Difference between revisions of "Wordpress"
Line 8: | Line 8: | ||
=Installation= | =Installation= | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
'''Requirements''' | '''Requirements''' | ||
Line 21: | Line 14: | ||
'''Installation key points''' | '''Installation key points''' | ||
− | * Always use a database prefix (ex: baby_blog_ or it_tips_) | + | * Always use a database prefix (ex: <code>baby_blog_</code> or <code>it_tips_</code>) |
* When asked you should create a STRONG password for the admin | * When asked you should create a STRONG password for the admin | ||
* If you see some warning during installation you've to adjust your <code>.htaccess</code> file | * If you see some warning during installation you've to adjust your <code>.htaccess</code> file | ||
(i) This should not happen | (i) This should not happen | ||
+ | |||
+ | |||
+ | '''Setup''' | ||
+ | # Download the latest zip from [http://wordpress.org] OR [http://fr.wordpress.org] | ||
+ | # Put the archive on your server (using FTP) | ||
+ | # Unzip the archive | ||
+ | You can use the following script: TODO GUILLAUME | ||
+ | # Go to your website: the installation process will start | ||
+ | |||
+ | |||
Line 36: | Line 39: | ||
=Plugins= | =Plugins= | ||
+ | |||
+ | |||
All is done on the administrator interface: http://mysite.com/wp-admin | All is done on the administrator interface: http://mysite.com/wp-admin | ||
Line 44: | Line 49: | ||
* ''All in one WP Security'' : security | * ''All in one WP Security'' : security | ||
* ''NextGEN Gallery'' : photos galleries | * ''NextGEN Gallery'' : photos galleries | ||
+ | * ''BackWPup'' : regular backup | ||
+ | * ''TinyMCE Advanced'' : WYSIWIG editor | ||
+ | * ''WP Statistics'' : statistics | ||
+ | * ''Hide My Site'' : to restrict access to the website. All visitor must provide a common password that you gave them. (free version: only 1 password for all users) | ||
Line 266: | Line 275: | ||
*** <ins>Say YES to ''Protect images''</ins> !! This will disable the download option of the plugin | *** <ins>Say YES to ''Protect images''</ins> !! This will disable the download option of the plugin | ||
*** <ins>Say YES to ''Disable right click menu completly''</ins> !! This will disable right click > save as... from the browser | *** <ins>Say YES to ''Disable right click menu completly''</ins> !! This will disable right click > save as... from the browser | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
Line 286: | Line 287: | ||
− | Installation | + | ===Installation=== |
* Go to '''Plugins''' > '''Add new''' | * Go to '''Plugins''' > '''Add new''' | ||
* Search for ''BackWPup'' | * Search for ''BackWPup'' | ||
* Install and activate the plugin | * Install and activate the plugin | ||
+ | |||
+ | ===Configuration=== | ||
After installation: | After installation: | ||
− | * | + | * Go to '''backWPup''' > '''jobs''' |
* ''Add new'' job | * ''Add new'' job | ||
− | * | + | |
− | ** | + | |
− | + | * Go to '''General''' tab | |
− | + | ** <ins>Save all</ins> (database, files, XML export, extensions, tables check) | |
− | *** Save on File | + | ** Name the archive (example): <code>rd_douane_consulting_</code><ins>%Y-%m-%d</ins> |
− | *** | + | ** Format: <ins>ZIP</ins> |
− | ** '''Schedule''' tab | + | ** Job destination: |
− | + | *** Save on File | |
− | ** | + | *** Save on FTP |
− | + | ** Logs | |
− | * | + | *** Set email address to send log to |
− | + | *** Set email from field like: <code>Baby blog - backup <postmaster@qin-diaz.com></code> | |
− | + | *** Tick ''Errors only'' | |
− | * | + | |
− | *** | + | |
− | *** | + | * Go to '''Schedule''' tab |
− | ** '''XML export''' tab | + | ** Use the <ins>Wordpress cron</ins> |
− | + | ** <ins>basic</ins> prog | |
− | + | ** Once a week | month - depend on your own usage | |
− | * | + | |
− | + | ||
− | + | * Go to '''DB backup''' tab | |
− | ** '''Folder''' tab | + | ** Select the tables to save |
− | + | ** Click <ins>GZIP</ins> compression | |
− | ** | + | |
− | * | + | |
+ | * Go to '''Files''' tab | ||
+ | ** Tick ''Backup WordPress <ins>install</ins> folder'' (ex: <code>/home/daxiongm/www/baby</code>) | ||
+ | *** Only select the blog | website folder from the root ; exclude all the rest | ||
+ | ** Tick ''Backup <ins>content</ins> folder'' (ex: <code>/home/daxiongm/www/baby/wp-content</code>) | ||
+ | *** Exclude '''cache''' | ||
