Difference between revisions of "Wordpress"

Line 1: Line 1:
 
[[Category:Website]]
 
[[Category:Website]]
 +
 +
 +
This page describes the installation and configuration of a wordpress website. With the following plugins and settings you can do a 'classical' or 'blog' website or even a mix of both. It's up to you ! :)
 +
 +
 +
  
 
=Installation=
 
=Installation=
Line 8: Line 14:
  
 
# Go to your website and run the PHP script  
 
# Go to your website and run the PHP script  
 +
 +
 +
'''Requirements'''
 +
* Enable PHP 7 support. (i) On OVH you can do that from the admin panel
 +
 +
 +
'''Installation key points'''
 +
* Always use a database prefix (ex:  baby_blog_  or  it_tips_)
 +
* When asked you should create a STRONG password for the admin
 +
* If you see some warning during installation you've to adjust your <code>.htaccess</code> file
 +
(i) This should not happen
  
  
  
=Global configuration=
+
=Permalinks (URL type)=
  
* Go to '''Settings'''
+
* Go to '''Settings''' > '''Permalinks'''
** Discussion
+
* Select a friendly name for your articles: '''tick ''Post name'''''
*** Untick the options of ''Default article settings''
 
*** Tick both ''email me whenever'' options
 
*** Tick both ''before a comment appears'' options
 
** Permalinks
 
*** Use ''post name'' instead of the plain default
 
  
  
Line 25: Line 37:
 
=Plugins=
 
=Plugins=
 
All is done on the administrator interface: http://mysite.com/wp-admin
 
All is done on the administrator interface: http://mysite.com/wp-admin
 +
 +
 +
According to your needs, here is the list of plugins I recommend to install and activate:
 +
* ''Askimet'' : anti-spam
 +
* ''qTranslate-X'' : mutli-lang support
 +
* ''All in one WP Security'' : security
 +
* ''NextGEN Gallery'' : photos galleries
 +
  
  
Line 30: Line 50:
  
 
Askimet blocks spams and avoids bots.
 
Askimet blocks spams and avoids bots.
 +
 +
 +
Installation:
 
* Go to '''Plugins'''
 
* Go to '''Plugins'''
 
* Click on '''Activate''' under ''Askimet''
 
* Click on '''Activate''' under ''Askimet''
Line 36: Line 59:
  
  
==Contact Form 7==
+
Configuration:
 +
* Go to '''Settings''' > ''Askimet''
 +
* You adjust the ''Strictness'' (you should select 'always put spam in the Spam folder for review')
 +
 
 +
 
 +
 
 +
==qTranslate-X==
 +
 
 +
If you want to support many languages, then ''qTranslate'' is a must ! This will allow you to translate your posts and published them in different languages.
 +
 
 +
 
 +
Installation:
 +
* Go to '''Plugins''' > '''Add new'''
 +
* Search for '''qTranslate-X'''
 +
* Install and activate the plugin
 +
 
 +
 
 +
Configuration:
 +
* Go to '''Settings''' > '''Languages'''
 +
* Go to the '''Languages tab''' and select the list of languages you want to use (ex: French, English, Chinese). You must ''enable'' each language you want.
 +
* Then, go to the '''General tab'''
 +
** Set the ''language order''
 +
** Set the ''URL modification order'' to ''Use '''Pre-Path Mode''' (Default, puts /en/ in front of URL). SEO friendly.''
 +
** Adjust ''Untranslated content'' settings
 +
** Tick ''Show language names in "Camel Case"''
 +
** Tick ''Detect the language of the browser and redirect accordingly.''
 +
** Click '''Save changes'''
 +
 
 +
(i) You can adjust other settings if you'd like.
 +
 
 +
 
 +
Add language selector to the website:
 +
* Go to '''Appearance''' > '''Widgets'''
 +
* Add ''qTranslate Language Chooser'' to the sidebar
 +
 
 +
 
 +
Usage:
 +
* When you edit a POST or a PAGE you can choose the language
 +
 
 +
 
 +
 
 +
==All in one WP Security==
 +
 
 +
(i) Most of the following settings come from: https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/
 +
 
