Reminder Secure

Wordpress hosting query and portfolio template recommendation

This thread is being watched by 1 person
CSD Images is off-line
10 February 2014 01:40
CSD_Images
Photographer
CSD_Images
Location
United Kingdom
Grampian
Aberdeen

Here's my site install notes, so they're a bit rough and ready. Proceed with caution as some of these techniques can break your site so do one at a time.

Files to remove:

Root -
License *
Readme.html *

Rename

Root - wp-login.php (may cause issues, requires testing especially in MU sites).
wp-admin - install.php (or delete as case may be)

Database prefix - rename using phpmyadmin and reflect in wp-config.php
Disable default admin account by renaming to an obscure non-guessable account.

.htaccess

Root:

Turn off indexes (if not enabled at server level)
Disable . directories and file access
Deny access to wp-config or move to non-public structure (-1 from root).
Additional deny access to readme files (if not deleting), php.ini, error logs (wildcard), standard WP includes files,
Disable hotlinking


wp-admin

Enable . IP restriction on wp-admin with fixed IP clients or set up Apache folder password (can also be applied in root to wp-login).

.wp-content

Enable safe extensions via whitelisting.

Set .htaccess to 444 (won't work with all hosts)

Server:

Enable cookie authentication (PHP 5)
Disable indexes
Disable PHP handlers to open (if not done in .htacces, caution may break functionality)

Plug-ins:

Wordfence Security (Caution when using Shared Hosting, RAM hog if not configured)
Login Security Solution


* Use in conjunction with a meta stripper function (CSD Core).


Set file permissions to 644 for files and 755 for folders. Additional security can be had from Perishabe Press's Blacklist, requires extensive testing before production level.
www.flickr.com/photos/csd_images | www.celticshadows.co.uk


redbaron is off-lineSilver Member
10 February 2014 03:51
redbaron
Photographer
redbaron
Location
United Kingdom
Buckinghamshire
Stoke Mandeville

Quote from CSD_Images
Here's my site install notes, so they're a bit rough and ready. Proceed with caution as some of these techniques can break your site so do one at a time. Files to remove: Root - License * Readme.html * Rename Root - wp-login.php (may cause issues, requires testing especially in MU sites). wp-admin - install.php (or delete as case may be) Database prefix - rename using phpmyadmin and reflect in wp-config.php Disable default admin account by renaming to an obscure non-guessable account. .htaccess Root: Turn off indexes (if not enabled at server level) Disable . directories and file access Deny access to wp-config or move to non-public structure (-1 from root). Additional deny access to readme files (if not deleting), php.ini, error logs (wildcard), standard WP includes files, Disable hotlinking wp-admin Enable . IP restriction on wp-admin with fixed IP clients or set up Apache folder password (can also be applied in root to wp-login). .wp-content Enable safe extensions via whitelisting. Set .htaccess to 444 (won't work with all hosts) Server: Enable cookie authentication (PHP 5) Disable indexes Disable PHP handlers to open (if not done in .htacces, caution may break functionality) Plug-ins: Wordfence Security (Caution when using Shared Hosting, RAM hog if not configured) Login Security Solution * Use in conjunction with a meta stripper function (CSD Core). Set file permissions to 644 for files and 755 for folders. Additional security can be had from Perishabe Press's Blacklist, requires extensive testing before production level.



Incidently this is a small part of why a professional webdesigner charges so much more for creating a website than those who pop up offering  to build you a wonderful site for £100 or so.

Photography and Studio hire www.immortaleye.co.uk


Simon Young is off-lineSilver Member
10 February 2014 11:39
Allinthemind
Photographer
Allinthemind
Location
United Kingdom
Gloucestershire


Not to mention the performance advantages of a purpose built theme...... Thankyou CSD_Images.....

www.gloucesterphotographer.com average response time 0.6 seconds.
photography-coach.co.uk (using a generic theme with a bit of tweaking) average response time 2.44 seconds.
The first site has way more content, they are both on the same web server.

Si


In the "Information Age", continued ignorance must be a choice motivated initially through inherited beliefs.



4 Users currently online   Blue=Models Orange=Photographers Red=Agencies Purple=MUA/Stylists Grey=Studios Green=Moderators
JohnDentonPhoto Ladiesman rscott360 woody