Daily micro-tips for C#, SQL, performance, and scalable backend engineering.
Go beyond plugins. Add a layer of professional security at the server level using your .htaccess file. Header set X-Content-Type-Options “nosniff” Header set X-Frame-Options “SAMEORIGIN” Header set X-XSS-Protection “1; mode=block” This prevents Clickjacking and XSS attacks before WordPress even starts loading.
Plugins like WP-Optimize are great, but for a professional touch, you should handle overhead manually to keep the site lean. WordPress stores thousands of ‘Revisions’. Limit them in wp-config.php: define(‘WP_POST_REVISIONS’, 5); // Keep only last 5 Then, run this SQL query to delete old ones: DELETE FROM wp_posts WHERE post_type = ‘revision’;
Hackers use botnets to scan for specific WP versions with known vulnerabilities. Removing the version meta tag is a simple security win. remove_action(‘wp_head’, ‘wp_generator’);
The Heartbeat API sends AJAX calls every 15-60 seconds. On busy sites, this can spike CPU usage and slow down the admin dashboard. add_action(‘init’, function() { wp_deregister_script(‘heartbeat’); }, 1);
Gutenberg great for posts but overkill for simple post types. Disable selectively per post type. Disable for Specific Post Type: add_filter(‘use_block_editor_for_post_type’, function($use_block_editor, $post_type) { // Disable for ‘product’ post type if ($post_type === ‘product’) { return false; } return $use_block_editor; }, 10, 2); Disable for Multiple Post Types: add_filter(‘use_block_editor_for_post_type’, function($use_block_editor, $post_type) { $disabled_post_types = [‘product’, […]
Modifying WP_Query output everywhere is repetitive. the_posts filter catches all query results in one place. Add to functions.php: add_filter(‘the_posts’, function($posts, $query) { // Don’t modify admin queries if (is_admin()) return $posts; // Example: Add reading time to all posts foreach ($posts as $post) { $word_count = str_word_count(strip_tags($post->post_content)); $reading_time = ceil($word_count / 200); $post->reading_time = $reading_time […]
Tag pages and author archives can be seen as duplicate content by Google. Noindex them to protect SEO. Add to functions.php: add_action(‘wp_head’, function() { if (is_tag() || is_author() || is_date()) { echo ”; } }); Or Disable Archives Completely: // Redirect tag pages to homepage add_action(‘template_redirect’, function() { if (is_tag()) { wp_redirect(home_url(), 301); exit; } […]
WordPress Heartbeat API pings server every 15-60 seconds causing CPU spikes. Slow it down or disable. Add to functions.php: // Reduce heartbeat frequency add_filter(‘heartbeat_settings’, function($settings) { $settings[‘interval’] = 60; // From 15-60 to 60 seconds return $settings; }); // Disable on frontend only (keep for editor autosave) add_action(‘init’, function() { if (!is_admin()) { wp_deregister_script(‘heartbeat’); } […]
Running heavy tasks on page load slows site. Action Scheduler queues tasks to run in background. Install: Built into WooCommerce, or install standalone “Action Scheduler” plugin Schedule Task: // Schedule single action as_schedule_single_action( time() + 3600, // 1 hour from now ‘my_custom_hook’, array(‘user_id’ => 123) // Arguments ); // Schedule recurring action (daily) as_schedule_recurring_action( time(), […]
Database queries on every page load are slow. Redis caches objects in memory for instant access. Install Redis Plugin: “Redis Object Cache” by Till Krüss Setup Redis Server: # Ubuntu/Debian sudo apt install redis-server sudo systemctl start redis sudo systemctl enable redis Configure WordPress (wp-config.php): define(‘WP_REDIS_HOST’, ‘127.0.0.1’); define(‘WP_REDIS_PORT’, 6379); define(‘WP_CACHE’, true); Enable in Plugin: Settings […]
