Philip Hess GETTING STARTED WITH WORDPRESS HOSTING AND SECURITY
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Philip Hess
GETTING STARTED WITH WORDPRESS HOSTING AND SECURITY
The EndBegin With
• Not really necessary• But www.mydomain.com looks better than…• www.mysite.hostingcompany.com or• www.hostingcompany.com/~mysite/
• I use PairNic.com• Local, in the south side• Clean interface (but somewhat dated)• Ad free
DOMAIN NAME
• What kind of site you want will determine what kind of hosting is best.
• eCommerce
• Medical/Professional
• Education
• Hobby
HOSTING
• eCommerce
• Security
• Credit card processing
• Not down during shopping times
HOSTING
• Medical/Professional
• Security
• HIPPA requirements
HOSTING
HOSTING
• Education
• Security
• FERPA requirements
HOSTING
• Hobby
• Security against hacking
• Personal embarrassment
HOSTING
• My short list
• www.wordpress.com
• www.pair.com
• www.asmallorange.com
• Select the best host you can afford
HOSTING
• Who I chose and why
• cPanel – used it before, familiar with it
• One click install of WordPress
• $35.00/year – cheapest hosting I’ve found
• Even a Raspberry Pi would cost more
SECURITY
• If it’s on the internet someone will be trying to hack it
• Change the admin account to something else
• Don’t use admin, administrator, your name, any part of your site name
• Use the admin account to administer your site and nothing else
• Use a separate account to post content
SECURITY
• Learn how to secure WordPress
• Hardening WordPress
• WordFence Security Learning Center
• Google is your BFF – but verify
• Learn how to use the security features of your server – most likely Linux (LAMP)
• Apache (web server) security features
• .htacess files
SECURITY
• .htaccess files
• You can protect the .htaccess file itself by adding the following lines to the file:
<files .htaccess>
order allow,deny
deny from all
</files>
SECURITY
• .htaccess
• Limiting access to /wp-admin/
<LIMIT GET>
order deny,allow
deny from all
allow from ww.xx.yy.zz replace with own IP address
</LIMIT>
SECURITY
• .htaccess
• Disable directory browsing
• Options –Indexes
• Disable PHP execution (/wp-content/uploads/)
• <files *.php>
• deny from all
• </Files>
SECURITY
• Editing the wp-config.php file
• Automatically update WordPress core files
• define( 'WP_AUTO_UPDATE_CORE', true );
• Disallow editing of PHP from within WordPress
• define('DISALLOW_FILE_EDIT', true);
• Supressing PHP run time errors
• error_reporting (0);
• @ini_set ('display_errors', 0);
SECURITY
• Use HTTPS if you have an eCommerce site or collect any sort of data from customers/visitors
• Will need a “certificate” in this case, an extra annual charge
• Good idea to use this for login on to your site
• Generate new WordPress security keys
• https://api.wordpress.org/secret-key/1.1/
• Keep your own computer clean and safe
CONTROL PANELS
• Help you manage your site without using the command line
• Home Grown
• Plesk
• cPanel
INSTALLING WORDPRESS
• From control panel
• Easy
• Default options
• Can install and delete as often as you wish
• Change the table_prefix
INSTALLING WORDPRESS
• Manually
• From the command line
• Change the table_prefix
INSTALLING WORDPRESS
• Themes – Changes the appearance of WordPress site
• There are thousands!
• Get from a reputable site
• WordPress.org
• Don’t limit yourself to just a theme based on a keyword
• Only one theme can be active at a time
• Theme checkers – checks for hidden malware
INSTALLING WORDPRESS
• Plugins – Adds or changes features of your WordPress site
• There are thousands!
• Get from reputable sources or develop own
• Take time to review and try them out before deciding
• Look at the last time it was updated
• Potential security issues
• Deactivate/delete plugins not being used
INSTALLING WORDPRESS
• Security Plugins
• There are hundreds!
• Look for one that is updated frequently
• Free vs. paid
SUMMARY
• What I’m doing…
• Theme – using a theme designed for hosting services
• Plugins – none except for WordFence
• Reviewing and evaluating several others
• Security
• WordFence free – may upgrade to paid
• .htaccess to block IP addresses identified by WordFence
SUMMARY
• Security
• Unique logins for site admin and content
• Password protecting /wp-admin/ directory
• Blocking access from all but a few selected IP adresses
SUMMARY
• Security (cont)
• Limit access to /wp-admin/ directory to just my IP address
• Changes every few days though
• Sanitizing output of WordPress
• Modifying WordPress core files
RESOURCES
• Hosting
• www.wordpress.com
• www.pair.com
• www.asmallorange.com
RESOURCES
• WordPress
• WordPress Codex
• codex.wordpress.org
• WordPress Themes
• wordpress.org/themes/
• WordPress Plugins
• wordpress.org/plugins/
• WordPress Lessons
• codex.wordpress.org/WordPress_Lessons
RESOURCES
• Security
• Hardening WordPress
• codex.wordpress.org/Hardening_WordPress
• WordFence
• www.wordfence.com
• WordFence Security Learning Center
• https://www.wordfence.com/learn/
Related Documents
