If you’re like me, you don’t want Google tracking everything you do and every place you go. But, many WordPress themes include Google Fonts by default.
When you make a call to Google’s font servers, it gets the IP address you are coming from and the referral URL of the website that sent you allowing them to then enter into their database the site you are currently on, the IP you are originating from, and the time that you accessed that site.
The fix for this problems comes in the form of a plugin entitled, “Remove Google Font References“. It does exactly that.
Caching is important for good WordPress performance and there are many options out there with W3 Super Cache and W3 Total Cache being the two most popular. But both of these cache plugins are a pain in the butt to configure and sometimes cause problems with simply trying to login to your site.
Comet Cache is the newest incarnation of what used to be Zen Cache but it is a massive improvement. First, I’ve seen page load times almost drop in half for many pages. But more than that, Comet Cache does an excellent job of detecting dynamic content and not caching it so it is not necessary to manually enter exclusions in most cases.
Our web server has fail2ban installed. Fail2ban watches logs for various bad behaviors and bans offending IP addresses.
Please install the WP fail2ban plugin onto your WordPress installation. What this does is log various attempts to abuse WordPress so that fail2ban on our server can then ban the offending IP address.
XMLRPC is enabled by default in WordPress versions 3.5. It has a few legitimate uses such as tracebacks and pingbacks, but if you don’t need or are not using this, it is best to disable it because it is frequently abused by hackers.
After version 3.5 there is no longer an option to disable it but you can do so by installing the plugin Disable XML-RPC.