 +
 
 +
===Security basis===
 +
 
 +
Before installing the plugin you must set some basic security settings.
 +
* Go to '''Settings''' > '''Discussion'''
 +
* Default article settings
 +
** To allow comments select: ''Allow people to post comments on new articles''
 +
* Email
 +
** If you want to receive email alerts on new comment select: ''Anyone posts a comment''
 +
* Avatars
 +
** Enable ''Show avatars''
 +
** Choose ''G — Suitable for all audiences''
 +
** Select a default avatar (ex: monsters)
 +
 
 +
 
 +
===Installation===
  
Source: https://wordpress.org/plugins/contact-form-7/
+
* Go to '''Plugins''' > '''Add new'''
 +
* Search for '''All in one WP Security'''
 +
* Install and activate the plugin
  
  
==All in one WP Security and Firewall==  
+
===Configuration===
  
Source site: https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/
 
  
 
You'll find below my configuration recommendations.
 
You'll find below my configuration recommendations.
  
* '''Settings'''  
+
* Go to '''WP security''' > '''Settings'''  
** WP Version Info  
+
** Go to tab '''WP Version Info'''
 
*** Tick ''Remove WP Generator Meta Info''
 
*** Tick ''Remove WP Generator Meta Info''
* '''User accounts'''
+
 
** WP Username - Adjust your username, if required to avoid ''admin''
+
 
 +
* Go to '''WP security''' > '''User accounts'''
 +
** Go to tab '''WP Username'''
 +
*** Adjust the super-user your username, you must avoid ''admin''
 
** Display name - Ensure the logical name & display name are different
 
** Display name - Ensure the logical name & display name are different
* '''User login'''
+
** Go to tab '''Display name'''
** Login lockdown
+
*** Everything should be OK. If not you must ''Edit your profile'' (by clicking on the image, top right corner) > Set ''Display name publicly as'' with something that is NOT the login
 +
 
 +
 
 +
* Go to '''WP security''' > '''User login'''
 +
** Go to tab '''Login lockdown'''
 
*** Tick ''Enable Login Lockdown Feature''
 
*** Tick ''Enable Login Lockdown Feature''
 
*** Set ''max login attempts'' = 5
 
*** Set ''max login attempts'' = 5
 
*** Tick ''display generic error message''
 
*** Tick ''display generic error message''
 
*** Tick ''Notify by email''
 
*** Tick ''Notify by email''
** Force logout
+
** Go to tab '''Force logout'''
 
*** Tick ''Enable force WP user logout''
 
*** Tick ''Enable force WP user logout''
 
*** Set the logout time to 120 mmn
 
*** Set the logout time to 120 mmn
* '''User registration'''
+
 
** Manual approval
+
 
 +
* Go to '''WP security''' > '''User registration'''
 +
** Go to tab '''Manual approval'''
 
*** Tick ''enable manual approval of new registrations''
 
*** Tick ''enable manual approval of new registrations''
** Captcha
+
** Go to tab '''Captcha'''
 
*** Tick ''Enable captcha on registration page''
 
*** Tick ''Enable captcha on registration page''
* '''Filesystem security'''
+
 
** File permissions
+
 
 +
* Go to '''WP security''' > '''Filesystem security'''
 +
** Go to tab '''File permissions'''
 
*** Set all recommended permissions
 
*** Set all recommended permissions
** PHP File editing
+
** Go to tab '''PHP File editing'''
 
*** Tick ''disable ability to edit PHP files''
 
*** Tick ''disable ability to edit PHP files''
** WP file access
+
** Go to tab '''WP file access'''
 
*** Tick ''prevent access to WP default install files''
 
*** Tick ''prevent access to WP default install files''
* '''Firewall'''
+
 
** Basic firewall rules
+
 
 +
* Go to '''WP security''' > '''Firewall'''
 +
** Go to tab '''Basic firewall rules'''
 
