WordPress

Securing WordPress in Plesk 12.5

To check and secure WordPress installations: Go to Websites & Domains > WordPress. Do one of the following: To check the security of all WordPress installations, click Check Security. To secure a single WordPress installation, click the icon in the S column next to the name of the desired WordPress installation. To secure two or more WordPress installations, select the checkboxes for the corresponding WordPress installations, then click Check Security. Select the checkboxes corresponding to the security improvements you want to apply, then click Secure.   Caution: Keep in mind that not all security improvements can be rolled back. It is recommended to back up the corresponding subscription before securing WordPress installations. The complete list of WordPress security improvements The wp-content folder. The wp-content directory may contain insecure PHP files that can be used to damage your site. After WordPress installation, PHP files can be executed from the wp-content directory. The security check verifies that the execution of PHP files in thewp-content directory is forbidden. Note that custom directives in the .htaccess or web.config files might override this security measure. Also note that some of your plugins might stop working after securing the wp-content folder. The wp-includes folder. The wp-includes directory may contain insecure PHP files that can be used to damage your site. After WordPress installation, PHP files can be executed from the wp-includes directory. The security check verifies that the execution of PHP files in thewp-includes directory is forbidden. Note that custom directives in the .htaccess or web.config files might override this security measure. Also note that some of your plugins might stop working after securing the wp-includes folder. The configuration file. The wp-config.php file contains credentials for database access and other sensitive information. After WordPress installation, the wp-config.php file can be executed. If, for some reason, processing of PHP files by the web server is turned off, hackers can access the content of the wp-config.php file. The security check verifies that unauthorized access to the wp-config.phpfile is blocked. Note that custom directives in the .htaccess or web.config files might override this security measure. Directory browsing permissions. If directory browsing is turned on, hackers can obtain information about your site (what plugins you use and so on). By default, directory browsing is turned off in Plesk. The security check verifies that directory browsing on the WordPress installation is turned off. Database prefix. WordPress database tables have the same names in all WordPress installations. When the standard wp_ database table name prefix is used, the whole WordPress database structure is not a secret and anyone can obtain any data from it. The security check changes the database table name prefix to something other than wp_. The maintenance mode is turned on, all plugins are deactivated, the prefix is changed in the configuration file, the prefix is changed in the database, the plugins are re-activated, the permalink structure is refreshed, and then the maintenance mode is turned off. Security keys. WordPress uses security keys (AUTH_KEY, SECURE_AUTH_KEY, LOGGED_IN_KEY, and NONCE_KEY) to encrypt information stored in the user’s cookies. A good security key should be long (60 characters or longer), random and complicated. This security check verifies that the security keys are set up and that they at least contain both alphabetic and numeric characters. Permissions for files and directories. If permissions for files and directories do not comply with the security policy, these files can be used to hack your site. After WordPress installation, files and directories can have various permissions. The security check verifies that the permissions for the wp-config.php file are set to 600, for other files to 644, and for directories to 755. Administrator’s username. When a WordPress copy is installed, by default there is a user with administrative privileges and the username admin. As a user’s username cannot be changed in WordPress, one only needs to guess the password to access the system as the administrator. The security check verifies that there is no user with the administrative privileges and the username admin. Version information. There are known security vulnerabilities for each WordPress version. For this reason, displaying the version of your WordPress installation makes it an easier target for hackers. The version of an unprotected WordPress installation can be seen in the pages’ meta data and readme.html files. The security check verifies that all readme.html files are empty and that every theme has afunctions.php file which contains the line: remove_action(\'wp_head\', \'wp_generator\');.
Read more

