what's special about larslo's wordpress systems

Its just wordpress. Nothing more, nothing less. It can do everything a CMS needs to be able of.

larslo’s WordPress systems rely on standard functionality. Together with only a few, widely tested plugins, they have a small footprint.

By setting the whole site and plugins to “auto update” we have to care less about security issues.

They can come with a custom made theme all configured to support your content, keep it GDPR safe, lean and fresh.

I can offer you an easy-to-use, secure, reliable, maintainable and fast Content-Management-System together with a modern theme.

larslo’s wordpress systems are fast (>80% of lighthouse) and have no vendor-lock-in

WordPress Standards

By using a master-must-use-plugin which defines all the necessary building-blocks of a typical WordPress-backend, I reduce dependencies of a third-party code. This master-must-use-plugin takes care about:

  • Content-Types
  • Meta-Boxes
  • Shortcodes
  • Admin-Settings (Columns in listings, settings-pages etc)
  • Endpoints for Rest-Api-Calls
  • Gutenberg-Blocks
  • Taxonomy Definitions

The use of namespaces makes this easy to configure and extend, e.g. by composer packages, or to sidestep the annoying unique function names. The whole thing only has one dependency, which is CMB2. The rest is all based on standard WordPress features. It also contains a webpack based block-builder and JavaScript for the admin-area.

Again: all functionality is only for the backend. The theme handles the frontend.
The plugin is based on wordpress-base-plugin but many things are stripped out, e.g. Carbon Fields is removed and CMB2 is added.

Folder structure of master plugin inside Sublime-Text

By reducing the number of plugins and doing all building-blocks of the CMS in a single plugin, we keep a small footprint (memory wise) and a fast bootstrap-process of WordPress.

Screenshot of wp-cli profile to demonstrate the speedy bootstrap process

Screenshot of wp-cli profile to demonstrate the speedy bootstrap process

WordPress Security

Since WordPress is running around 1/3 of all websites it is attractive to hackers and SEO-Spammers. As ZDnet states:

Sucuri experts blamed most of the hacks on vulnerabilities in plugins and themes, misconfiguration issues, and a lack of maintenance by webmasters, who often forgot to update their CMS, themes, and plugins.

My solution to this is: Switch the whole system (WordPress Core and Plugins) to auto-update in order to have everything up-to-date. 
Auto-updating works best, when your frontend does not rely on plugins. Because then you might only get some misbehavior while editing the site, but not something your visitors see.

My WordPress-systems are setup like so that:

  • the core is updating itself (minor and security updates)
  • the few and reliable plugins in use also get updated automatically
  • theming is done by hand, without the use of any frontend-plugins (e.g. for contact forms, galleries, comments). When your frontend relies on common plugins, these are usually exposing URLs which can be used in exploitation attacks.
  • a security-plugin (succuri, wordfence) monitors file-integrity, login-attemps and post updates.
  • configure the server with SSL, the right file and directory permissions, .htaccess, php.ini etc

larslo’s themes

a web-design-framework with all the templates, blocks and configurations

An important part in web-design is to structure content and put it into well consumable chunks of information.
A CMS can support or hinder this process. Lets take a Theme with a Page-Builders, which gives you a lot of possibilities to structure and arrange your content. When you are not an experienced user of these tools, you will get lost in the mass of possibilities to display your content.

A solid design-frame, supported by the CMS, will give you only a graspable set of options which help you structuring your content and support consistency between pages and content-blocks. The trick here is to find right mixture of restrictions and flexibility.
Nowadays we do not have rigid page-templates anymore, but compose our pages out of different content-blocks. This is where custom post types, meta-fields and Gutenberg-blocks come in.

Responsive Web Design Performance CMS Responsive art-directed Images ProgressiveEnhancement Conditional Loading ContentStrategy Polyfills Ergonomics


Speedy loading and displaying websites is one of the most positive user experience. Not only users honor speedy sites, but also search engines take it as a ranking criteria.
My WordPress Systems get green lights from google page speed insights / lighthouse and reach at least a score of 80%, even if pages are packed with media.
This is done by some frontend optimization and browser loading techniques like minification of JS and CSS files, browser-caching, defer loading, gzip-compression of transferred files or even conditional loading, proper database queries and a clean and lean backend (see plugins)

Integrating animations, visualizations, maps or similar

Managing data which does not primarily consist of text and images (the classical domain of a Content Management System), like animations, geographic information or any other type of data you want to show on your website can be integrated into a website powered by wordpress.
See some examples by using the following links:

A frontend based on Zurb foundation

I build most wordpress themes based on the zurb foundation frontend-framework. Using such a framework adds some overhead to the size of JavaScript and CSS files. But it also adds comfortable functionality in form of reusable SCSS variables and JS Modules.
When you include Zurb as a whole, than you are also adding probably unused features. By including it into a modular ES6+ and SCSS/SASS based build-pipeline you can pick only the parts you want (and therefore reduce file-size and the code the browser needs to look through).
In this repo you can see how my build-pipeline for customizing zurb foundation is configured.


Many themes out there still load fonts from google, JavaScript files from CDN-Servers and so on. In our data-driven economy you can be sure that these requests get tracked.
Strictly – without consent from your user before sending request to third party services – this is a violation of the data-privacy of your visitors.
To prevent this I follow the policy: As long as possible, load all resources from your own web-host. If its necessary to load something from a third-party host (e.g. a youtube video) get consent of the visitor BEFORE doing so.
A cookie warning is not enough.

Responsive art-directed images

One thing that is very hard to do for any page-builder or ready-made theme are responsive, art-directed images.
Images usually take the most of data to be transferred when visiting a website. So its worth to optimize them in terms of visual quality and size. Serving the right image to your visitors screen is not a simple task:
Even if the ready-made-themes out there already serve different images sizes depending on screen-resolution, most of them fail when its about art-directed images, where the orientation of the screen comes into play. Here we do not only have to serve different sizes of the same image, but also different aspect-ratios, all depended on the place where the images are supposed to be used.
General purpose themes fail here and also visual page-builder tools or the Gutenberg-editor do not come with convenient solutions.