WordPress Setup

From Montebello Park Hosting Support
Revision as of 07:20, 27 March 2022 by Scott (talk | contribs)
Jump to navigation Jump to search

WordPress Best Practices

  • Keep Wordpress Core and all plugins and themes updated
  • Remove all unused plugins and themes
  • Practice good password hygiene
    • Use strong passwords
    • Do not reuse passwords
    • Enable two-factor authentication where possible
    • Use a trusted password manager such as 1Password

Recommended WordPress Toolkit Settings

Recommended update settings for WordPress core, plugins, and themes:

  • WP Toolkit Update Settings

    Update Settings

Enact the following WP Toolkit Security recommendations (at a minimum):

  • Recommended Security Settings

    Recommended Security Settings

  • Restrict access to files and directories
  • Block directory browsing
  • Block unauthorized access to wp-config.php
  • Disable PHP execution in cache directories
  • Block access to sensitive files
  • Forbid execution of PHP scripts in the wp-includes directory
  • Forbid execution of PHP scripts in the wp-content/uploads directory
  • Block access to .htaccess and .htpasswd

Enact these security settings in addition to the above:

  • Preferred WordPress Toolkit Security Settings

    Preferred Security Settings

  • Configure security keys
  • Disable scripts concatenation for WordPress admin panel
  • Turn off pingbacks
  • Change default database table prefix
  • Enable bot protection
  • Block access to potentially seneitive files

Change default administrator's username

Addon Domains

When setting up Addon domains (especially for Worpress installations) we recommend the Addon domains be placed outside your primary public_html folder. This helps prevent cross contamination of Wordpress installations if one of them gets infected with malware.

Retrieved from "https://montebellopark.com/support/index.php?title=WordPress_Setup&oldid=35"