How To Install WordPress Manually Using cPanel

Install WordPress Manually As you are probably aware, most reputable hosting providers these days include automated WordPress install tools such as MOJO, Softaculous, etc. These installers work great in many cases, but often stuff your site full of unwanted plugins and themes. In addition, these automated tools have a reputation for timing out or being completely unavailable at times, which can be frustrating if you’re on a deadline. In this post we will walk you through the steps to successfully install WordPress manually using your cPanel. As an added bonus we have also included a tutorial video at the bottom of this post and a handy-dandy PDF Cheat Sheet with some useful instructions and links. Let’s get started, shall we? Step 1: Download the most recent version of WordPress to a location of your choice at WordPress.org   Step 2: Upload and extract the WordPress .ZIP file to your desired installation directory. Okay so at this point I am assuming that you already have a hosting provider using cPanel and that you have already created an Add-On Domain or Subdirectory. Within the File Manager, locate and navigate to that directory. From the top toolbar of the cPanel, select “Upload” and browse for the file you downloaded from WordPress.org. Once the .ZIP file has finished uploading, return to the directory by clicking the “← Go Back to “/home/yourserverhere/public_html/yoursitehere” link. Within the directory root you will now see the wordpress.zip file. Click on this file to select it and then from the cPanel tool bar at the top, click “extract”. After that click “reload” in the cPanel toolbar and you will see the extracted wordpress folder. You can now delete the .ZIP file in order to keep everything nice and clean. Step 3: Move files from the wordpress folder back into the directory root. Double click on the newly extracted “wordpress” folder and you should now see all the WordPress files. From the cPanel toolbar, click on the box “Select All”. All of the WordPress files should now be highlighted. In the cPanel toolbar select “Move File” and a modal will pop up with a directory link “/public_html/yourdirectoryname/wordpress”. Remove the “/wordpress” tail from the end of the path and click Move File(s). All files should now be moved to your directory root and click “Up One Level” from the toolbar to view them. Step 4: Create a database and database user We have finished the initial steps and now it’s time to setup the database that will power your website. Navigate to your cPanel’s main dashboard and locate/click the icon “MySQL Database Wizard”.   Once inside the Database Wizard you will be prompted to create a New Database. Your database prefix will appear followed by an underscore and a blank area for you to populate your database name “yourserver_blankarea“. In the blank area you will enter your database name and keep it in a safe spot for a future step. The database name should be at least 3 characters and only contain alphanumeric characters. After filling in the name click “next step”.   You will now be prompted to create a Database User. Your database prefix will appear again followed by an underscore and a blank area for you to populate your database username “yourserver_username“. The database username cannot contain more than seven alphanumeric characters. Save the username to a safe location for future use. Now either manually enter a password of your choice or use the provided “Password Generator”… just make sure that your password is strong and secure. Now click on the button “Create User”.     Now that you have created the Database User, you will be brought to a page that asks you to assign privileges. Tick the box at the top that reads “All Privileges” and then click the button “Next Step”. Your database is now set up and you can now move on to plugging the database information into the wp-config.php file. Step 5: Populate the wp-config.php file with your database information Okay now it is time to navigate back to the proper directory in the file manager with your database information handy. In your site’s directory root, locate the file named “wp-config-sample.php“.  Click on this file and then select “Code Editor” from the top toolbar, click “Edit” and open the .php file. Now that the wp-config-sample.php file is open in the Code Editor, it is time to start adding your database information… Locate the line that reads “define(‘DB_NAME‘, ‘database_name_here‘);” and add your database name. Locate the line that reads “define(‘DB_USER‘, ‘username_here‘);” and add your database username. Locate the line that reads “define(‘DB_PASSWORD‘, ‘password_here‘);” and add your database password. Step 6: Replace default Unique Keys and Salts With your wp-config-sample.php file still open in the Code Editor, navigate to the section that reads “*Authentication Unique Keys and Salts”. Visit the WordPress Unique Phrase and Salt Key generator here >> or as linked in the provided PDF “Cheat Sheet“. Copy the Unique Phrase and Salt Keys generated by the WordPress API and replace the default ones located in the wp-config-sample.php file. Once you are finished with that, hit “Save” and exit the Code Editor and return to the directory root. Step 7: Rename “wp-config-sample.php” to “wp-config.php” Now that you are back in the directory’s root, single click on the wp-config-sample.php file to highlight it. From there click on the “Rename” icon in the top toolbar and rename “wp-config.sample.php” to “wp-config.php”. Click the “Rename File” button and you’re all finished with this phase.   Step 8: Run the WordPress Installation Script At this point you are all finished with the cPanel portion of this process… congrats! Now it is time to run the WordPress Installation Script by visiting this link here >> or the one provided on the PDF Cheat Sheet. Once you have visited the link for the Installation Script, you will be brought to a page with the URL “https://example.com/wp-admin/install.php”. Replace the “example.com” with the address of the website you are creating. Hit Return/Enter on your keyboard and the install process will begin. Once you have arrived at the next screen, select
Read more

Install WordPress on DirectAdmin – Top 2 ways

Are you looking for an easy way to install WordPress on DirectAdmin? DirectAdmin allows WordPress installs using one-click web application installers like Installatron or manually. Often, installations can fail due to mistakes in steps. Today, we will see how our Support Engineers install it using both ways. Manual installation of WordPress on DirectAdmin? Usually, we can install WordPress on DirectAdmin either using the built-in option or via installers like Installatron. So, let’s see the method recommended by our Support Engineers to do this manually. And the steps are as follows, 1. Initially, download WordPress from the official website and save the .zip file in the system. 2. Next, log in to DirectAdmin. 3. Then from the files, select the domain in which we want to install WordPress. Here we select the public_html folder 4. Next, upload the WordPress .zip file. For this, we select the option to Upload files to the current directory. Here we select the required file and click the option Upload Files. Then click on the go back option. 5. In the pubilc_html extract the WordPress zip file. 6. Then we have to move up the WordPress extracted file. For this, we select it, Add to clipboard and then select Up a Level. Then we click the option Move Clipboard Files here and remove the zip file. 7. Now the WordPress is successfully installed. Later, we set up it. For this, we access the WordPress site via browser and enter all the required data. For instance, this page asks for database details. Here, we submit it and Run the installation. Finally, its time to provide user credentials and Install WordPress. This displays the success message. Later, we can log in with the already given credentials. What is Installatron? Installatron is a one-click web application installer. This multi-platform installer makes application management easier using the graphical interface. This is available as a licensed plugin in web hosting control panels like DirectAdmin. How to install WordPress on DirectAdmin using Installatron? Installing WordPress is much easier when it is done using Installatron. Let’s see how this is done. 1. Initially, we login to DirectAdmin. 2. Then we select Installatron Application Installer under Advanced Features. 3. Next, we select WordPress from the available options. Here, we click the option Install this application. 4. In the next window, we specify the directory we want to install WordPress. 5. Finally, click the option Install. Later, we check if is properly installed.
Read more

