-sourced in 2008 under a BSD license. The platform is under active development on Google code and is also packaged up periodically and available for download if you would like to run your own instance.

Web Page Analyzer

WSO employs experts in most aspects of web site optimization, including front-end speed optimization using the latest web standards and techniques, back-end optimization using server tuning, SQL query optimization, refactoring, and middleware tuning, search engine marketing, web design, and optimized marketing campaigns.

Show Slow

Show Slow is an open source tool that helps monitor various website performance metrics over time. It captures the results of YSlowPage SpeedWebPageTest and dynaTrace AJAX Edition rankings and graphs them, to help you understand how various changes to your site affect its performance.

Site-Perf

With Site-Perf.com, you get an accurate, realistic, and helpful estimation of your site’s loading speed. The script fully emulates natural browser behaviour downloading your page with all the images, CSS, JS and other files – just like a regular user. Spot bottlenecks, reach perfect performance and balance your site load with Site-Perf.com, a smart and flexible testing tool. Focus on important things while Site-Perf.com delivers the speed facts straight to your screen.

Load Impact

This online web performance evaluation tool has the ability to show graphed data such as user load time (simulated by an automated virtual machine) and requests per second (helpful for seeing how durable your web server is and how fast it can handle web page requests).

OctaGate SiteTimer

Web Monitor allows you to monitor how long it takes for a user to download one or more of your web site pages. It visits the page that your request and downloads all content that’s directly linked from that page;

  • Images
  • Frames
  • IFrames
  • Script files
  • It follows redirects

YSlow

A free tool from Yahoo! that suggests ways to improve website speed.

Google Webmaster Tools

Site Performance shows the speed of your website as experienced by users around the world as in the chart below. We’ve also blogged aboutsite performance.

Web Site Performance Test 

A real-time site performance tool displaying information on things such as DNS lookup time and connection time.

Webslug

This web tool will compare the site performance of two websites.

WebWait

A basic website speed timer with options for specifying the number of requests to make and the interval between requests (e.g. 5 requests in 10 seconds).

Website Speed Test

Provides plenty of data on page speed, including estimated load times for various types of Internet connections.

GTmetrix

An online tool that uses YSlow and PageSpeed to evaluate your website’s front-end performance, giving you easy-to-understand information.

Website Speed Test

A rather basic online tool that provides data such as page size, load time, download speed and average speed in tabular format.

Yottaa Site Speed Optimizer

This web performance analyzer outputs great-looking reports. This tool requires you to sign up.

Zoompf Free Web Performance Scan

This tool will scan a web page and gather data pertaining to web performance. You are required to provide and verify your email address in order to run tests.

Site speed checker

A web-based site speed tool that allows you to run tests on 10 URLs all at once.

Free web site speed test

This simple website speed testing tool gives you the option to enter up to 10 URLs to run tests on simultaneously.

References and Other Resources:

15 Tools for Testing your Website
6 Tools To Find Out Website Load Speed
Tools to Evaluate the Speed of Your Website
20 Free Online Tools for Website Speed Testing
Performance Unleashed: How To Optimize Websites and WordPress For Speed
18 Website Speed And Performance Checking Tools
20 Free Online Tools for Website Speed Testing

Tips and Tutorials to Speed Up WordPress site


Best Results for Your Time – Speed Optimization for WordPress

Website speed has been a concern for me since the end of 2010. I can’t remember exactly when but at some point Google said that website speed is now a ranking factor and ever since everytime I would get some sort of ranking decrease I would often believe it was my website’s slow loading speed that was the reason. WordPress blogs usually start at a disadvantage on this compared to normal html blogs or websites that simply have less lines for a web browser to load.

How to speed up your wordPress loading times

This tutorial give credit to the resources and explained how he got best result by optimizing his site and usage of the WordPress Plugins  for optimization.

Best way to Speed up your WordPress Blog

WordPress is one of the most widely used blogging platforms in which number of plugins and themes exist to create a highly specific equipment for their audience. Are you suffered or permanently suffering from the slow down page load in your WordPress blog ?. There are as many as reasons to slow down of your blog load time like broken themes, broken plugin, Previous Version of WordPress, Themes, Plugins, Large images files etc.

Speed Up Your WordPress / BuddyPress Loading Time With This Quick Tip

Minify is a PHP 5 app that “combines multiple CSS or Javascript files, removes unnecessary whitespace and comments, and serves them with gzip encoding and optimal client-side cache headers.” The WP Minify pluginmakes it easy to integrate Minify into your WordPress / BuddyPress site and in most cases will work right out of the box without any adjustments.

