CM Admin Tools (CMADM) - Use Case - Security and Optimization


Use Case – Security and optimization

Back to User Guides

Note: This guide covers features from: 


Introduction

The CM Admin Tools plugin is a selection of handy administration tools to empower your WordPress admin dashboard, improve site performance, customize the admin panel look and feel, monitor error logs, track cron jobs, and more.

Use Case Front-End

Performance tests

Google PageSpeed results:

GTmetrix results:

Pingdom results:

Use Case Assumptions

In this example use case guide we will consider how to increase the security and optimize your WordPress site.

We consider that you have already bought the plugin, but not installed it yet. 

It follows:


Installing the Plugin

The process is the same for all CM plugins and add-ons.

  • Download the plugin from your customer dashboard
  • Log in to WordPress and navigate to the WordPress Admin → Plugins settings
  • Click on Add New
  • Activate it and add the license

Learn more: Getting Started - Plugin Overview


How the Plugin Works

The  CM Admin Tools plugin is an "All you Need" set of tools to help you better manage and customize your WordPress admin dashboard. This is a toolset plugin which combines all needed features and controls for administrators.

In this use case guide we will focus on the options for security and performance optimization, but before it, let's take a short look at additional useful features:

Under the Admin Bar Menus page you can create your own custom menus for the admin bar. 

Under the Cron Jobs page you can monitor the list of the scheduled WP cron jobs. You can pause, restore or delete them.

Under the Error log page you can see the content of the debug.log file (if WP_DEBUG is enabled in wp-config.php file or debugging has been enabled in the plugin settings).

Also, under the Rewrite Rules page the admin can view all WordPress rewrite rules, match rules with URL or rebuild rewrite rules with the Flush rules button.

Admin Tools

Now let's head to the tools for security and performance optimization.

Navigate to  Admin Dashboard → CM Admin Tools Pro → CM Admin Tools Pro.

There are 6 tabs with options.

Dashboard

First tab is  Dashboard.

This tab is mostly focused on monitoring the system status and monitoring the errors. There are a few sections.

  • Under the General Information section you can find the information and data about your system status.
  • Under the Errors section you can see the information about errors and debug status (from "wp-config.php" file) or from what plugin managed to collect, depending on the debug mode.
  • Under the Posts, revisions and comments section you can find the amount of posts, comments etc. In this section user can also delete unwanted posts (drafts, pendings or revisions), empty trash, delete spam etc.
  • Under the PHP Information section is displayed information about PHP version and configuration.

Performance

Second tab is  Performance.

This tab has two sections with options that can improve the speed of your site.

Network

  • Disable remote connection - If enabled, the WP_HTTP_BLOCK_EXTERNAL constant will be set to true. It will stop all outgoing network requests from your site. This is typically set on sites that are sitting behind a closed environment. Disabling outgoing connections will increase the performance of your website but can cause issues with some plugins that need to connect with the remote servers.
  • Limit outgoing connection timeout - Set the maximum time limit for the outgoing network connections. This is a limit value, so if the default connection's timeout is lower than this value, then it won't be changed.

Scripts

  • Heartbeat interval between 15 and 60 [sec] - Heartbeat is a client-side JavaScript. It requests your website's server from the user's web browser window by AJAX for every a few seconds when browsing your website. Increase the interval for better performance.
  • Heartbeat autostart - Disable the heartbeat autostart to increase the website performance (to read more about heartbeat please visit this article - you don't need to install another plugin since the admin tools covers all needed functionality related to the heartbeat).
  • Load scripts in footer - If enabled, all JavaScript resources will be loaded instead of jQuery on the frontend in wp_footer instead of the head section. This can increase loading the page content in case some script is blocking the page rendering.
  • Lazy load images - If enabled, the images in the page content on the front-end won't be loaded instantly, but just before user scrolls down the browser window (read more about Lazy load in here - you don't need another plugin as described in this article but the basic functionality of lazy load which is explain is covered by the admin tools). 

Customization

Third tab is  Customization.

We won't stop for long on this tab, as options here are focused on the dashboard appearance, admin bar, admin notifications and login screen. You can learn more about it in this guide.

Functionality

Fourth tab is  Functionality.

This tab has a few sections that let you optimize work with posts on the back-end and configure search engine and comments module on the front-end.

Updates

  • Show updates notifications for - You can disable updates notifications which are being displayed in Dashboard. This will prevent plugin from showing updates notification as well as WordPress new version updates.

