Difference between revisions of "WordPress Setup"
Jump to navigation
Jump to search
(Wordpress setup & security recommendations) |
|||
Line 1: | Line 1: | ||
== | == WordPress Best Practices == | ||
* | * Keep Wordpress Core and all plugins and themes updated | ||
* Remove all unused plugins and themes | * Remove all unused plugins and themes | ||
* Practice good [https://www.crashplan.com/en-us/business/resources/password-hygiene-best-practices/ password hygiene] | |||
** Use strong passwords | |||
** Do not reuse passwords | |||
** Enable two-factor authentication where possible | |||
** Use a trusted password manager such as 1Password | |||
== Recommended WordPress Toolkit Settings == | |||
Recommended update settings for WordPress core, plugins, and themes: | |||
<gallery> | |||
WP-Toolkit-Update-Settings.png|thumb|alt=WP Toolkit Update Settings|Update Settings | |||
</gallery> | |||
* Enact WPToolkit recommendations (at a minimum): | * Enact WPToolkit recommendations (at a minimum): | ||
** Restrict access to files and directories | ** Restrict access to files and directories |
Revision as of 06:55, 27 March 2022
WordPress Best Practices
- Keep Wordpress Core and all plugins and themes updated
- Remove all unused plugins and themes
- Practice good password hygiene
- Use strong passwords
- Do not reuse passwords
- Enable two-factor authentication where possible
- Use a trusted password manager such as 1Password
Recommended WordPress Toolkit Settings
Recommended update settings for WordPress core, plugins, and themes:
- Enact WPToolkit recommendations (at a minimum):
- Restrict access to files and directories
- Block directory browsing(can be reverted)
- Block unauthorized access to wp-config.php(can be reverted)
- Disable PHP execution in cache directories(can be reverted)
- Block access to sensitive files(can be reverted)
Addon Domains
When setting up Addon domains (especially for Worpress installations) we recommend the Addon domains be placed outside your primary public_html
folder. This helps prevent cross contamination of Wordpress installations if one of them gets infected with malware.