How to camouflage wordpress

camo

Sometimes you don’t want to broadcast to the world that your site is running on wordpress. Here are some steps to take to remove some of the “traces” of wordpress in your code.

Step 1: Update .htaccess

To mask the paths of your wp-content and theme directories in you will need to make some modifications to your .htaccess file. Place the following code at the top of your .htaccess at the root of your site.

{code type=php}

# BEGIN REWRITES

RewriteEngine On
Options +FollowSymlinks
RewriteBase /
RewriteRule ^images/(.*)$ wp-content/themes/THEMNAME/images/$1 [PT]
RewriteRule ^css/(.*)$ wp-content/themes/THEMNAME/css/$1 [PT]
RewriteRule ^js/(.*)$ wp-content/themes/THEMNAME/js/$1 [PT]
RewriteRule ^uploads/(.*)$ wp-content/uploads/$1 [PT]
RewriteRule ^plugins/(.*)$ wp-content/plugins/$1 [PT]

# END REWRITES

{/code}

In your wp-config.php, add the following line to customize your plugin directory url.

{code type=php}
define( ‘WP_PLUGIN_URL’, ‘http://www.yoururlhere.com/plugins’ );
{/code}

Step 2: Modify functions.php

Get rid of pesky meta-data that wordpress leaves in your header with the following actions added to your theme’s functions.php.

{code type=php}

remove_action(‘wp_head’, ‘wp_generator’);
remove_action(‘wp_head’, ‘wlwmanifest_link’);
remove_action(‘wp_head’, ‘rsd_link’);

{/code}

Step 3: Remove html comments from plugins you use.

Some wordpress plugins leave behind html comments such as “powered by such-and-such”. It is generally assumed that you will leave in those comments as free advertising for the plugin author, but you are allowed to remove them if you like in almost every case.

Step 4: Modify wp-admin path

Add the following to your .htaccess file. Fully documented here

{code type=php}
RewriteCond %{REQUEST_URI} wp-admin/
RewriteCond %{QUERY_STRING} !YOURSECRETWORDHERE
RewriteRule .*.php [F,L]
RewriteCond %{QUERY_STRING} !YOURSECRETWORDHERE
RewriteRule ^ADMINFOLDER/(.*) wp-admin/$1?%{QUERY_STRING}&YOURSECRETWORDHERE [L]
{/code}

Speeding up WordPress

Once your wordpress blog starts getting traffic besides your mom and cousins you will likely have to start taking measures to reduce it’s cpu footprint.

Note: Some of these methods will work on a shared host without root access, but ssh is required for some methods, like installing memcached.

Step 1: Offload Images to Amazon S3

Images generally make up a large percentage of the total page load (up to 50%, see below). By using Amazon S3 as a CDN, you can save on bandwidth costs with your host and speed up your page load times significantly.

graphs

Graph taken from the YSlow firefox plugin, a great tool to help diagnose page load performance issues.

Costs for S3 are reasonable, but can add up if you are hosting large files. Below is a report of costs for the first 10 hours of a blog that I run. Most requests are for a single image (2k in size) loaded externally.

aws

Tantan S3 is a great plugin for wordpress that links your Amazon S3 account to your wordpress blog. You can configure it such that your media uploads are sent to your S3 “bucket” on upload.

Another useful tool is S3Fox, a plugin for firefox that you can use to manage and sync files in your S3 account through your browser. You will need your S3 security credentials to set it up.

Continue reading

Tutorial: Setting up WordPress to communicate with Flash via XML

This following bit of code should get you up and running with a simple way of sharing data from your wordpress blog with a flash object. Creating the XML file is a bit of a hastle, since you can’t output XML directly from a wordpress template file to flash. Instead you have to use php’s fopen function to save your xml file to be accessed separately through your flash object.

The PHP

{code type=php}

get_results($query, OBJECT);

$xml .= “n”;
$xml .= “Your Data Goes Here”;

// save your xml file in your theme directory
$path = ‘wp-content/themes/themename/output.xml’;
$file= fopen(“$path”, “w”);
fwrite($file, $xml);
fclose($file);
?>
{/code}

The HTML & Javascript

{code type=html}

Flash Not Detected

// <![CDATA[
var so = new SWFObject('/flashobject.swf’, ‘website’, ‘600’, ‘270’, ‘9’);
so.useExpressInstall(‘/expressinstall.swf’);
so.addParam(‘menu’, ‘false’);
so.addParam(‘wmode’, ‘transparent’);
so.addVariable(“xmlVar”, ‘/output.xml’);
so.write(‘flashcontent’);
// ]]>

{/code}