Difference between revisions of "Wordpress"

Line 8: Line 8:
  
 
=Installation=
 
=Installation=
 
# Download the latest zip from [http://wordpress.org] OR  [http://fr.wordpress.org]
 
# Put the archive on your server (using FTP)
 
# Adjust and copy the PHP script to unzip the archive
 
 
# Go to your website and run the PHP script
 
 
  
 
'''Requirements'''
 
'''Requirements'''
Line 21: Line 14:
  
 
'''Installation key points'''
 
'''Installation key points'''
* Always use a database prefix (ex:  baby_blog_  or  it_tips_)
+
* Always use a database prefix (ex:  <code>baby_blog_</code>   or  <code>it_tips_</code>)
 
* When asked you should create a STRONG password for the admin
 
* When asked you should create a STRONG password for the admin
 
* If you see some warning during installation you've to adjust your <code>.htaccess</code> file  
 
* If you see some warning during installation you've to adjust your <code>.htaccess</code> file  
 
(i) This should not happen
 
(i) This should not happen
 +
 +
 +
'''Setup'''
 +
# Download the latest zip from [http://wordpress.org] OR  [http://fr.wordpress.org]
 +
# Put the archive on your server (using FTP)
 +
# Unzip the archive
 +
You can use the following script: TODO GUILLAUME
 +
# Go to your website: the installation process will start
 +
 +
  
  
Line 36: Line 39:
  
 
=Plugins=
 
=Plugins=
 +
 +
 
All is done on the administrator interface: http://mysite.com/wp-admin
 
All is done on the administrator interface: http://mysite.com/wp-admin
  
Line 44: Line 49:
 
* ''All in one WP Security'' : security
 
* ''All in one WP Security'' : security
 
* ''NextGEN Gallery'' : photos galleries
 
* ''NextGEN Gallery'' : photos galleries
 +
* ''BackWPup'' : regular backup
 +
* ''TinyMCE Advanced'' : WYSIWIG editor
 +
* ''WP Statistics'' : statistics
 +
* ''Hide My Site'' : to restrict access to the website. All visitor must provide a common password that you gave them. (free version: only 1 password for all users)
  
  
Line 266: Line 275:
 
*** <ins>Say YES to ''Protect images''</ins>  !! This will disable the download option of the plugin
 
*** <ins>Say YES to ''Protect images''</ins>  !! This will disable the download option of the plugin
 
*** <ins>Say YES to ''Disable right click menu completly''</ins> !! This will disable right click > save as... from the browser
 
*** <ins>Say YES to ''Disable right click menu completly''</ins> !! This will disable right click > save as... from the browser
 
 
 
 
==Contact Form 7==
 
 
Source: https://wordpress.org/plugins/contact-form-7/
 
 
  
  
Line 286: Line 287:
  
  
Installation:
+
===Installation===
 
* Go to '''Plugins''' > '''Add new'''
 
* Go to '''Plugins''' > '''Add new'''
 
* Search for ''BackWPup''  
 
* Search for ''BackWPup''  
 
* Install and activate the plugin
 
* Install and activate the plugin
  
 +
 +
===Configuration===
  
 
After installation:  
 
After installation:  
* Once installed, go to the '''backWPup''' menu > '''jobs'''
+
* Go to '''backWPup''' > '''jobs'''
 
* ''Add new'' job
 
* ''Add new'' job
** '''General''' tab
+
 
*** Save all (database, files, XML export, extensions, tables check)
+
 
*** Name the archive (example): rd_douane_consulting_%Y-%m-%d
+
* Go to '''General''' tab
*** Format: ZIP
+
** <ins>Save all</ins> (database, files, XML export, extensions, tables check)
*** Save on File, Save on FTP
+
** Name the archive (example): <code>rd_douane_consulting_</code><ins>%Y-%m-%d</ins>
*** Send logs by email
+
** Format: <ins>ZIP</ins>
** '''Schedule''' tab
+
** Job destination:
*** Use the Wordpress cron
+
*** Save on File
*** basic prog
+
*** Save on FTP
*** Once a month
+
** Logs
** '''Database''' tab
+
*** Set email address to send log to
*** Select the tables to save
+
*** Set email from field like: <code>Baby blog - backup <postmaster@qin-diaz.com></code>
*** Click GZIP compression
+
*** Tick ''Errors only''
** '''Files''' tab
+
 