How to install WordPress using Plesk

This article describes how to use Plesk to install WordPress, a popular content management system (CMS). There are two ways to install this application. Use whichever method you prefer: Quick installation: Plesk supports a quick installation option that enables you to quickly and easily install the application using default, optimal settings. Custom installation: The custom installation option enables you to customize many application configuration settings. METHOD #1: QUICK INSTALLATION To quickly install the latest WordPress version, follow these steps: Log in to Plesk. n the left sidebar, click Applications. On the Applications page, click Featured Applications. Next to WordPress, click Install. The Installation of WordPress page appears. In the Specify the location where this web application should be installed section, select the protocol, domain, and directory. If you have an SSL certificate installed on your site, select https. If you do not have an SSL certificate installed on your site, the protocol option may not be available. Click Install. Plesk installs the application, and then displays configuration settings, including login information. METHOD #2: CUSTOM INSTALLATION To install WordPress using custom settings, follow these steps: Log in to Plesk. In the left sidebar, click Applications. On the Applications page, click Featured Applications. Next to WordPress, click the down arrow, and then click Install (Custom). The Installation of WordPress page appears. Review the license agreement, select the I accept the terms of License Agreement check box, and then click Next. In the Specify the location where this web application should be installed section, select the protocol, domain, and directory. Under Update Settings, select the Automatically update this app when updates are available check box to keep the application updated. Under Administrative access, select one of the following options: Use administrative credentials not connected to any particular user: Select this option if you want to create a dedicated administrative account for the application. Grant administrative access to existing user: Select this option if you want to use an existing user as the administrator for the application. Specify the remaining options and settings for the application. Click Install. Plesk installs the application, and then displays configuration settings, including login information.
Read more

How to Install WordPress in DirectAdmin using Softaculous

WordPress is open source software you can use to create a beautiful website, blog, or app. It offers customizable designs, responsive websites, high performance. In this guide, we will show how to install WordPress in DirectAdmin using Softaculous Automated Installer. Requirements to install WordPress in DirectAdmin DirectAdmin account WordPress manager by Softaculous Procedure Log in to your DirectAdmin account. Add your domain to DirectAdmin under the Domain Setup section if not added. We will use yourdomain.com as an example in the guide. Scroll down to the Softaculous Apps Installer section and click on the WordPress icon. Softaculous Homepage with WordPress installation page will show up on your screen. Press the install now button. It will open a page asking for details. Choose the latest version of WordPress as it gives the latest features and comes with the latest security measures. Choose the domain for the installation. Fill in the admin username and password of your choice. You can choose any theme of your choice. We will not choose any theme here and the default theme will be installed automatically. Click install button at the end of the page. Once the installation is successful it will show a similar page on your screen. Congratulations you have successfully installed WordPress on your domain. Want to install WordPress on cPanel?  
Read more

How to Install WordPress on Webuzo?

WEBUZO is LAMP stack which is specially designed for the CLOUD. The goal is to provide solution providers with the ability to easily launch, manage, and maintain a number of popular applications and development stacks for their customers. There is no doubt that WordPress is one of the best Content management system available in the market. WordPress powers millions of websites on the Internet and has a repository of thousands of free plugins and themes. WordPress is a free and open-source content management system (CMS) based on PHP & MySQL. In this tutorial, I am going to discuss how to install WordPress on the Webuzo Panel. 1) Login to Webuzo end-user panel. Select WordPress from the long list of categories on the left side. 2) Click on the button “Install”. 3) Choose the “version” you want to install for WordPress. Then you have to “Choose the protocol” and the “Domain Name”. In “Directory option”, If you want to install your WordPress site on https://example.com, leave this field empty. If you want to specify the directory name like https://example.com/dir, Enter the name of the directory in which you want to install WordPress. 4) Now we can see the options for Site settings, Admin account settings, Choose the language, Select Plugin(s), etc. Add your site details here. 5) Then go to the next option and we can see “Advanced Options”. You can add database name and table prefix there. “Auto upgrade” option updates the WordPress automatically ie, it will update the plugins and themes as well as the core WordPress automatically. By using “Automated Backups” option, we can automatically take backups daily, weekly or monthly. Under “Backup rotation”, select how many backups you want available. Backup Rotation can keep up to 10 backups. 6) At last, you have to select the “Theme”. This is an optional feature and if not selected, the default theme will be installed. 7) Now, Click on the “Install” button given at the bottom of the page. Now wait for some time and you will get the message “Congratulations, the software was installed successfully” once the installation is complete. If you need any further help, please do reach our support department.
Read more
Cart

No products in the cart.