Monthly Archives: August 2010

My wife called me during the train ride home to say that she just had a brief encounter with Peter Sagal as she was unloading the car. He happened to be walking past while she was telling the boy, who was trying to push the stroller, that the wheels were locked. Mr. Sagal commented that he liked his name.

We listen to Wait Wait every week, either in the car while running errands or going to the zoo, children’s museum, IKEA, etc., or the podcast later. The kids dig clapping along during the introduction. Our daughter has named one of her stuffed animals (a cat) Peter Sagal. Mr. Sagal’s opinion of this is unknown.

I don’t use Twitter that much, but I’ve followed him for some time. I told her I would tweet about it and that I bet he would reply. So I did, and sure enough, a few hours later, he did.

Exchange with Peter Sagal on Twitter

Peter Sagal does Twitter right

A user pointed out that while an attachment to an email had the icon of an installed application (in this case, Word) and the correct extention (.DOC), it would not open in Word with a double-click. The Open With dialog box opened instead. When the attachment was dragged to the desktop, it opened in Word with a double-click, as expected.

Because the filename of this attachment was pretty long, I suspected that it had something to do with the length of the filename, and so I started investigating.

Test files

I created text files with the following filenames:

119-CAsEvpz1R29z7sdrgs4-apJFmpissj-xxdfgh-dfght66x1aseg-7tSs5lF7lLyd3T-HJf42YiMYwguijgrsywh-wgh3q45y4tys64ysy45-119.txt

120-CAsEvpz1R29z7sdrgs4-apJFmpiRssj-xxdfgh-dfght66x1aseg-7tSs5lF7lLyd3T-HJf42YiMYwguijgrsywh-wgh3q45y4tys64ysy45-120.txt

123-CAsEvpz1R29z7sdrgs437-apJFmpiRssj-xxdfgh-dfght66x1aseg-7tSs5lF7lLyd3T-HJ6f42YiMYwguijgrsywh-wgh3q45y4tys64ysy45-123.txt

129-vpz1R296z7apJFmpiRss6x1IA7eu9utSs5lF7lLyd3THJf42YiMYwgVZ4FJ-CAsEvpz1R296z7apJFmpiRss6x1IA7eu9utSs5lF7lLyd3THJf42YiMYa-129.txt

131-vpz1R296z7apJFmpiRss6x23451IA7e9utSs5lF7lLyd3THJf42YiMYwgVZ4FJ-CAsEvpz1R296z7apJFmpiRss6x451I7eu9utSlF7lLyd3THJf42YiMYa-131.txt

133-vpz1R296z7apJFmpiRss6x1IA7eu9utSs5lF7lLyd3THJf42YiMYwgVZ4FJ-CAsEvpz1R296z7apJFmpiRss6x1IA7eu9utSs5lF7lLyd3THJf42YiMYwgVZa-133.txt

Including the extensions, these filenames are 119, 120, 123, 129, 131, and 133 characters, respectively.

Outgoing emails

I added the files as attachments to a new mail message.

For attachments with less than 130 characters in the filename, the filename is displayed in full.

The “129-” attachment’s name is 129 characters and the full name was displayed. The icon was the correct Text Document file icon.
The “131-” attachment’s name is 131 characters and the name was truncated at the 129th character (…-131.t). This caused the icon to be the Windows unrecognized file type icon (presumably because my computer has no application associated with a “.t” extension).
The “133-” attachment’s name is 133 characters and was truncated at the 129th character, before the . character (…-133). The icon was a Notepad icon, but not the typical Text Document file icon.

It would appear that attachment filenames are truncated at the 129th character when displayed in the attachment pane in the Mail To: window.

Incoming emails

Send the email.

Open the received email or view it with the Quickviewer and note that the filenames in the attachment window are again truncated at the 129th character.

Try to open each attachment with a double-click. The “119-” attachment should open in Notepad, but all attachments with longer filenames will not open, and instead cause an Open With prompt to open.

Why was this happening?

The locally stored attachment filename is differently truncated

Even when the full filename with the extension is visible, the filename of the local copy of the attachment is truncated at X characters, where X = (130 – PATH/TO/XPgrpwise).