*** Tick ''Enable Basic firewall protection''
 
*** Tick ''Enable Basic firewall protection''
 
*** (optional, only if you don't publish articles using your phone) tick ''Block access to XML-RPC''
 
*** (optional, only if you don't publish articles using your phone) tick ''Block access to XML-RPC''
 
*** Tick ''Block access to debug.log file''
 
*** Tick ''Block access to debug.log file''
** Additional firewall rules
+
** Go to tab '''Additional firewall rules'''
 
*** Tick ''disable index views''
 
*** Tick ''disable index views''
 
*** Tick ''disable trace and track''
 
*** Tick ''disable trace and track''
Line 85: Line 182:
 
*** Tick ''Deny bad query string''
 
*** Tick ''Deny bad query string''
 
*** Tick ''Enable advanced character string filter''
 
*** Tick ''Enable advanced character string filter''
** 6G blacklist firewall rules
+
** Go to tab '''6G blacklist firewall rules'''
 
*** Tick all options
 
*** Tick all options
** Internet bots
+
** Go to tab '''Internet bots'''
 
*** Tick ''block fake googlebots''
 
*** Tick ''block fake googlebots''
** Prevent hotlinks
+
** Go to tab '''Prevent hotlinks'''
*** Tick ''prevent image hotlinking''
+
*** <ins>Tick ''prevent image hotlinking''</ins>  !!! This is particulary important if you want to restrict access to the website content !!! No one can display content outside your own domain.
* '''Brute force'''
+
 
** Login captcha
+
 
 +
* Go to '''WP security''' > '''Brute force'''
 +
** Go to tab '''Login captcha'''
 
*** Tick all options
 
*** Tick all options
* '''Spam prevention'''
+
 
** Comment SPAM
+
 
 +
* Go to '''WP security''' > '''Spam prevention'''
 +
** Go to tab '''Comment SPAM'''
 
*** Tick all options
 
*** Tick all options
* '''Miscellaneous'''
+
 
** Copy protection - enable it!
+
 
** Frames - enable it!
+
* Go to '''WP security''' > '''Miscellaneous'''
** Users enumeration - enable it!
+
** Go to tab '''Copy protection'''
 +
*** <ins>''Enable Copy protection''</ins>  !!! This will prevent anyone from saving content and downloading it on their station !!! This is particulary important if you want to control the data and ensure the content does NOT get everywhere - in the case of private photos for instance.
 +
** Go to tab '''Frames'''
 +
*** Enable that feature
 +
** Go to tab '''Users enumeration'''
 +
*** Enable that feature
 +
 
 +
 
 +
Complete! You're good to go! Just log-off / log-in again.
  
  
Line 107: Line 216:
  
 
Source https://wordpress.org/plugins/nextgen-gallery/
 
Source https://wordpress.org/plugins/nextgen-gallery/
 +
 +
 +
===Installation===
 +
 +
* Go to '''Plugins''' > '''Add new'''
 +
* Search for '''NextGEN Gallery'''
 +
* Install and activate the plugin
 +
 +
 +
 +
===Upgrade to PRO version (NextGEN Plus)===
 +
 +
(i) <ins>This is optional</ins>
 +
 +
If you want to add filigrane, prevent picture download and have better gallery I strongly recommend you to go for the PRO version ''NextGEN Plus''.
 +
 +
It is a bit expensive - 49€ - but it really worth it in terms of security.
 +
 +
Once you've subscribed you'll receive the setup details by email.
 +
 +
 +
===Configuration===
 +
 +
* Go to '''Gallery''' > '''Other options'''
 +
** Under '''Image options'''
 +
*** Say YES to ''Delete image files'' when you remove a gallery
 +
*** <ins>Say YES to ''Automatically resize images after upload''</ins>  !! This is particulary important for the website loading time !! ;)
 +
*** Set the size to <ins>width: 1024 x height: 768 | Quality: 100%</ins>  (i) you can adjust that to your own needs
 +
*** <ins>Say YES to ''Backup original images?''</ins>
 +
 +
** Under '''Thumbnail options'''
 +
*** Set the default Thumbnail size to 240 x 160
 +
*** Set fix dimension? YES
 +
 +
** Under '''Watermarks'''
 +
*** How will generate a watermark? ''text''
 +
*** Choose the position (I recommend bottom right)
 +
*** Offset 5 x 5
 +
*** Text: '''© Daxiongmao.eu'''
 +
*** Opacity: 100%
 +
*** Font family: Arial
 +
*** Font size: 10px
 +
*** Color: white (you can choose something else)
 +
 +
 +
~ for PRO version only ~
 +
 +
** Under '''Image protection'''
 +
*** <ins>Say YES to ''Protect images''</ins>  !! This will disable the download option of the plugin
 +
*** <ins>Say YES to ''Disable right click menu completly''</ins> !! This will disable right click > save as... from the browser
 +
 +
 +
 +
 +
==Contact Form 7==
 +
 +
Source: https://wordpress.org/plugins/contact-form-7/
 +
  
