Hello, I launched a wordpress website as my personal blog, any beginner tips for startup?

  • 6
    I'm not a word press guy, but I heard a lot:
    1. Be careful which extensions you use, they could be an entry to hacking your website
    2. Take care of security
  • 7
    Wait few the "Ew WordPress reeee" comments lmao
  • 2

    A friend of mine had a blog. Someone hacked into it because he had bad security

    He nearly got expelled for what the hackers wrote there
  • 2
    Plugins are probably only thing to be careful.
    Common security procedures and practices are not worth to mention I guess? https, strong passwords, user permissions and so on.
  • 3
    1. restrict access to admin login based on IP address
    2. Change default admin login page url
    3. Allow admin login page only from a specific port
    4. if using nginx infront of your site, make sure admin endpoint is password protected

    These are what I could think of
  • 3
    @gitpush Those are good, but since average WP site lives in shared hosting, then all kinds of attacks are getting defended by host before things get really messy. I've personally seen this happened once and host blocked access to my client's website (or was it account?) until I wrote them that I'm legit boi and allowed here :D.
    WP itself have had security issues also once IIRC.
    So basically it'll come down to strong user/pass and https.
  • 2
    @norman70688 oh shared hosting, I missed that, well then ya it narrows down to strong passwords and secure plugins
  • 1
    Thanks! And I launch it using DO, and make a free SSL using let's encrypt, is it okay? Or any better suggestions?
  • 2
    @BuzzerByte better cash out and buy a trusted ssl certificate
  • 1
    @dudeking will do that, bro
  • 1
    @BuzzerByte see if it's worth it though, don't buy a one year one for like 60 Euro, seek value, but don't become too cheap
  • 3
    Using a security plugin like Wordfence will take care of the most basic (and not so basic) security measures. Apart from that, be really careful with what other plugins and themes you install. Themes can run arbitrary code and open big fat security holes.
  • 3
    @dudeking What do you mean by "trusted"? What's wrong with Let's Encrypt?
  • 4
    Try arch linux

    But in all seriousness though, congrats :D Great that you're asking for advice!
  • 0
    @gronostaj well it could be illegitimate. I don't know about let's encrypt, maybe it is a trustworthy service, but I would still stay on the more reliable side like godaddy
  • 4
    Ew Wordpress reeeeeee
  • 1
    @Codex404 thanks man appreciate it

    Was getting worried someone wouldn't show up
  • 3
    @dudeking let'sEncrypt is just as safe as any other certificate. It may be even safer because of it having to be refreshed more often.
  • 1
    @Stuxnet wouldnt have responded if you didnt say it xD
  • 3
    @dudeking LetsEncrypt is an absolutely fine CA. It's trusted in all browsers and it's reissued often, making it even more secure.
  • 3
    @dudeking no, don't pay 60 EUR for absolutely nothing. Let's Encrypt is just as secure and for free.
  • 2
    I'd advise against wp. Look into nuxt + GitHub pages. Free hosting from github, free ssl/https out of the box. 2FA protected etc.
  • 1
    delete it.
  • 1
    @Codex404 @PrivateGER @Fast-Nop OK, thanks for shedding light into that
  • 1
    Use a static site generator instead.
    You'll learn more, it will load faster.
  • 1
    wordpress checklist:
    1. put it behind cloudflare
    2. make sure server has firewall
    3. try to do any & all customizations in a personal plugin so you can try out themes easily
    4. use hooks for everything
    5. get plugin "Simply Show Hooks"
  • 5
    Wordpress 101: don't wordpress.
    Wordpress 102: ok you ignored the 101 trainingšŸ˜‘ so let's get you safe..er

    - add Cloudflare and proxy the dns requests, this will mask the true server ip and add ddos protection if needed.

    - use FULL ssl mode, this adds a ssl between the browser and CF, and then runs your SSL cert from CF to your server.

    - use any CA for SSL, let's encrypt is currently in the transition of becoming a ROOT CA - so they are as safe as any other major cert authority. I use them for enterprise and personal websites.

    - restrict access to /wp-admin (either through htaccess using a .pswd file ( a password needed to even load the form requested by the server) or ip whitelist it (if practical)

    - use strong ass passwords

    - find a 2FA plug-in to add another layer of protection

    - don't install random plugins and themes, do some research as these can become points of access alone or accept remote code execution.

    - use roles and permissions wisely.

    - research the host, as its shared hosting, your site is only as secure as they are. If they don't add security patches and are still running php5, move away now - not all hosts are equal.
  • 4
    Wordpress 102.2 - I ran out of characters

    - filter comments for review, or add a spam filter, you will likely get XSS shoved into your comments.

    - treat wordpress as an open bank vault with no security, dispite their marketing

    - as it's a shared host, remove access via phpmyadmin or similar or if you can't, make sure it's also up to date and using highly strong passwords - NOT the same as your wordpress ones.
  • 1
    @C0D4 thanks for advising, especially for strong ass password XD
  • 0
    @peaduaw What are wordpress hooks?
  • 0
    @toriyuno Basically events on which you can attach your callbacks
  • 1
    @toriyuno The wordpress dev levels:

    question: i want to customize this site, how do i do this?

    1. modify theme's header.php file
    2. make child theme, copy header.php file to child theme and modify there
    3. use hooks in functions.php file in child theme to modify site content
    4. make custom plugin, put all custom functionality via hooks in it

    Hooks are a common pattern in WordPress that allow you to create a custom function that either adds to or filters content or data inside for a site.

    Check out:

    Basically instead of modifying a php file directly you make your own php file that inserts logic/content into other php files via special functions which watch for your callback custom functions
  • 0
  • 0
    Uninstall and make something decent
Your Job Suck?
Get a Better Job
Add Comment