In my case, the path to the XPgrpwise folder that contains the attachments is 63 characters long:
C:\Documents and Settings\F_LAST\Local Settings\Temp\XPgrpwise\
This means the maximum filename length for emails opened under my account is 67 characters (130 – 63 = 67).

A longer or shorter path to this folder will cause the maximum filename length to change accordingly, so if you repeat these tests, your experience may vary.

This matters less than one would think, though, because of the way GroupWise 7 shortens the filenames.

An unexpected discovery

Instead of simply chopping off any characters after the character limit has been reached, however, GroupWise will truncate the name portion of the filename and leave the extention portion intact, up to 119 characters. Filenames 120 characters or longer are truncated to the 119-character limit but the extention begins to be cut off. Once the extention begins to be cut off, double-clicking the attachment will cause the Open With dialog box to open if the shortened extention doesn’t have an application associated with it or is missing entirely (as one would expect). Filenames of 123 characters or longer are truncated such that the dot+extension is completely removed. This 119-character limit seems to be independent of the number of characters in the path to XPgrpwise.

In summary

To sum up, just because GroupWise 7 displays the full filename of an attachment and the correct icon doesn’t mean that the attachment can be opened in its associated application from the message window. When GroupWise saves the file to the hard drive, it truncates long filenames, potentially removing the extension. Opening attachments with filenames greater than 119 characters in length requires a little more effort because of the way the local copy of the file is saved without an extension.

A collection of web development tools for building better sites more easily.

Frameworks and scripts

HTML5 Boilerplate is the professional badass’s base HTML/CSS/JS template for a fast, robust and future-proof site.

scriptsrc.net is a collection of script tags of the latest versions of a range of JavaScript libraries.

Modernizr adds classes to the <html> element which allow you to target specific browser functionality in your stylesheet. You don’t actually need to write any Javascript to use it.

Images

placehold.it is a quick and simple image placeholder service.

Text manipulation

TextFixer is a collection of online text tools. Remove line breaks from text, alphabetize text, capitalize the first letter of sentences, remove whitespaces, and uppercase text or lowercase text.

XHTML

HTML Minifier will minify HTML (or XHTML), and any CSS or JS included in your markup.

CSS

CSS3 Generator is an awesome code generator for CSS3 snippets, and shows the minimum browser versions required to display the effects.

proCSSor is an advanced CSS prettifier with tons of formatting options.

JavaScript

Online javascript beautifier will reformat and reindent bookmarklets, ugly javascript, unpack scripts packed by the popular Dean Edward’s packer, as well as deobfuscate scripts processed by javascriptobfuscator.com. The source code for the latest version is always available on github, and you can download the beautifier for local use (zip, tar.gz) as well.

Fonts and Typography

Fontshop.com has written A Field Guide to Typography to get you excited about fonts and typography.

Typetester is an online app for comparing different fonts for the screen, you can test up to three fonts at a time and choose the one you like. Its primary role is to make web designer’s life easier.

A quick chart of the fonts common to all versions of Windows and the Mac equivalents, or a more extensive matrix of fonts bundled with Mac and Windows operating systems, Microsoft Office and Adobe Creative Suite.

<html>ipsum has Lorem ipsum already wrapped in HTML tags. Pre-made paragraphs, lists, etc…

More resources at: 50 Useful Design Tools For Beautiful Web Typography and 21 Typography and Font Web Apps You Can’t Live Without.

Colors

Color Scheme Designer.

Markup

Google Webmaster Tools’ Rich Snippets Testing Tool.

Use the Rich Snippets Testing Tool to check that Google can correctly parse your structured data markup and display it in search results.

I’ve written a simple batch file to remove those hidden files that Mac OSX leaves all over shared drives to annoy us Windows users.

del /s /a:h ._*
:: http://en.wikipedia.org/wiki/Resource_fork

del /s /a:h .DS_Store
:: http://en.wikipedia.org/wiki/.DS_Store

del /s /a:h .Trashes
:: http://en.wikipedia.org/wiki/Recycle_bin_(computing)

@pause

How to use

Copy the code into a text file, rename it cleanOSX.bat and run it from the root of the drive you wish to clean. The script will look through all subfolders, deleting any hidden file or folder with a name that begins with ._, or that matches .DS_Store or .Trashes. Depending on the number of these files on your drive, the process of deleting them could take some time.