  
Line 158: Line 325:
 
*** set the target folder: <code>/www/backup_daxiongmao/wedding/</code>
 
*** set the target folder: <code>/www/backup_daxiongmao/wedding/</code>
 
*** Max 5 archives
 
*** Max 5 archives
 +
  
 
==WP Statistics==
 
==WP Statistics==
Line 174: Line 342:
 
** General
 
** General
 
*** Disable all search engines but DuckDuckGo (it is the least popular)
 
*** Disable all search engines but DuckDuckGo (it is the least popular)
 +
  
 
==TinyMCE Advanced==
 
==TinyMCE Advanced==
Line 207: Line 376:
 
* Go to '''Plugins''' > '''Add new'''
 
* Go to '''Plugins''' > '''Add new'''
 
* Search for '''Simple Page Ordering'''  
 
* Search for '''Simple Page Ordering'''  
 +
* Install and activate the plugin
 +
 +
 +
==Disable Google Fonts==
 +
 +
In China Google is not fast, not fast at all!! You must disable the Google fonts to improve users' experience ; otherwise the website may take minutes to load.
 +
 +
Installation:
 +
* Go to '''Plugins''' > '''Add new'''
 +
* Search for '''Disable Google Fonts'''
 +
* Install and activate the plugin
 +
 +
 +
==Hide My Site==
 +
 +
If you do NOT want your website to be accessible to the whole world: that's the plugin you need.
 +
 +
'''To access the website you must type a common password''' that you provide to your potentials visitors. This is very useful if you want to do a private blog with pictures for instance.
 +
 +
 +
Installation:
 +
* Go to '''Plugins''' > '''Add new'''
 +
* Search for '''Hide My Site'''
 
* Install and activate the plugin
 
* Install and activate the plugin

Revision as of 15:12, 24 December 2016


This page describes the installation and configuration of a wordpress website. With the following plugins and settings you can do a 'classical' or 'blog' website or even a mix of both. It's up to you ! :)



Installation

  1. Download the latest zip from [1] OR [2]
  2. Put the archive on your server (using FTP)
  3. Adjust and copy the PHP script to unzip the archive
  1. Go to your website and run the PHP script


Requirements

  • Enable PHP 7 support. (i) On OVH you can do that from the admin panel


Installation key points

  • Always use a database prefix (ex: baby_blog_ or it_tips_)
  • When asked you should create a STRONG password for the admin
  • If you see some warning during installation you've to adjust your .htaccess file

(i) This should not happen


Permalinks (URL type)

  • Go to Settings > Permalinks
  • Select a friendly name for your articles: tick Post name


Plugins

All is done on the administrator interface: http://mysite.com/wp-admin


According to your needs, here is the list of plugins I recommend to install and activate:

  • Askimet : anti-spam
  • qTranslate-X : mutli-lang support
  • All in one WP Security : security
  • NextGEN Gallery : photos galleries


Askimet

Askimet blocks spams and avoids bots.


Installation:

  • Go to Plugins
  • Click on Activate under Askimet
  • Go to the Askimet website to register for free and get a key
  • Use your key


Configuration:

  • Go to Settings > Askimet
  • You adjust the Strictness (you should select 'always put spam in the Spam folder for review')


qTranslate-X

If you want to support many languages, then qTranslate is a must ! This will allow you to translate your posts and published them in different languages.


