Tag: wordpress tutorial

  • Guide For Dummies: How To Setup Your WordPress W3 Total Cache Correctly?

    Guide For Dummies: How To Setup Your WordPress W3 Total Cache Correctly?

    W3 Total Cache is one of the world’s most renown cache plugin for WordPress and you are probably finding the best setup guide for WordPress W3 Total Cache right?

    Before that, let’s see what W3 Total Cache actually is and how it functions. It provides close to everything you would need to make your website load blazing fast but most of the time, these settings could be very misguiding and complicated for bloggers and even new website developers. 

    In this guide, I am going to try my best to provide you a step by step guide in setting up your W3 Total Cache. This post is a little lengthy but trust me, it will definitely worth your time especially when you are going to get the best setting for your W3 Total Cache WordPress plugin. 

    Here’s the slide which I had created thanks to SlideShare (for those who want to avoid reading the wall of text) ~ Enjoy!

     

    Setup guide for WordPress W3 Total Cache

    Firstly, head over to the plugin page and search for W3 Total Cache. Very easy and very straight forward right? 

    Setting up your W3 Total Cache the right way

    Plugin cache will help website to load faster.
    The famous W3 Total Cache setting tab 

    1. You should be able to see a new tab labelled as Performance on the left side of the screen on your WordPress dashboard. Click on that.

    2. Next, you will see the Dashboard for W3TC and this gives you a general outlook of the plugin. You see the option to select General Settings and select that. General Settings works as a master switch for W3TC. You can enable or disable a certain option with just one click of the button.

    3. On the General Settings page, scroll down a little and you will see Page Cache.

    Page Cache: Enable

    Page cache method: Disk: Enhanced

    You do not need to press save at the moment. I will explain to you after this on why I rather save later than now.

    4. Scroll down more and you will see the Minify option.

    Minify: Enable

    Minify mode: Manual

    Minify cache method: Disk

    HTML minifier: Default

    JS minifier: JSMin (default)

    CSS minifier: Default

    5. Next is Database Cache option.

    Database Cache: Enable

    Database Cache Method: Disk

    6. Scroll down a little to Object Cache.

    Object Cache: Enable

    Object Cache Method: Disk

    7. To the next option, Browser Cache.

    Browser Cache: Enable

    8. For CDN settings, you may disable it first.

    The right setup guide for WordPress W3 Total Cache can boost website loading speed
    Setting up W3TC plugin could be time consuming but it will make your website load at blazing speed 

    9. Reserve Proxy disable, Cloudflare settings disable, monitoring disable, miscellaneous disable and debug disable all. Now, you may save all your settings. After saving it, W3TC will ask you if you would like to clear the cache which you can select yes. The reason to save once you have done the whole page is to avoid inconvenience. You may save one by one but it is totally a time consuming process.

    10. Select Page Cache on the left of the screen.

    You should enable cache front page, cache feeds, cache SSL and don’t cache pages for logged in users.

    Cache Preload: Enable automatic prime

    Update interval: 907

    Page per interval: 7

    Sitemap: http://www.yourdomain.com/sitemap.xml (change your domain to your own site name)

    Save all settings and you may ignore the rest of the options on that page.

    11. Select Minify button on the left.

    Enable rewrite URL structure and for HTML minify settings, select enable, inline CSS minification, inline JS minification and line break removal.

    As for JS minify settings, select enable, before (combine), after (minify) and before (combine). Enable preserved comment and line break as well.

    As for CSS minify settings, select enable, preserved comment and line break removal.

    Go for save all settings again and clear the cache.

    12. Now, select Database Cache button on the left

    Enable don’t cache queries and save the setting.

    13. You can exclude Object Cache as nothing needed to change there. Select Browser Cache instead.

    Under General, enable everything except do not process 404 errors.

    Under CSS & JS, enable all the options there. The only changes you need to do is change the value of expires header lifetime to 31536000 seconds.

    Under HTML & XML, enable everything as well.

    Under Media & Other Files, enable everything and set the value of expires header lifetime to 31536000 seconds.

    Finally, save all settings and clear cache if needed. 

    CONGRATULATIONS! YOU ARE ALL DONE! 

    You can basically forget the rest of the options for now. These settings should serve you well with or without a Content Delivery Network. You will notice your site gets loaded up faster than usual. Remember to clear all the cache at least once to make everything stays for good.

    And for the record, I have tested these settings on various websites now and all of them are giving them very good response time. Certainly hope this works well for you as well and good luck.

    If you like this article, could you please share this for me using the red Google+ button below?

  • Cloudflare vs Incapsula: Which Is The Best CDN Provider?

    Cloudflare vs Incapsula: Which Is The Best CDN Provider?

    Content Delivery Network is one of the most important tools when it comes to maintaining a website. CloudFlare and Incapsula are both very renown for their CDN services. Let’s discuss deeper on both CloudFlare vs Incapsula for the best CDN provider.

    As for the record, this review is done with some testings and cross referencing the results with other sources to ensure that you are getting the right information.

    Content Delivery Network (CDN) is important to ensure that the website is loading faster and security measures are taken.
    What makes both Cloudflare and Incapsula different? 

    Related read: 3 of the best Content Delivery Network providers for bloggers

    Introduction to Cloudflare and Incapsula in video form

    Cloudflare:

    http://www.youtube.com/watch?v=-yspfTsidzs&feature=youtu.be

     

    Incapsula:

     Here are what both can offer:

    1. Free Content Delivery Network (CDN) with servers across the globe
    2. Optimizer which helps increase website loading speed
    3. Security features for websites which includes firewall
    4. Analytics that give you an insight of how many attacks, bandwidth used etc
    5. Other free and paid productivity apps you can mix and match 

    So what makes them so different? How to choose the best free CDN for my website? 

    Security features

    If you would like to compare, both basically offers pretty good security features. If you would need to compare them neck to neck, Incapsula offers a better protection against all types of DDoS threats. Cloudflare does a pretty decent job when it comes to protections but it comes short if you are looking for a CDN which offers great defense against unwanted threats.

    Winner: Incapsula 

    Analytics and monitoring

    Both Cloudflare and Incapsula offer their users reports to show the progress of the CDN. The reports range cover much of the basic information such as bandwidth used, threat experienced by the site, the number of bots and even the number of unique visitors visiting the website. When compared, I would personally prefer Cloudflare’s report as it is more detailed and offers slightly more information that I required in just one glance. Basically, I give the winning score to Cloudflare as the layout is easier to see and users do not need to navigate any further to get additional information.

    Winner: Cloudflare 

    Optimizer anyone?

    When it comes to optimizing, Cloudflare seem to be able to optimize my sites better than Incapsula. Various tests were done after installing for 48 hours to give a fair detail of time. After running those tests, it is pretty clear that (if I would give a score of 10), I would give Cloudflare a score of 9 and Incapsula a score of 7.

    Winner: Cloudflare 

    Which offers a better page loading speed?

    I am pretty sure most of you guys are interested on this part generally. Cloudflare is definitely the winner here with a faster load of an average 0.5 seconds. As little as this seems, it is everything for many search engines and even high traffic sites. Cloudflare could have won this battle at this time of the writing because it has more servers around the world compared to Incapsula. At the moment, Cloudflare has 28 servers around the world and Incapsula has only 14 servers. This could be the main reason why sites using Cloudflare could load slightly faster than Incapsula.

    Winner: Cloudflare

    Related article: How To Configure CloudFlare Page Rules?

    My take in CloudFlare vs Incapsula For The Best CDN Provider

    Generally, Cloudflare seems to be working better out of the box compared to Incapsula. For a basic usage, Cloudflare really works well in terms of user-friendliness, moderate defense and very good loading speed for a free Content Delivery Network service.

    Why not you try them today and give me your feedback?

    For those using either one of them, which is your favorite one among both?

    *If you like this article, could you please share this for me using the red Google+ button below?