Dramatically Speed Up WordPress/WPMU Load Times With This Simple Tip!

Optimizing your WordPress blog for speed is a serious matter of competition for the attention of your user. The faster you can serve your pages, the better chance you have of lowering your bounce rate. This small piece of code will take you less than a minute to paste into your site and can instantly have your site running approximately 3-4 times faster than before. It’s called zlib compression.

WordPress Plugins to Speed Up Your Website

Fast websites less irritate your visitors which increases the chance that they would click your ads, purchase product or just stay longer at your website enjoying tremendous content that you’ve featured there. Also fast websites use less bandwidth and according to SEO specialists major search engines count sites’ speed while creating rankings for them.

How To Speed Up Your WordPress Blog

There is a popular expression that you have no doubt heard – “Time is money”. The biggest cliches are often the most valid, and we are not looking at an exception to that rule here. When it comes to websites and page load speed, time truly is money. (site speed)

Speed Up Your Blog – Loading Times Are More Important Than You Think

Is your blog or website a big clunky mess that always seems to load slowly? It’s not just you, the load time on your blog can absolutely destroy your “curb appeal” and bring down your blog’s value. After experiencing outages here at theNetFool.com, I’ve decided to switch web hosts. However, there are plenty of tricks you can apply to get some oil back in your site’s gears, and start seeing more traffic.

How to Optimize Your Site for Better Loading Time

Speeding up websites is important — not just to site owners, but to all Internet users. Faster sites create happy users and we’ve seen in our internal studies that when a site responds slowly, visitors spend less time there.

How to tweak your website images for maximum SEO

Most of the bloggers use images to improve the search engine optimization and to enhance the website content. And this is fact that photos and graphics bring more organic traffic to their site, specially if we are thinking about Google Image Search.

How to Increase WordPress Performance through Lazy Load Widgets

If you are using WordPress as your blog platform and want to increase its performance, The Lazy Widget Loader plugin provides lazy loading for widgets to improve page loading. Use it on slow widgets, especially those where external data is loaded, like widgets from Facebook, Twitter, AdSense and others.

How to manipulate image sizes to speed up WordPress blog load times

Loading time of web site directly impact users and ranking position. As compare to text, images take more time to load and search engines indexed those web pages which have less load time and user spend time that give good impression to search engines.

The Ultimate Quickstart Guide to Speeding Up Your WordPress Site

Give your site a boost! Implement crucial optimization techniques that will improve not only your ySlowscore, but your Google rank too. In this tutorial we will cover all aspects of W3 caching, ySlow, Google page speed, CSS sprites & htaccess rules, to achieve a high ySlow score like i have done on my blog.

10 Quick Tips: Optimizing & Speeding Up Your WordPress Site

Optimize your site to run as fast as it possibly can. So, without further adieu, here are 10 quick tips for optimizing your WordPress site!

WordPress Speed Optimization Guide

The load speed of your website is essential, you need a fast site because slow sites annoy users, meaning less visitors to your site. Secondly, search engines also consider the speed of your site when generating their rankings. There are a number of factors influencing the load speed of a WordPress site.

WordPress Caching and Speed Optimization for Advanced Cloud Setup

WordPress Caching and Speed Optimization for Advanced Cloud Setup is hard as most Cloud providers keeps combination hidden. Here is master guide of the rules. This article on WordPress Caching and Speed Optimization for Advanced Cloud Setup is not for WordPress users using a single Cloud Server or VPS or dedicated server or the worst – a shared server.

Taking my Blog to the Next Level (Part 4): Speed Optimization

Continuing from part 1 (falling in love with your blog again)part 2 (widgetizing & thumbnailing) and part 3 (search engine optimization), in this part I share the steps I’ve taken to enhance the speed and performance of my blog.

WordPress Plugins to Speed Up WordPress Site


Performance Optimizer Plugin for WordPress

The plugin will help you increase the performance of your WordPress website. We aim to do this by optimizing key features of the website’s loading process thus increasing the loading speed and limiting the bandwidth consumption.

Detail

WP Smush.it

Yahoo’s excellent Exceptional Performance series recommends optimizing images in several lossless ways:

  • stripping meta data from JPEGs
  • optimizing JPEG compression
  • converting certain GIFs to indexed PNGs
  • stripping the un-used colours from indexed images

Smush.it offers an API that performs these optimizations (except for stripping JPEG meta data) automatically, and this plugin seamlessly integrates Smush.it with WordPress.

