- Views: 548
- Replies: 26
XenVn SEO Check is a tool integrated in XenVn addon, with the purpose of helping you easily check the settings to help optimize performance, security and improve SEO score for Xenforo.
Access it at URL:
admin.php?xv/seo*** Checklist of items and optimization instructions ***
The syntax of the commands on the server may vary depending on the type of server, try searching Google for your server.
If you are using CPanel, go to the PHP Management section, there may be options for you. Some commands can also be set in the .htaccess file.
[HTTPS]: Your domain name must be HTTPS
Go to url:
admin.php?options/groups/basicBoard/#boardUrl, check domain name settings in Board URL section. And your server must have SSL certificate setup.[TLS] SSL connection using TLSv1.2 or TLSv1.3. TLS 1.3 is faster and more secure than TLS 1.2.
1. If you are using apache2:
- Go to the VirtualHost management file. For example:
apache\conf\extra\httpd-vhosts.conf- Find the line <VirtualHost *:443> which contains the configuration for your domain.
- Add the following lines below the
SSLEngine on line:
APACHECONF:
You must log in to view
(3 lines)apachectl configtest- Restart the apache server with the SSH command:
sudo apachectl restart2. If you are using Cloudflare:
Go to
SSL/TLS -> Edge Certificates:+ Always Use HTTPS: On
+ Minimum TLS Version: TLS 1.2
+ TLS 1.3: On
+ Automatic HTTPS Rewrites: On
[SSL] SSL certificate verify ok. SSL certificates are what enable websites to use HTTPS. An SSL certificate is a data file hosted in a website's origin server.
- If you are using hosting, your provider may have provided you with a free and automatic SSL certificate.
- If you are using a VPS, you will need to set up an SSL certificate yourself. You can use free SSL services or purchase them.
- If you are using Cloudflare, they will provide you with a free SSL certificate. Set it up at:
SSL/TLS -> Edge Certificates[Protocols] using HTTP/2. HTTP/2 will make our applications faster, simpler, and more robust.
1. If you are using apache2:
- Go to the HTTPD management file. For example:
apache\conf\httpd.conf- Add the following lines at the end, ending with a blank line:
APACHECONF:
You must log in to view
(2 lines)apachectl configtest- Restart the apache server with the SSH command:
sudo apachectl restart2. If you are using Cloudflare:
HTTP/2 is enabled by default when you set up SSL certificates.
[HTTP-Status-Code]: The server should return a status code in the 200s for all valid URLs.
If the return code is not 200, check your server settings.
[Cookie-Secure]: The Secure flag specifies that the cookie may only be transmitted using HTTPS connections (SSL/TLS encryption).
Standard template structure for Xenforo:
set-cookie: __Secure-XV_csrf=********; HttpOnly; SameSite=Lax; Secure; Path=/Configuration on Xenforo:
- Open Xenforo configuration file at:
src\config.php- Add the following lines at the end:
PHP:
You must log in to view
(3 lines)1. Configuration in .htaccess file:
Open the
.htaccess file in the root directory where you installed XenforoAdd the following line at the end:
Header edit Set-Cookie ^(.*)$ $1;HttpOnly2. If you are using apache2:
- Go to the HTTPD management file. For example:
apache\conf\httpd.conf- Add the following lines at the end, ending with a blank line:
APACHECONF:
You must log in to view
(3 lines)
APACHECONF:
You must log in to view
(3 lines)3. If you are using Cloudflare:
No setup on Cloudflare.
[Compress]: Content encoding is mainly used to compress content without losing information about the original media type.
Common encoding types: gzip, compress, deflate, br, zstd, dcb, dcz
1. Configuration in .htaccess file:
Open the
.htaccess file in the root directory where you installed XenforoAdd the following line at the end:
APACHECONF:
You must log in to view
(1 lines)2. If you are using apache2:
- Go to the HTTPD management file. For example:
apache\conf\httpd.conf- Add the following lines at the end, ending with a blank line:
APACHECONF:
You must log in to view
(1 lines)apachectl configtest- Restart the apache server with the SSH command:
sudo apachectl restart3. If you are using Cloudflare:
Enabled by default.
[HSTS] Strict-Transport-Security: Tells the browser that the site should only be accessed using HTTPS.