  • Better WP Security vs Wordfence Security: The Battle For WordPress Best Security Plugin

    Better WP Security vs Wordfence Security: The Battle For WordPress Best Security Plugin

    We could have probably heard that website security is vital especially when hackers are all around nowadays. I am not going to leave any security loopholes in my WordPress site and I am sure you are either. When it comes to WordPress security plugin, there could have hundreds of plugins you can choose from but when you talk about the best, there could be two which comes to my mind.

    Introducing Better WP Security and Wordfence Security.

    Here are some information on both the plugins.

    What is the best WordPress security plugin?
    WordPress is the most popular blogging platform but security threats are very real

    What is Better WP Security Plugin?

    Created by: Bit51

    What Better WP Security does:

    • Remove the meta “Generator” tag

    • Change the urls for WordPress dashboard including login, admin, and more

    • Completely turn off the ability to login for a given time period (away mode)

    • Remove theme, plugin, and core update notifications from users who do not have permission to update them

    • Remove Windows Live Write header information

    • Remove RSD header information

    • Rename “admin” account

    • Change the ID on the user with ID 1

    • Change the WordPress database table prefix

    • Change wp-content path

    • Removes login error messages

    • Display a random version number to non administrative users anywhere version is used

    • Scan your site to instantly tell where vulnerabilities are and fix them in seconds

    • Ban troublesome bots and other hosts

    • Ban troublesome user agents

    • Prevent brute force attacks by banning hosts and users with too many invalid login attempts

    • Strengthen server security

    • Enforce strong passwords for all accounts of a configurable minimum role

    • Force SSL for admin pages (on supporting servers)

    • Force SSL for any page or post (on supporting servers)

    • Turn off file editing from within WordPress admin area

    • Detect and block numerous attacks to your filesystem and database

    What is Wordfence Security plugin?

    Created by: Mark Maunder

    What Wordfence Security does:

    • Scans core files, themes and plugins against WordPress.org repository versions to check their integrity.

    • Includes a firewall to block common security threats like fake Googlebots, malicious scans from hackers and botnets.

    • Includes advanced IP and Domain WHOIS to report malicious IP’s or networks and block entire networks using the firewall.

    • See how files have changed. Optionally repair changed files that are security threats.

    • Scans for signatures of over 44,000 known malware variants that are known security threats.

    • Scans for many known backdoors including C99, R57, RootShell, Crystal Shell, Matamu, Cybershell, W4cking, Sniper, Predator, Jackal, Phantasma, GFS, Dive, Dx and many many more.

    • Continuously scans for malware and phishing URL’s including all URL’s on the Google Safe Browsing List in all your comments, posts and files that are security threats.

    • Scans for heuristics of backdoors, trojans, suspicious code and other security issues.

    • Checks the strength of all user and admin passwords to enhance login security.

    • Monitor your DNS security for unauthorized DNS changes.

    • Rate limit or block security threats like aggressive crawlers, scrapers and bots doing security scans for vulnerabilities in your site.

    • Choose whether you want to block or throttle users and robots who break your security rules.

    • Includes login security to lock out brute force hacks and to stop WordPress from revealing info that will compromise security.

    • See all your traffic in real-time, including robots, humans, 404 errors, logins and logouts and who is consuming most of your content. Enhances your situational awareness of which security threats your site is facing.

    • A real-time view of all traffic including automated bots that often constitute security threats that Javascript analytics packages never show you.

    • Real-time traffic includes reverse DNS and city-level geolocation. Know which geographic area security threats originate from.

    • Monitors disk space which is related to security because many DDoS attacks attempt to consume all disk space to create denial of service.

    • Wordfence Security for multi-site also scans all posts and comments across all blogs from one admin panel.

    • WordPress Multi-Site (or WordPress MU in the older parlance) compatible.

    • Premium users can also block countries and schedule scans for specific times and a higher frequency. 

    I know the list is rather long but it is relatively easy to say that both are trying their best to compete with one another. I tested both Better WP Security and Wordfence Security for a week each on various websites and I was surprised at my decision…really. Let me tell you why. 

    Security effectiveness

    Better WP Security – 9.5/10, Wordfence Security – 9.5/10

    When it comes to security, I can tell you that both plugins look very seriously into the matter. Both actually impressed me more than what I actually expected them to perform. If you are going to install either one of these, rest assured your security effectiveness will be top of the chart. And that, I am definitely sure. 

    User-friendly UI

    Better WP Security – 9/10, Wordfence Security – 9.5/10

    I have very split decision in this. I love Better WP Security’s direct layout but I prefer the Wordfence Security interface. Basically in Better WP Security, you will be able to see all the issues in different colours (red as dangerous, green as safe etc). With a simple click, it will redirect you immediately to the setting for you to do any adjustment required. Compared to Wordfence Security, the layout is more ‘WordPress-like’ (imagine using W3TC).

    Both plugins layout are extremely versatile and easy to navigate through. At the same time, both the plugins developers are doing a great job by trying to provide a compact view on the plugin dashboard itself. Here’s are what both dashboards look like:

    Better WP Security offers more security features compared to the rest of the WordPress security plugins.
    Better WP Security Dashboard

     

    Wordfence security provide easy to use navigation for both experience and beginers website developers.
    Wordfence Security Dashboard 

    Plugin usability

    Better WP Security – 7/10, Wordfence Security – 9/10

    When it comes to security plugin usability, this is where it makes all the difference. Better WP Security plugin is great but what makes it short from getting a higher score from me is because it requires a higher curve of WordPress understanding for a person to actually utilize it properly. In other words, you are open to all options to configure your WordPress but you are prone to create an accidental mistake if you have no idea what you are doing.

    Compared to Wordfence Security, most options are pretty direct and even a beginner could use the plugin to the maximum of its capabilities. This definitely gives a better rating to Wordfence Security compared to the latter. 

    How important is website loading speed for you?

    Better WP Security – 10/10, Wordfence Security – 8/10

    To be very honest, I been trying to search for this answer but failed miserably. Whenever I use Wordfence Security, I noticed that my site is loading less than one second slower compared to the time I used Better WP Security. after checking with various programs and tools, it really seems like Wordfence Security’s firewall feature is creating a small ‘lag’ which affects the page loading speed. Maybe this could be me but I am not experiencing that when I am using Better WP Security. 

    My honest conclusion between Better WP Security and Wordfence

    If I would to choose and could only choose one as my best WordPress security plugin, then my money is going to Better WP Security. I know! I love Wordfence Security plugin and it is very close to flawless.

    However, having the small page load ‘penalty’ really turns me off. Regardless what WordPress security plugin you choose, I am sure both of these plugins will not let you down.

    How about you? Do you have any favorite security plugins you would like to share? Or, maybe you have your opinion on both the plugins? Feel free to fill the form below and tell us what you think.

    If you like this article, could you please share this for me using the red Google+ button below?

  • Serve Static Content From Cookieless Subdomain for CloudFlare (Updated 2018)

    Serve Static Content From Cookieless Subdomain for CloudFlare (Updated 2018)

    Interesting read: Money Brighter is one of the best LLC in Texas! If you are thinking of speeding up your website, Google might be telling you the answer is to create a cookieless subdomain or domain. Well, that’s easy for you to say. How to serve static content from a cookieless domain? More importantly, what is a cookieless subdomain?

    Instead, you can consider a cookieless subdomain is a term to describe data transferring from one point to another (in this case, data movement from subdomain to domain) has no cookies attached. Indirectly, this boost the loading speed of your domain.

    This is what Google explain in its own words:

    ​Why is serving static content over cookieless domain important?

    ​Static content, such as images, JS and CSS files, don’t need to be accompanied by cookies, as there is no user interaction with these resources. You can decrease request latency by serving static content from a domain that doesn’t serve cookies. This technique is especially useful for pages referencing large volumes of rarely cached static content, such as frequently changing image thumbnails, or infrequently accessed image archives. We recommend this technique for any page that serves more than 5 static resources. (For pages that serve fewer resources than this, it’s not worth the cost of setting up an extra domain.)

