Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
I'm not a word press guy, but I heard a lot:
1. Be careful which extensions you use, they could be an entry to hacking your website
2. Take care of security -
@norman70688
1. restrict access to admin login based on IP address
2. Change default admin login page url
3. Allow admin login page only from a specific port
4. if using nginx infront of your site, make sure admin endpoint is password protected
These are what I could think of -
@norman70688 oh shared hosting, I missed that, well then ya it narrows down to strong passwords and secure plugins
-
Thanks! And I launch it using DO, and make a free SSL using let's encrypt, is it okay? Or any better suggestions?
-
Using a security plugin like Wordfence will take care of the most basic (and not so basic) security measures. Apart from that, be really careful with what other plugins and themes you install. Themes can run arbitrary code and open big fat security holes.
-
Try arch linux
But in all seriousness though, congrats :D Great that you're asking for advice! -
@dudeking let'sEncrypt is just as safe as any other certificate. It may be even safer because of it having to be refreshed more often.
-
@dudeking LetsEncrypt is an absolutely fine CA. It's trusted in all browsers and it's reissued often, making it even more secure.
-
@dudeking no, don't pay 60 EUR for absolutely nothing. Let's Encrypt is just as secure and for free.
-
mszaf1856yI'd advise against wp. Look into nuxt + GitHub pages. Free hosting from github, free ssl/https out of the box. 2FA protected etc.
-
nystl1306ywordpress checklist:
1. put it behind cloudflare
2. make sure server has firewall
3. try to do any & all customizations in a personal plugin so you can try out themes easily
4. use hooks for everything
5. get plugin "Simply Show Hooks" -
C0D4669026yWordpress 101: don't wordpress.
Wordpress 102: ok you ignored the 101 training😑 so let's get you safe..er
- add Cloudflare and proxy the dns requests, this will mask the true server ip and add ddos protection if needed.
- use FULL ssl mode, this adds a ssl between the browser and CF, and then runs your SSL cert from CF to your server.
- use any CA for SSL, let's encrypt is currently in the transition of becoming a ROOT CA - so they are as safe as any other major cert authority. I use them for enterprise and personal websites.
- restrict access to /wp-admin (either through htaccess using a .pswd file ( a password needed to even load the form requested by the server) or ip whitelist it (if practical)
- use strong ass passwords
- find a 2FA plug-in to add another layer of protection
- don't install random plugins and themes, do some research as these can become points of access alone or accept remote code execution.
- use roles and permissions wisely.
- research the host, as its shared hosting, your site is only as secure as they are. If they don't add security patches and are still running php5, move away now - not all hosts are equal. -
C0D4669026yWordpress 102.2 - I ran out of characters
- filter comments for review, or add a spam filter, you will likely get XSS shoved into your comments.
- treat wordpress as an open bank vault with no security, dispite their marketing
- as it's a shared host, remove access via phpmyadmin or similar or if you can't, make sure it's also up to date and using highly strong passwords - NOT the same as your wordpress ones. -
nystl1306y@toriyuno The wordpress dev levels:
question: i want to customize this site, how do i do this?
1. modify theme's header.php file
2. make child theme, copy header.php file to child theme and modify there
3. use hooks in functions.php file in child theme to modify site content
4. make custom plugin, put all custom functionality via hooks in it
Hooks are a common pattern in WordPress that allow you to create a custom function that either adds to or filters content or data inside for a site.
Check out:
https://developer.wordpress.org/ref...
https://developer.wordpress.org/ref...
Basically instead of modifying a php file directly you make your own php file that inserts logic/content into other php files via special functions which watch for your callback custom functions
Hello, I launched a wordpress website as my personal blog, any beginner tips for startup?
question