*** Select files to save - exclude the backup folder
+
 
*** click GZIP compression
+
* Go to '''Schedule''' tab
** '''XML export''' tab
+
** Use the <ins>Wordpress cron</ins>
*** Save all content
+
** <ins>basic</ins> prog
*** click GZIP compression
+
** Once a week | month - depend on your own usage
** '''Extension''' tab
+
 
*** Save all extensions
+
 
*** click GZIP compression
+
* Go to '''DB backup''' tab
** '''Folder''' tab
+
** Select the tables to save
*** Set the backup folder (ex: /home/rddouanecw/www/backup/)
+
** Click <ins>GZIP</ins> compression
*** Max 5 archives
+
 
** '''FTP''' tab
+
 
 +
* Go to '''Files''' tab
 +
** Tick ''Backup WordPress <ins>install</ins> folder''  (ex: <code>/home/daxiongm/www/baby</code>)
 +
*** Only select the blog | website folder from the root ; exclude all the rest
 +
** Tick ''Backup <ins>content</ins> folder''  (ex: <code>/home/daxiongm/www/baby/wp-content</code>)
 +
*** Exclude '''cache'''
 +
*** Exclude ''upgrade''
 +
** Tick ''Backup <ins>plugins</ins>''  (ex: <code>/home/daxiongm/www/baby/wp-content/plugins</code>)  !! this is particulary important if you paid some plugins !!
 +
** Tick ''Backup <ins>themes</ins>''  (ex: <code>/home/daxiongm/www/baby/wp-content/themes</code>)
 +
** Tick ''Backup <ins>uploads</ins> folder''  (ex: <code>/home/daxiongm/www/baby/wp-content/uploads</code>)
 +
*** Exclude ''backwpup-*''
 +
** Tick ''include special files'' (Backup wp-config.php, robots.txt, nginx.conf, .htaccess, .htpasswd and favicon.ico from root if it is not included in backup.)
 +
** Tick ''Use one folder above as WP install folder''
 +
 
 +
 
 +
* Go to '''XML export''' tab
 +
** Save all content
 +
** click GZIP compression
 +
 
 +
 
 +
* Go to the '''Plugins''' tab
 +
** Save all extensions
 +
** click GZIP compression
 +
 
 +
 
 +
* Go to the '''DB: check''' tab
 +
** Tick ''WordPress tables only''
 +
 
 +
 
 +
* Go to the '''To: Folder''' tab
 +
** Set the backup folder (ex: <code>/home/rddouanecw/www/backup/</code>)
 +
** Set max 5 archives
 +
 
 +
 
 +
* Go to the '''FTP''' tab
 
*** (requirement) you must create a backup folder on the target FTP with read/write for the FTP user  
 
*** (requirement) you must create a backup folder on the target FTP with read/write for the FTP user  
 
*** set the FTP settings
 
*** set the FTP settings
 
*** set the target folder: <code>/www/backup_daxiongmao/wedding/</code>
 
*** set the target folder: <code>/www/backup_daxiongmao/wedding/</code>
 
*** Max 5 archives
 
*** Max 5 archives
 +
*** Tick ''use FTP passive mode''
  
  
==WP Statistics==
+
All done! You can already backup your website | blog.
  
To have many statistics about your website.
 
