Difference between revisions of "WordPress Setup"

From Montebello Park Hosting Support
Jump to navigation Jump to search
(Wordpress setup & security recommendations)
 
Line 1: Line 1:
== Recommended WPToolkit Settings ==
== WordPress Best Practices ==
* Update all plugins, themes, and Wordpress Core files
* Keep Wordpress Core and all plugins and themes updated
* Remove all unused plugins and themes
* Remove all unused plugins and themes
* Practice good [https://www.crashplan.com/en-us/business/resources/password-hygiene-best-practices/ password hygiene]
** Use strong passwords
** Do not reuse passwords
** Enable two-factor authentication where possible
** Use a trusted password manager such as 1Password
== Recommended WordPress Toolkit Settings ==
Recommended update settings for WordPress core, plugins, and themes:
<gallery>
WP-Toolkit-Update-Settings.png|thumb|alt=WP Toolkit Update Settings|Update Settings
</gallery>
* Enact WPToolkit recommendations (at a minimum):
* Enact WPToolkit recommendations (at a minimum):
** Restrict access to files and directories
** Restrict access to files and directories

Revision as of 06:55, 27 March 2022

WordPress Best Practices

  • Keep Wordpress Core and all plugins and themes updated
  • Remove all unused plugins and themes
  • Practice good password hygiene
    • Use strong passwords
    • Do not reuse passwords
    • Enable two-factor authentication where possible
    • Use a trusted password manager such as 1Password

Recommended WordPress Toolkit Settings

Recommended update settings for WordPress core, plugins, and themes:

  • Enact WPToolkit recommendations (at a minimum):
    • Restrict access to files and directories
    • Block directory browsing(can be reverted)
    • Block unauthorized access to wp-config.php(can be reverted)
    • Disable PHP execution in cache directories(can be reverted)
    • Block access to sensitive files(can be reverted)

Addon Domains

When setting up Addon domains (especially for Worpress installations) we recommend the Addon domains be placed outside your primary public_html folder. This helps prevent cross contamination of Wordpress installations if one of them gets infected with malware.