Category Archives: Performance & Optimisation

Looking to tweak some speed out of your server, these blog posts can be a great starting point

WordPress, HTTPS, CDN and W3 Total Cache – Take 2

I’ve previously mentioned some of the workarounds of using the excellent W3 Total Cache plugin with a CDN and utilising HTTPS on some pages. The heart of the matter is that some CDN providers do not provide Custom HTTPS support out of the box or do but with a normally large monthly fee attached, some like the excellent MaxCDN will provide free shared SSL support but that is on there own domain, for example for this website, using MaxCDN my HTTPS domain for CDN is stswebsite-somersettechnica.netdna-ssl.com.

The Problem

By default when you configure W3 Total Cache with a CDN it assumes that your CDN hostname is the same for HTTP or HTTPS. However for providers like MaxCDN and people that don’t want to pay or simply merit the costs of Custom HTTPS support, this means, that as before without disabling CDN on HTTPS pages you would get a mixed content error or worse the CDN elements may fail to load at all, something especially true with Google Chrome.

The Solution

We stumbled upon a solution while chatting with the W3 EDGE team about the issue that there currently exists a way to specify the HTTPS CDN hostname separately from the HTTP hostname. It appears that this feature request was completed some time ago but never made its way into documentation, and the solution is remarkably simple and requires no code changes or additions to get working.

w3tc-cdn-settingsYes it is that simple! in case the image is unclear, in the replace site’s hostname with field, simply supply a comma separated list of hostnames in the format

cdn.httpdomain.com, cdn.httpsdomain.com

and W3 Total Cache will do the rest for you. If you take a look of our Contact page source then you will see that things like CSS files are now loaded from the different HTTPS endpoint compared to the other pages on the site.

If you are a MaxCDN or NetDNA customer you can find your HTTPS domain very easily, login to your MaxCDN/NetDNA portal, go and manage your Pull Zone, there should be a tab called SSL, simply make sure the enable shared SSL option is ticked and save your settings, then the SSL URL should be shown on that same tab if it wasn’t already like in this screenshot:

maxcdn-ssl

Now you can enjoy faster more consistent page load times even on HTTPS without causing an extra drain on your server or your wallet.

Nginx and SSL – PHP Redirect Loops

Small post, I’ve been struggling a little with getting ssl to work reliably with https. specifically relating to the following piece of code:

fastcgi_param   HTTPS   on;

Lets wind back, I can get HTTPS working with nginx no problem and the above provided I do the following, maintain 2 vhosts for the same domain, one for http and one for https. The only difference is that the above line is present in the HTTPS vhost’s PHP block.

However thats messy, I either have to maintain 2 vhosts or then deal with extra includes, which just asks for trouble to maintain. Nginx has supported combined HTTP and HTTPS vhosts for some time, so I looked at how I could make this work within a combined vhost. with a little bit of IF magic (yes I know ifisevil) I can add the following to my fastcgi_params file and just forget about it 🙂

set $ssl off;

if ($ssl_protocol != "" ) {
set $ssl on;
}

fastcgi_param   HTTPS                   $ssl;

Now PHP scripts will correctly detect SSL status and work correctly, no nasty redirect loops (particularly with WordPress) and nice clean vhosts and easy management. Hopefully the great team at Nginx can convert this bit of code into an actual variable in the SSL module which would probably be faster at higher traffic levels

Is your WordPress site embedding tracking code without your knowledge?

I just stumbled upon a couple of important articles relating to the WordPress Stats plugin available for free to all wordpress users and gives a sort of cut down Google Analytics functionality. i found the articles because i was googling as to why all of a sudden my sites were loading a file from quantserve.com, I wont rehash the details and instead link you to the 2 respective blog posts and summarise with these points, full info is available at http://www.techairlines.com/2010/12/30/wordpress-stats-quantcast/ or at http://blog.futtta.be/2010/12/15/wordpress-com-stats-trojan-horse-for-quantcast-tracking/

  • The WordPress Stats plugin now includes a call to the quantserve sites for “planned extra features”
  • They have not acknowledged the inclusion of a 3rd party data tracking script in there plugin on the plugin main page
  • they have not offered ANY opt in or opt out procedure and look to be unwilling to do so
  • The js file in question can and seems to lower website performance by a noticeable margin

However there is a solution for users of the of the WordPress Stats plugin: install this plugin made by futta which will disable all tracking possibility with quantserve (do not install if you actually use quantserve) and let the developers of the WordPress Stats plugin know that you are unhappy with the inclusion of 3rd party data tracking without your knowledge and without an opt-out facility.

I’m also going to consider asking futta to submit the plugin to the wordpress plugins database.

This problem highlights the need to be vigilant and careful about what plugins you install on your wordpress site