 
 
Installation:
 
* Go to '''Plugins''' > '''Add new'''
 
* Search for ''WP Statistics''
 
* Install and activate the plugin
 
 
 
After installation:
 
* Once installed, go to the '''Statistics''' menu > '''settings'''
 
** General
 
*** Disable all search engines but DuckDuckGo (it is the least popular)
 
  
  
Line 349: Line 374:
  
  
Installation:  
+
Installation:
 
* Go to '''Plugins''' > '''Add new'''
 
* Go to '''Plugins''' > '''Add new'''
 
* Search for '''TinyMCE Advanced'''  
 
* Search for '''TinyMCE Advanced'''  
Line 356: Line 381:
  
 
After installation:  
 
After installation:  
* Once installed, go to the '''Settings''' menu > '''TinyMCE'''
+
* Once installed, go to the '''Settings''' menu > '''TinyMCE Advanced'''
 
* Select the buttons to use
 
* Select the buttons to use
 +
  
 
(i) some hints:
 
(i) some hints:
Line 366: Line 392:
 
* Add 'background color' button
 
* Add 'background color' button
 
* Add 'page break' button
 
* Add 'page break' button
 +
* <ins>Tick ''Keep paragaph tags''</ins>
  
  
==Simple Page Ordering==
+
==WP Statistics==
  
Use that plugin to create a website. this will set a fix order of the posts.
+
To have many statistics about your website.
  
  
 
Installation:  
 
Installation:  
 
* Go to '''Plugins''' > '''Add new'''
 
* Go to '''Plugins''' > '''Add new'''
* Search for '''Simple Page Ordering'''  
+
* Search for ''WP Statistics''  
 
* Install and activate the plugin
 
* Install and activate the plugin
  
  
==Disable Google Fonts==
+
After installation:
 +
* Go to '''Statistics''' > '''settings'''
 +
** Go to '''General''' tab
 +
*** Disable all search engines but DuckDuckGo (it is the least popular)
 +
 
 +
 
 +
 
 +
==Hide My Site==
 +
 
 +
If you do NOT want your website to be accessible to the whole world: that's the plugin you need.
 +
 
 +
You must give the password to all your visitors (family, friends). <ins>You cannot access the website without that password!</ins>
 +
 
 +
This is very useful if you want to do a private blog with pictures for instance.
  
In China Google is not fast, not fast at all!! You must disable the Google fonts to improve users' experience ; otherwise the website may take minutes to load.
 
  
Installation:
+
===Installation===
 
* Go to '''Plugins''' > '''Add new'''
 
* Go to '''Plugins''' > '''Add new'''
* Search for '''Disable Google Fonts'''  
+
* Search for '''Hide My Site'''  
 
* Install and activate the plugin
 
* Install and activate the plugin
  
  
==Hide My Site==
+
===Configuration===
 +
* Go to '''Settings''' > '''Hide my site'''
 +
** <ins>Tick ''Enable password protection''</ins>
 +
** Set your password '''<< This is the password you need to send to all your visitors'''
 +
** You can provide some password hint, as long as it is not dummy and only the persons that know you can find it!
 +
** Tick ''brute force detection''
 +
 
 +
 
 +
===How to test it?===
 +
 
 +
Just log-off from the administrator interface and go to your website. The password pop-up should appear.
 +
 
 +
 
 +
 
 +
===Mobile phones===
 +
 
 +
This works on mobile phones (Android, iPhone, Windows phone). However you must ZOOM to see the input text field. This is a bug in the plugin, a small price to pay for better privacy. ^-^
 +
 
 +
 
 +
 
 +
 
 +
 
 +
==Contact Form 7==
 +
 
 +
Source: https://wordpress.org/plugins/contact-form-7/
 +
 
 +
 
 +
 
 +
 
 +
 
 +
==Simple Page Ordering==
 +
 
 +
Use that plugin to create a website. this will set a fix order of the posts.
 +
 
 +
 
 +
Installation:
 +
* Go to '''Plugins''' > '''Add new'''
 +
* Search for '''Simple Page Ordering'''
 +
* Install and activate the plugin
  
If you do NOT want your website to be accessible to the whole world: that's the plugin you need.
 
  
'''To access the website you must type a common password''' that you provide to your potentials visitors. This is very useful if you want to do a private blog with pictures for instance.
+
==Disable Google Fonts==
  
 +
In China Google is not fast, not fast at all!! You must disable the Google fonts to improve users' experience ; otherwise the website may take minutes to load.
  