+ | *** Exclude ''upgrade'' | ||
+ | ** Tick ''Backup <ins>plugins</ins>'' (ex: <code>/home/daxiongm/www/baby/wp-content/plugins</code>) !! this is particulary important if you paid some plugins !! | ||
+ | ** Tick ''Backup <ins>themes</ins>'' (ex: <code>/home/daxiongm/www/baby/wp-content/themes</code>) | ||
+ | ** Tick ''Backup <ins>uploads</ins> folder'' (ex: <code>/home/daxiongm/www/baby/wp-content/uploads</code>) | ||
+ | *** Exclude ''backwpup-*'' | ||
+ | ** Tick ''include special files'' (Backup wp-config.php, robots.txt, nginx.conf, .htaccess, .htpasswd and favicon.ico from root if it is not included in backup.) | ||
+ | ** Tick ''Use one folder above as WP install folder'' | ||
+ | |||
+ | |||
+ | * Go to '''XML export''' tab | ||
+ | ** Save all content | ||
+ | ** click GZIP compression | ||
+ | |||
+ | |||
+ | * Go to the '''Plugins''' tab | ||
+ | ** Save all extensions | ||
+ | ** click GZIP compression | ||
+ | |||
+ | |||
+ | * Go to the '''DB: check''' tab | ||
+ | ** Tick ''WordPress tables only'' | ||
+ | |||
+ | |||
+ | * Go to the '''To: Folder''' tab | ||
+ | ** Set the backup folder (ex: <code>/home/rddouanecw/www/backup/</code>) | ||
+ | ** Set max 5 archives | ||
+ | |||
+ | |||
+ | * Go to the '''FTP''' tab | ||
*** (requirement) you must create a backup folder on the target FTP with read/write for the FTP user | *** (requirement) you must create a backup folder on the target FTP with read/write for the FTP user | ||
*** set the FTP settings | *** set the FTP settings | ||
*** set the target folder: <code>/www/backup_daxiongmao/wedding/</code> | *** set the target folder: <code>/www/backup_daxiongmao/wedding/</code> | ||
*** Max 5 archives | *** Max 5 archives | ||
+ | *** Tick ''use FTP passive mode'' | ||
− | + | All done! You can already backup your website | blog. | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
Line 349: | Line 374: | ||
− | Installation: | + | Installation: |
* Go to '''Plugins''' > '''Add new''' | * Go to '''Plugins''' > '''Add new''' | ||
* Search for '''TinyMCE Advanced''' | * Search for '''TinyMCE Advanced''' | ||
Line 356: | Line 381: | ||
After installation: | After installation: | ||
− | * Once installed, go to the '''Settings''' menu > '''TinyMCE''' | + | * Once installed, go to the '''Settings''' menu > '''TinyMCE Advanced''' |
* Select the buttons to use | * Select the buttons to use | ||
+ | |||
(i) some hints: | (i) some hints: | ||
Line 366: | Line 392: | ||
* Add 'background color' button | * Add 'background color' button | ||
* Add 'page break' button | * Add 'page break' button | ||
+ | * <ins>Tick ''Keep paragaph tags''</ins> | ||
− | == | + | ==WP Statistics== |
− | + | To have many statistics about your website. | |
Installation: | Installation: | ||
* Go to '''Plugins''' > '''Add new''' | * Go to '''Plugins''' > '''Add new''' | ||
− | * Search for '' | + | * Search for ''WP Statistics'' |
* Install and activate the plugin | * Install and activate the plugin | ||
− | == | + | After installation: |
+ | * Go to '''Statistics''' > '''settings''' | ||
+ | ** Go to '''General''' tab | ||
+ | *** Disable all search engines but DuckDuckGo (it is the least popular) | ||
+ | |||
+ | |||
+ | |||
+ | ==Hide My Site== | ||
+ | |||
+ | If you do NOT want your website to be accessible to the whole world: that's the plugin you need. | ||
+ | |||
+ | You must give the password to all your visitors (family, friends). <ins>You cannot access the website without that password!</ins> | ||
+ | |||
+ | This is very useful if you want to do a private blog with pictures for instance. | ||
− | |||
− | Installation | + | ===Installation=== |
* Go to '''Plugins''' > '''Add new''' | * Go to '''Plugins''' > '''Add new''' | ||
− | * Search for ''' | + | * Search for '''Hide My Site''' |
* Install and activate the plugin | * Install and activate the plugin | ||
− | ==Hide | + | ===Configuration=== |
+ | * Go to '''Settings''' > '''Hide my site''' | ||
+ | ** <ins>Tick ''Enable password protection''</ins> | ||
+ | ** Set your password '''<< This is the password you need to send to all your visitors''' | ||
+ | ** You can provide some password hint, as long as it is not dummy and only the persons that know you can find it! | ||
+ | ** Tick ''brute force detection'' | ||
+ | |||
+ | |||
+ | ===How to test it?=== | ||
+ | |||
