Getting started with wordpress hosting and security
-
Upload
wp-pittsburgh-meetup-group -
Category
Internet
-
view
236 -
download
4
Transcript of Getting started with wordpress hosting and security
![Page 1: Getting started with wordpress hosting and security](https://reader036.fdocuments.in/reader036/viewer/2022062503/58d026c01a28ab04288b46a5/html5/thumbnails/1.jpg)
Philip Hess
GETTING STARTED WITH WORDPRESS HOSTING AND SECURITY
![Page 2: Getting started with wordpress hosting and security](https://reader036.fdocuments.in/reader036/viewer/2022062503/58d026c01a28ab04288b46a5/html5/thumbnails/2.jpg)
The EndBegin With
![Page 3: Getting started with wordpress hosting and security](https://reader036.fdocuments.in/reader036/viewer/2022062503/58d026c01a28ab04288b46a5/html5/thumbnails/3.jpg)
• Not really necessary• But www.mydomain.com looks better than…• www.mysite.hostingcompany.com or• www.hostingcompany.com/~mysite/
• I use PairNic.com• Local, in the south side• Clean interface (but somewhat dated)• Ad free
DOMAIN NAME
![Page 4: Getting started with wordpress hosting and security](https://reader036.fdocuments.in/reader036/viewer/2022062503/58d026c01a28ab04288b46a5/html5/thumbnails/4.jpg)
• What kind of site you want will determine what kind of hosting is best.
• eCommerce
• Medical/Professional
• Education
• Hobby
HOSTING
![Page 5: Getting started with wordpress hosting and security](https://reader036.fdocuments.in/reader036/viewer/2022062503/58d026c01a28ab04288b46a5/html5/thumbnails/5.jpg)
• eCommerce
• Security
• Credit card processing
• Not down during shopping times
HOSTING
![Page 6: Getting started with wordpress hosting and security](https://reader036.fdocuments.in/reader036/viewer/2022062503/58d026c01a28ab04288b46a5/html5/thumbnails/6.jpg)
• Medical/Professional
• Security
• HIPPA requirements
HOSTING
![Page 7: Getting started with wordpress hosting and security](https://reader036.fdocuments.in/reader036/viewer/2022062503/58d026c01a28ab04288b46a5/html5/thumbnails/7.jpg)
HOSTING
• Education
• Security
• FERPA requirements
![Page 8: Getting started with wordpress hosting and security](https://reader036.fdocuments.in/reader036/viewer/2022062503/58d026c01a28ab04288b46a5/html5/thumbnails/8.jpg)
HOSTING
• Hobby
• Security against hacking
• Personal embarrassment
![Page 9: Getting started with wordpress hosting and security](https://reader036.fdocuments.in/reader036/viewer/2022062503/58d026c01a28ab04288b46a5/html5/thumbnails/9.jpg)
HOSTING
• My short list
• www.wordpress.com
• www.pair.com
• www.asmallorange.com
• Select the best host you can afford
![Page 10: Getting started with wordpress hosting and security](https://reader036.fdocuments.in/reader036/viewer/2022062503/58d026c01a28ab04288b46a5/html5/thumbnails/10.jpg)
HOSTING
• Who I chose and why
• cPanel – used it before, familiar with it
• One click install of WordPress
• $35.00/year – cheapest hosting I’ve found
• Even a Raspberry Pi would cost more
![Page 11: Getting started with wordpress hosting and security](https://reader036.fdocuments.in/reader036/viewer/2022062503/58d026c01a28ab04288b46a5/html5/thumbnails/11.jpg)
SECURITY
• If it’s on the internet someone will be trying to hack it
• Change the admin account to something else
• Don’t use admin, administrator, your name, any part of your site name
• Use the admin account to administer your site and nothing else
• Use a separate account to post content
![Page 12: Getting started with wordpress hosting and security](https://reader036.fdocuments.in/reader036/viewer/2022062503/58d026c01a28ab04288b46a5/html5/thumbnails/12.jpg)
SECURITY
• Learn how to secure WordPress
• Hardening WordPress
• WordFence Security Learning Center
• Google is your BFF – but verify
• Learn how to use the security features of your server – most likely Linux (LAMP)
• Apache (web server) security features
• .htacess files
![Page 13: Getting started with wordpress hosting and security](https://reader036.fdocuments.in/reader036/viewer/2022062503/58d026c01a28ab04288b46a5/html5/thumbnails/13.jpg)
SECURITY
• .htaccess files
• You can protect the .htaccess file itself by adding the following lines to the file:
<files .htaccess>
order allow,deny
deny from all
</files>
![Page 14: Getting started with wordpress hosting and security](https://reader036.fdocuments.in/reader036/viewer/2022062503/58d026c01a28ab04288b46a5/html5/thumbnails/14.jpg)
SECURITY
• .htaccess
• Limiting access to /wp-admin/
<LIMIT GET>
order deny,allow
deny from all
allow from ww.xx.yy.zz replace with own IP address
</LIMIT>
![Page 15: Getting started with wordpress hosting and security](https://reader036.fdocuments.in/reader036/viewer/2022062503/58d026c01a28ab04288b46a5/html5/thumbnails/15.jpg)
SECURITY
• .htaccess
• Disable directory browsing
• Options –Indexes
• Disable PHP execution (/wp-content/uploads/)
• <files *.php>
• deny from all
• </Files>
![Page 16: Getting started with wordpress hosting and security](https://reader036.fdocuments.in/reader036/viewer/2022062503/58d026c01a28ab04288b46a5/html5/thumbnails/16.jpg)