 
Installation:  
 
Installation:  
 
* Go to '''Plugins''' > '''Add new'''
 
* Go to '''Plugins''' > '''Add new'''
* Search for '''Hide My Site'''  
+
* Search for '''Disable Google Fonts'''  
 
* Install and activate the plugin
 
* Install and activate the plugin

Revision as of 15:45, 24 December 2016


This page describes the installation and configuration of a wordpress website. With the following plugins and settings you can do a 'classical' or 'blog' website or even a mix of both. It's up to you ! :)



Installation

Requirements

  • Enable PHP 7 support. (i) On OVH you can do that from the admin panel


Installation key points

  • Always use a database prefix (ex: baby_blog_ or it_tips_)
  • When asked you should create a STRONG password for the admin
  • If you see some warning during installation you've to adjust your .htaccess file

(i) This should not happen


Setup

  1. Download the latest zip from [1] OR [2]
  2. Put the archive on your server (using FTP)
  3. Unzip the archive

You can use the following script: TODO GUILLAUME

  1. Go to your website: the installation process will start



Permalinks (URL type)

  • Go to Settings > Permalinks
  • Select a friendly name for your articles: tick Post name


Plugins

All is done on the administrator interface: http://mysite.com/wp-admin


According to your needs, here is the list of plugins I recommend to install and activate:

  • Askimet : anti-spam
  • qTranslate-X : mutli-lang support
  • All in one WP Security : security
  • NextGEN Gallery : photos galleries
  • BackWPup : regular backup
  • TinyMCE Advanced : WYSIWIG editor
  • WP Statistics : statistics
  • Hide My Site : to restrict access to the website. All visitor must provide a common password that you gave them. (free version: only 1 password for all users)


Askimet

Askimet blocks spams and avoids bots.


Installation:

  • Go to Plugins
  • Click on Activate under Askimet
  • Go to the Askimet website to register for free and get a key
  • Use your key


Configuration:

  • Go to Settings > Askimet
  • You adjust the Strictness (you should select 'always put spam in the Spam folder for review')


qTranslate-X

If you want to support many languages, then qTranslate is a must ! This will allow you to translate your posts and published them in different languages.


Installation:

  • Go to Plugins > Add new
  • Search for qTranslate-X
  • Install and activate the plugin


Configuration:

  • Go to Settings > Languages
  • Go to the Languages tab and select the list of languages you want to use (ex: French, English, Chinese). You must enable each language you want.
  • Then, go to the General tab
    • Set the language order
    • Set the URL modification order to Use Pre-Path Mode (Default, puts /en/ in front of URL). SEO friendly.
    • Adjust Untranslated content settings
    • Tick Show language names in "Camel Case"
    • Tick Detect the language of the browser and redirect accordingly.
    • Click Save changes

(i) You can adjust other settings if you'd like.


Add language selector to the website:

  • Go to Appearance > Widgets
  • Add qTranslate Language Chooser to the sidebar


Usage:

  • When you edit a POST or a PAGE you can choose the language


All in one WP Security

(i) Most of the following settings come from: https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/


Security basis

Before installing the plugin you must set some basic security settings.

  • Go to Settings > Discussion
  • Default article settings
    • To allow comments select: Allow people to post comments on new articles
  • Email
    • If you want to receive email alerts on new comment select: Anyone posts a comment
  • Avatars
    • Enable Show avatars
    • Choose G — Suitable for all audiences
    • Select a default avatar (ex: monsters)


Installation

  • Go to Plugins > Add new
  • Search for All in one WP Security
  • Install and activate the plugin


Configuration

You'll find below my configuration recommendations.

  • Go to WP security > Settings
    • Go to tab WP Version Info
      • Tick Remove WP Generator Meta Info


  • Go to WP security > User accounts
    • Go to tab WP Username
      • Adjust the super-user your username, you must avoid admin
    • Display name - Ensure the logical name & display name are different
    • Go to tab Display name
      • Everything should be OK. If not you must Edit your profile (by clicking on the image, top right corner) > Set Display name publicly as with something that is NOT the login


  • Go to WP security > User login
    • Go to tab Login lockdown
      • Tick Enable Login Lockdown Feature
      • Set max login attempts = 5
      • Tick display generic error message
      • Tick Notify by email
    • Go to tab Force logout
      • Tick Enable force WP user logout
      • Set the logout time to 120 mmn


  • Go to WP security > User registration
    • Go to tab Manual approval
      • Tick enable manual approval of new registrations
    • Go to tab Captcha
      • Tick Enable captcha on registration page


  • Go to WP security > Filesystem security
    • Go to tab File permissions
      • Set all recommended permissions
    • Go to tab PHP File editing
      • Tick disable ability to edit PHP files
    • Go to tab WP file access
      • Tick prevent access to WP default install files


  • Go to WP security > Firewall
    • Go to tab Basic firewall rules
      • Tick Enable Basic firewall protection
      • (optional, only if you don't publish articles using your phone) tick Block access to XML-RPC
      • Tick Block access to debug.log file
    • Go to tab Additional firewall rules
      • Tick disable index views
      • Tick disable trace and track
      • Tick forbid proxy comment posting
      • Tick Deny bad query string
      • Tick Enable advanced character string filter
    • Go to tab 6G blacklist firewall rules
      • Tick all options
    • Go to tab Internet bots
      • Tick block fake googlebots
    • Go to tab Prevent hotlinks
      • Tick prevent image hotlinking  !!! This is particulary important if you want to restrict access to the website content !!! No one can display content outside your own domain.


  • Go to WP security > Brute force
    • Go to tab Login captcha
      • Tick all options


  • Go to WP security > Spam prevention
    • Go to tab Comment SPAM
      • Tick all options


  • Go to WP security > Miscellaneous
    • Go to tab Copy protection
      • Enable Copy protection  !!! This will prevent anyone from saving content and downloading it on their station !!! This is particulary important if you want to control the data and ensure the content does NOT get everywhere - in the case of private photos for instance.
    • Go to tab Frames
      • Enable that feature
    • Go to tab Users enumeration
      • Enable that feature


Complete! You're good to go! Just log-off / log-in again.


NextGEN Gallery

Source https://wordpress.org/plugins/nextgen-gallery/


Installation

  • Go to Plugins > Add new
  • Search for NextGEN Gallery
  • Install and activate the plugin


Upgrade to PRO version (NextGEN Plus)

(i) This is optional

If you want to add filigrane, prevent picture download and have better gallery I strongly recommend you to go for the PRO version NextGEN Plus.

It is a bit expensive - 49€ - but it really worth it in terms of security.

Once you've subscribed you'll receive the setup details by email.


Configuration

  • Go to Gallery > Other options
    • Under Image options
      • Say YES to Delete image files when you remove a gallery
      • Say YES to Automatically resize images after upload  !! This is particulary important for the website loading time !! ;)
      • Set the size to width: 1024 x height: 768 | Quality: 100% (i) you can adjust that to your own needs
      • Say YES to Backup original images?
    • Under Thumbnail options
      • Set the default Thumbnail size to 240 x 160
      • Set fix dimension? YES
    • Under Watermarks
      • How will generate a watermark? text
      • Choose the position (I recommend bottom right)
      • Offset 5 x 5
      • Text: © Daxiongmao.eu
      • Opacity: 100%
      • Font family: Arial
      • Font size: 10px
      • Color: white (you can choose something else)


~ for PRO version only ~

    • Under Image protection
      • Say YES to Protect images  !! This will disable the download option of the plugin
      • Say YES to Disable right click menu completly !! This will disable right click > save as... from the browser


BackWPup

To backup your blog / website regularly.