Where do these files come from?

The resource fork

The resource fork is a construct of the Mac OS operating system used to store structured data in a file, alongside unstructured data stored within the data fork. A resource fork stores information in a specific form, such as icons, the shapes of windows, definitions of menus and their contents, and application code (machine code). For example, a word processing file might store its text in the data fork, while storing any embedded images in the same file’s resource fork. The resource fork is used mostly by executables, but every file is able to have a resource fork.

Currently, Mac OS X does support resource forks on Windows SMB shares by creating a hidden file in the same directory with the data fork file, with the characters “._” at the beginning of the file name. However, this may be annoying for some users, especially because some Windows power users always keep hidden files visible. Besides, Windows does not treat those files correctly as the file itself is moved or removed.

http://en.wikipedia.org/wiki/Resource_fork

The Desktop Services Store

.DS_Store (Desktop Services Store) is a hidden file created by Apple Inc.’s Mac OS X operating system to store custom attributes of a folder such as the position of icons or the choice of a background image.

http://en.wikipedia.org/wiki/.DS_Store

The Trash folder

Under Mac OS X, when a file is deleted in Finder, it is moved to a .Trashes folder, and when viewing the device’s available space the space occupied by the deleted files is shown as occupied.

http://en.wikipedia.org/wiki/Recycle_bin_(computing)

I’ve written a number of posts on ways to reduce the number of spam comments a blog receives. In this post, I’ll revisit an old method that has almost completely stopped spam comments at ardamis.com before they get to the database.

My first system for blocking WordPress comment spam was an overly complex combination of JavaScript and a challenge-response to test that the comment was being submitted by a person. The value of the action attribute in the form was not in the HTML when the page was loaded, so the form couldn’t be immediately submitted, then JavaScript was used to write the path to a renamed wp-comments-post.php file only after a certain user action was performed. I was never really satisfied with it. I didn’t like relying on JavaScript, I had doubts that any human being (meaning of any mental or physical capacity, speaking any language, etc.) could correctly answer the question, and I was concerned that any obstacle to submitting a form discourages legitimate commenting.

A few months later, I posted a simpler timestamp method for reducing WordPress comment spam that compares two timestamps and then rejects any form submission that occurrs within 60 seconds of the post page being loaded. The visitor wasn’t bothered by an additional form field solely for anti-spam and there was no JavaScript involved.

Both methods were very effective at blocking spam before it made it to the database. In the five months leading up to the implementation of the first method, Akismet was catching an average of 1418 spam comments per month. In the first five months after these methods were put in place, Akismet was catching only 54 spam comments per month. But I also noticed a reduction in legitimate comments, from an average of 26 per month to 20 per month, which led me to suspect that real visitors attempting to leave comments were being discouraged from doing so.

The timestamp method required changing a core file, which was overwritten each time WordPress was updated. As time went on, I forgot to replace the file after upgrading WordPress, so the protection was lost and I once again had only Akismet blocking spam. A few months later, while doing work on the database in an attempt to speed up WordPress, I happened to check my historical stats and found that Akismet had detected 4,144 comments in July, 2010. Yikes. It was time to revisit these old methods.

At 2:30 AM on August 1, 2010, I again implemented my timestamp method, but this time I also renamed the wp-comments-post.php file that processes the form. I changed my theme’s comments.php file to submit the form to the new page, deleted the wp-comments-post.php file from the server and tested to make sure that comments could still be submitted. And then I waited to see what would happen.

The effect was pretty amazing. The spam had almost completely stopped.

My Akismet stats look like this:

Date Spam
7.30.10 192
7.31.10 196
8.1.10 32
8.2.10 0
8.5.10 4
8.8.10 4
8.10.10 4
8.11.10 4
8.13.10 0
8.14.10 0

(I don’t know why so many dates in August are skipped in the log, but whatever.)

Fast, but only partial protection

The quick and easy way to reduce the number of spam comments that your WordPress blog receives is to merely change the location of the comment form processing script.

