WP - Optimizations, Security hardening and Cleanup.

** WP - Optimizations, Security hardening and Cleanup **

Here you can find a a list of WP optimization and cleanup functions and methodology.

1.  .htaccess
  ** Security **
- Disable the server signature
- Disable directory browsing
- Force https to your site.
WP-CLI stuff :)
# Paths: DirectAdmin
# USER: change to correct username
# DOMAIN: change to the correct domainname
# Core stuff
$ wp core version --path=/home/USER/domains/DOMAIN/public_html/
$ wp core download --skip-content --force --version=latest --path=/home/USER/domains/DOMAIN/public_html/
$ wp core update-db --path=/home/USER/domains/DOMAIN/public_html/ --dry-run
$ wp core verify-checksums --path=/home/USER/domains/DOMAIN/public_html/
Harden wordpress security nginx
############ WordPress ####################
# Disable logging for favicon and robots.txt
location = /favicon.ico {
try_files /favicon.ico @empty;
access_log off;
log_not_found off;
expires max;
# Install dependencies
# * checkinstall: package the .deb
# * libpcre3, libpcre3-dev: required for HTTP rewrite module
# * zlib1g zlib1g-dbg zlib1g-dev: required for HTTP gzip module
apt-get install checkinstall libpcre3 libpcre3-dev zlib1g zlib1g-dbg zlib1g-dev && \
mkdir -p ~/sources/ && \
# Compile against OpenSSL to enable NPN
Script that measures interactions on your landing page. If the user is active for "checkTime" seconds - an interval is valid, if total count of valid seconds = totalTime - the goal is reached and sent to Yandex.Metrika.
class ActivityTracker {
constructor(totalTime, checkTime, metrikaId, debug = false) { = [
WordPress user admin redirect
* redirect to homepage if has non "edit_posts" capabilities
add_filter("admin_init", function () {
if (!current_user_can('edit_posts')) {
Preload CSS and don't block the DOM with your CSS file request.
<link rel="preload" href="css/global.min.css" as="style" onload="this.rel='stylesheet'">
<noscript><link rel="stylesheet" href="css/global.min.css"></noscript>
/*! loadCSS. [c]2017 Filament Group, Inc. MIT License */
!function(a){"use strict";var b=function(b,c,d){function j(a){if(e.body)return a();setTimeout(function(){j(a)})}function l(){f.addEventListener&&f.removeEventListener("load",l),||"all"}var g,e=a.document,f=e.createElement("link");if(c)g=c;else{var h=(e.body||e.getElementsByTagName("head")[0]).childNodes;g=h[h.length-1]}var i=e.styleSheets;f.rel="stylesheet",f.href=b,"only x",j(function(){g.parentNode.insertBefore(f,c?g:g.nextSibling)});var k=function(a){for(var b=f.href,c=i.length;c--;)if(i[c].href===b)return a();setTimeout(function(){k(a)})};return f.addEventListener&&f.addEventListener("load",l),f.onloadcssdefined=k,k(l),f};"undefined"!=typeof exports?exports.loadCSS=b:a.loadCSS=b}("undefined"!=typeof global?global:this);
/*! loadCSS rel=preload po
Расширяет микроразметку BlogPosting в плагине WP Schema Pro для получения контентной аналитики (дочитываемость, категории, автора, тематики) в Яндекс.Метрике
* Расширяет микроразметку BlogPosting для Яндекс.Метрики.
* @link
* @param array $schema Схема.
* @param array $data Данные.
Ожидание загрузки счетчика Яндекс.Метрики
/** Ожидание загрузки счетчика Яндекс.Метрики
* @param {?(number|string)} ymCounterNum - номер счетчика, если известен
* @param {function} callback - получает аргументами объект и номер счетчика
* @param {number} interval - интервал проверки готовности счетчика
function waitForYm(ymCounterNum, callback, interval) {
if (!callback) return;
if (!ymCounterNum) {
let metrikaObj = (window.Ya && (window.Ya.Metrika || window.Ya.Metrika2)) || null;
ymCounterNum = (metrikaObj && metrikaObj.counters && (metrikaObj.counters() || [0])[0].id) || 0;