Leverage Browser Caching in IIS Web.config

Google’s Page Speed test recommends the we leverage browser caching. To do this in Windows using IIS, open the site’s web.config and add a client caching directive:

 

<system.webServer>
<staticContent>
<clientCache cacheControlMode=”UseMaxAge” cacheControlMaxAge=”365.00:00:00″/>
</staticContent>
</system.webServer>

 

**There are “per file” rules that can be applied but this seems to be sufficient for Google

Invalid Request OpenSSL Error: Adding a new site to MainWP on Windows

I have been setting up MainWP on Windows and I ran into an issue when trying to add my first site. MainWP’s dashboard gave me an error, “Invalid Request” – not very descriptive. When I looked in my PHP error log I found: “[10-Dec-2016 14:20:34 UTC] PHP Warning: openssl_pkey_get_details() expects parameter 1 to be resource, boolean given in [PATH_TO_SITE]\wp-content\plugins\mainwp\view\view-mainwp-manage-sites-view.php on line 1737
” .

 

A bit of Googling told me that MainWP looks for OpenSSL, and if it doesn’t exist it falls back on an MD5 encryption scheme. If OpenSSL exists, but isn’t configured properly the process just fails there.

 

After some poking around I found that my OpenSSL installation was throwing  and error regarding “/usr/syno/ssl/openssl.cnf” not exisiting. After reading this post I created this folder structure and the file and “voila” OpenSSL ran without the error and I could add my sites! The actual full path was: C:\usr\syno\ssl\openssl.cnf

Optimizing a Website – Speed and Mobile

Documenting my attempts to optimize my site.

Going to use Page Speed,  , as well as tips from: //conceptclarity.ca/speed-optimization-tips-from-wpmu-dev/

— Second set of tests will be: http://speedtest.serverresources.info/

Step 1: Starting stats
Using Google Page Speed Insights 3 times (I have found it can vary wildly)
https://developers.google.com/speed/pagespeed/insights/?url=conceptclarity.ca&tab=desktop
Results: mobile/Desktop
Run 1: 59/79
Run 2: 63/79
Run 3: 65/79

Ok, minor differences, but it gives a base. I am going to go through the suggested steps to see how I can improve this.

Step 2:

 

Leverage Browser Caching:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
  <system.webServer>
    <staticContent>
      <clientCache cacheControlMode="UseMaxAge" cacheControlMaxAge="7.00:00:00" />
    </staticContent>
  </system.webServer>
</configuration>

This does static files for 7 days.

 

WordPress Permissions on IIS

A lot has been written about this, but I have yet to find the Holy Grail of IIS/Wordpress permissions. The tricky part seems to be the permissions for the root folder – allowing WP to update, while being secure. I have had a bad experience where a plugin – WP Super Cache – has a recursive delete function when removing itself and it ended up walking all folders on the server that IUSR had access to, deleting as it went. This killed dozens of sites and made a huge nightmare for me. Backups were in place, but still – it sucked! Slightly better is:

CREATOR OWNER – special permissions
IUSR – Read & Execute, List Folder contents, Read
SYSTEM – Full Control
Administrators – Full Control
Users – Full Control
IIS APPPOOL\ – full control
*Note: you have to type in the full apppool identity as it is not selectable from the GUI

From this thread: https://wordpress.org/support/topic/the-correct-permissions-for-wordpress-on-iis , however WordPress update failed (plugin installs worked). The same thread suggests adding the appools to the IIS_Users group and giving it full control, but that would seem to give other apppools access to all sites.

Speed Optimization Tips From WPMU Dev

Pasting this here for future reference (from an email generated by WPMU Dev):

Site speed isn’t all about images though – there are heaps of other things to look at, too. I’ve collected a few posts from our blog that nicely sum up what you should look at to get your site operating at 100% optimal speed.

Here’s a quick overview of five areas to work on

This one is a comparison of a few top caching plugins (WP Super Cache, W3 Total Cache and WP Rocket)

A simple list of the 10 fastest WordPress themes

You like image optimization, so here’s some more detail about that

This is a big 22 step outline of every aspect of optimizing speed on your wordpress site

And finally, an in-depth drill-down on how we managed to get a WordPress site to a 91/100 on Google Pagespeed Insights

Configure Filezilla for Passive FTP on WIndows

http://www.johandorper.nl/log/filezilla-server-passive-ports

Sopme older versions of Windows Server don’t accept port ranges in Windows Firewall. They also don’t seem to accept comma separated port of 1000 total ports. I am not sure what the max is, but 100 work. Here is a sample:

50100,50101,50102,50103,50104,50105,50106,50107,50108,50109,50110,50111,50112,50113,50114,50115,50116,50117,50118,50119,50120,50121,50122,50123,50124,50125,50126,50127,50128,50129,50130,50131,50132,50133,50134,50135,50136,50137,50138,50139,50140,50141,50142,50143,50144,50145,50146,50147,50148,50149,50150,50151,50152,50153,50154,50155,50156,50157,50158,50159,50160,50161,50162,50163,50164,50165,50166,50167,50168,50169,50170,50171,50172,50173,50174,50175,50176,50177,50178,50179,50180,50181,50182,50183,50184,50185,50186,50187,50188,50189,50190,50191,50192,50193,50194,50195,50196,50197,50198,50199,50200

Enable SSL with Cloudflare and WordPress

Cloudflare allows you to use SSL (there are varying levels). In order to get this running, here are the basic steps that I performed to enable SSL with Cloudflare and WordPress the first time. Edits to this post will happen if other issues arise in subsequent attempts.

Enable SSL in Cloudflare

– Under the settings summary there is a security section with SSL listed. This is liekly set to Flexible. There are different types, but we will use Flexible.
– Create a PageRule in your CloudFlare PageRule settings to force https:// with a format of *yourdomain.com* (keep the asterisks! eg: http://*conceptclarity.ca* ). Make sure the “Always use https://“ toggle is switched to on.

WordPress Set up

– Install Cloudflare plugin
– Install SSL Insecure Content Fixer, play with settings until no mixed content warnings appear. *On the second site I did I had to change the HTTPS detection setting to get the green checkmark


Fixing a redirect issue, and also Visual Composer loading over http:// – add this to wp-config.php: (from https://wordpress.org/support/topic/load-tinymce-assets-over-ssl)

define('FORCE_SSL_ADMIN', true);
// in some setups HTTP_X_FORWARDED_PROTO might contain
// a comma-separated list e.g. http,https
// so check for https existence
if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
$_SERVER['HTTPS']='on';