  1. Rename wp-comments-post.php to anything else. I like using a string of random hexadecimal characters, like: z1t0zVGuaCZEi.php.
  2. Edit your current theme’s comments.php so that the form is submitted to this new file.
  3. Upload these files to their respective directories, then delete the wp-comments-post.php file from your server.

This method works well to stop spam submitted by bots that assume the comment form processing script used by WordPress is always at the same location. More advanced bots will read the actual location of the file from the action attribute of the form element, but that can be countered by using either the JavaScript or timestamp method.

Access log analysis

To illustrate the effectiveness of the renamed wp-comments-post file + timestamp check, below are some events from my 06 August 2010 access log.

Bot defeated by renamed file alone

Here is a form submission to the non-existent wp-comments-post file that occurs 2 seconds after the post page is requested.

173.242.112.44 - - [06/Aug/2010:23:21:37 -0700] "GET www.ardamis.com/2007/07/12/defeating-contact-form-spam/ HTTP/1.0" 200 32530 "http://www.google.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 8.50"
173.242.112.44 - - [06/Aug/2010:23:21:39 -0700] "POST www.ardamis.com/wp-comments-post.php HTTP/1.0" 404 15529 "//ardamis.com/2007/07/12/defeating-contact-form-spam/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 8.50"

The bot is sent a 404 HTTP status code, which is widely understood to mean that the page isn’t there and you can stop asking for it. But that doesn’t stop this bot! Two minutes later, it’s back at another page, trying again.

173.242.112.44 - - [06/Aug/2010:23:23:01 -0700] "GET www.ardamis.com/2007/03/29/xbox-360-gamercard-wordpress-plugin/ HTTP/1.0" 200 101259 "http://www.google.com" "Opera/9.64(Windows NT 5.1; U; en) Presto/2.1.1"
173.242.112.44 - - [06/Aug/2010:23:23:05 -0700] "POST www.ardamis.com/wp-comments-post.php HTTP/1.0" 404 15529 "//ardamis.com/2007/03/29/xbox-360-gamercard-wordpress-plugin/" "Opera/9.64(Windows NT 5.1; U; en) Presto/2.1.1"

Again, it gets a 404 back. Some bots never learn.

Bot defeated by timestamp check

Here is a form submission to the renamed wp-comments-post file that occurs 4 seconds after the post page is requested.

91.201.66.6 - - [06/Aug/2010:23:30:41 -0700] "GET www.ardamis.com/2007/03/29/xbox-360-gamercard-wordpress-plugin/ HTTP/1.1" 200 21787 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)"
91.201.66.6 - - [06/Aug/2010:23:30:45 -0700] "POST www.ardamis.com/wp-comments-post-timestamp-3.0.1.php HTTP/1.1" 500 1227 "//ardamis.com/2007/03/29/xbox-360-gamercard-wordpress-plugin/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)"

The 500 HTTP header indicates that this submission was denied and the comment never made it to the database. This access log doesn’t indicate which check stopped the POST (eg: the email validation or the timestamp function), but my money is on the timestamp.

Here’s another form submission to the renamed wp-comments-post file that occurs one second after the post page is requested. Speed reader or bot?

95.220.185.210 - - [06/Aug/2010:23:56:54 -0700] "GET www.ardamis.com/2010/02/26/fixing-word-2007-add-in-issues/ HTTP/1.1" 200 23977 "-" "Opera/9.01 (Windows NT 5.0; U; en)"
95.220.185.210 - - [06/Aug/2010:23:56:55 -0700] "POST www.ardamis.com/wp-comments-post-timestamp-3.0.1.php HTTP/1.1" 500 1213 "//ardamis.com/2010/02/26/fixing-word-2007-add-in-issues/" "Opera/9.01 (Windows NT 5.0; U; en)"

The submission is rejected.

Taking the method even further

To take this method even further, one could send a 200 OK header even when the comment is blocked, so the bots never know their mission failed. But this seems unnecessary at this point, as it doesn’t appear that they change their behavior after being sent a 404 error, or that they try again after being sent a 500 error. It also makes it harder to figure out from the access logs which comments were rejected and for what reason.