Clicking through admin for repetitive tasks is slow. WP-CLI automates everything from terminal. Install: curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar chmod +x wp-cli.phar sudo mv wp-cli.phar /usr/local/bin/wp Common Commands: # Install plugin wp plugin install contact-form-7 –activate # Update all plugins wp plugin update –all # Create user wp user create john john@example.com –role=author # Search and replace […]
WordPress emails going to spam or not sending? PHP mail() is unreliable. Use SMTP instead. Install Plugin: “WP Mail SMTP” or “Easy WP SMTP” Or Add to functions.php: add_action(‘phpmailer_init’, function($phpmailer) { $phpmailer->isSMTP(); $phpmailer->Host = ‘smtp.gmail.com’; $phpmailer->SMTPAuth = true; $phpmailer->Port = 587; $phpmailer->Username = ‘your-email@gmail.com’; $phpmailer->Password = ‘your-app-password’; $phpmailer->SMTPSecure = ‘tls’; $phpmailer->From = ‘your-email@gmail.com’; $phpmailer->FromName = […]
query_posts() breaks main query and causes issues. WP_Query is the proper way to create custom loops. Wrong Way (Don’t Use): query_posts(‘cat=5&posts_per_page=10’); // Breaks pagination, conflicts with main query Right Way: $args = array( ‘post_type’ => ‘post’, ‘posts_per_page’ => 10, ‘category__in’ => array(5) ); $custom_query = new WP_Query($args); if ($custom_query->have_posts()) { while ($custom_query->have_posts()) { $custom_query->the_post(); the_title(); […]
WordPress default thumbnail sizes don’t fit your design? Create custom sizes. Add to functions.php: // Create custom thumbnail size add_image_size(‘custom-thumb’, 400, 300, true); // Parameters: name, width, height, crop (true/false) // Multiple sizes add_image_size(‘hero-image’, 1920, 600, true); add_image_size(‘product-thumb’, 300, 300, true); add_image_size(‘blog-featured’, 800, 400, true); Use in Templates: the_post_thumbnail(‘custom-thumb’); // Or get URL: $url = […]
Want different navigation for members vs visitors? WordPress has built-in conditional menu display. Create Two Menus: Appearance → Menus 1. “Public Menu” (for visitors) 2. “Member Menu” (for logged-in users) Add to functions.php: function conditional_menu() { if (is_user_logged_in()) { wp_nav_menu(array(‘theme_location’ => ‘member-menu’)); } else { wp_nav_menu(array(‘theme_location’ => ‘public-menu’)); } } In header.php, replace: <?php wp_nav_menu(); […]
Want branded login page? Add custom logo with a few lines of code – no plugin needed. Add to functions.php: function custom_login_logo() { echo ‘<style type=”text/css”> #login h1 a { background-image: url(‘ . get_stylesheet_directory_uri() . ‘/images/logo.png); background-size: contain; width: 300px; height: 100px; } </style>’; } add_action(‘login_enqueue_scripts’, ‘custom_login_logo’); Change Logo URL: function custom_login_url() { return home_url(); […]
WordPress saves every draft edit as revision. Posts with 100+ revisions bloat your database. Limit Revisions in wp-config.php: // Keep only last 3 revisions define(‘WP_POST_REVISIONS’, 3); // Or disable completely define(‘WP_POST_REVISIONS’, false); Add above /* That’s all, stop editing! */ line. Clean Existing Revisions: Install “WP-Optimize” plugin → Database tab → Remove all post revisions […]
XML-RPC is exploited for DDoS and brute force attacks. Most sites don’t need it – disable for security. Add to .htaccess: # Block xmlrpc.php <Files xmlrpc.php> Order Deny,Allow Deny from all </Files> Or Use Plugin: Install “Disable XML-RPC” plugin (one-click disable) Check If You Need It: XML-RPC is only needed for: Jetpack plugin Mobile apps […]
Updating your site and want to show “Coming Soon” page? No plugin needed. Add to wp-config.php: define(‘WP_MAINTENANCE_MODE’, true); Visitors see default maintenance page. You (logged in as admin) see site normally. Custom Message: Create .maintenance file in WordPress root: <?php $upgrading = time(); ?> <h1>Site Under Maintenance</h1> <p>We’ll be back soon!</p> Remove: Delete the define […]
Adding custom PHP to functions.php? Theme updates will erase your code. Use Code Snippets plugin instead. Setup: 1. Install “Code Snippets” plugin 2. Snippets → Add New 3. Paste your PHP code 4. Activate Why Better: // Your code survives theme updates // Can enable/disable snippets without deleting // Organized library of all custom code […]
Building mobile apps or SPAs that need WordPress content? REST API serves your posts as JSON for any frontend. // Fetch WordPress posts from React import React, { useState, useEffect } from ‘react’; function WordPressPosts() { const [posts, setPosts] = useState([]); const [loading, setLoading] = useState(true); useEffect(() => { fetchPosts(); }, []); const fetchPosts = […]
Trying to force blog posts to work as products or portfolios? Custom Post Types create dedicated content structures. // functions.php – Create Property Custom Post Type function register_property_post_type() { $labels = array( ‘name’ => ‘Properties’, ‘singular_name’ => ‘Property’, ‘menu_name’ => ‘Properties’, ‘add_new’ => ‘Add New Property’, ‘add_new_item’ => ‘Add New Property’, ‘edit_item’ => ‘Edit Property’, […]
WordPress sites loading slowly due to images? Native lazy loading with modern techniques dramatically improves performance. // Add to functions.php function add_lazy_loading_attributes($content) { // Only run on frontend if (is_admin() || wp_is_json_request()) { return $content; } // Use DOMDocument for reliable parsing if (class_exists(‘DOMDocument’)) { $dom = new DOMDocument(); @$dom->loadHTML(mb_convert_encoding($content, ‘HTML-ENTITIES’, ‘UTF-8’)); $images = $dom->getElementsByTagName(‘img’); […]
Brute force bots hammering wp-login.php with 1000s of password attempts? Block them at Apache level before they even reach WordPress. The Plugin-Free Solution: Add to .htaccess in WordPress root: # Limit wp-login.php access to specific IPs <Files wp-login.php> Order Deny,Allow Deny from all Allow from YOUR_IP_ADDRESS Allow from YOUR_OFFICE_IP </Files> Replace YOUR_IP_ADDRESS with your actual […]
WordPress admin panel sluggish and using 100% CPU? The Heartbeat API polls your server every 15 seconds for autosave and notifications, eating resources. What Heartbeat Does: Every 15 seconds: – Check for new comments – Check for plugin updates – Autosave post drafts – Notify about other users editing same post – Trigger scheduled tasks […]
Accidentally permanently deleted a post? If you acted within 30 days and your host hasn’t optimized the database, there’s a good chance it’s still recoverable. How WordPress “Deletes” Posts: When you empty trash, WordPress doesn’t immediately erase the post row. It updates the post_status to ‘trash’ first, then later to ‘inherit’ (for revisions). The actual […]
Getting hundreds of spam comments daily? Here’s a plugin-free solution that blocks 95% of spam bots at the server level. The Problem: Most spam bots post comments by directly hitting your wp-comments-post.php file, bypassing your website’s front-end entirely. Anti-spam plugins catch this AFTER it reaches WordPress, wasting server resources processing garbage requests. The Solution – […]
WordPress creates pages for every uploaded image. What happens Thin content pages Duplicate titles Crawled but useless URLs Fix (no plugin) Redirect attachment pages: add_action(‘template_redirect’, function () { if (is_attachment()) { wp_redirect(home_url(), 301); exit; } }); Why this works You’re reclaiming crawl budget and removing SEO noise. Most blogs never fix this. That’s why it […]
Most WordPress sites are plugin-heavy for no reason. Hidden power WordPress Block Editor already supports conditional rendering via PHP + block patterns. Example Show a CTA only for logged-out users: if (!is_user_logged_in()) { echo do_blocks(‘<!– wp:buttons –>…<!– /wp:buttons –>’); } Why this matters Fewer plugins → fewer update risks Faster TTFB Full control over UX […]
Plugins aren’t slow. Bad hooks are. What actually hurts init hooks doing heavy logic Unconditional database queries Hooks running on admin + frontend Fix Profile hooks Load logic conditionally Split admin/frontend hooks