Difference between revisions of "WordPress Setup"

From Montebello Park Hosting Support
Jump to navigation Jump to search
Line 10: Line 10:
== Recommended WordPress Toolkit Settings ==
== Recommended WordPress Toolkit Settings ==
Recommended update settings for WordPress core, plugins, and themes:
Recommended update settings for WordPress core, plugins, and themes:
<gallery>
<gallery>WP-Toolkit-Update-Settings.png|thumb|alt=WP Toolkit Update Settings|Update Settings</gallery>
WP-Toolkit-Update-Settings.png|thumb|alt=WP Toolkit Update Settings|Update Settings
</gallery>


* Enact WPToolkit recommendations (at a minimum):
Enact the following WP Toolkit Security recommendations (at a minimum):
** Restrict access to files and directories
<gallery>Recommended-Minimum-Security-Settings.png|thumb|alt=Recommended Security Settings|Recommended Security Settings</gallery>
** Block directory browsing(can be reverted)
* Restrict access to files and directories
** Block unauthorized access to wp-config.php(can be reverted)
* Block directory browsing
** Disable PHP execution in cache directories(can be reverted)
* Block unauthorized access to wp-config.php
** Block access to sensitive files(can be reverted)
* Disable PHP execution in cache directories
* Block access to sensitive files
* Forbid execution of PHP scripts in the wp-includes directory
* Forbid execution of PHP scripts in the wp-content/uploads directory
* Block access to .htaccess and .htpasswd
 
Enact these security settings in addition to the above:
<gallery> Preferred-Security-Settings.png|thumb|alt= Preferred WordPress Toolkit Security Settings| Preferred Security Settings</gallery>
* Configure security keys
* Change


== Addon Domains ==
== Addon Domains ==
When setting up Addon domains (especially for Worpress installations) we recommend the Addon domains be placed outside your primary <code>'''public_html'''</code> folder. This helps prevent cross contamination of Wordpress installations if one of them gets infected with malware.
When setting up Addon domains (especially for Worpress installations) we recommend the Addon domains be placed outside your primary <code>'''public_html'''</code> folder. This helps prevent cross contamination of Wordpress installations if one of them gets infected with malware.

Revision as of 07:14, 27 March 2022

WordPress Best Practices

  • Keep Wordpress Core and all plugins and themes updated
  • Remove all unused plugins and themes
  • Practice good password hygiene
    • Use strong passwords
    • Do not reuse passwords
    • Enable two-factor authentication where possible
    • Use a trusted password manager such as 1Password

Recommended WordPress Toolkit Settings

Recommended update settings for WordPress core, plugins, and themes:

  • WP Toolkit Update Settings

    Update Settings

Enact the following WP Toolkit Security recommendations (at a minimum):

  • Recommended Security Settings

    Recommended Security Settings

  • Restrict access to files and directories
  • Block directory browsing
  • Block unauthorized access to wp-config.php
  • Disable PHP execution in cache directories
  • Block access to sensitive files
  • Forbid execution of PHP scripts in the wp-includes directory
  • Forbid execution of PHP scripts in the wp-content/uploads directory
  • Block access to .htaccess and .htpasswd

Enact these security settings in addition to the above:

  • Preferred WordPress Toolkit Security Settings
    Preferred Security Settings
  • Configure security keys
  • Change

Addon Domains

When setting up Addon domains (especially for Worpress installations) we recommend the Addon domains be placed outside your primary public_html folder. This helps prevent cross contamination of Wordpress installations if one of them gets infected with malware.

Retrieved from "https://montebellopark.com/support/index.php?title=WordPress_Setup&oldid=33"