If you still want to do this, first implement the timestamp method, then make the following modifications.

Sending a 200 header

$comment_timestamp    = trim($_POST['timestamp']);
$submitted_timestamp  = time();

if ( $comment_timestamp == '' ) {
// If the value for $_POST['timestamp'] is an empty string, exit (the form wasn't submitted by the theme's comments.php)
	header('HTTP/1.1 200 OK');
	echo '<p style="text-align:center;">Error: It looks like this form was not submitted by the form at ' . get_option('siteurl') . '.</p>';
	exit;
}
if ( $submitted_timestamp - $comment_timestamp < 60 ) {
// If the form was submitted within 60 seconds of page load, exit
	header('HTTP/1.1 200 OK');
	echo '<p style="text-align:center;">Error: The comment was posted too soon after the page was loaded.  Please press the Back button on your browser and try again in a few seconds.</p>'; 
	exit;
}
// If the form was submitted more than 10 minutes after page load, die
if ( $submitted_timestamp - $comment_timestamp > 600 ) {
	header('HTTP/1.1 200 OK');
	echo '<p style="text-align:center;">Error: You waited too long before posting a comment.</p>';
	exit;
}

One could also write a record to a database each time the old wp-comments-post.php file is requested or any of the timestamp checks block a form submission, and pretty quickly generate a list of IP addresses for a black list. At the same time, one could log which timestamp check caught the spam attempt, which is interesting enough that I’ll probably do it eventually.

I’ve written a simple batch file for backing up files and folder onto a different drive letter.

In my case, the destination drive will be a USB drive. Even though I’ve configured Windows to always assign the same drive letter to that device, the possibility remains that I’ll connect a different drive that will be assigned the same drive letter. In order to be sure that I’m backing up to the correct drive, the batch file performs a few checks before copying files.

The first check confirms that a disk exists at that drive letter. The second check confirms that the path is valid. The third check looks for the presence of a file in the destination directory.

To use, simply paste the following code into a text file, change the variables to match your environment, add additional xcopy lines for other folders, then save it as a .bat file. Fire the batch file manually, or place it in your startup folder to automatically back up your files each time you log in to Windows.

:: Back up select files and folders to a location that may be an external drive
@echo off

:: Set some variables
set destinationDrive=D:
set destinationPath=backup
Set destination=%destinationDrive%\%destinationPath%
set validationFile=asdf.txt

:: Check to see if the drive is available
if not exist %destinationDrive%\. goto :nodestinationDrive
:: Move to destination drive
%destinationDrive%

:: Check to see if the path is available
if not exist "\%destinationPath%\." goto :nodestinationPath
:: Move to destination path
cd %destinationPath%

:: Check to see if the validation file exists
if not exist %validationFile% goto :novalidationFile

:: Backup location is valid
@echo The backup location "%destination%" is valid.

:: Copy files and folders if source is newer than destination

:: Desktop
@xcopy "%USERPROFILE%\Desktop" "%destination%\Desktop" /d /e /c /i /q /h /r /k /y

@echo.
@echo Files copied.  Please review output for errors.
@pause
goto eof

:nodestinationDrive
@echo The destination drive "%destinationDrive%" does not exist.
goto :nocopy

:nodestinationPath
@echo The destination path "%destinationPath%" does not exist on drive %destinationDrive%.
goto :nocopy

:novalidationFile
@echo The validation file does not exist.
goto :nocopy

:: No files have been copied
:nocopy
::@echo A valid backup location cannot be confirmed.
@echo No files have been copied.

@echo.
@pause

This file works with Windows XP through Windows 7.

Are you new to SEO? Do you have a basic understanding of how web pages are built, and want to tweak yours for better rankings? I’ve wanted to collect a few authoritative, practical, and non-technical resources on SEO for my clients for some time. The good news is that it’s easier than you think to build a page that does a number of things that the search engines like. The guides below should help explain what to look for when evaluating whether a site has been developed with an eye for SEO.

Google has created a compact Search Engine Optimization Starter Guide of best practices that developers can follow to improve their sites’ crawlability and indexing. This guide is available as a PDF.

