WordPress on Amazon EC2 - Part 8 - Security and Caching
At this point we have a working WordPress install.What we want to do now is a couple of house-keeping tasks to make things run well. Next time we'll optimize how Apache and PHP are set up.First, a lie, we're going to set up permalinking. This is a prerequisite to both of the main events. A permalink is a pretty URL that has the post title and the date included in it. It'll wind up looking like http://foo.com/2014/03/25/a-great-post. It's a lot better than a URL that looks like http://foo.com/?post=1234 for a couple of reasons: legibility and SEO (Search Engine Optimization). I'll get into SEO at some other time.To set up permalinks go to "Settings / Permalinks" on the sidebar:From here you can set up whatever scheme you like. I like month and name, but it's up to you. You want to pick something here and stick to it -- if you change it later you'll cause anything that links to your site to get broken links. (Permalink -- Permanent Link -- get it?)
Security
Next to to "Plugins / Add New" and search for "iThemes Security". It's the security plugin I happen to like.Go ahead and install and activate it.From here, click secure your site.I think it's safe to click all the selections...Then, when you get to the security settings, read through the options to see what you want to enable.Minimally:
- User ID of 1
- Block suspicious execution
- Protect common WordPress files
- Allowing comments from clients with no user agent
- Execution of PHP from the uploads directory
Read through the rest and see what you want to enable.
Caching
Lastly for today let's get caching working. Caching is imperative in a small server we're using to cut down on the amount of processing required to serve up each page. We don't want to hit our database for every page view -- especially since the next access to the same page will look the same! Do the processing once, then remember the output so you can reuse it for the next request.So, like before, to to add another plugin, search for "WP Super Cache" and install it and activate it.You'll be greeted by a page that looks like that. Go ahead and turn on caching and update status.Next, under the advanced tab check off the recommended options:mod_rewrite is an option to delegate a lot of the caching directly to Apache. This way no PHP code will even have to execute to get a page served to the user. This is the quickest way to get something out.The rest of the options are pretty self explanatory.Finally... the next section lists expiration times.Go ahead and fill those out and hit save at the bottom and you're done with caching too.At this point if you log and out hit refresh on your blog a few times you should be getting the page sent to you with no lag at all. That's what we're aiming for!Next: Apache and PHP optimization!