Installation:

  • Go to Plugins > Add new
  • Search for qTranslate-X
  • Install and activate the plugin


Configuration:

  • Go to Settings > Languages
  • Go to the Languages tab and select the list of languages you want to use (ex: French, English, Chinese). You must enable each language you want.
  • Then, go to the General tab
    • Set the language order
    • Set the URL modification order to Use Pre-Path Mode (Default, puts /en/ in front of URL). SEO friendly.
    • Adjust Untranslated content settings
    • Tick Show language names in "Camel Case"
    • Tick Detect the language of the browser and redirect accordingly.
    • Click Save changes

(i) You can adjust other settings if you'd like.


Add language selector to the website:

  • Go to Appearance > Widgets
  • Add qTranslate Language Chooser to the sidebar


Usage:

  • When you edit a POST or a PAGE you can choose the language


All in one WP Security

(i) Most of the following settings come from: https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/


Security basis

Before installing the plugin you must set some basic security settings.

  • Go to Settings > Discussion
  • Default article settings
    • To allow comments select: Allow people to post comments on new articles
  • Email
    • If you want to receive email alerts on new comment select: Anyone posts a comment
  • Avatars
    • Enable Show avatars
    • Choose G — Suitable for all audiences
    • Select a default avatar (ex: monsters)


Installation

  • Go to Plugins > Add new
  • Search for All in one WP Security
  • Install and activate the plugin


Configuration

You'll find below my configuration recommendations.

  • Go to WP security > Settings
    • Go to tab WP Version Info
      • Tick Remove WP Generator Meta Info


  • Go to WP security > User accounts
    • Go to tab WP Username
      • Adjust the super-user your username, you must avoid admin
    • Display name - Ensure the logical name & display name are different
    • Go to tab Display name
      • Everything should be OK. If not you must Edit your profile (by clicking on the image, top right corner) > Set Display name publicly as with something that is NOT the login


  • Go to WP security > User login
    • Go to tab Login lockdown
      • Tick Enable Login Lockdown Feature
      • Set max login attempts = 5
      • Tick display generic error message
      • Tick Notify by email
    • Go to tab Force logout
      • Tick Enable force WP user logout
      • Set the logout time to 120 mmn


  • Go to WP security > User registration
    • Go to tab Manual approval
      • Tick enable manual approval of new registrations
    • Go to tab Captcha
      • Tick Enable captcha on registration page


  • Go to WP security > Filesystem security
    • Go to tab File permissions
      • Set all recommended permissions
    • Go to tab PHP File editing
      • Tick disable ability to edit PHP files
    • Go to tab WP file access
      • Tick prevent access to WP default install files


  • Go to WP security > Firewall
    • Go to tab Basic firewall rules
      • Tick Enable Basic firewall protection
      • (optional, only if you don't publish articles using your phone) tick Block access to XML-RPC
      • Tick Block access to debug.log file
    • Go to tab Additional firewall rules
      • Tick disable index views
      • Tick disable trace and track
      • Tick forbid proxy comment posting
      • Tick Deny bad query string
      • Tick Enable advanced character string filter
    • Go to tab 6G blacklist firewall rules
      • Tick all options
    • Go to tab Internet bots
      • Tick block fake googlebots
    • Go to tab Prevent hotlinks
      • Tick prevent image hotlinking  !!! This is particulary important if you want to restrict access to the website content !!! No one can display content outside your own domain.


  • Go to WP security > Brute force
    • Go to tab Login captcha
      • Tick all options


  • Go to WP security > Spam prevention
    • Go to tab Comment SPAM
      • Tick all options


  • Go to WP security > Miscellaneous
    • Go to tab Copy protection
      • Enable Copy protection  !!! This will prevent anyone from saving content and downloading it on their station !!! This is particulary important if you want to control the data and ensure the content does NOT get everywhere - in the case of private photos for instance.
    • Go to tab Frames
      • Enable that feature
    • Go to tab Users enumeration
      • Enable that feature


Complete! You're good to go! Just log-off / log-in again.


NextGEN Gallery

Source https://wordpress.org/plugins/nextgen-gallery/


Installation

  • Go to Plugins > Add new
  • Search for NextGEN Gallery
  • Install and activate the plugin


Upgrade to PRO version (NextGEN Plus)

(i) This is optional

If you want to add filigrane, prevent picture download and have better gallery I strongly recommend you to go for the PRO version NextGEN Plus.