The SEOmoz Beginner’s Guide to SEO provides comprehensive information you need to get on the road to professional quality SEO. Read it online or download it as a PDF.

SEOmoz’s CEO and co-founder wrote a very nice article on building the perfectly optimized page that explains the most important on-page factors and how they affect rankings in today’s environment.

Sometimes, a client will ask for SEO as though it’s something to be tacked on after the site has been built. Happily, good development practices benefit human visitors as well as SEO, and they go into every site I build, as I build it, from the very first line of code. I’ve written up a list of on-page factors and other considerations within a developer’s direct control that are important not only for SEO, but for good web development in general, at Aleph Studios | SEO Consulting.

I’ve written a few posts on how to speed up web sites by sending the correct headers to leverage browser caching and compressing .php, .css and .js files without mod_gzip or mod_deflate.

The intended audience for this post is developers who have already applied most or all of Google’s Web Performance Best Practices and Yahoo’s Best Practices for Speeding Up Your Web Site and are wondering how to speed up WordPress sites in particular.

I assume you’re familiar with WordPress caching and are already using a caching plugin, such as WP Super Cache, W3 Total Cache or the like.

Reduce HTTP requests

Reducing HTTP requests should be the very first thing step in speeding up any site. If you are using plugins, watch them carefully for inefficiencies like added CSS and JavaScript files. Combine, minify and compress these files. Some plugins allow you to turn off their bundled CSS in the plugin’s settings page. Where possible, copy the plugin’s CSS into the current theme’s style.css and turn off the extra file.

Delete deactivated plugins

Remove any plugins you’re not using. Deactivated plugins can be deleted from the Plugins page.

Speed up the mod_rewrite code

jdMorgan from WebmasterWorld.com has written a replacement for the .htaccess rewrite rule used by WordPress. This will speed up the WordPress mod_rewrite code by a factor of more than two.

This is a total replacement for the code supplied with WP as bounded by the “Begin WP” and “End WP” comments, and fixes several performance-affecting problems. Notably, the unnecessary and potentially-problematic container is completely removed, and code is added and re-structured to both prevent completely-unnecessary file- and directory- exists checks and to reduce the number of necessary -exists checks to one-half the original count (due to the way mod_rewrite behaves recursively in .htaccess context).

http://www.webmasterworld.com/apache/4053973.htm

The following code is adapted from the original to add png, flv and swf to the list of static file formats:

# BEGIN WordPress
# adapted from http://www.webmasterworld.com/apache/4053973.htm
#
RewriteEngine on
#
# Unless you have set a different RewriteBase preceding this point,
# you may delete or comment-out the following RewriteBase directive
# RewriteBase /
#
# if this request is for "/" or has already been rewritten to WP
RewriteCond $1 ^(index\.php)?$ [OR]
# or if request is for image, css, or js file
RewriteCond $1 \.(gif|jpg|png|ico|css|js|flv|swf)$ [NC,OR]
# or if URL resolves to existing file
RewriteCond %{REQUEST_FILENAME} -f [OR]
# or if URL resolves to existing directory
RewriteCond %{REQUEST_FILENAME} -d
# then skip the rewrite to WP
RewriteRule ^(.*)$ - [S=1]
# else rewrite the request to WP
RewriteRule . /index.php [L]
#
# END wordpress 

Only load the comment-reply.js when needed

In the default WordPress template, the comment-reply.js script is included on all single post pages, regardless of whether nested/threaded comments is enabled. A simple tweak changes the theme to only include comment-reply.js on single post pages only when it makes sense to do so: if threaded comments are enabled, commenting on that post is allowed, and a comment already exists.

Remove the following line from your theme’s header.php:

<?php if ( is_singular() ) wp_enqueue_script( 'comment-reply' ); ?>

Add the following lines to your theme’s functions.php.