+ | Just log-off from the administrator interface and go to your website. The password pop-up should appear. | ||
+ | |||
+ | |||
+ | |||
+ | ===Mobile phones=== | ||
+ | |||
+ | This works on mobile phones (Android, iPhone, Windows phone). However you must ZOOM to see the input text field. This is a bug in the plugin, a small price to pay for better privacy. ^-^ | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | ==Contact Form 7== | ||
+ | |||
+ | Source: https://wordpress.org/plugins/contact-form-7/ | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | ==Simple Page Ordering== | ||
+ | |||
+ | Use that plugin to create a website. this will set a fix order of the posts. | ||
+ | |||
+ | |||
+ | Installation: | ||
+ | * Go to '''Plugins''' > '''Add new''' | ||
+ | * Search for '''Simple Page Ordering''' | ||
+ | * Install and activate the plugin | ||
− | |||
− | + | ==Disable Google Fonts== | |
+ | In China Google is not fast, not fast at all!! You must disable the Google fonts to improve users' experience ; otherwise the website may take minutes to load. | ||
Installation: | Installation: | ||
* Go to '''Plugins''' > '''Add new''' | * Go to '''Plugins''' > '''Add new''' | ||
− | * Search for ''' | + | * Search for '''Disable Google Fonts''' |
* Install and activate the plugin | * Install and activate the plugin |
Revision as of 15:45, 24 December 2016
This page describes the installation and configuration of a wordpress website. With the following plugins and settings you can do a 'classical' or 'blog' website or even a mix of both. It's up to you ! :)
Contents
Installation
Requirements
- Enable PHP 7 support. (i) On OVH you can do that from the admin panel
Installation key points
- Always use a database prefix (ex:
baby_blog_
orit_tips_
) - When asked you should create a STRONG password for the admin
- If you see some warning during installation you've to adjust your
.htaccess
file
(i) This should not happen
Setup
- Download the latest zip from [1] OR [2]
- Put the archive on your server (using FTP)
- Unzip the archive
You can use the following script: TODO GUILLAUME
- Go to your website: the installation process will start
Permalinks (URL type)
- Go to Settings > Permalinks
- Select a friendly name for your articles: tick Post name
Plugins
All is done on the administrator interface: http://mysite.com/wp-admin
According to your needs, here is the list of plugins I recommend to install and activate:
- Askimet : anti-spam
- qTranslate-X : mutli-lang support
- All in one WP Security : security
- NextGEN Gallery : photos galleries
- BackWPup : regular backup
- TinyMCE Advanced : WYSIWIG editor
- WP Statistics : statistics
- Hide My Site : to restrict access to the website. All visitor must provide a common password that you gave them. (free version: only 1 password for all users)
Askimet
Askimet blocks spams and avoids bots.
Installation:
- Go to Plugins
- Click on Activate under Askimet
- Go to the Askimet website to register for free and get a key
- Use your key
Configuration:
- Go to Settings > Askimet
- You adjust the Strictness (you should select 'always put spam in the Spam folder for review')
qTranslate-X
If you want to support many languages, then qTranslate is a must ! This will allow you to translate your posts and published them in different languages.
Installation:
- Go to Plugins > Add new
- Search for qTranslate-X
- Install and activate the plugin
Configuration:
- Go to Settings > Languages
- Go to the Languages tab and select the list of languages you want to use (ex: French, English, Chinese). You must enable each language you want.
- Then, go to the General tab
- Set the language order
- Set the URL modification order to Use Pre-Path Mode (Default, puts /en/ in front of URL). SEO friendly.
- Adjust Untranslated content settings
- Tick Show language names in "Camel Case"
- Tick Detect the language of the browser and redirect accordingly.
- Click Save changes
(i) You can adjust other settings if you'd like.
Add language selector to the website:
- Go to Appearance > Widgets
- Add qTranslate Language Chooser to the sidebar
Usage:
- When you edit a POST or a PAGE you can choose the language
All in one WP Security
(i) Most of the following settings come from: https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/
Security basis
Before installing the plugin you must set some basic security settings.