Requirement:

  • Create a backup folder on your FTP server (ex: /home/rddouanecw/www/backup/)


Installation

  • Go to Plugins > Add new
  • Search for BackWPup
  • Install and activate the plugin


Configuration

After installation:

  • Go to backWPup > jobs
  • Add new job


  • Go to General tab
    • Save all (database, files, XML export, extensions, tables check)
    • Name the archive (example): rd_douane_consulting_%Y-%m-%d
    • Format: ZIP
    • Job destination:
      • Save on File
      • Save on FTP
    • Logs
      • Set email address to send log to
      • Set email from field like: Baby blog - backup <postmaster@qin-diaz.com>
      • Tick Errors only


  • Go to Schedule tab
    • Use the Wordpress cron
    • basic prog
    • Once a week | month - depend on your own usage


  • Go to DB backup tab
    • Select the tables to save
    • Click GZIP compression


  • Go to Files tab
    • Tick Backup WordPress install folder (ex: /home/daxiongm/www/baby)
      • Only select the blog | website folder from the root ; exclude all the rest
    • Tick Backup content folder (ex: /home/daxiongm/www/baby/wp-content)
      • Exclude cache
      • Exclude upgrade
    • Tick Backup plugins (ex: /home/daxiongm/www/baby/wp-content/plugins)  !! this is particulary important if you paid some plugins !!
    • Tick Backup themes (ex: /home/daxiongm/www/baby/wp-content/themes)
    • Tick Backup uploads folder (ex: /home/daxiongm/www/baby/wp-content/uploads)
      • Exclude backwpup-*
    • Tick include special files (Backup wp-config.php, robots.txt, nginx.conf, .htaccess, .htpasswd and favicon.ico from root if it is not included in backup.)
    • Tick Use one folder above as WP install folder


  • Go to XML export tab
    • Save all content
    • click GZIP compression


  • Go to the Plugins tab
    • Save all extensions
    • click GZIP compression


  • Go to the DB: check tab
    • Tick WordPress tables only


  • Go to the To: Folder tab
    • Set the backup folder (ex: /home/rddouanecw/www/backup/)
    • Set max 5 archives


  • Go to the FTP tab
      • (requirement) you must create a backup folder on the target FTP with read/write for the FTP user
      • set the FTP settings
      • set the target folder: /www/backup_daxiongmao/wedding/
      • Max 5 archives
      • Tick use FTP passive mode


All done! You can already backup your website | blog.


TinyMCE Advanced

This is an improved editor (What You See Is What You Get WYSIWYG).


Installation:

  • Go to Plugins > Add new
  • Search for TinyMCE Advanced
  • Install and activate the plugin


After installation:

  • Once installed, go to the Settings menu > TinyMCE Advanced
  • Select the buttons to use


(i) some hints:

  • Add copy & paste buttons
  • Add underline button
  • Add code button
  • Add 'emoticons' button
  • Add 'background color' button
  • Add 'page break' button
  • Tick Keep paragaph tags


WP Statistics

To have many statistics about your website.


Installation:

  • Go to Plugins > Add new
  • Search for WP Statistics
  • Install and activate the plugin


After installation:

  • Go to Statistics > settings
    • Go to General tab
      • Disable all search engines but DuckDuckGo (it is the least popular)


Hide My Site

If you do NOT want your website to be accessible to the whole world: that's the plugin you need.

You must give the password to all your visitors (family, friends). You cannot access the website without that password!

This is very useful if you want to do a private blog with pictures for instance.


Installation

  • Go to Plugins > Add new
  • Search for Hide My Site
  • Install and activate the plugin


Configuration

  • Go to Settings > Hide my site
    • Tick Enable password protection
    • Set your password << This is the password you need to send to all your visitors
    • You can provide some password hint, as long as it is not dummy and only the persons that know you can find it!
    • Tick brute force detection


How to test it?

Just log-off from the administrator interface and go to your website. The password pop-up should appear.


Mobile phones

This works on mobile phones (Android, iPhone, Windows phone). However you must ZOOM to see the input text field. This is a bug in the plugin, a small price to pay for better privacy. ^-^



Contact Form 7

Source: https://wordpress.org/plugins/contact-form-7/



Simple Page Ordering

Use that plugin to create a website. this will set a fix order of the posts.


Installation:

  • Go to Plugins > Add new
  • Search for Simple Page Ordering
  • Install and activate the plugin


Disable Google Fonts

In China Google is not fast, not fast at all!! You must disable the Google fonts to improve users' experience ; otherwise the website may take minutes to load.

Installation:

  • Go to Plugins > Add new
  • Search for Disable Google Fonts
  • Install and activate the plugin