CM Admin Tools (CMADM) - Use Case - Security and Optimization
Use Case – Security and optimization
Note: This guide covers features from:
- CM Admin Tools Pro - This document uses version 1.2.7.
The CM Admin Tools plugin is a selection of handy administration tools to empower your WordPress admin dashboard, improve site performance, customize the admin panel look and feel, monitor error logs, track cron jobs, and more.
Use Case Front-End
Google PageSpeed results:
Use Case Assumptions
In this example use case guide we will consider how to increase the security and optimize your WordPress site.
We consider that you have already bought the plugin, but not installed it yet.
- Installing the plugin
- How the plugin works
- Admin tools
- End result
Installing the Plugin
The process is the same for all CM plugins and add-ons.
- Download the plugin from your customer dashboard
- Log in to WordPress and navigate to the WordPress Admin → Plugins settings
- Click on Add New
- Activate it and add the license
Learn more: Getting Started - Plugin Overview
How the Plugin Works
The CM Admin Tools plugin is an "All you Need" set of tools to help you better manage and customize your WordPress admin dashboard. This is a toolset plugin which combines all needed features and controls for administrators.
In this use case guide we will focus on the options for security and performance optimization, but before it, let's take a short look at additional useful features:
Under the Admin Bar Menus page you can create your own custom menus for the admin bar.
Under the Cron Jobs page you can monitor the list of the scheduled WP cron jobs. You can pause, restore or delete them.
Under the Error log page you can see the content of the debug.log file (if WP_DEBUG is enabled in wp-config.php file or debugging has been enabled in the plugin settings).
Also, under the Rewrite Rules page the admin can view all WordPress rewrite rules, match rules with URL or rebuild rewrite rules with the Flush rules button.
Now let's head to the tools for security and performance optimization.
Navigate to Admin Dashboard → CM Admin Tools Pro → CM Admin Tools Pro.
There are 6 tabs with options.
First tab is Dashboard.
This tab is mostly focused on monitoring the system status and monitoring the errors. There are a few sections.
- Under the General Information section you can find the information and data about your system status.
- Under the Errors section you can see the information about errors and debug status (from "wp-config.php" file) or from what plugin managed to collect, depending on the debug mode.
- Under the Posts, revisions and comments section you can find the amount of posts, comments etc. In this section user can also delete unwanted posts (drafts, pendings or revisions), empty trash, delete spam etc.
- Under the PHP Information section is displayed information about PHP version and configuration.
Second tab is Performance.
This tab has two sections with options that can improve the speed of your site.
- Disable remote connection - If enabled, the WP_HTTP_BLOCK_EXTERNAL constant will be set to true. It will stop all outgoing network requests from your site. This is typically set on sites that are sitting behind a closed environment. Disabling outgoing connections will increase the performance of your website but can cause issues with some plugins that need to connect with the remote servers.
- Limit outgoing connection timeout - Set the maximum time limit for the outgoing network connections. This is a limit value, so if the default connection's timeout is lower than this value, then it won't be changed.
- Heartbeat autostart - Disable the heartbeat autostart to increase the website performance (to read more about heartbeat please visit this article - you don't need to install another plugin since the admin tools covers all needed functionality related to the heartbeat).
- Lazy load images - If enabled, the images in the page content on the front-end won't be loaded instantly, but just before user scrolls down the browser window (read more about Lazy load in here - you don't need another plugin as described in this article but the basic functionality of lazy load which is explain is covered by the admin tools).
Third tab is Customization.
We won't stop for long on this tab, as options here are focused on the dashboard appearance, admin bar, admin notifications and login screen. You can learn more about it in this guide.
Fourth tab is Functionality.
This tab has a few sections that let you optimize work with posts on the back-end and configure search engine and comments module on the front-end.
- Show updates notifications for - You can disable updates notifications which are being displayed in Dashboard. This will prevent plugin from showing updates notification as well as WordPress new version updates.
- Show post thumbnail in the posts table - If enabled, a post thumbnail (featured image) will be displayed in the table with all posts, in a row next to each post title. It works for all posts, pages and custom posts.