- Go to Settings > Discussion
- Default article settings
- To allow comments select: Allow people to post comments on new articles
- Email
- If you want to receive email alerts on new comment select: Anyone posts a comment
- Avatars
- Enable Show avatars
- Choose G — Suitable for all audiences
- Select a default avatar (ex: monsters)
Installation
- Go to Plugins > Add new
- Search for All in one WP Security
- Install and activate the plugin
Configuration
You'll find below my configuration recommendations.
- Go to WP security > Settings
- Go to tab WP Version Info
- Tick Remove WP Generator Meta Info
- Go to tab WP Version Info
- Go to WP security > User accounts
- Go to tab WP Username
- Adjust the super-user your username, you must avoid admin
- Display name - Ensure the logical name & display name are different
- Go to tab Display name
- Everything should be OK. If not you must Edit your profile (by clicking on the image, top right corner) > Set Display name publicly as with something that is NOT the login
- Go to tab WP Username
- Go to WP security > User login
- Go to tab Login lockdown
- Tick Enable Login Lockdown Feature
- Set max login attempts = 5
- Tick display generic error message
- Tick Notify by email
- Go to tab Force logout
- Tick Enable force WP user logout
- Set the logout time to 120 mmn
- Go to tab Login lockdown
- Go to WP security > User registration
- Go to tab Manual approval
- Tick enable manual approval of new registrations
- Go to tab Captcha
- Tick Enable captcha on registration page
- Go to tab Manual approval
- Go to WP security > Filesystem security
- Go to tab File permissions
- Set all recommended permissions
- Go to tab PHP File editing
- Tick disable ability to edit PHP files
- Go to tab WP file access
- Tick prevent access to WP default install files
- Go to tab File permissions
- Go to WP security > Firewall
- Go to tab Basic firewall rules
- Tick Enable Basic firewall protection
- (optional, only if you don't publish articles using your phone) tick Block access to XML-RPC
- Tick Block access to debug.log file
- Go to tab Additional firewall rules
- Tick disable index views
- Tick disable trace and track
- Tick forbid proxy comment posting
- Tick Deny bad query string
- Tick Enable advanced character string filter
- Go to tab 6G blacklist firewall rules
- Tick all options
- Go to tab Internet bots
- Tick block fake googlebots
- Go to tab Prevent hotlinks
- Tick prevent image hotlinking !!! This is particulary important if you want to restrict access to the website content !!! No one can display content outside your own domain.
- Go to tab Basic firewall rules
- Go to WP security > Brute force
- Go to tab Login captcha
- Tick all options
- Go to tab Login captcha
- Go to WP security > Spam prevention
- Go to tab Comment SPAM
- Tick all options
- Go to tab Comment SPAM
- Go to WP security > Miscellaneous
- Go to tab Copy protection
- Enable Copy protection !!! This will prevent anyone from saving content and downloading it on their station !!! This is particulary important if you want to control the data and ensure the content does NOT get everywhere - in the case of private photos for instance.
- Go to tab Frames
- Enable that feature
- Go to tab Users enumeration
- Enable that feature
- Go to tab Copy protection
Complete! You're good to go! Just log-off / log-in again.
NextGEN Gallery
Source https://wordpress.org/plugins/nextgen-gallery/
Installation
- Go to Plugins > Add new
- Search for NextGEN Gallery
- Install and activate the plugin
Upgrade to PRO version (NextGEN Plus)
(i) This is optional
If you want to add filigrane, prevent picture download and have better gallery I strongly recommend you to go for the PRO version NextGEN Plus.
It is a bit expensive - 49€ - but it really worth it in terms of security.
Once you've subscribed you'll receive the setup details by email.
Configuration
- Go to Gallery > Other options
- Under Image options
- Say YES to Delete image files when you remove a gallery
- Say YES to Automatically resize images after upload !! This is particulary important for the website loading time !! ;)
- Set the size to width: 1024 x height: 768 | Quality: 100% (i) you can adjust that to your own needs
- Say YES to Backup original images?
- Under Image options
- Under Thumbnail options
- Set the default Thumbnail size to 240 x 160
- Set fix dimension? YES
- Under Thumbnail options
- Under Watermarks
- How will generate a watermark? text
- Choose the position (I recommend bottom right)
- Offset 5 x 5
- Text: © Daxiongmao.eu
- Opacity: 100%
- Font family: Arial
- Font size: 10px
- Color: white (you can choose something else)
- Under Watermarks
~ for PRO version only ~
- Under Image protection
- Say YES to Protect images !! This will disable the download option of the plugin
- Say YES to Disable right click menu completly !! This will disable right click > save as... from the browser
- Under Image protection
BackWPup
To backup your blog / website regularly.
Requirement:
- Create a backup folder on your FTP server (ex: /home/rddouanecw/www/backup/)
Installation
- Go to Plugins > Add new
- Search for BackWPup
- Install and activate the plugin
Configuration
After installation:
- Go to backWPup > jobs
- Add new job
- Go to General tab
- Save all (database, files, XML export, extensions, tables check)
- Name the archive (example):
rd_douane_consulting_
%Y-%m-%d - Format: ZIP
- Job destination:
- Save on File
- Save on FTP
- Logs
- Set email address to send log to
- Set email from field like:
Baby blog - backup <postmaster@qin-diaz.com>
- Tick Errors only
- Go to Schedule tab
- Use the Wordpress cron
- basic prog
- Once a week | month - depend on your own usage
- Go to DB backup tab
- Select the tables to save
- Click GZIP compression
- Go to Files tab
- Tick Backup WordPress install folder (ex:
/home/daxiongm/www/baby
)- Only select the blog | website folder from the root ; exclude all the rest
- Tick Backup content folder (ex:
/home/daxiongm/www/baby/wp-content
)- Exclude cache
- Exclude upgrade
- Tick Backup plugins (ex:
/home/daxiongm/www/baby/wp-content/plugins
) !! this is particulary important if you paid some plugins !! - Tick Backup themes (ex:
/home/daxiongm/www/baby/wp-content/themes
) - Tick Backup uploads folder (ex:
/home/daxiongm/www/baby/wp-content/uploads
)- Exclude backwpup-*
- Tick include special files (Backup wp-config.php, robots.txt, nginx.conf, .htaccess, .htpasswd and favicon.ico from root if it is not included in backup.)
- Tick Use one folder above as WP install folder
- Tick Backup WordPress install folder (ex:
- Go to XML export tab
- Save all content
- click GZIP compression
- Go to the Plugins tab
- Save all extensions
- click GZIP compression
- Go to the DB: check tab
- Tick WordPress tables only
- Go to the To: Folder tab
- Set the backup folder (ex:
/home/rddouanecw/www/backup/
) - Set max 5 archives
- Set the backup folder (ex:
- Go to the FTP tab
- (requirement) you must create a backup folder on the target FTP with read/write for the FTP user
- set the FTP settings
- set the target folder:
/www/backup_daxiongmao/wedding/
- Max 5 archives
- Tick use FTP passive mode
All done! You can already backup your website | blog.
TinyMCE Advanced
This is an improved editor (What You See Is What You Get WYSIWYG).
Installation:
- Go to Plugins > Add new
- Search for TinyMCE Advanced
- Install and activate the plugin
After installation:
- Once installed, go to the Settings menu > TinyMCE Advanced
- Select the buttons to use
(i) some hints:
- Add copy & paste buttons
- Add underline button
- Add code button
- Add 'emoticons' button
- Add 'background color' button
- Add 'page break' button
- Tick Keep paragaph tags
WP Statistics
To have many statistics about your website.
Installation:
- Go to Plugins > Add new
- Search for WP Statistics
- Install and activate the plugin
After installation:
- Go to Statistics > settings
- Go to General tab
- Disable all search engines but DuckDuckGo (it is the least popular)
- Go to General tab
Hide My Site
If you do NOT want your website to be accessible to the whole world: that's the plugin you need.
You must give the password to all your visitors (family, friends). You cannot access the website without that password!
This is very useful if you want to do a private blog with pictures for instance.
Installation
- Go to Plugins > Add new
- Search for Hide My Site
- Install and activate the plugin
Configuration
- Go to Settings > Hide my site
- Tick Enable password protection
- Set your password << This is the password you need to send to all your visitors
- You can provide some password hint, as long as it is not dummy and only the persons that know you can find it!
- Tick brute force detection
How to test it?
Just log-off from the administrator interface and go to your website. The password pop-up should appear.
Mobile phones
This works on mobile phones (Android, iPhone, Windows phone). However you must ZOOM to see the input text field. This is a bug in the plugin, a small price to pay for better privacy. ^-^
Contact Form 7
Source: https://wordpress.org/plugins/contact-form-7/
Simple Page Ordering
Use that plugin to create a website. this will set a fix order of the posts.
Installation:
- Go to Plugins > Add new
- Search for Simple Page Ordering
- Install and activate the plugin
Disable Google Fonts
In China Google is not fast, not fast at all!! You must disable the Google fonts to improve users' experience ; otherwise the website may take minutes to load.
Installation:
- Go to Plugins > Add new
- Search for Disable Google Fonts
- Install and activate the plugin