Optimal protection and more speed for WordPress

In this article you'll learn how to secure your blog against hackers and how to speed it up - more info in the WordPress Tutorial from checkdomain.net

WordPress is by far the most popular CMS on the Internet. Worldwide about 30 percent of all websites are operated with WordPress. This popularity also makes the system a preferred target for hackers. They often have an easy time of it: according to estimates, about 75 percent of all WordPress installations have security gaps. This is due to carelessness in programming, especially of templates and plug-ins, but also to the convenience of many users who do not update often enough.

Second disadvantage of the great popularity: The WordPress makers want or have to meet the requirements of more and more people - this makes the system slow and leads to long loading times of the website. Today we show you a simple method to solve both problems within a few minutes. Let's go!

Creating a Static WordPress Page - Step by Step

In our tutorial we show you how to turn your WordPress blog into a static page. Or put differently: How to "hide" WordPress and protect your site from attacks. If you log in to WordPress and for example create a new post, then WordPress stores all information in database tables. The content of the post comes in one table, the author comes in another, the URL is written in a table and so on. As soon as a visitor in the blog calls the post, the necessary information from all tables is searched together again and the page is dynamically generated.

The complete WordPress system always runs in the background. The result: the page becomes attackable and slow. The solution: You generate all pages and posts and save them ready assembled - static - on the server. And then your WordPress switches off or hides it.

Step 1: Put the WordPress page offline

First create a subdomain for your domain, like dyn.eure-domain.de. As a checkdomain customer you will find detailed instructions in our help section. Let the new subdomain point to your WordPress directory, i.e. exactly the directory your main domain points to.

In your WordPress directory on the server a subfolder must be created now. The static version of your page will be stored in this subfolder later on - for example the folder name "static" would be useful.

To create the subfolder you need FTP access to your webspace. If you have forgotten your access data, you will find the instructions for assigning a new password here. Important for checkdomain customers: If you have created several FTP users in your account, please use the access data for the main user, otherwise problems will occur in later steps.

Using an FTP program such as FileZilla, you can connect to the server and go to the directory of your WordPress installation. Create the new subfolder "static" in this directory. Important for checkdomain customers: The directory "static" must be a subfolder in your WordPress directory.

Step 2: Link main domain to web directory

In the next step you change the directory your main domain points to to the directory "/static". To do this, select the Domains tab in the checkdomain customer area, then Configuration and then Domain forwarding. Click on the Forwarding option and select the subfolder "/static" that has just been created via FTP under Directory.

For even more performance and security you can now deactivate the execution of PHP for your main domain. As a checkdomain customer you select your webhosting package, click on Settings under Server, select your domain in the drop-down menu and select PHP Version.

Step 3: Backup dynamic blog with directory protection

So that our dynamic WordPress blog, which can now be found under dyn.eure-domain.de, can no longer be reached without a password, it will be provided with directory protection. As a checkdomain customer you choose your webhosting package again and click on Directory protection under Security. Select your domain there and click on New Directory Protection. Now select your WordPress directory and follow the instructions on the page.

Alternatively you can set up the directory protection directly in the .htaccess. Instructions can be found here.

Step 4: Edit .htaccess files

If you call up your main domain now, you will see: Access only with password. The problem is that the directory protection is "inherited" downwards and thus also applies to the "static" folder to which your domain now points. Of course we have to change that, because in the future the static page should be accessible for all users.

Two .htaccess files have to be edited. Use your FTP program and open the automatically created .htaccess file in your WordPress directory. Add the entry 'require local' here. The whole thing should look like this:

# BEGIN WordPress

RewriteEngine On

RewriteBase /

RewriteRule ^index\.php$ - [L] RwriteCond %


RwriteCond %{REQUEST_FILENAME} !-d

RewriteRule . index\.php [L]

# END WordPress

AuthType Basic



AuthName "authname"

require valid-user

require local

In the directory "static" add a file with the name .htaccess and enter the following line:

Require all granted

Step 5: Install and set up Simply Static plugin

Now log into the admin area of your WP-Blog and install the plugin "Simply Static". Note: The admin area can now be found at dyn.eure-domain.de/wp-admin. After activation the plugin appears as a new menu item in the sidebar.

In Simply Static, click on Settings and specify the address where your static blog should be available - in our example http(s)://www.eure-domain.de.

Then go one point further down to the point Delivery method and select Local directory. Enter the path to the already created "static" directory. This should look like "/home/euer-user/wordpress/static".

Step 6: Check settings and generate static files

All green? Then you can almost hook into the action static WP
All green? Then you can almost hook into the action "static WP"...

Simply Static helps you with the point Diagnostics to check if all settings and prerequisites are correct. Everything all right? Then you can create your static blog with the button "Generate static files" in the main menu of Simply Static. Done!

he balance: advantages and disadvantages

Your WordPress page is now safe from attacks and virtually immune to security vulnerabilities in plugins and Co.

The website will be delivered very fast: The loading time is only a fraction of the time otherwise needed, since no more data from the database must be retrieved

The static content has to be regenerated after every change - even if only a spelling error has been corrected, the whole blog will be regenerated. For large blogs that have a lot of content, this can take some time.

Plugins and other features that require PHP can no longer be used. These include comment functions, contact forms, forum software and eCommerce applications. However, there are alternative solutions for most of these features. For comments you can use Disqus and for forums Wufoo.

The conclusion: Who is a static WordPress suitable for?

Creating static pages using Simply Static is best suited for operators of small to medium-sized websites that are seldom changed. Simply Static reduces the risk of hacker attacks to almost zero - even if WordPress updates are neglected. A bonus is the fast delivery. This procedure is recommended for most operators of WordPress pages.

A tip for advanced users: WordPress doesn't have to be accessible online anymore with this model, not even behind password protection. It can also run locally and generate the static data from there. Instructions can be found here.

Other products you might be interested in
Website Builder
Create your own website without any programming knowledge.
Create a Website
Concentrate fully on your project! Performance and security included.
Optimize your Web site and achieve top rankings.
Website optimization
SSL Certificates
For your site, more safety protect yourself from hacker attacks.
Quickly protect