Standard template structure:
strict-transport-security: max-age=15552000; includeSubDomains1. Configuration in .htaccess file:
Open the
.htaccess file in the root directory where you installed XenforoAdd the following line at the end:
Header set Strict-Transport-Security "max-age=15552000"2. If you are using apache2:
- Go to the HTTPD management file. For example:
apache\conf\httpd.conf- Add the following lines at the end, ending with a blank line:
APACHECONF:
You must log in to view
(1 lines)
APACHECONF:
You must log in to view
(1 lines)apachectl configtest- Restart the apache server with the SSH command:
sudo apachectl restart3. If you are using Cloudflare:
Go to
SSL/TLS -> Edge Certificates -> HTTP Strict Transport Security (HSTS)+ Enable HSTS (Strict-Transport-Security): On
+ Max Age Header (max-age): 6 months
+ Apply HSTS policy to subdomains (includeSubDomains): On
+ No-Sniff Header: On
[MIME Sniffing] X-Content-Type-Options: It indicates that the MIME types advertised in the Content-Type header must be respected and not changed.
Standard template structure:
x-content-type-options: nosniff1. Configuration in .htaccess file:
Open the
.htaccess file in the root directory where you installed XenforoAdd the following line at the end:
Header set X-Content-Type-Options nosniff2. If you are using apache2:
- Go to the HTTPD management file. For example:
apache\conf\httpd.conf- Add the following lines at the end, ending with a blank line:
APACHECONF:
You must log in to view
(2 lines)
APACHECONF:
You must log in to view
(2 lines)apachectl configtest- Restart the apache server with the SSH command:
sudo apachectl restart3. If you are using Cloudflare:
Go to
SSL/TLS -> Edge Certificates -> HTTP Strict Transport Security (HSTS)+ No-Sniff Header: On
[CSP] Content Security Policy: It is a feature that helps prevent or reduce the risk of certain types of security threats.
Standard template structure:
content-security-policy: default-src 'self' https: blob: data: wss: 'unsafe-inline' 'unsafe-eval'1. Configuration in .htaccess file:
Open the
.htaccess file in the root directory where you installed XenforoAdd the following line at the end:
Header set Content-Security-Policy "default-src 'self' https: blob: data: wss: 'unsafe-inline' 'unsafe-eval'"2. If you are using apache2:
- Go to the HTTPD file. For example:
apache\conf\httpd.conf- Add the following lines at the end, ending with a blank line:
APACHECONF:
You must log in to view
(1 lines)
APACHECONF:
You must log in to view
(1 lines)apachectl configtest- Restart the apache server with the SSH command:
sudo apachectl restart3. If you are using Cloudflare:
- Go to: Rules -> Overview -> Create rule -> Response Header Transform Rules
- Rule name: Content-Security-Policy
- If incoming requests match: All incoming requests
- Select item: Set static
- Header name:
Content-Security-Policy- Value:
default-src 'self' https: blob: data: wss: 'unsafe-inline' 'unsafe-eval'[PHP-Version]: The minimum recommended PHP version is 8.0.0. Outdated versions have potential security vulnerabilities.
You must manually set up the PHP version on your server.
[PHP-OPcache] OPcache improves PHP performance by storing precompiled script bytecode in shared memory.
1. If you are using apache2:
- Go to the PHP Ini file. For example:
php\php.ini- Find line
;zend_extension=opcache, remove the ; at the beginning- Find line
;opcache.enable= replace with (remove the ; at the beginning): opcache.enable=1- Add below the following line:
opcache.jit=0- Restart the apache server with the SSH command:
sudo apachectl restart- Restart the PHP with the SSH command:
systemctl restart php8.4-fpm(The command may vary depending on the server, replace 8.4 with the PHP version you are using)
2. If you are using Cloudflare:
No setup on Cloudflare. It needs to be set up on the server.
[XF-Cache] Setting up caching can be beneficial to save processing time and database queries.
Recommended providers: Memcached, Redis. You must set up the cache provider on your server yourself first.
1. If you are using apache2:
Install Redis:
- To install Redis use the following command:
sudo apt install php-redis redis-server- Open file
etc/redis/redis.conf- Find line
supervised replace with supervised systemd- Find line
# requirepass replace with (remove the # at the beginning): requirepass your-cache-password- Restart the redis server with the SSH command:
sudo systemctl restart redis2. If you are using Cloudflare:
No setup on Cloudflare. It needs to be set up on the server.