W3 Total Cache

W3 Total Cache improves the user experience of your site by improving your server performance, caching every aspect of your site, reducing the download times and providing transparent content delivery network (CDN) integration.

Recommended by DIYthemes and web hosts like: Host GatorBlueHost

Parallelize

The solution Recommended by Google is parallizing resources across 2-5 hostnames on sites serving 10 or more static resources.

Parallelize allows automatically parallelizing WordPress attachement files (images or any files uploaded with the wordpress media features) across multiple hostnames, speeding page load. To assist caching, resources will always load from the same hostname.

Plugin Organizer

This plugin allows you to do the following: 1. Change the order that your plugins are loaded. 2. Selectively disable plugins by any post type or wordpress managed URL. 3. Adds grouping to the plugin admin age.

WP Avoid Slow

Web pages are becoming increasingly complex with more scripts, style sheets, images, and Flash on them. A first-time visit to a page may require several HTTP requests to load all the components. By using Expires headers these components become cacheable, which avoids unnecessary HTTP requests on subsequent page views. Expires headers are most often associated with images, but they can and should be used on all page components including scripts, style sheets, and Flash.

JS & CSS Script Optimizer

Features

  • Combine several scripts into the single file (to minimize http requests)
  • Pack scripts using Dean Edwards’s JavaScript Packer
  • You can move all JavaScripts to the bottom
  • Combine all CSS scripts into the single files (with grouping by “media”)
  • Pack CSS files (remove comments, tabs, spaces, newlines)
  • Ability to include JavaScript and CSS files (new)
  • If any script fails and shows error you can add it to exclude list

Clean Options

Clean Options finds orphaned options (unused options) and allows you to remove them from the wp_options table. This can save you several KBs or MBs, helping to speed up your site load time.

Optimize DB

For some People running WordPress, the use of phpMyAdmin appears to be a risky thing. There’s just too many options. This plugin lets you do just one simple task: optimize the tables of your database, to reduce their overhead.

Digg Protector

The Digg Protector will protect your blog from suffering from the Digg effect. When writing a post, give the HTML image tags a “protect” attribute to protect them. This means that when visitors from Digg come, they will be shown the image in the “protect” attribute. Otherwise, if they are not from Digg, they will be shown the image given in the “src” attribute. A basic HTML knowledge is recommended to use this plugin.

WP HTTP Compression

This plugin allows your WordPress blog to output pages compressed in gzip format if a browser supports compression.

How to add a Notification Bar Strip on WordPress Powered Website

Most of of the Website owners display ads or run a promotional campaign on the top or at the bottom of the Website. Such kind of notification must be stick on top of the content without disturbing them but if you are using WordPress, its very easy to manage Notification bar by using WordPress plugins, I will provide the best WordPress plugins for Ad bar, as well If you don’t like WordPress plugin to distract your site, you can still run a Ad or Notification bar by using the following piece of code and instruction from “Put a Floating Ad Bar Strip on Your WordPress Site“. Although with Hello Bar you can drive more attention to your most important website content with the cost of Hello Bar promotion same as with other WordPress Plugins. But with premium Plugin like Fading Menu with Notification Bar and Social Icons, You can set the text manually (with a simple text editor that will allow you to add links and change color on the fly), or set it to always show your latest tweet, facebook notification and important content. This will allow you to always have an up to date notification bar with your latest news.

Adding a Floating Notification Bar 

In case, if you don’t like WordPress Plugin, you can add the following snippet after the </head> tag. Go to Appearance > Edit and select your header.php file and add the following piece of code above the <body> tag:

<div id="notification-bar">
<a href="http://www.wparena.com/">Drive more attention to your most important website content </a>
</div>

Style Your Notification Bar

< /hr>
You must give some style to your ad strip, otherwise  it will not float properly when the site visitors scroll down the page and it will display as a text link, so it is very important to give a style to it as follow, open your theme style sheet file(style.css) and add the div class into it and save the file:

#notification-bar {
  position:fixed;
  top: 0;
  left: 0;
  width: 100%;
  height: 20px;
  margin-bottom:15px;
  background-color: ##FFF9B8;
  color: #333;
  border-bottom: solid #000000;
  padding: 5px 0 5px 0;
  text-align: center;
  font-size: 12px;
  font-family: Georgia, "Times New Roman;
  font-weight: bold;
}

If you have activated admin bar for yourself and user, better to disable it, so it will not disturb your important content on ad strip. If you have different user roles on your site and want to manage their layout for Admin bar, than you can use WP Custom Admin Bar: This gives you options to change who sees the Admin Bar based on their user role, change or override the default styling or remove the Admin Bar altogether.

