15 Aug

Ways To Speed Up WordPress Websites

This article is about Ways To Speed Up WordPress Websites, as wordpress is a great and famous platform so people are making tons of websites on it. But this CMS has a weak point too which is its slow speed, without taking proper steps while making your website on wordpress it will end up in a mess and ultimately you will loose your precious traffic due to this issue. So there are several ways to improve and speed up your wordpress websites such as:

1. Choose a Good Theme:
Always choose good themes for your website and never use nulled themes for your website as it has many loopholes in it. There are several tools available where you can test the theme speed before choosing it for your website. Such as google developer speed testing or (https://tools.pingdom.com)

2. Use effective Cache Plugin:
Always use cache plugin’s in your website such as W3 Total Cache, which will minimize your load time and make your website a faster one.

3. Use a content delivery network (CDN):
Although CDN is a good thing for website but if you are expecting high traffic on your website’s then CDN is a most wanted thing to speed up your website and entertain your visitors with no delay. There are several CDN networks available but most preferred plugins are Cloudflare or MaxCDN. I personally tried MaxCDN and found it the best. Or you can go with any free or cheap solution if you can find any.

4. Optimize your Images / Media:
Use optimized images in your website because a page with enriched media / graphics not only damaged your bandwidth but also cause slow loading issue. So it is preferred to use compressed images always. Use any software to compress images as there many applications which can convert 1MB pic to 100KB without loosing its quality. Such as “Easy Graphic Convertor”

5. Optimize your homepage to load quickly:
Reduce number of posts on home page and use excerpts instead of showing full posts to optimize your home page. You can remove side bar’s contents, or can use less images.

6. Remove inactive plugins, un-approved or spam comments:
Keep clean your wordpress from in-active plugins, unapproved or spam comments, as these are taking space and increasing size of your database.

7. Use alternative to big plugins:
Always preferred to use alternate to your big plugins such as Jetpack to Google Analytic. Because we always host several websites on a single server and trying to entertain visitors from our limited environment. In such way we have to reduce all possible load taking things. Jetpack is a most favorite plugin now a days but its a resource hunger too.

8. Optimize your WordPress database:
Keep your wordpress database optimized to speed up your website. At some stage when you have hundreds of blog posts with enriched media which also increasing load in your database, you need to optimize your DB preferably on monthly basis. You can simply use the WP-Optimize plugin for this operation.

9. Disable hot-linking and leeching:
Disable hot-linking and leeching of your content, it stop thieves to stop your precious bandwidth. At some stage your media cause slow speed issue for you.

10. Add an expires header to static resources:
An Expires header is a way to specify a time far enough in the future so that the clients (browsers) don’t have to re-fetch any static content (such as css file, javascript, images etc).

This way can cut your load time significantly for your regular users. You need to copy and paste the following code in your root .htaccess file:

ExpiresActive On
ExpiresByType image/gif A2592000
ExpiresByType image/png A2592000
ExpiresByType image/jpg A2592000
ExpiresByType image/jpeg A2592000

The above numbers are set for a month (in seconds), you can change them as you wish.

11. Add LazyLoad to your images
LazyLoad is the process of having only only the images above the fold load (i.e. only the images visible in the visitor’s browser window), then, when reader scrolls down, the other images begin to load, just before they come into view. This will not only speed you page loads, it can also save bandwidth by loading less data for users who don’t scroll all the way down on your pages.

To do this automatically, install the jQuery Image Lazy Load plugin.

12. Stop access to xmlrpc.php in your website.
Hope you have noticed tons of monthly attempts on your xmlrpc.php file which is not actually a real traffic, these are fake bots attempting to hack your website. So you have to disable access to your xmlrpc.php file. For this please click here to check our previous detailed post.

Share this
17 Jun

Payoneer withdrawal to Local Bank in Pakistan is now free!

Payoneer withdraw to Local Bank in Pakistan is now supported and free too. You can withdraw minimum $200 to maximum $1000 anytime. And the good news is that there is no transaction fee involved.

How to add local Pakistani Bank account in your Payoneer account:

1. Login to Payoneer Account
2. Click on Withdraw->To Bank Account
3. Add a Bank Account
4. Provide all details and submit application.
5. Payoneer will approve your account within 5 minutes.

Share this
04 Jun

How to stop hacking attempts on xmlrpc.php in WordPress Blogs?

While Monitoring my server i noticed bulk traffic to xmlrpc.php files in my hosted websites. As this is a shared server, so there are over 40 wordpress installations in it. And that day i have noticed a continuous attack on 8 websites, a single request on xmlrpc.php took average 200MB to 250MB of memory and these requests were continuous 10 to 20 per second on each website. Which results in system instability and caused my server out of memory then eventually crashed.

Now a days hackers started using xmlrpc.php instead of wp-login.php to execute their brute force attacks and the problem is, since wordpress version 3.5 we can’t disable the use of xmlrpc.php at least not from wordpress settings. But there are few ways, lets discuss them one by one.

1. Deleting xmlrpc.php
This is not recommended as after every wordpress update this file will be replaced so its not the smartest way to deal with.

2. Plugins
There are few plugins that can do that for you. I have found some best and most used plugins for this purpose. Disable XML-RPC and XML-RPC Pinkback. Both Plugins are really basic but should be able to help you protect your blog / website from attacks.

3. Adding Code to Theme’s Functions.php File
Thats the same way of security that above plugins will provide. So you can go with this way too. All you need to do is, just edit your Theme’s Functions.php file and these code lines in it.

function remove_x_pingback($headers) {
unset($headers[‘X-Pingback’]);
return $headers;
}
add_filter(‘wp_headers’, ‘remove_x_pingback’);
add_filter(‘xmlrpc_enabled’, ‘__return_false’);

4. Block by .htaccess
You can block access to xmlrpc.php by adding a simple code in your .htaccess. Just edit .htaccess file and put following code in it, it will block access and user will get 403 Forbidden error.

<Files xmlrpc.php>
Order Deny,Allow
Deny from all
</Files>

5. Blocking access in nginx
If you are using nginx then use following code in nginx configuration:

server {
location = /xmlrpc.php {
deny all;
}
}

6. Block on entire server
If you have shared server with multiple WordPress installations, any of above solution will take time to implement. So the best thing to do is to block access to xmlrpc.php file on Apache level, simply by adding this to httpd.conf file:

<FilesMatch "^(xmlrpc\.php)">
Order Deny,Allow
Deny from all
</FilesMatch>

If you don’t use XML-RPC than you can safely disable it using any of the methods above (except the first one, of-course) and protect your blog against xmlrpc attacks.

Share this

© 2008-17 XOFTMADE Web Solutions. All rights reserved.