It is a bit expensive - 49€ - but it really worth it in terms of security.

Once you've subscribed you'll receive the setup details by email.


Configuration

  • Go to Gallery > Other options
    • Under Image options
      • Say YES to Delete image files when you remove a gallery
      • Say YES to Automatically resize images after upload  !! This is particulary important for the website loading time !! ;)
      • Set the size to width: 1024 x height: 768 | Quality: 100% (i) you can adjust that to your own needs
      • Say YES to Backup original images?
    • Under Thumbnail options
      • Set the default Thumbnail size to 240 x 160
      • Set fix dimension? YES
    • Under Watermarks
      • How will generate a watermark? text
      • Choose the position (I recommend bottom right)
      • Offset 5 x 5
      • Text: © Daxiongmao.eu
      • Opacity: 100%
      • Font family: Arial
      • Font size: 10px
      • Color: white (you can choose something else)


~ for PRO version only ~

    • Under Image protection
      • Say YES to Protect images  !! This will disable the download option of the plugin
      • Say YES to Disable right click menu completly !! This will disable right click > save as... from the browser



Contact Form 7

Source: https://wordpress.org/plugins/contact-form-7/



BackWPup

To backup your blog / website regularly.


Requirement:

  • Create a backup folder on your FTP server (ex: /home/rddouanecw/www/backup/)


Installation:

  • Go to Plugins > Add new
  • Search for BackWPup
  • Install and activate the plugin


After installation:

  • Once installed, go to the backWPup menu > jobs
  • Add new job
    • General tab
      • Save all (database, files, XML export, extensions, tables check)
      • Name the archive (example): rd_douane_consulting_%Y-%m-%d
      • Format: ZIP
      • Save on File, Save on FTP
      • Send logs by email
    • Schedule tab
      • Use the Wordpress cron
      • basic prog
      • Once a month
    • Database tab
      • Select the tables to save
      • Click GZIP compression
    • Files tab
      • Select files to save - exclude the backup folder
      • click GZIP compression
    • XML export tab
      • Save all content
      • click GZIP compression
    • Extension tab
      • Save all extensions
      • click GZIP compression
    • Folder tab
      • Set the backup folder (ex: /home/rddouanecw/www/backup/)
      • Max 5 archives
    • FTP tab
      • (requirement) you must create a backup folder on the target FTP with read/write for the FTP user
      • set the FTP settings
      • set the target folder: /www/backup_daxiongmao/wedding/
      • Max 5 archives


WP Statistics

To have many statistics about your website.


Installation:

  • Go to Plugins > Add new
  • Search for WP Statistics
  • Install and activate the plugin


After installation:

  • Once installed, go to the Statistics menu > settings
    • General
      • Disable all search engines but DuckDuckGo (it is the least popular)


TinyMCE Advanced

This is an improved editor (What You See Is What You Get WYSIWYG).


Installation:

  • Go to Plugins > Add new
  • Search for TinyMCE Advanced
  • Install and activate the plugin


After installation:

  • Once installed, go to the Settings menu > TinyMCE
  • Select the buttons to use

(i) some hints:

  • Add copy & paste buttons
  • Add underline button
  • Add code button
  • Add 'emoticons' button
  • Add 'background color' button
  • Add 'page break' button


Simple Page Ordering

Use that plugin to create a website. this will set a fix order of the posts.


Installation:

  • Go to Plugins > Add new
  • Search for Simple Page Ordering
  • Install and activate the plugin


Disable Google Fonts

In China Google is not fast, not fast at all!! You must disable the Google fonts to improve users' experience ; otherwise the website may take minutes to load.

Installation:

  • Go to Plugins > Add new
  • Search for Disable Google Fonts
  • Install and activate the plugin


Hide My Site

If you do NOT want your website to be accessible to the whole world: that's the plugin you need.

To access the website you must type a common password that you provide to your potentials visitors. This is very useful if you want to do a private blog with pictures for instance.


Installation:

  • Go to Plugins > Add new
  • Search for Hide My Site
  • Install and activate the plugin