WordPress Developing Secure Sites (First Edition) Applying Best Practices


#1

WordPress Developing Secure Sites Applying Best Practices.
1. Audit your WordPress Site.

Keep your site in the best way possible, before publishing your site make sure you update all the default setting to meet your site`s purpose. Here are some areas you may want to update.

A. Setting (General)

Below are the settings you will find in this section, please only check the ones that you need, and leave those you don`t need unchecked.

I. Update site title.
II. Tagline.
III. Wordpress address (url).
IV. Site address (url) normally this should be the same address as the above.
V. Email (admin email, for notification etc).
VI. Membership (Now be careful of checking this value, only check the ANY ONE CAN REGISTER if you want to allow public/open registration).
VII. New user default role (ste this to subscribe)
_VIII. Time zone. _
IX. Date format.
X. Time format.
XI. Week starts on.

B. Readings Settings.

Below are the settings you will find in this section, please check/modify the values that best suit your site.

I. Front page display.
II. Blog pages show at most.
III. Syndication feeds show the most recent.
IV. For each article in a feed, show (Recommended setting this to Summary)

Search Engine Visibility (Leave this unchecked if you want people to find your website on search engines, otherwise check if your site is private).

C. Setting (discussion).

Below are the settings you will find in this section, please only check the ones that you need, and leave those you don`t need unchecked.

I. Default article settings.
II. Other comment settings.
III. Email me whenever.
IV. Before a comment appears.
_V. Comment moderation. _
VI.

2. Choose A Good Host.

Below are types of hosting that you may choose for your website, depending on your needs.
A. Shared Hosting.

I. Low cost, but greater risk.
II. Multiple websites hosted on the same server.
III. Provides most common features (PHP, MySQL etc).
IV. Limited flexibility and control.
V. Best for blogs and small sites with typical requirements.

B. Virtual Private Servers (VPS)

I. More expensive than shared hosting, but less risk.
II. Multiple sites stored on same server in virtual containers.
III. Typicaonovides root access & full control over features and software etc.
IV. More control, greater flexibility & better performance than shared hosting.

C. Dedicated Server.

I. Provides complete control over the web server.
II. The entire server dedicated to your website(s).
III. More expensive than other options.
IV. Required a solid understanding of server software.
V. Best for sites needing control, flexibility and performance.
D. Cloud Hosting.
I. Infinitely scalable.
II. Site hosted on multiple servers (the cloud).
III. Typically cost less than other hosting options.
IV. Required a solid understanding of server software.
V. Best for sites with lot of traffic.
Below are steps for choosing a good host.

A. Hosting Consideration.

I. Regular blog with moderate traffic? Shared hosting
II. Large site needing more control over software and features? Virtual Private hosting (VPS)
III. Total control over everything? Dedicated Server.
IV. Massive traffic for less cost? Cloud Hosting.
B. Things to look for.
I. Host reputation
II. Supports all WordPress requirements
III. Runs current software (Apache/Nginx, PHP, MySQL etc)
IV. 24/7 Phone or chat support.
V. Good Documentation and Tutorial
VI. Cost, Requirements, fees, Fine print etc)

C. Technical Consideration

I. Managed VS unmanaged hosting
II. Resources, RAM, CPU, Storage, Transfer, Speed.
III. Supports SSL
IV. HTTP 1.1 Support or HTTP 2.0
V. Supports SFTP or FTPS
VI. Full root access (if needed)
VII. Check control panel of its cPanel or Plesk
VIII. Scalability and so forth

3. Find Report Vulnerabilities.

Below are easy way to fine and report vulnerabilities bugs and other issues.
If you happens to fine a bug or security issue, you should email the wordpress security team at security@wordpress.org .

A. Keep an Eye on Security.

To keep an eye on your wordpress security here are tools/plugins you should use

I. Activity log monitors what logged in users are doing.
II. Exploit scanner scans your site for sign of hacking.
III. Wordpress health check help check your wordpress sites health._ _B. Further Security Techniques._ _I. Monitoring errors._ _II. Responding to incidents _ _III. Dont modify a core file
IV. Work with a clean computer.
V. Use HTTPS.
VI. Use SFTP
VII. Write secure code
VIII. Explore plugins.

> End of First Edition. Please look out for the second edition for continuation.