// Don't add the wp-includes/js/comment-reply.js?ver=20090102 script to single post pages unless threaded comments are enabled
// adapted from http://bigredtin.com/behind-the-websites/including-wordpress-comment-reply-js/
function theme_queue_js(){
  if (!is_admin()){
    if (is_singular() && (get_option('thread_comments') == 1) && comments_open() && have_comments())
      wp_enqueue_script('comment-reply');
  }
}
add_action('wp_print_scripts', 'theme_queue_js');

Only load the l10n.js when needed

In WordPress 3.1, a l10n.js script is loaded. It is “mostly used for scripts that send over localization data from PHP to the JS side using wp_localize_script().” Whether it’s safe to remove this file seems to be a matter of debate, but should you decide you want to remove it…

Add the following lines to your theme’s functions.php.

// Don't add the wp-includes/js/l10n.js?ver=20101110 script to non-admin pages
// adapted from http://wordpress.stackexchange.com/questions/5451/what-does-l10n-js-do-in-wordpress-3-1-and-how-do-i-remove-it
function remove_l10n_js(){
  if (!is_admin()){
    wp_deregister_script('l10n');
  }
}
add_action('wp_print_scripts', 'remove_l10n_js');

Replace unecessary code executions and database queries

WordPress saves settings specific to your blog in the database. These settings include what language your blog is written in, whether text is read left-to-right or vice versa, the path to the template directory, etc.

The default WordPress theme contains a number of database queries in order to figure out these things and build the correct page. The default theme needs this flexibility, but your theme does not. Joost de Valk recommends replacing these database queries with static text in your theme files in his post Speed up WordPress, and clean it up too!

An easy way to do this is to browse to your web site and then view the source code. Copy the content that won’t change from page to page and paste it into your theme, overwriting the PHP with the generated HTML.

For example, my theme’s header.php file contains this line:

<html xmlns="http://www.w3.org/1999/xhtml" <?php language_attributes(); ?>>

The source code of the rendered page displays this line:

<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

On my blog, this HTML output is never going to be anything different, so why make WordPress look these settings up in the database each time a page is loaded? This line is an excellent candidate for replacement. The footer.php file contains a handful more opportunities for replacement, but go through each of your theme’s files and look for references to the template directory and other data that won’t change as long as you’re using the theme. All told, I was able to replace 12 database queries with static HTML.

Joost also recommends checking for unnecessary or slow database queries, and installing a helpful debugging plugin, in his post on Optimizing WordPress database performance.

Clean out your MySQL database

Delete spam comments

From the Dashboard, click Comments, then click on Empty Spam.

Delete post revisions

If you don’t use post revisions, you may want to delete them from the wp_posts table. Back up your database, then run the following SQL query:

DELETE FROM wp_posts WHERE post_type = "revision";

Before: 683 records
After: 165 records

This does not delete the latest draft of unpublished posts. It’s a good idea to optimize the table after deleting the revisions.

You can stop WordPress from saving post revisions by adding the following code to wp-config.php:

define('WP_POST_REVISIONS', false );

Optimize your MySQL database

Optimizing your MyISAM tables is comparable to defragmenting your hard drive. It’s probably been a while since you’ve done that, too.

If you’re using phpMyAdmin, browse to your WordPress database. Under the Structure tab, at the bottom of the list of tables, click on the link “Check all”. In the “With selected” menu, choose “Optimize table”. (I would have recommended just optimizing tables that have overhead, but the wp_posts table can be optimized even when it doesn’t show any overhead.

For MyISAM tables, OPTIMIZE TABLE works as follows:

  • If the table has deleted or split rows, repair the table.
  • If the index pages are not sorted, sort them.
  • If the table’s statistics are not up to date (and the repair could not be accomplished by sorting the index), update them.

http://dev.mysql.com/doc/refman/5.1/en/optimize-table.html

Flush the Buffer Early

When users request a page, it can take anywhere from 200 to 500ms for the backend server to stitch together the HTML page. During this time, the browser is idle as it waits for the data to arrive. In PHP you have the function flush(). It allows you to send your partially ready HTML response to the browser so that the browser can start fetching components while your backend is busy with the rest of the HTML page. The benefit is mainly seen on busy backends or light frontends.

http://developer.yahoo.com/performance/rules.html#flush

Add flush() between the closing tag and the opening tag in header.php.

</head>
<?php flush(); // http://developer.yahoo.com/performance/rules.html#flush ?>
<body>

OK, so this isn’t technically a WordPress-specific tweak, but it’s a good idea.