3. • Not really necessary
• But www.mydomain.com looks better than…
• www.mysite.hostingcompany.com or
• www.hostingcompany.com/~mysite/
• I use PairNic.com
• Local, in the south side
• Clean interface (but somewhat dated)
• Ad free
DOMAIN NAME
4. • What kind of site you want will determine what kind of hosting is
best.
• eCommerce
• Medical/Professional
• Education
• Hobby
HOSTING
9. HOSTING
• My short list
• www.wordpress.com
• www.pair.com
• www.asmallorange.com
• Select the best host you can afford
10. HOSTING
• Who I chose and why
• cPanel – used it before, familiar with it
• One click install of WordPress
• $35.00/year – cheapest hosting I’ve found
• Even a Raspberry Pi would cost more
11. SECURITY
• If it’s on the internet someone will be trying to hack it
• Change the admin account to something else
• Don’t use admin, administrator, your name, any part of your
site name
• Use the admin account to administer your site and nothing
else
• Use a separate account to post content
12. SECURITY
• Learn how to secure WordPress
• Hardening WordPress
• WordFence Security Learning Center
• Google is your BFF – but verify
• Learn how to use the security features of your server – most
likely Linux (LAMP)
• Apache (web server) security features
• .htacess files
13. SECURITY
• .htaccess files
• You can protect the .htaccess file itself by adding the following
lines to the file:
<files .htaccess>
order allow,deny
deny from all
</files>
14. SECURITY
• .htaccess
• Limiting access to /wp-admin/
<LIMIT GET>
order deny,allow
deny from all
allow from ww.xx.yy.zz replace with own IP address
</LIMIT>
16. SECURITY
• Editing the wp-config.php file
• Automatically update WordPress core files
• define( 'WP_AUTO_UPDATE_CORE', true );
• Disallow editing of PHP from within WordPress
• define('DISALLOW_FILE_EDIT', true);
• Supressing PHP run time errors
• error_reporting (0);
• @ini_set ('display_errors', 0);
17. SECURITY
• Use HTTPS if you have an eCommerce site or collect any sort
of data from customers/visitors
• Will need a “certificate” in this case, an extra annual charge
• Good idea to use this for login on to your site
• Generate new WordPress security keys
• https://api.wordpress.org/secret-key/1.1/
• Keep your own computer clean and safe
18. CONTROL PANELS
• Help you manage your site without using the command line
• Home Grown
• Plesk
• cPanel
19. INSTALLING WORDPRESS
• From control panel
• Easy
• Default options
• Can install and delete as often as you wish
• Change the table_prefix
21. INSTALLING WORDPRESS
• Themes – Changes the appearance of WordPress site
• There are thousands!
• Get from a reputable site
• WordPress.org
• Don’t limit yourself to just a theme based on a keyword
• Only one theme can be active at a time
• Theme checkers – checks for hidden malware
22. INSTALLING WORDPRESS
• Plugins – Adds or changes features of your WordPress site
• There are thousands!
• Get from reputable sources or develop own
• Take time to review and try them out before deciding
• Look at the last time it was updated
• Potential security issues
• Deactivate/delete plugins not being used
24. SUMMARY
• What I’m doing…
• Theme – using a theme designed for hosting services
• Plugins – none except for WordFence
• Reviewing and evaluating several others
• Security
• WordFence free – may upgrade to paid
• .htaccess to block IP addresses identified by WordFence
25. SUMMARY
• Security
• Unique logins for site admin and content
• Password protecting /wp-admin/ directory
• Blocking access from all but a few selected IP adresses
26. SUMMARY
• Security (cont)
• Limit access to /wp-admin/ directory to just my IP address
• Changes every few days though
• Sanitizing output of WordPress
• Modifying WordPress core files