WordPress is currently the most widely used open source CMS thanks to its ease of deployment and the ability to add new functions to it, called plugins that are developed by the community.
The last version of WordPress is one of our applications that are auto-installable via the administration interface: Web > Sites > Install an application.
To install it yourself, follow the steps set out below:
- download the desired version from the official site,
- uncompress the source files and place them in your alwaysdata account using FTP,
- create your MySQL database,
- create your site,
- access your application’s web page to finalize its installation.
If you migrate a WordPress application previously hosted by another
hosting provider, change:
- the siteurl, home settings in the
_options table in the database,
$HOME/path/to/the/application/wp-config.php (located at the application root).
Due to its high profile, it is a target of choice for hackers. Consequently, it is important to follow these recommendations:
- regularly update WordPress and its plugins,
- keep informed on reports of bugs and security breaches relating to plugins before installing them,
- implement the specific profile of our WAF,
- choose a prefix other than wp_ for your table names. To change this value on a WordPress application that is already deployed, change the
_options table and the
$HOME/path/to/the/application/wp_config.php file path.
- delete idle themes and plugins,
- delete the readme.txt file at the root of your application (contains the current version of your WordPress file that is useful to find security breaches that can be used),
$HOME/[path-to-the-application]/wp-content/themes/theme_name/functions.php file path for your theme and add:
This will mask the version number in the meta name generator. Add:
add_filter('login_errors',create_function('$a', "return null;"));
To mask the connection errors.
delete the “admin” account created by default,
- iThemes Security: improves the security of your WordPress site
- WordFence: scans your site looking for breaches, WAF and other tools for securing your WordPress interface