Posts Dashboard

  • Show post thumbnail in the posts table - If enabled, a post thumbnail (featured image) will be displayed in the table with all posts, in a row next to each post title. It works for all posts, pages and custom posts.
  • Show "Delete permanently" option in the posts table row - If enabled, the extra option Delete permanently will be displayed when hovering on a post in the table with all posts. It works for all posts, pages and custom posts.
  • Show "Publish" option in the posts table row - If enabled, the extra option Publish will be displayed when hovering on a unpublished post (eg, Draft, Pending) in the table with all posts. It works for all posts, pages and custom posts.
  • Auto-save interval [sec] - Enter the posts auto-save interval for the post editor. Set 0 to use default. If you are working heavily with your editor, you might want to run the auto-save more frequently. It might affect the WP site performance only if you have many editors working at the same time.
  • Post revisions number - Choose how you want to keep posts revisions. Reducing the number of revisions will improve you database performance, but will limit your ability to restore old versions of your posts.
  • Max revisions number - Enter the maximum revisions number. It works only when the revisions limit option above has been enabled.
  • Empty trash after [days] - Enter the maximum time in days that posts will be kept in trash. You can set 0 to disable the trash and delete posts instantly.

Searching

  • Limit search results to the specified posts - Show only specified posts in the search results on the front-end. It works also with the custom posts types.

Comments

  • Disable comments - If enabled, removes all comments features from the entire website.

Access

Next tab is  Access.

This tab contains the options for configuring security and accessibility of your site.

Maintenance Mode

  • Enable maintenance (coming soon mode) - If enabled, all your website's pages won't be available for specified users and instead a page you define in this setting will be displayed. This option can be useful, if your site is under construction and you want to be displayed a page with some announcement.
  • Page to display - Choose which page will be displayed when the maintenance mode is enabled.
  • Allowed roles - You can specify which roles will be able to see the website, even if the maintenance mode is enabled (eg. administrator).
  • Use minimal template - If enabled, only the "coming soon" page title and content will be displayed. If disabled, then normal WP template will be loaded.

Security

  • Enable XML-RPC - If enabled, the Wordpress features will be available by the XML-RPC (remote procedure call protocol based on XML). For example, this allows managing your website by the Wordpress mobile App. However, it creates some security risks. Disable this option if you want to provide the highest security level.

Dashboard Access

  • Roles who can access the dashboard - Enable or disable dashboard access for a specific roles. User won't be able to open the dashboard pages and the admin bar will be hidden on the frontend. The Admin will always be allowed to access the Dashboard.
  • Allow capabilities who can access the dashboard - Allow access to the dashboard for users who have specific capabilities (separated by comma). Example: edit_posts,publish_posts,other_custom_cap.
  • Disallowed Capabilities who cannot access the dashboard - Disallow access to the dashboard for users who have specific capabilities (separated by comma). Example: edit_posts,publish_posts,other_custom_cap.
  • Redirect user trying access the dashboard to URL address - Enter the URL where users will be redirected after attempt to access the dashboard.
  • Always allow access to User Profile page - If enabled, the access to the User Profile dashboard page will be always possible, even if the user cannot access the Dashboard.

System Health

Last tab is  System Health.

This tab has two sections that allow you to debug errors and analyze your site speed.

Debug errors

  • Show errors to a specific role - If enabled, the php errors will be send to the standard output and display in the web browser for chosen role. It is disabled by default. To debug some errors without logging-in, use the option Everyone (including guests)Note: this feature may not detect errors which occurred before this plugin has been loaded. To catch all startup errors, you may need to enable the standard Wordpress debugging.
  • Enable debug log - If enabled, the php ini directive "error_log" will be set to write errors into the "wp-content/debug.log" file. You can browse the error log in the Error Log plugin page. Note: this feature may not detect errors which occurred before this plugin has been loaded. To catch all startup errors, you may need to enable the standard Wordpress debugging.
  • Notify when debug.log will reach specified size [MB] - A dashboard notification will be displayed for the administrator if the "debug.log" file localized in the wp-content directory reaches specified size. Set 0 to disable.

Analyze your website speed

  • Google PageSpeed Tools - The PageSpeed tools analyze and optimize your site following web best practices.
  • GTmetrix - GTmetrix gives you insight on how well your site loads and provides actionable recommendations on how to optimize it.
  • Pingdom - Test your website using Pingdom Website Speed Test.

After configuring all needed options, don't forget to click the button Save to save the changes.

End Result

Following instructions found in the plugin and guides you should be able to increase the security and optimize your WordPress site.

Use Case Front-End

Performance tests

Google PageSpeed results:

GTmetrix results:

Pingdom results:


More information about the CM Admin Tools WordPress Plugin

Other WordPress products can be found at CreativeMinds WordPress Store

Let us know how we can Improve this Product Documentation Page

To open a Support Ticket visit our support center
Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.