- Show "Delete permanently" option in the posts table row - If enabled, the extra option Delete permanently will be displayed when hovering on a post in the table with all posts. It works for all posts, pages and custom posts.
- Show "Publish" option in the posts table row - If enabled, the extra option Publish will be displayed when hovering on a unpublished post (eg, Draft, Pending) in the table with all posts. It works for all posts, pages and custom posts.
- Auto-save interval [sec] - Enter the posts auto-save interval for the post editor. Set 0 to use default. If you are working heavily with your editor, you might want to run the auto-save more frequently. It might affect the WP site performance only if you have many editors working at the same time.
- Post revisions number - Choose how you want to keep posts revisions. Reducing the number of revisions will improve you database performance, but will limit your ability to restore old versions of your posts.
- Max revisions number - Enter the maximum revisions number. It works only when the revisions limit option above has been enabled.
- Empty trash after [days] - Enter the maximum time in days that posts will be kept in trash. You can set 0 to disable the trash and delete posts instantly.
- Limit search results to the specified posts - Show only specified posts in the search results on the front-end. It works also with the custom posts types.
- Disable comments - If enabled, removes all comments features from the entire website.
Next tab is Access.
This tab contains the options for configuring security and accessibility of your site.
- Enable maintenance (coming soon mode) - If enabled, all your website's pages won't be available for specified users and instead a page you define in this setting will be displayed. This option can be useful, if your site is under construction and you want to be displayed a page with some announcement.
- Page to display - Choose which page will be displayed when the maintenance mode is enabled.
- Allowed roles - You can specify which roles will be able to see the website, even if the maintenance mode is enabled (eg. administrator).
- Use minimal template - If enabled, only the "coming soon" page title and content will be displayed. If disabled, then normal WP template will be loaded.
- Enable XML-RPC - If enabled, the Wordpress features will be available by the XML-RPC (remote procedure call protocol based on XML). For example, this allows managing your website by the Wordpress mobile App. However, it creates some security risks. Disable this option if you want to provide the highest security level.
- Roles who can access the dashboard - Enable or disable dashboard access for a specific roles. User won't be able to open the dashboard pages and the admin bar will be hidden on the frontend. The Admin will always be allowed to access the Dashboard.
- Allow capabilities who can access the dashboard - Allow access to the dashboard for users who have specific capabilities (separated by comma). Example: edit_posts,publish_posts,other_custom_cap.
- Disallowed Capabilities who cannot access the dashboard - Disallow access to the dashboard for users who have specific capabilities (separated by comma). Example: edit_posts,publish_posts,other_custom_cap.
- Redirect user trying access the dashboard to URL address - Enter the URL where users will be redirected after attempt to access the dashboard.
- Always allow access to User Profile page - If enabled, the access to the User Profile dashboard page will be always possible, even if the user cannot access the Dashboard.
Last tab is System Health.
This tab has two sections that allow you to debug errors and analyze your site speed.
- Show errors to a specific role - If enabled, the php errors will be send to the standard output and display in the web browser for chosen role. It is disabled by default. To debug some errors without logging-in, use the option Everyone (including guests). Note: this feature may not detect errors which occurred before this plugin has been loaded. To catch all startup errors, you may need to enable the standard Wordpress debugging.
- Enable debug log - If enabled, the php ini directive "error_log" will be set to write errors into the "wp-content/debug.log" file. You can browse the error log in the Error Log plugin page. Note: this feature may not detect errors which occurred before this plugin has been loaded. To catch all startup errors, you may need to enable the standard Wordpress debugging.
- Notify when debug.log will reach specified size [MB] - A dashboard notification will be displayed for the administrator if the "debug.log" file localized in the wp-content directory reaches specified size. Set 0 to disable.
Analyze your website speed
- Google PageSpeed Tools - The PageSpeed tools analyze and optimize your site following web best practices.
- GTmetrix - GTmetrix gives you insight on how well your site loads and provides actionable recommendations on how to optimize it.
- Pingdom - Test your website using Pingdom Website Speed Test.
After configuring all needed options, don't forget to click the button Save to save the changes.
Following instructions found in the plugin and guides you should be able to increase the security and optimize your WordPress site.
Use Case Front-End
Google PageSpeed results: