1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 |
1 Stand Up Site 1.1 Get Host DNS Server names 1.2 Get Domain Name 1.3 Point Domain Name to name servers 1.4 host your domain 1.4.1 Create SFTP/FTP user credentials 1.4.2 Let site propagate for maybe 1 hour 1.5 Establish SFTP session 1.6 Put up test index.php holder to verify connectivity 1.7 Enable SSL 2 Install WordPress 2.1 MySQL 2.1.1 Create DB 2.1.2 Create User 2.1.3 Get latest version of WP from wordpress.org 2.2 SFTP unzipped wordpress folder 2.2.1 Rename current web root 2.2.2 Rename wordpress to web root 2.3 Perfrom standard wordpress install 2.3.1 navigate to domain name in browser 2.3.2 Select Locale 2.3.3 Click Let’s go! 2.3.4 Enter 2.3.4.1 Database Name 2.3.4.2 Username 2.3.4.3 Password 2.3.4.4 Database Host 2.3.4.5 Table Prefix 2.3.5 Click Submit 2.3.6 Get sparky! Message – Click Run the install 2.3.7 Enter Information Needed 2.3.7.1 Site Title 2.3.7.2 Username 2.3.7.3 Password 2.3.7.4 Your Email 2.3.7.5 skip Search Engine Visibility turn off check box for me 2.3.8 Click Install WordPress 3 Initial Setup Items 3.1 Log in as admin (user name from 2.3.7.2) 3.2 Create user to own posts (probably role = editor) 3.3 View Hello World post 3.4 Codex Hardening wordpress items 3.4.1 Set Folder permissions to 755 (usually already set – but verify) 3.4.2 Set Files only to 644 (just set in SFTP/FileZilla) 3.4.3 web root .htaccess 3.4.3.1 Download .htaccess 3.4.3.2 WP – Includes: Block the include-only files 3.4.3.3 WP-Config.php – deny access 3.4.3.4 Rewrite to HTTPS 3.4.3.5 upload it back 3.4.4 Change settings to HTTPS 3.4.5 WP-Content/Uploads 3.4.5.1 Upload an image to create folder 3.4.5.2 Verify folder permissions 3.4.5.3 Create new .htaccess in Uploads folder deny php execution code 3.4.6 Disable File Editing 3.4.6.1 Download wp-config.php 3.4.6.2 set DISALLOW_FILE_EDIT to true 3.4.6.3 Upload wp-config.php 3.5 General Settings Items 3.5.1 HTTPS for site and wordpress addresses 3.5.2 Unclick the organize updated into month and year based folders (personal preference) 3.5.3 Set Post Name permalink (another personal preference) 3.5.4 Create UserID for Posts (without admin capabilities) 3.6 Initial Plugins 3.6.1 Contact Form 7 3.6.1.1 Add captcha keys 3.6.1.2 Add captcha to form 3.6.2 Crayon Syntax Highlighter 3.6.3 Google Captcha (reCAPTCHA) by BestWebSoft 3.6.3.1 Add captcha keys 3.6.3.2 Select all forms (comments is most important) 3.6.3.3 Uncheck all user types (then can test while signed in) |
Link to Codex – Hardening WordPress