Difference between revisions of "Wordpress"

Line 32: Line 32:
 
Source site: https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/
 
Source site: https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/
  
* Enable firewall (basic, at least) - I advised you to disable XML-RPC if you do not publish using your phone
+
You'll find below my configuration recommendations.
 +
 
 +
* '''Settings'''
 +
** WP Version Info
 +
*** Tick ''Remove WP Generator Meta Info''
 +
* '''User accounts'''
 +
** WP Username - Adjust your username, if required to avoid ''admin''
 +
** Display name - Ensure the logical name & display name are different
 +
* '''User login'''
 +
** Login lockdown
 +
*** Tick ''Enable Login Lockdown Feature''
 +
*** Set ''max login attempts'' = 5
 +
*** Tick ''display generic error message''
 +
*** Tick ''Notify by email''
 +
** Force logout
 +
*** Tick ''Enable force WP user logout''
 +
*** Set the logout time to 120 mmn
 +
* '''User registration'''
 +
** Manual approval
 +
*** Tick ''enable manual approval of new registrations''
 +
** Captcha
 +
*** Tick ''Enable captcha on registration page''
 +
* '''Filesystem security'''
 +
** File permissions
 +
*** Set all recommended permissions
 +
** PHP File editing
 +
*** Tick ''disable ability to edit PHP files''
 +
** WP file access
 +
*** Tick ''prevent access to WP default install files''
 +
* '''Firewall'''
 +
** Basic firewall rules
 +
*** Tick ''Enable Basic firewall protection''
 +
*** (optional, only if you don't publish articles using your phone) tick ''Block access to XML-RPC''
 +
*** Tick ''Block access to debug.log file''
 +
** Additional firewall rules
 +
*** Tick ''disable index views''
 +
*** Tick ''disable trace and track''
 +
*** Tick ''forbid proxy comment posting''
 +
*** Tick ''Deny bad query string''
 +
*** Tick ''Enable advanced character string filter''
 +
** 6G blacklist firewall rules
 +
*** Tick all options
 +
** Internet bots
 +
*** Tick ''block fake googlebots''
 +
** Prevent hotlinks
 +
*** Tick ''prevent image hotlinking''
 +
* '''Brute force'''
 +
** Login captcha
 +
*** Tick all options
 +
* '''Spam prevention'''
 +
** Comment SPAM
 +
*** Tick all options
 +
* '''Miscellaneous'''
 +
** Copy protection - enable it!
 +
** Frames - enable it!
 +
** Users enumeration - enable it!
 +
 
  
  

Revision as of 20:38, 6 December 2016


Installation

  1. Download the latest zip from [1] OR [2]
  2. Put the archive on your server (using FTP)
  3. Adjust and copy the PHP script to unzip the archive
  1. Go to your website and run the PHP script


Plugins

All is done on the administrator interface: http://mysite.com/wp-admin


Askimet

Askimet blocks spams and avoids bots.

  • Go to Plugins
  • Click on Activate under Askimet
  • Go to the Askimet website to register for free and get a key
  • Use your key


Contact Form 7

Source: https://wordpress.org/plugins/contact-form-7/


All in one WP Security and Firewall

Source site: https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/

You'll find below my configuration recommendations.

  • Settings
    • WP Version Info
      • Tick Remove WP Generator Meta Info
  • User accounts
    • WP Username - Adjust your username, if required to avoid admin
    • Display name - Ensure the logical name & display name are different
  • User login
    • Login lockdown
      • Tick Enable Login Lockdown Feature
      • Set max login attempts = 5
      • Tick display generic error message
      • Tick Notify by email
    • Force logout
      • Tick Enable force WP user logout
      • Set the logout time to 120 mmn
  • User registration
    • Manual approval
      • Tick enable manual approval of new registrations
    • Captcha
      • Tick Enable captcha on registration page
  • Filesystem security
    • File permissions
      • Set all recommended permissions
    • PHP File editing
      • Tick disable ability to edit PHP files
    • WP file access
      • Tick prevent access to WP default install files
  • Firewall
    • Basic firewall rules
      • Tick Enable Basic firewall protection
      • (optional, only if you don't publish articles using your phone) tick Block access to XML-RPC
      • Tick Block access to debug.log file
    • Additional firewall rules
      • Tick disable index views
      • Tick disable trace and track
      • Tick forbid proxy comment posting
      • Tick Deny bad query string
      • Tick Enable advanced character string filter
    • 6G blacklist firewall rules
      • Tick all options
    • Internet bots
      • Tick block fake googlebots
    • Prevent hotlinks
      • Tick prevent image hotlinking
  • Brute force
    • Login captcha
      • Tick all options
  • Spam prevention
    • Comment SPAM
      • Tick all options
  • Miscellaneous
    • Copy protection - enable it!
    • Frames - enable it!
    • Users enumeration - enable it!


NextGEN Gallery

Source https://wordpress.org/plugins/nextgen-gallery/


BackWPup

To backup your blog / website regularly.


Requirement:

  • Create a backup folder on your FTP server (ex: /home/rddouanecw/www/backup/)


Installation:

  • Go to Plugins > Add new
  • Search for BackWPup
  • Install and activate the plugin


After installation:

  • Once installed, go to the backWPup menu > operations
  • Create a new operation
    • General tab
      • Save all (database, files, XML export, extensions, tables check)
      • Name the archive (example): rd_douane_consulting_%Y-%m-%d
      • Format: ZIP
      • Save on File, Save on FTP
      • Send logs by email
    • Schedule tab
      • Use the Wordpress cron
      • basic prog
      • Once a month
    • Database tab
      • Select the tables to save
      • Click GZIP compression
    • Files tab
      • Select files to save - exclude the backup folder
      • click GZIP compression
    • XML export tab
      • Save all content
      • click GZIP compression
    • Extension tab
      • Save all extensions
      • click GZIP compression
    • Folder tab
      • Set the backup folder (ex: /home/rddouanecw/www/backup/)
      • Max 5 archives
    • FTP tab
      • (requirement) you must create a backup folder on the target FTP with read/write for the FTP user
      • set the FTP settings
      • set the target folder: /www/backup_daxiongmao/wedding/
      • Max 5 archives


WP Statistics

To have many statistics about your website.


Installation:

  • Go to Plugins > Add new
  • Search for WP Statistics
  • Install and activate the plugin


After installation:

  • Once installed, go to the Statistics menu > settings
  • Adjust to your own needs

(i) I usually don't change anything...


TinyMCE Advanced

This is an improved editor (What You See Is What You Get WYSIWYG).


Installation:

  • Go to Plugins > Add new
  • Search for TinyMCE Advanced
  • Install and activate the plugin


After installation:

  • Once installed, go to the Settings menu > TinyMCE
  • Select the buttons to use

(i) some hints:

  • Add copy & paste buttons
  • Add underline button
  • Add code button
  • Add 'emoticons' button
  • Add 'background color' button
  • Add 'page break' button


Simple Page Ordering

Use that plugin to create a website. this will set a fix order of the posts.


Installation:

  • Go to Plugins > Add new
  • Search for Simple Page Ordering
  • Install and activate the plugin