 WordPress Header / Footer Notification Bar Plugins

Fading Menu with Notification Bar and Social Icons

Fading Menu with notification Bar is a WordPress Plugin that will allow you to add your navigational menu (main menu or custom menu defined by you) along with notification bar at the top of your browser. Simply scroll down your browser a bit to see it in live action!

Live preview | Detail

uAnnounce – Premium Announcements for WordPress

uAnnounce is a Premium Announcement plugin for WordPress. The announcements are thin colored stripes that contain a message and appear at the top of the page. uAnnounce allows you to schedule announcements to appear on your blog, you can use this to draw your visitors’ attention to an important message you may have. It supports a wide range of conditions that influence on which pages, blog posts and/or to users with which particular browsers the announcement should be displayed. It also features multiple skins to cover the basic announcement types, such as Alert, Error, Warning, Info.

Live preview | Detail

Foobar – WordPress Notification Bars

The Foobar is a plugin for WordPress that allows you to add a highly customizable bar to the top of your blog or website. You can display different notifications on different pages and define a default bar that will display on all your pages.

Live preview | Detail

attentionGrabber: WordPress Notification Bar

attentionGrabber is a plugin for WordPress that allows you to add a notification bar to your website.
With this plugin you can easily display custom texts, Twitter posts and Feeds RSS . Also, the huge list of features lets you fully customize the notifications look.

Live preview | Detail

Widgetized Stickybar

Widgetized Stickybar is a plugin for WordPress that allows you to add a highly customizable widget bar to your blog or website. As it is said in the title, bar contains widget areas, where you can place any widgets available in your WordPress dashboard. As an administrator you decide where to stick the bar: top, bottom, right or left edge. You also can customize size, colors, opacity, number of columns and other parameters of the bar. Widgetized Stickybar is a perfect way to extend functionality of your website.

Live preview | Detail

Free WordPress Header / Footer Notification Bar Plugins

Easy Heads Up Bar

This plugin adds an easy to use notification bar to the top of your WordPress website with a linked call to action

General Display Options

  • Your Heads Up Bar appears on the top of the websites page
  • No Limit! You can create as many Heads Up Bars as you need
  • If you have multiple Bars they will show randomly
  • The Bar can be limited to just the Home Page, Interior Pages OR the can be displayed on all pages

Detail

WP-TopBar

http://wordpress.org/extend/plugins/wp-topbar/

Creates a TopBar that will be shown at the top (or bottom) of your website. Customizable and easy to change the color, text, image, and link. Live preview to see your TopBar from the Options page.

Detail

Quick Notice Bar

This plugin will help the admin to publish highlighted notice on WordPress site header. Any message like offline notice, update notice, tweets, special offers, latest post can be set to attract visitors in 1st sight.

Detail

ViperBar

ViperBar adds an attractive bar to your site header, which you can use to increase blog or newsletter subscribers. It includes built in styling, Aweber & Feedburner integration, conversion rate tracking, split-testing, themes, and much more. ViperChill, a blog on Viral Marketing, is the creator of this plugin. If you want to take your blog to the next level, you should read this post on WordPress SEO.

Detail

Notification Toolbar

This is a toolbar placed on the footer of your blog and it will show your custom notifications on it. This plugin is developed based on the Static Toolbar plugin.

Detail

WP Attention Boxes

Sometimes you just want to call out attention to a particular important message, or quote, or a collection of links, in a bright yellow box, or similar, in a Blog post. And you might do this a lot in your blog entries.

Detail

Foobar Lite Notification Bars

The Foobar is a cool notification / alert bar that sits at the top of the page and draws in the visitor’s attention.

features

  • A cool notification bar at the top of your site that draws the attention of the visitor
  • Options to set the message text, height and speed of the Foobar
  • Options to customize the background,text and link colors to match your theme
  • See a preview of the Foobar within the admin
  • Advanced options to help troubleshoot issues

Live preview | Detail

Free & Professional WordPress Security Service Free & Professional WordPress Security Service

We Love WordPress. WordPress Arena is a place for WordPress Developers and Designers, providing Tips, tricks, tools and resources to build a website or blog on WordPress. We also present The WordPress Showcase for all kind of WordPress Powered Websites.

Recent Comments

Anderson

|

Dont work with post_type? ‘post_type=property&numberposts=1′