WordPress Optimization Guide

Disable HTML in WordPress comments

The comment box is WordPress is a mini HTML editor and commenters can use standing HTML tags like <b>, <a>, <i>, to format their comments. They can even add hyperlinks in their comment. If you would like to disallow HTML in WordPress comments, add this snippet to your functions.php file.
add_filter( 'pre_comment_content', 'wp_specialchars' );

Hide Errors on the WordPress Login screen

When you type a non-existent username or an incorrect password while logging into WordPress, it will provide a very detailed error message telling you exactly whether your username is wrong or the password doesnt match. Thats bad. Add this to your functions.php file to hide all the login-related warnings from displaying on the screen.
function no_errors_please(){ return 'GET OFF MY LAWN !! RIGHT NOW !!'; } add_filter( 'login_errors', 'no_errors_please' );

Add the missing favicon and touch icons

Your WordPress theme may not even include references to the favicon (favicon.ico) or the Apple touch icons but web browsers and feed readers may still request them from your server. Its always better to serve a file than returning a 404. Put a 1616 favicon.ico and a 144144 apple-touch.png file in the home directory of your blog. Then add this line to your .htaccess to redirect all apple touch icon requests to that particular file.
RedirectMatch 301 /apple-touch-icon(.*)?.png http://example.com/apple-touch.png

Make the Admin a Subscriber

If your WordPress username is admin, create a new user and grant them administrator privileges. Now logout out of WordPress, log in as the new user and change the privilege of the user admin from Administrator to Subscriber. You may even consider deleting the user admin and transfer any existing posts /pages to the new user. This is important for security reasons because we dont people to guess the username that has administrator privileges to our WordPress installation.

Do not Use WordPress search

Make sure your site search is powered by Google Custom Search and do not use the built-in search feature of WordPress. WordPress search returns less relevant results and the other advantage is that it will reduce strain on your WordPress server /database since the search queries will be handled through Google. Alternatively, if you plan to continue with WordPress built-in search, use the Nice Searchplugin. It creates better permalinks for your WordPress search pages (/search/tutorials vs /?s=tutorials).

Log 404 Errors in Google Analytics

404 errors are a missed opportunity. You can use events in Google Analytics to log your 404 errors including details about the referring site that is pointing to that 404 page of your site. Add this block inside your Google Analytics tracking code after the _gaq.push function.
<? if (is_404()) { ?> _gaq.push(['_trackEvent', '404', document.location.pathname + document.location.search, document.referrer, 0, true]); <? }

Stop WordPress from Guessing URLs

WordPress has a strange habit of guessing URLs and it does make mistakes in most cases. Let me explain. If a user request labnol.org/hello URL but if that page doesnt exist, WordPress may redirect that user to labnol.org/hello-world just because the URLs have some common words.

If you would like WordPress to stop guessing URLs and instead issue a 404 Not Found error for missing pages, put this snippet in the functions.php file:
add_filter('redirect_canonical', 'stop_guessing'); function stop_guessing($url) { if (is_404()) { return false; } return $url; }

Set Expiry Headers for Static Content

The static files hosted on your WordPress website like images, CSS, JavaScript, .txt, etc. wont change often and thus you may set Expire Headers against them so that the files get cached on the users browser. Thus, on subsequent visits, your site will load relatively faster as the JS and CSS files would be used from the local cache. Refer to the .htaccess file of the HTML5 boilerplate template for details on setting up expiry headers. If you are using a caching plugin like W3 Total Cache, the cache control is managed by the plugin itself.
ExpiresActive On ExpiresByType image/gif "access plus 30 days" ExpiresByType image/jpeg "access plus 30 days" ExpiresByType image/png "access plus 30 days" ExpiresByType text/css "access plus 1 week" ExpiresByType text/javascript "access plus 1 week"

WordPress Optimization Guide