3. Redis Configuration for Xenforo:
- Open Xenforo configuration file at: src\config.php
- Add the following lines at the end:
PHP:
You must log in to view
(8 lines)[XF-Guest-Cache] Cache content for visitors, not members.
The content the visitor views will be cached, and not updated in real time (only updated when cache expires, default 5 minutes). You must complete [XF-Cache] setup before setting up [XF-Guest-Cache]
Redis Configuration for Xenforo:
- Open Xenforo configuration file at: src\config.php
- Add the following lines at the end:
PHP:
You must log in to view
(8 lines)[XF-PWA] Progressive Web Apps
A progressive web app (PWA) is an app that's built using web platform technologies, but that provides a user experience like that of a platform-specific app.
Set the required parameters correctly at the URL:
admin.php?pwa/[JS-Cache], [CSS-Cache], [IMG-Cache], [SVG/WOFF-Cache], [Attachment-IMG-Cache]: Set Cache-Control for static files (js, css, image, font)
Standard template structure:
cache-control: public, max-age=31536000For [Attachment-IMG-Cache], you need to enable the following option: XenVn Setting -> Attachments -> View All Image Attachments: Enable
1. Configuration in .htaccess file:
Open the
.htaccess file in the root directory where you installed XenforoAdd the following line at the end:
APACHECONF:
You must log in to view
(6 lines)2. If you are using apache2:
- Go to the HTTPD file. For example:
apache\conf\httpd.conf- Add the following lines at the end, ending with a blank line:
APACHECONF:
You must log in to view
(6 lines)
APACHECONF:
You must log in to view
(6 lines)apachectl configtest- Restart the apache server with the SSH command:
sudo apachectl restart3. If you are using Cloudflare:
Static files like images, javascript are cached automatically. You need to set up cache for image attachments and CSS urls.
- Go to:
Caching -> Cache Rules -> Create rule- Create 2 new rules with the following parameters:
Rule 1 (for XF CSS file):
+ Rule name: CSS Cache
+ If incoming requests match: Custom filter expression
+ Field: URI Query String
+ Operator: wildcard
+ Value:
css=*+ Cache eligibility: Eligible for cache
Rule 2 (for XF Image Attchments)
+ Rule name: Webp / Gif Cache
+ If incoming requests match: Custom filter expression
+ Field: URI Path
+ Operator: contains
+ Value:
-webp.+ Press Or button, Add the following parameters:
+ Field: URI Path
+ Operator: contains
+ Value:
-gif.(if XF 2.2 add Jpg / Png):
+ Press Or button, Add the following parameters:
+ Field: URI Path
+ Operator: contains
+ Value:
-jpg.+ Press Or button, Add the following parameters:
+ Field: URI Path
+ Operator: contains
+ Value:
-png.+ Cache eligibility: Eligible for cache
[Options] Enable board URL canonicalization:
[Options] Use full friendly URLs
[Options] Romanize titles in URLs
[Options] Include content title in URLs
[Options] Image optimization
[Options] Image and link proxy
[Options] Optimal MetaData
[Options] View All Image Attachments
[Options] Minify HTML Code
Please click on the [?] at the end and enable all recommended options, it will be helpful in Xenforo SEO.
[OG:Title], [OG:Type], [OG:Image], [OG:Url], [Favicon], [Document-Title], [Meta-Description]
You need to set the parameters at the following URLs:
admin.php?options/groups/basicBoard/
Board title, Board short title, Board meta description, Board URL,
Appearance -> Styles -> Style properties -> Basic options
Logo URL, Public logo width, Public logo height, 2x logo URL, Icon URL (192x192), Icon URL (512x512), Icons are maskable, Metadata logo URL, Favicon URL (32x32)
[No-HTTP-Link]
Make sure your website does not contain any http links. All links must be https.
[Links-Name]: All links must have body text, or an aria-label attribute.
For example:
HTML:
You must log in to view
(2 lines)[Links-Crawlable]: All links must have at least one of the following attributes: href, data-***, aria-controls
For example:
HTML:
You must log in to view
(3 lines)[Image-Alt] Make sure all images have one of the following attributes: alt, aria-label, aria-labelledby
For example:
HTML:
You must log in to view
(3 lines)[robots.txt] You must create a robots.txt file in the root directory of your domain.
For example:
domain.com/robots.txt
Content:
Code:
You must log in to view
(12 lines)(The article will continue to be updated...)
Last edited:
