Category Archives

7 Articles

Wordpress

WordPress – Speed Up Your Website

Posted by siqik on
WordPress – Speed Up Your Website

wordpress speed

WordPress website speed. There is nothing that will loose you readers and customers more quickly than a slow website! The chances are good that a person will click away when a website takes more than 6 seconds to open.

Google’s PageSpeed Insights, of course, wants a website to open quicker than that, preferably in milliseconds to get a good SEO [Search Engine Optimization] score. The other two main website performance [speed] testers are GTmetrix and Pingdom.

There are quite a lot of things to look at to get your website to a good speed score all around. It is a little disorientating in the beginning, though, when you don’t even know where to begin. But here is a good starting point to get you there!

You need to install the following plugins first:

Autoptimize

autoptimize

Test different setting combinations to see what works for you.

Autoptimize makes optimizing your site really easy. It can aggregate, minify and cache scripts and styles, injects CSS in the page head by default (but can also defer), moves and defers scripts to the footer and minifies HTML.


HTTP/2 Server Push

http2 server push

No settings

HTTP/2 is the new generation of the venerable HTTP protocol that powers the web. Among its most powerful features is server push, a way for web servers to send resources to the browser before it even realizes it needs them. This avoids the usual HTTP request/response cycle which happened for every script or stylesheet on a page.


Remove Query Strings From Static Resources

remove query strings

No settings

This plugin will remove query strings from static resources like CSS & JS files inside the HTML <head> element to improve your speed scores in services like Pingdom, GTmetrix, PageSpeed and YSlow.


WP Super Cache

super cache

See recommended settings below

This plugin generates static html files from your dynamic WordPress blog. After a html file is generated your webserver will serve that file instead of processing the comparatively heavier and more expensive WordPress PHP scripts. You can, of course, test different combinations of Super Cache settings to see what works for you.

You will, along the line, hear about a CDN – Content Delivery Network – and how important it is to your website performance [speed]. It is.

‘A CDN service speeds up your website speed by serving cached static content from servers located near your user’s geographic location.’

But a CDN is not your headache for now. You will get by perfectly well without it for the moment. As a matter of fact, when the time comes, Super Cache offers you an alternative way of crossing this bridge. Just check out CDN on the Super Cache settings. You can use a subdomain – cdn.yourwebsite.com – to get a CDN working.

super cache

click to view full size


And here are the speed tweaks to copy and paste into the .htaccess file in your root directory:

Header unset Pragma
FileETag None
Header unset ETag

## EXPIRES CACHING ##
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpg "access 1 year"
ExpiresByType image/jpeg "access 1 year"
ExpiresByType image/gif "access 1 year"
ExpiresByType image/png "access 1 year"
ExpiresByType text/css "access 1 month"
ExpiresByType text/html "access 1 month"
ExpiresByType application/pdf "access 1 month"
ExpiresByType text/x-javascript "access 1 month"
ExpiresByType application/x-shockwave-flash "access 1 month"
ExpiresByType image/x-icon "access 1 year"
ExpiresDefault "access 1 month"
</IfModule>
## EXPIRES CACHING ##

<FilesMatch "\\.(js|css|html|htm|php|xml)$">
SetOutputFilter DEFLATE
</FilesMatch>

<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/xml application/xml application/xhtml+xml text/css text/javascript application/javascript application/x-javascript
</IfModule>

# BEGIN GZIP COMPRESSION
<IfModule mod_gzip.c>
mod_gzip_on Yes
mod_gzip_dechunk Yes
mod_gzip_item_include file \.(html?|txt|css|js|php|pl)$
mod_gzip_item_include handler ^cgi-script$
mod_gzip_item_include mime ^text/.*
mod_gzip_item_include mime ^application/x-javascript.*
mod_gzip_item_exclude mime ^image/.*
mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
</IfModule>
# END GZIP COMPRESSION

#BEGIN EXPIRES HEADERS
<IfModule mod_expires.c>
# Enable expirations
ExpiresActive On
# Default expiration: 1 hour after request
ExpiresDefault "now plus 1 hour"
# CSS and JS expiration: 1 week after request
ExpiresByType text/css "now plus 1 week"
ExpiresByType application/javascript "now plus 1 week"
ExpiresByType application/x-javascript "now plus 1 week"
# Image files expiration: 1 month after request
ExpiresByType image/bmp "now plus 1 month"
ExpiresByType image/gif "now plus 1 month"
ExpiresByType image/jpeg "now plus 1 month"
ExpiresByType image/jp2 "now plus 1 month"
ExpiresByType image/pipeg "now plus 1 month"
ExpiresByType image/png "now plus 1 month"
ExpiresByType image/svg+xml "now plus 1 month"
ExpiresByType image/tiff "now plus 1 month"
ExpiresByType image/vnd.microsoft.icon "now plus 1 month"
ExpiresByType image/x-icon "now plus 1 month"
ExpiresByType image/ico "now plus 1 month"
ExpiresByType image/icon "now plus 1 month"
ExpiresByType text/ico "now plus 1 month"
ExpiresByType application/ico "now plus 1 month"
# Webfonts
ExpiresByType font/truetype "access plus 1 month"
ExpiresByType font/opentype "access plus 1 month"
ExpiresByType application/x-font-woff "access plus 1 month"
ExpiresByType image/svg+xml "access plus 1 month"
ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
</IfModule>
#END EXPIRES HEADERS

# BEGIN Cache-Control Headers
<ifModule mod_headers.c>
<filesMatch "\.(ico|jpe?g|png|gif|swf)$">
Header set Cache-Control "public"
</filesMatch>
<filesMatch "\.(css)$">
Header set Cache-Control "public"
</filesMatch>
<filesMatch "\.(js)$">
Header set Cache-Control "private"
</filesMatch>
<filesMatch "\.(x?html?|php)$">
Header set Cache-Control "private, must-revalidate"
</filesMatch>
</ifModule>
# END Cache-Control Headers

# BEGIN DEFLATE COMPRESSION
<IfModule mod_deflate.c>
# Compress HTML, CSS, JavaScript, Text, XML and fonts
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
AddOutputFilterByType DEFLATE application/x-font
AddOutputFilterByType DEFLATE application/x-font-opentype
AddOutputFilterByType DEFLATE application/x-font-otf
AddOutputFilterByType DEFLATE application/x-font-truetype
AddOutputFilterByType DEFLATE application/x-font-ttf
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE font/opentype
AddOutputFilterByType DEFLATE font/otf
AddOutputFilterByType DEFLATE font/ttf
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE image/x-icon
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/javascript
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/xml
</IfModule>
# END DEFLATE COMPRESSION

Images are important in your website speed factor. Use .jpg pictures instead of .png – they load faster. And WP Smush automatically compress them when uploaded.


Another thing that can slow down your website really badly is too many plugins. You can imagine what 60 or 70 plugins will do to your website performance when they all have to start up in the background everytime that a page opens on your website.

A good number of plugins is more or less 40 to 50. Your system will be able to breathe with such a number of plugins.

Outdated and poorly coded plugins can also affect the performance [and security].  Do the footwork and check if freshly installed plugins affect the performance and always check when a plugin was last updated on the ‘details’ link.


Wordpress

WordPress Handy Plugins And Widgets

Posted by siqik on
WordPress Handy Plugins And Widgets

wordpress plugins

WordPress plugins and widgets. Here is a starter-upper collection that you might find useful. Click on Plugins – Add New and search for the plugin name. Install and activate. Go to the plugin details to see setup.

Adminimize

The plugin that lets you hide ‘unnecessary’ items from the WordPress administration menu, for all roles of your install. You can also hide post meta controls on the edit-area to simplify the interface. It is possible to simplify the admin in different for all roles. In other words, you can hide items on your member dashboards.


Ban Hammer

We’ve all had this problem. A group of spammers from somemail.ztx are registering on your blog. You want to stop them but you want to keep registration open. How do you kill the spammers without bothering your clientele? While you could edit your functions.php and block the domain, once you get past a few bad eggs, you have to escalate. Ban Hammer does that for you by preventing unwanted users from registering.


Contact Form 7

Contact Form 7 can manage multiple contact forms, plus you can customize the form and the mail contents flexibly with simple markup. The form supports Ajax-powered submitting, CAPTCHA, Akismet spam filtering and so on.


Contact Form 7 Honeypot

This simple addition to the wonderful Contact Form 7 (CF7) plugin adds basic honeypot anti-spam functionality to thwart spambots without the need for an ugly captcha.


Cookie Consent

Cookie Consent is one of the simplest and most popular cookie notification plugins out there.


Default featured image

Add a default featured image to the media settings page. This featured image will show up if no featured image is set. Simple as that.


External Links

The external links plugin for WordPress lets you process outgoing links differently from internal links.


Hide Admin Bar From Front End

This plugin provides feature to hide/show admin bar from front end.


If Menu

Display tailored menu items to each visitor, based on visibility rules. Here are a few examples:

  • Display a menu item only if current User is logged in
  • Hide menu items if Device is mobile
  • Display menu items for Admins and Editors
  • Hide Login or Register links for Logged in Users

Insert Headers and Footers

Insert Headers and Footers is a simple plugin that lets you insert code like Google Analytics, custom CSS, Facebook Pixel, and more to your WordPress site header and footer. No need to edit your theme files!

Want to add an image? Upload the image to your media library and use this code [copy and paste the image url/link ] : <img src=”https://yoursite.com/wp-content/uploads/2018/04/yourpic.jpg”>


Recent Posts Widget Extended

This plugin will enable a custom, flexible and super advanced recent posts, you can display it via shortcode or widget. Allows you to display a list of the most recent posts with thumbnail, excerpt and post date, also you can display it from all or specific or multiple taxonomy, post type and much more!


Responsive Lightbox by dFactory

Responsive Lightbox allows users to view larger versions of images and galleries in a lightbox (overlay) effect optimized for mobile devices.


Restrict Categories

Restrict the categories that users can view, add, and edit in the admin panel.


Restrict Widgets

Restrict Widgets is all in one solution for widget management in WordPress. It lets you easily control the pages that each widget will appear on and avoid creating multiple sidebars and duplicating widgets. You can also set who can manage widgets, which sidebars and widgets will be available to selected users, which widget options will be available and how it will be displayed.


Sassy Social Share

Sassy Social Share enables your website users to share the content over Facebook, Twitter, Google, LinkedIn, Whatsapp, Tumblr, Pinterest, Reddit and over 100 more social sharing and bookmarking services.


ScrapeBreaker

A combination of frame-breaker and scraper protection. Protect your website content from both frames and server-side scraping techniques. If either happens, visitors will be redirected to the original content.


Simple Exclude Categories

Hide posts in categories on WordPress homepage.


Theme My Login

This plugin themes the WordPress login, registration and forgot password pages according to your current theme. It creates a page to use in place of wp-login.php, using a page template from your theme. Also includes a widget for sidebar login.


View Own Posts Media Only

This plugin allows to restrict user with Author and Contributor roles to view their own Posts and Media Library items only at admin back-end.


Smush Image Compression and Optimization

Resize, optimize, optimise and compress all of your images with the incredibly powerful and 100% free WordPress image smusher, brought to you by the superteam at WPMU DEV!


Yoast SEO

Need an SEO plugin that helps you reach for the stars? Yoast SEO is the original WordPress SEO plugin since 2008. It is the favorite tool of millions of users, ranging from the bakery around the corner to some of the most popular sites on the planet. With Yoast SEO, you get a solid toolset that helps you aim for that number one spot in the search results. Yoast: SEO for everyone.


Wordpress

WordPress Themes For Your Website

Posted by siqik on
WordPress Themes For Your Website

wordpress themes

Click on Appearance – Add New and check out the awesome depository of themes! You will definitely find the theme perfect for you!

However, you can start by searching for ‘responsive’ or ‘blog’, when choosing your theme, among the many choices that you have:


Do you want a responsive theme – like AccessPress

AccessPress also gives you the choice of one sidebar, two sidebars or none.

accesspress


Or do you prefer a blog theme – like PageSpeed

PageSpeed also gives you the choice of one sidebar, two sidebars or none.

pagespeed new

click on the image for the demo


How to install:

  • Click on Appearance on your dashboard menu
  • Go to Themes – Add New
  • You can view the theme on Theme – Customize
  • Choose your theme and install it
  • After installation click on Customize to see set up your theme

Make sure you have a homepage. Create one if you don’t, open it and look on your right side menu if you must customize it according to your theme.


*Note. You can tweak your theme on Custom CSS instead of creating a child theme.


Wordpress

WordPress Security Is The First Thing That You Do

Posted by siqik on
WordPress Security Is The First Thing That You Do

wordpress security

WordPress security. So, you’ve installed your WordPress, setup is done and your Dashboard window opened. What now? Well, the first thing to do is to secure your website before anything else.

New WordPress websites get quickly picked up by the more shadowy figures on the internet, and attacks on your website are imminent.

The following security package will get your website to a safe place and you will need little else. You can of course, later when you’ve acquired more knowledge of your website’s needs, customize your security package.

Go to Plugins – Add New. Search for the name of the plugin, install and activate.


NinjaFirewall (WP Edition)

ninjafirewall

click here to go to recommended settings

NinjaFirewall (WP Edition) is a true Web Application Firewall. Although it can be installed and configured just like a plugin, it is a stand-alone firewall that sits in front of WordPress.


NinjaScanner

A lightweight, fast and powerful antivirus scanner for WordPress. You can download and install it from https://wordpress.org/plugins/ninjascanner/


WP Cerber Security & Antispam

cerber

click here to go to recommended settings

Professional grade WordPress security and anti-spam plugin. Protects website against brute force attacks. Block harmful requests. Restricts access with a Black IP Access List and a White IP Access List. Tracks user and intruder activity with powerful email and mobile notifications.


QueryWall: Plug’n Play Firewall

querywall

no settings needed

QueryWall analyzes all incoming HTTP requests and silently blocks malicious queries containing risky strings like wp-config.php, eval code, base64_ encrypted code, and many more.


Your Database And Core Files Security – Critical Security Measures!

This critical security measures must be set up on the .htaccess file. You’ll find it in the root directory.

BUT! Make sure you have a copy of your original .htaccess file before you change anything on it. It’s very important.

REMEMBER.  You must secure your .htaccess and wp-config files as quickly as possible. The code snippets are here under the security tweaks that you can insert into your .htaccess file.

Open your .htaccess file and copy and paste the following:


# No web server version and indexes
ServerSignature Off
Options -Indexes

# SQL Injection Protection
RewriteEngine On
RewriteRule ^.*EXEC\(@.*$ - [R=404,L,NC]
RewriteRule ^.*CAST\(.*$ - [R=404,L,NC]
RewriteRule ^.*DECLARE.*$ - [R=404,L,NC]
RewriteRule ^.*DECLARE%20.*$ - [R=404,L,NC]
RewriteRule ^.*NVARCHAR.*$ - [R=404,L,NC]
RewriteRule ^.*sp_password.*$ - [R=404,L,NC]
RewriteRule ^.*%20xp_.*$ - [R=404,L,NC]

# 5G BLACKLIST/FIREWALL (2013)
# @ http://perishablepress.com/5g-blacklist-2013/
# 5G:[QUERY STRINGS]
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{QUERY_STRING} (\"|%22).*(<|>|%3) [NC,OR]
RewriteCond %{QUERY_STRING} (javascript:).*(\;) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3) [NC,OR]
RewriteCond %{QUERY_STRING} (\\|\.\./|`|=\'$|=%27$) [NC,OR]
RewriteCond %{QUERY_STRING} (\;|\'|\"|%22).*(union|select|insert|drop|update|md5|benchmark|or|and|if) [NC,OR]
RewriteCond %{QUERY_STRING} (base64_encode|localhost|mosconfig) [NC,OR]
RewriteCond %{QUERY_STRING} (boot\.ini|echo.*kae|etc/passwd) [NC,OR]
RewriteCond %{QUERY_STRING} (GLOBALS|REQUEST)(=|\[|%) [NC]
RewriteRule .* - [F]
</IfModule>

# 5G:[USER AGENTS]
<IfModule mod_setenvif.c>
# SetEnvIfNoCase User-Agent ^$ keep_out
SetEnvIfNoCase User-Agent (binlar|casper|cmsworldmap|comodo|diavol|dotbot|feedfinder|flicky|ia_archiver|jakarta|kmccrew|nutch|planetwork|purebot|pycurl|skygrid|sucker|turnit|vikspider|zmeu) keep_out
<limit GET POST PUT>
Order Allow,Deny
Allow from all
Deny from env=keep_out
</limit>
</IfModule>

# Measures to block out SQL injection attacks
RewriteCond %{QUERY_STRING} ^.*(;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|cast|set|declare|drop|update|md5|benchmark).* [NC,OR]

RewriteEngine On
########## Begin - Rewrite rules to block out some common exploits
## If you experience problems on your site block out the operations listed below
## This attempts to block the most common type of exploit `attempts` to Joomla!
#
# Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Send all blocked request to homepage with 403 Forbidden error!
RewriteRule ^(.*)$ index.php [F,L]
#
########## End - Rewrite rules to block out some common exploits

# RewriteBase /
# Block suspicious request methods
RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK|DEBUG) [NC]
RewriteRule ^(.*)$ - [F,L]

# Block WP timthumb hack
RewriteCond %{REQUEST_URI} (timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC]
RewriteRule . - [S=1]

# Block suspicious user agents and requests
RewriteCond %{HTTP_USER_AGENT} (libwww-perl|wget|python|nikto|curl|scan|java|winhttp|clshttp|loader) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (;|<|>|'|"|\)|\(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]
RewriteCond %{THE_REQUEST} \?\ HTTP/ [NC,OR]
RewriteCond %{THE_REQUEST} \/\*\ HTTP/ [NC,OR]
RewriteCond %{THE_REQUEST} etc/passwd [NC,OR]
RewriteCond %{THE_REQUEST} cgi-bin [NC,OR]
RewriteCond %{THE_REQUEST} (%0A|%0D) [NC,OR]

# Block MySQL injections, RFI, base64, etc.
RewriteEngine On
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR]
RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC,OR]
RewriteCond %{QUERY_STRING} (\.\./|\.\.) [OR]
RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
RewriteCond %{QUERY_STRING} http\: [NC,OR]
RewriteCond %{QUERY_STRING} https\: [NC,OR]
RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)cPath=http://(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>).* [NC,OR]
RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR]
RewriteCond %{QUERY_STRING} (\./|\../|\.../)+(motd|etc|bin) [NC,OR]
RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR]
RewriteCond %{QUERY_STRING} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR]
RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR]
RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR]
RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR]
RewriteCond %{QUERY_STRING} (sp_executesql) [NC]
RewriteRule ^(.*)$ - [F,L]

# Block wp-includes folder and files
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
</IfModule>

# BLOCK ENDLESS SCANS
<IfModule mod_rewrite.c>
RewriteCond %{REQUEST_URI} (mssqlil|register).php [NC,OR]
RewriteCond %{REQUEST_URI} (img|thumb|thumb_editor|thumbopen).php [NC,OR]
RewriteCond %{QUERY_STRING} (img|thumb|thumb_editor|thumbopen).php [NC,OR]
RewriteCond %{REQUEST_URI} revslider [NC,OR]
RewriteCond %{QUERY_STRING} revslider [NC]
RewriteRule .* - [F,L]
</IfModule>

<IfModule mod_rewrite.c>
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule .* index.php [F,L]
</IfModule>

