WordPress Optimization Guide After LLsmp Environment Installation

1. Configuring vsftpd for Enhanced Security

After installing vsftpd, it is recommended to configure it to restrict users to their home directories and set a passive mode port range.

Edit the vsftpd Configuration File

Edit the configuration file using the following command:

vi /etc/vsftpd/vsftpd.conf

Add or modify the following lines at the end of the file:

chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
# Restrict users to their home directories
pasv_enable=yes
pasv_promiscuous=no
pasv_max_port=33610
pasv_min_port=33601
# Define passive mode port range (33601-33610)

Important Notes:

• chroot_list_enable=YES and chroot_list_file restrict users to their home directories. List the usernames to be restricted in the /etc/vsftpd/chroot_list file.
• After configuring the passive ports, you must open ports 20, 21, and 33601-33610 in your server's firewall (e.g., iptables).

Restart the vsftpd Service

After configuration, restart the service for changes to take effect:

/etc/init.d/vsftpd restart

2. Optimizing Nginx Configuration for WordPress

In an LLsmp (LiteSpeed + Linux + MySQL + PHP) environment, Nginx typically acts as a front-end proxy. Below is an optimized configuration example for WordPress integrated with the WP Super Cache plugin.

server {
    set $cache /wp-content/cache/supercache/$host;
    listen ip:80;
    server_name www.yourdomain.com;

    location / {
        root /home/wwwroot/www.yourdomain.com/html;
        index index.html index.htm index.php;
        add_header Content-Type "text/html; charset=UTF-8";
        add_header Content-Encoding "gzip";
        try_files $cache/$uri/index.html.gz @backend;
    }
    # For WordPress with WP Super Cache, serves static gzipped cache files first.

    location ~ /.ht {
        deny all;
    }
    # Block access to hidden config files like .htaccess for security.

    location ~* .(jpg|jpeg|png|gif|css|js|swf|mp3|avi|flv|xml|zip|rar)$ {
        root /home/wwwroot/www.yourdomain.com/html;
        gzip on;
        gzip_types text/plain application/x-javascript text/css application/xml;
        expires 30d;
        break;
    }
    # Enable Gzip compression and set browser cache (30 days) for static files.

    location @backend {
        proxy_pass http://127.0.0.1:80;
        include proxy.conf;
    }
    # Proxy dynamic requests to the backend LiteSpeed server.
}

Configuration Key Points:

• Domain Replacement: Replace www.yourdomain.com and the file path /home/wwwroot/www.yourdomain.com/html with your actual domain and website root directory.
• Listen IP: Replace ip in listen ip:80; with your server's actual IP address, or use listen 80; to listen on all IPs.
• Cache Mechanism: The line try_files $cache/$uri/index.html.gz @backend; is key for WP Super Cache static caching, prioritizing the delivery of pre-generated .gz files for speed.
• Proxy Configuration: Ensure the proxy.conf file exists and contains necessary proxy parameters (e.g., proxy_set_header).

After modifying the Nginx configuration, test the syntax with nginx -t and reload the configuration with nginx -s reload.