SECURITY
• Editing the wp-config.php file
• Automatically update WordPress core files
• define( 'WP_AUTO_UPDATE_CORE', true );
• Disallow editing of PHP from within WordPress
• define('DISALLOW_FILE_EDIT', true);
• Supressing PHP run time errors
• error_reporting (0);
• @ini_set ('display_errors', 0);
![Page 17: Getting started with wordpress hosting and security](https://reader036.fdocuments.in/reader036/viewer/2022062503/58d026c01a28ab04288b46a5/html5/thumbnails/17.jpg)
SECURITY
• Use HTTPS if you have an eCommerce site or collect any sort of data from customers/visitors
• Will need a “certificate” in this case, an extra annual charge
• Good idea to use this for login on to your site
• Generate new WordPress security keys
• https://api.wordpress.org/secret-key/1.1/
• Keep your own computer clean and safe
![Page 18: Getting started with wordpress hosting and security](https://reader036.fdocuments.in/reader036/viewer/2022062503/58d026c01a28ab04288b46a5/html5/thumbnails/18.jpg)
CONTROL PANELS
• Help you manage your site without using the command line
• Home Grown
• Plesk
• cPanel
![Page 19: Getting started with wordpress hosting and security](https://reader036.fdocuments.in/reader036/viewer/2022062503/58d026c01a28ab04288b46a5/html5/thumbnails/19.jpg)
INSTALLING WORDPRESS
• From control panel
• Easy
• Default options
• Can install and delete as often as you wish
• Change the table_prefix
![Page 20: Getting started with wordpress hosting and security](https://reader036.fdocuments.in/reader036/viewer/2022062503/58d026c01a28ab04288b46a5/html5/thumbnails/20.jpg)
INSTALLING WORDPRESS
• Manually
• From the command line
• Change the table_prefix
![Page 21: Getting started with wordpress hosting and security](https://reader036.fdocuments.in/reader036/viewer/2022062503/58d026c01a28ab04288b46a5/html5/thumbnails/21.jpg)
INSTALLING WORDPRESS
• Themes – Changes the appearance of WordPress site
• There are thousands!
• Get from a reputable site
• WordPress.org
• Don’t limit yourself to just a theme based on a keyword
• Only one theme can be active at a time
• Theme checkers – checks for hidden malware
![Page 22: Getting started with wordpress hosting and security](https://reader036.fdocuments.in/reader036/viewer/2022062503/58d026c01a28ab04288b46a5/html5/thumbnails/22.jpg)
INSTALLING WORDPRESS
• Plugins – Adds or changes features of your WordPress site
• There are thousands!
• Get from reputable sources or develop own
• Take time to review and try them out before deciding
• Look at the last time it was updated
• Potential security issues
• Deactivate/delete plugins not being used
![Page 23: Getting started with wordpress hosting and security](https://reader036.fdocuments.in/reader036/viewer/2022062503/58d026c01a28ab04288b46a5/html5/thumbnails/23.jpg)
INSTALLING WORDPRESS
• Security Plugins
• There are hundreds!
• Look for one that is updated frequently
• Free vs. paid
![Page 24: Getting started with wordpress hosting and security](https://reader036.fdocuments.in/reader036/viewer/2022062503/58d026c01a28ab04288b46a5/html5/thumbnails/24.jpg)
SUMMARY
• What I’m doing…
• Theme – using a theme designed for hosting services
• Plugins – none except for WordFence
• Reviewing and evaluating several others
• Security
• WordFence free – may upgrade to paid
• .htaccess to block IP addresses identified by WordFence
![Page 25: Getting started with wordpress hosting and security](https://reader036.fdocuments.in/reader036/viewer/2022062503/58d026c01a28ab04288b46a5/html5/thumbnails/25.jpg)
SUMMARY
• Security
• Unique logins for site admin and content
• Password protecting /wp-admin/ directory
• Blocking access from all but a few selected IP adresses
![Page 26: Getting started with wordpress hosting and security](https://reader036.fdocuments.in/reader036/viewer/2022062503/58d026c01a28ab04288b46a5/html5/thumbnails/26.jpg)
SUMMARY
• Security (cont)
• Limit access to /wp-admin/ directory to just my IP address
• Changes every few days though
• Sanitizing output of WordPress
• Modifying WordPress core files
![Page 27: Getting started with wordpress hosting and security](https://reader036.fdocuments.in/reader036/viewer/2022062503/58d026c01a28ab04288b46a5/html5/thumbnails/27.jpg)
RESOURCES
• Hosting
• www.wordpress.com
• www.pair.com
• www.asmallorange.com
![Page 28: Getting started with wordpress hosting and security](https://reader036.fdocuments.in/reader036/viewer/2022062503/58d026c01a28ab04288b46a5/html5/thumbnails/28.jpg)
RESOURCES
• WordPress
• WordPress Codex
• codex.wordpress.org
• WordPress Themes
• wordpress.org/themes/
• WordPress Plugins
• wordpress.org/plugins/
• WordPress Lessons
• codex.wordpress.org/WordPress_Lessons
![Page 29: Getting started with wordpress hosting and security](https://reader036.fdocuments.in/reader036/viewer/2022062503/58d026c01a28ab04288b46a5/html5/thumbnails/29.jpg)
RESOURCES
• Security
• Hardening WordPress
• codex.wordpress.org/Hardening_WordPress
• WordFence
• www.wordfence.com
• WordFence Security Learning Center
• https://www.wordfence.com/learn/