Active Web Hosting Logo

 

  1. Introduction
  2. Installation
    1. What You'll Need
    2. Where To Put WordPress
    3. Configuration
    4. Lock Down Your Writable Directories
    5. Uploading Your Installation
    6. Installing WordPress
    7. Finishing
    8. Plugin: Security
    9. Plugin: JetPack
  3. Security
    1. Prevention
    2. Detection
    3. Removal
  4. Updating Wordpress
  5. Removing WordPress
  6. Back Up Your Site
  7. Troubleshooting
  8. Resources

Finishing

IMPORTANT NOTE:

Before you can get started using and configuring WordPress, there are some extra security steps you should take to help prevent your site from being compromised. To do this, be sure you are logged into your WordPress administration page (ie. http://cgi.yourdomain.com/your_wordpress_directory/wp-admin for example).

Lock Down Your Theme

Some malware can get installed into inactive themes. While you would not notice it, malware code can then be accessed by remote bots and used to compromise your site. To avoid this from happening, do not keep any other themes on your site other than the one that WordPress is using to display your site.

1. From the Appearance menu (on left side), go to Themes.

2. Hover over theme you want to use and click Activate.

For each of the other themes:

While you could delete the other themes in WordPress, this would require exposing your CGI Server account's FTP login and host information in a way that could allow malware to also access this information. This is especially true if your site has been up awhile before you are asked this information.

The most secure way to remove files and folders is to log into your CGI Server account via FTP.

Once logged in, remove all theme folders except the folder for the theme you activated. You can find these folders in wp-content/themes.

Lock Down Your Plugins

While still logged into your CGI Server via FTP, go into your wp-content/plugins folder. Remove any plugins you know you will not use. You also should remove the Hello Dolly plugin, as that is just a test plugin that comes with WordPress and is not used for anything. Therefore it's not a good idea to leave on your site. Malware bots could inject code into any unused plugins existing files and then go to those files to activate the malware code.

If you do not have or want an Akismet account or will not be using it, please remove this plugin as well.

Activate Your Remaining Plugins

1. From your WordPress Dashboard, go into Plugins (left menu) and select Installed Plugins.
2. Click on the check box at the top next to Plugin to select all the remaining plugins you will use.
3. From the Bulk Actions drop down box, select Activate.
4. Click the Apply button next to it.

NOTE: If you are going to use the Akismet plugin (for example, some features of JetPack may require Akismet to be activated), then you will need to activate it by signing up for an account or entering your key in the box. This tutorial does not cover using Akismet.

 


Home - Support - Management - About Us
... Active Web Hosting, 1445 American Pacific Dr. Ste 110-318, Henderson, NV 89074 ...
Phone 702-449-2337