Difference between revisions of "WordPress Setup"
Jump to navigation
Jump to search
| Line 24: | Line 24: | ||
Enact these security settings in addition to the above: | Enact these security settings in addition to the above: | ||
<gallery> Preferred-Security-Settings.png|thumb|alt= Preferred WordPress Toolkit Security Settings| Preferred Security Settings</gallery> | <gallery> Preferred-Security-Settings.png|thumb|alt=Preferred WordPress Toolkit Security Settings|Preferred Security Settings</gallery> | ||
* Configure security keys | * Configure security keys | ||
* Change | * Disable scripts concatenation for WordPress admin panel | ||
* Turn off pingbacks | |||
* Change default database table prefix | |||
* Enable bot protection | |||
* Block access to potentially seneitive files | |||
Change default administrator's username | |||
== Addon Domains == | == Addon Domains == | ||
When setting up Addon domains (especially for Worpress installations) we recommend the Addon domains be placed outside your primary <code>'''public_html'''</code> folder. This helps prevent cross contamination of Wordpress installations if one of them gets infected with malware. | When setting up Addon domains (especially for Worpress installations) we recommend the Addon domains be placed outside your primary <code>'''public_html'''</code> folder. This helps prevent cross contamination of Wordpress installations if one of them gets infected with malware. | ||
Revision as of 07:20, 27 March 2022
WordPress Best Practices
- Keep Wordpress Core and all plugins and themes updated
- Remove all unused plugins and themes
- Practice good password hygiene
- Use strong passwords
- Do not reuse passwords
- Enable two-factor authentication where possible
- Use a trusted password manager such as 1Password
Recommended WordPress Toolkit Settings
Recommended update settings for WordPress core, plugins, and themes:
Update Settings
Enact the following WP Toolkit Security recommendations (at a minimum):
Recommended Security Settings
- Restrict access to files and directories
- Block directory browsing
- Block unauthorized access to wp-config.php
- Disable PHP execution in cache directories
- Block access to sensitive files
- Forbid execution of PHP scripts in the wp-includes directory
- Forbid execution of PHP scripts in the wp-content/uploads directory
- Block access to .htaccess and .htpasswd
Enact these security settings in addition to the above:
Preferred Security Settings
- Configure security keys
- Disable scripts concatenation for WordPress admin panel
- Turn off pingbacks
- Change default database table prefix
- Enable bot protection
- Block access to potentially seneitive files
Change default administrator's username
Addon Domains
When setting up Addon domains (especially for Worpress installations) we recommend the Addon domains be placed outside your primary public_html folder. This helps prevent cross contamination of Wordpress installations if one of them gets infected with malware.