    ​​What does this means to you?

    All static contents or data that are transferred with the accompanied by cookies. Though cookies are not needed for any transaction and do not serve any advantage, they will automatically be available for all data transfer. The only way to avoid such is when static contents are obtained from a cookieless site.

    ​Static content + ​cookieless domain?

    ​Serving static content or resources from a cookieless domain reduces the total size of requests made for a page. It is also important to note that there is no point setting up static subdomain for this matter if you are using a powerful web host or having very less page.

    ​Now that we had gone through the relationship between cookieless subdomain and serving static content, let’s explore the right way to serve the following static resources from a domain that doesn’t set cookies.

    ​How to create a cookieless subdomain using CNAME?

    ​When it comes to creating a cookieless subdomain, using a CNAME could be the easiest way of all​ (at least for me). This step is extremely easy to follow and ​after configurations, you can start serving static resources from a domain that doesn’t set cookies.

    • ​Go to your cPanel (most shared web hosting offers this)
    • ​Create a subdomain (any name would do, e.g. static.domain.com)

    ​This subdomain will serve as a CDN subdomain which is the key criteria to enable the process of serving static content from cookieless domain.

    Selecting the right installation path for the subdomain

    In order to create a proper cookieless subdomain, you have to ensure that when you are creating your subdomain, make sure it is pointing to your root directory instead of creating a secondary one. For example, my root directory is /public_html and thus, it should be pointed or directed to /public_html and not the default, /public_html/static.

    How to create a subdomain?
    This is what you see when you are pointing to subdomain to the right path 

    Editing the DNS Zone

    Once you have done pointing the subdomain, head over to your DNS Zone Editor. At times, these might be labeled as Simple or Advanced DNS Zone Editor for several types of cPanel but they are all alike.

    How do you create a subdomain for serving static content?
    Pointing subdomain to the right domain 

    You would need to either create or modify the Name to your subdomain name and CNAME as your main domain. Of course, for the Type, you would need to select CNAME. You may start this by hitting the create button and if there is already a record, you just need to modify the settings to the above.

    Still not sure? Let me explain to you, in other words. When you create the CNAME record you want to enter your static domain/subdomain as the label, name or an alias and your A record domain as the content or value. (The CNAME term, which stands for Canonical Name, actually refers to the domain you are mapping to, not the alias.  The common practice of referring to the alias as the CNAME is in fact backwards.) 

    Making sure the subdomain is cookieless

    I could not emphasize how important this is but you must not skip this step no matter what. In WordPress, there are two common cookie-setters which are WordPress and Google Analytics. All you need is to do little changes in the configurations and you would be well on your way to a cookieless subdomain.

    For WordPress, head over to your wp-config by login into your cPanel. Open it up and add this line to the file. If you are wondering where exactly you may place this file, you can place it at the bottom most of the script.

    define(‘COOKIE_DOMAIN’, ‘www.yourdomain.com’);

    This is definitely a no-brainer but just to make sure, do remember to change your domain to your own domain name. After that, save the file and you are good to go!

    For Google Analytics, all you need to do is to search for the specific code you had earlier placed in on your site and replace the code with the below one. For a quick tip, most Google Analytics code is kept close to the <body>.

    _gaq.push( [‘_setAccount’, ‘UA-xxxxxxx-1’], [‘_setDomainName’, ‘www.yourdomain.com’], [‘_trackPageview’] );

    Again, change your domain as seen above to your own domain URL and save the file.

    Important note: If you are using cloudflare or any type of Content Network Delivery (CDN), please get your hosting and CDN provider to verify on the CNAME. For example, using Cloudflare will give you an error when you are following the above guide in changing the CNAME. Basically, the hosting or CDN provider will give you a new A figure to place in. 

    You are all done!

    Now, treat yourself to a bottle of beer for the hard work and congratulations. You had managed to create a cookieless subdomain from scratch. This is one of the cheapest (and fastest) way to create a cookieless subdomain when it comes to serving static content to improve your website speed.