Let’s continue with the tips that can be done after installing WordPress. As we talked about in the first part of this article, it’s simple changes can improve the performance of your site, which will bring more security to your installation, as well as provide a better browsing experience for your visitors.
WordPress has been improving its configuration with each new update, one of the changes made was the improvement in security during login of the administrative area.
Hide Login errors in the Admin section of WordPress
Just add the code below into the functions.php file of your template. This will cause the error messages to be hidden:
function no_errors_please(){ return 'ERRO NO LOGIN! – TENTE NOVAMENTE'; } add_filter( 'login_errors', 'no_errors_please' );
Prevent browsing in the WordPress folder structure
Another change that helps with the security of your installation is to prevent anyone from browsing through files and folders. For this, you just need to add the following line to your htaccess file.
Options All –Indexes<span style="font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"> </span>
In order for it to work properly make sure there is a blank index.php file in the wp-content / themes and wp-content / plugins folders of your installation.
Disable the use of HTML codes in WordPress comments
The box for inserting comments into WordPress posts is an HTML editor that allows the use of HTML tags such as <b>, <a>, <i>. This allows your visitors to even add links in your comment.
To not allow HTML in WordPress comments, add the short excerpt to your template’s functions.php file:
add_filter( 'pre_comment_content', 'wp_specialchars' );
Disable posts review feature in WordPress
WordPress includes the revision control feature, which allows you to control the versions of your posts.
However, this control adds a row to the posts table for each change made. To disable this feature of WordPress, open the wp-config.php file in the root directory of WordPress and add the line below:
define ('WP_POST_REVISIONS', false);
Change the Auto Save feature interval
Post drafts are programmed to be saved automatically every minute, but you can change this default interval by saving resources on your server.
Let’s consider you want to change to 120 seconds (or 2 minutes), just add the line below to your wp-config.php file.
define( 'AUTOSAVE_INTERVAL', 120 );
Prohibit indexing of WordPress scripts
It is advisable to prohibit that the files used by WordPress in the folders of templates or plugins are indexed by the search engines. To do this open the robots.txt file in the root of the installation of your WordPress and add the lines below:
User-agent: * Disallow: / wp-admin / Disallow: / wp-includes / Disallow: / wp-content/plugins / Disallow: / wp-content/themes / Disallow: / feed / Disallow: * / feed /
Set expiration times for static file cache
There are several static files in your WordPress site like images, CSS files, JavaScript, txt, etc. Because these files are not edited frequently, you must set how long these files will be cached in the user’s browser.
This will allow the next visits to your site to load relatively faster since the JS and CSS files will be loaded from the local cache.
The code below can be edited in the htaccess file located at the root of your site’s installation:
ExpiresActive On ExpiresByType image/gif "access plus 30 days" ExpiresByType image/jpeg "access plus 30 days" ExpiresByType image/png "access plus 30 days" ExpiresByType text/css "access plus 1 week" ExpiresByType text/javascript "access plus 1 week"
If you are using a cache plugin like W3 Total Cache, this cache control is managed by the plugin itself.
Conclusion
These are the changes that I think can help any installation of WordPress. They are simple and come with considerable benefits.
Make changes to your installations, bring your own changes and share with us what you do to make your WordPress better. I hope you enjoyed.