# Stop wordpress username enumeration vulnerability
RewriteCond %{REQUEST_URI} ^/$
RewriteCond %{QUERY_STRING} ^/?author=([0-9]*)
RewriteRule ^(.*)$ http://siqik.com [L,R=301]
RewriteCond %{QUERY_STRING} author=d
RewriteRule ^ /? [L,R=301]

# Disable access to all file types except the following
Order deny,allow
Deny from all
<Files ~ ".(xml|css|js|jpe?g|png|gif|pdf|docx|rtf|odf|zip|rar)$">
Allow from all
</Files>

# Deny access to wp-config.php file
<files wp-config.php>
order allow,deny
deny from all
</files>

<files readme.html> 
Order allow,deny 
Deny from all 
</files> 

<files license.txt> 
Order allow,deny 
Deny from all 
</files> 

<files install.php> 
Order allow,deny 
Deny from all 
</files> 

<files error_log> 
Order allow,deny 
Deny from all 
</files> 

<files fantastico_fileslist.txt> 
Order allow,deny 
Deny from all 
</files> 

<files fantversion.php> 
Order allow,deny 
Deny from all 
</files> 

# Block WordPress xmlrpc.php requests 
<Files xmlrpc.php> 
order deny,allow deny from all 
</Files>

# Deny access to all .htaccess files 
<files ~ "^.*\.([Hh][Tt][Aa])"> order allow,deny deny from all satisfy all </files>

Wordpress

WordPress Introduction And Web Hosting

Posted by siqik on
WordPress Introduction And Web Hosting

wordpress introduction

WordPress introduction. Welcome to the fold! If you ever made the right choice for your website then this is it, to build your website on WordPress!

You won’t need website designers and security experts or anybody else that’s gonna cost you a lot of money. WordPress is absolutely user and budget friendly, as you will see as we go along.

This means that you can stretch your budget to pay for the most important thing you gonna need – a web host that can take care of you.


Siqik will guide you through the maze of choices, in the beginning, to get your website up and running, secured and attractive. You will find the complete package, discussed through articles dedicated to the different elements that you will use to build your website. (You’ll find WordPress under Categories on the menu)


We will cover web hosting, themes, plugins, widgets, security and, of course, a little thing called website performance.


Web Hosting

‘A web hosting service is a type of Internet hosting service that allows individuals and organizations to make their website accessible via the World Wide Web. Web hosts are companies that provide space on a server owned or leased for use by clients, as well as providing Internet connectivity, typically in a data center. ‘

There are many choices out there, once you’ve reached the point to get your own website. However, you will have to keep the following factors in mind when you choose your web host:

  1. What’s it gonna cost you.
  2. How good are the web host security on their side.
  3. How user friendly is the web host when you have to work in the root directory (the place where you will find the core files – the WordPress installation).
  4. Do they offer SSL because it’s becoming mandatory for websites.
  5. Can you access your database.
  6. How stable are they – in other words, are there a lot of downtime.
  7. How good are the support.
  8. Last but not least – web host performance.

You don’t have to understand it all, at the moment. You will, however, learn what it all means as you go along.


Siqik Recommendation:

Bravenet Web Hosting

BraveHost :

  • World-class
  • Fast
  • Reliable Web Hosting with Domains
  • Email hosting
  • PHP
  • MySQL Databases
  • FTP
  • SSL
  • One-click Installs
  • and more!

*Note. Click on the images to view in full size.


Introduction

bravenet


Plans

bravenet plans


Your Menu

bravehost menu


Domain Transfer

If your domain is registered with another registrar and you want to transfer it to Bravenet, allowing you to fully control the domain from within your account.

bravenet domain transfer

Read the Bravehost wiki on how to go about it.

or

New External Domain

Read the Bravehost wiki  if your domain is registered with another registrar and you want to use their hosting services but aren’t able to transfer it directly.

*Note. If you need more information, or got stuck, contact the fantastic Bravehost Support Team by opening a support ticket.


*For your info. website = domain


 

© 2018 siqik

back to the top