Manage the security of your WordPress site with WP Manager?

Procédure

What is Wp Manager?

Securing your website is a top priority for all website owners. At LWS, we offer a simple yet powerful solution for managing the security of your WordPress site: WP Manager. In this article, we'll go over the different security options you can configure with WP Manager.

Accessing security management for your WordPress site using WP Manager?

First, you need to log in to your LWS account and access the shared hosting where you want to manage the installed WordPress instances.

Then click on"WP Manager" in the"Software" section of your web hosting.

Then click on the"Manage" button for the site whose security you wish to manage.

Once you are in the WordPress installation management, click on the"Security" tab to view the list of security features that can be configured on your WordPress instance:

Detailed explanation of configurable security rules

A. General settings

The general security settings in WP Manager allow you to optimize the operation of your site while improving its security. Here are the options you can set:

• Use WordPress Crons (wp-cron.php): this option allows you to automate certain tasks on your WordPress site.
• Search engine visibility: you can choose whether or not to make your site visible to search engines.
• Debug mode: by activating this mode, you can more easily identify and resolve errors on your site.
• Force https: this option allows you to force your site to use the https protocol, guaranteeing a secure connection between the server and the user's browser.

B. htaccess rules and other security measures

LWS WP Manager gives you access to a series of htaccess rules and other advanced security measures to ensure optimum protection of your WordPress site.

• Restrict access to files and folders: This function allows you to restrict access to certain files and folders on your site, making these areas inaccessible to unauthorised visitors.
• Disable listing of files in non-indexed folders: This prevents users from viewing the contents of directories that do not contain an index file. This makes it more difficult for an attacker to find sensitive files.
• Block unauthorised access to the xmlrpc.php file: The xmlrpc.php file enables communication between your WordPress site and other sites or services. By blocking unauthorised access to this file, you can prevent certain forms of attack.
• Block the downloading of .sql files: .sql files contain information about your database. By blocking them from being downloaded, you can protect this sensitive information.
• Block access to readme and license files: These files can provide information about your site that could help an attacker. By blocking access to these files, you add another layer of security to your site.
• Block access to .htaccess and .htpasswd files: These files contain important configuration information and can be a target for attackers. By blocking access to these files, you strengthen the security of your site.
• Deactivate pingbacks: Pingbacks let other sites know that you have linked to them. However, they can also be used for DDoS attacks. By disabling this function, you can increase the security of your site.
• Disable file editing in the WordPress dashboard: This prevents users from editing files on your site from the WordPress dashboard. This can help prevent unauthorised modifications.
• Hide author credentials: This option hides author credentials on your site, making it more difficult for an attacker to find valid credentials.
• Prevent execution of PHP scripts in the wp-content/uploads directory: Similarly, this option prevents the execution of PHP scripts in the WordPress content upload directory.
• Disable script concatenation for the WordPress admin panel: This can help prevent certain JavaScript-based attacks.
• Block access to the comment page for browsers without a UserAgent or Referer: This measure can help prevent comment spam and other forms of abusive behaviour.
• Block access to sensitive files: This option allows you to block access to sensitive files, thereby strengthening the security of your site.
• Enable protection against robots: This option allows you to activate anti-robot protection to prevent harmful automated traffic.
• Change SALT security keys in WordPress configuration file: This option allows you to strengthen the security of your site by regularly regenerating the keys used for authentication.
• Reset file and folder permissions: This option allows you to reset the permissions for files on your site to 644, for folders to 755 and for the wp-config.php file to 600.
• Change the default administrator username: Changing the default administrator username makes it more difficult for an attacker to guess your login details.

How do I manage the overall security level?

WP Manager offers 3 pre-configured security levels, details of which can be found below:

The "custom" security level allows you to enable or disable the settings of your choice.

How do I enable or disable a security setting?

Once you have accessed the list of security features, click on the slider on the line of the feature you wish to enable or disable.

If the slider is grey, then the feature is inactive. Conversely, if the slider is green, then the feature is currently active.

Checking the integrity of the WordPress core

A WordPress integrity scan is a process that checks the integrity of the files in your WordPress installation. Essentially, it is a check of the structure and integrity of the main WordPress files, such as the WordPress core files, themes and installed plugins.

The main purpose of a WordPress integrity scan is to detect unwanted changes or corrupted files that could compromise the security or proper functioning of your website. This could include malicious files added by hackers, unauthorised modifications to the WordPress source code or accidental alterations that could occur during updates or plugin installations.

The WordPress integrity scan compares the files in your installation with a reference of the original files. If a difference is detected, this may indicate an unauthorised alteration or modification. In this case, you can take steps to resolve the problem, such as deleting the malicious files or restoring the original files from a backup.

In summary, a WordPress integrity scan is a verification process that ensures that the files in your WordPress installation have not been altered in any undesirable way, thus guaranteeing the security and integrity of your website.

Changing the salts in the WordPress configuration file

The Change the salts of the WordPress configuration file button allows you to update the 4 unique authentication keys which encrypt the passwords in the wp-config.php file, which is located at the root of your site, on your FTP space.

But what are the 4 unique authentication keys?

The keys are generated automatically when WordPress is installed and are stored both in the database and in the wp-config.php configuration file.

In simpler terms, a secret key is a password with elements that make it more complicated to break through security barriers. Consequently, a password such as "password" or "try" is far too simple and too easy to find. A combination such as "88A7DA62429BA6AD3CB3C76A" is very difficult to crack.

Conclusion

You now know how to :

• Access and use WP Manager to strengthen the security of your LWS-hosted WordPress site,
• Configure various security settings, such as forcing the https protocol, restricting access to sensitive files, and disabling file editing via the dashboard,
• Choose from three predefined security levels or customise your own settings for bespoke security,
• Perform an integrity scan to check that the files in your WordPress installation have not been compromised,
• Renew authentication keys (SALTs) for better protection of user data.

🛡️ Thanks to this article, you are now equipped to keep your WordPress site secure with disconcerting ease. Remember, prevention is the best defence against online threats!

✨ We hope this information helps you make the most of WP Manager's potential and ensure optimal protection for your WordPress site.

🙏 Thank you for taking the time to read this article. Please feel free to share your experiences or ask any questions you may have by leaving a comment below. Your feedback is valuable and helps us to continually improve our service.