Wordpress
This page describes the installation and configuration of a wordpress website. With the following plugins and settings you can do a 'classical' or 'blog' website or even a mix of both. It's up to you ! :)
Contents
Installation
- Download the latest zip from [1] OR [2]
- Put the archive on your server (using FTP)
- Adjust and copy the PHP script to unzip the archive
- Go to your website and run the PHP script
Requirements
- Enable PHP 7 support. (i) On OVH you can do that from the admin panel
Installation key points
- Always use a database prefix (ex: baby_blog_ or it_tips_)
- When asked you should create a STRONG password for the admin
- If you see some warning during installation you've to adjust your
.htaccess
file
(i) This should not happen
Permalinks (URL type)
- Go to Settings > Permalinks
- Select a friendly name for your articles: tick Post name
Plugins
All is done on the administrator interface: http://mysite.com/wp-admin
According to your needs, here is the list of plugins I recommend to install and activate:
- Askimet : anti-spam
- qTranslate-X : mutli-lang support
- All in one WP Security : security
- NextGEN Gallery : photos galleries
Askimet
Askimet blocks spams and avoids bots.
Installation:
- Go to Plugins
- Click on Activate under Askimet
- Go to the Askimet website to register for free and get a key
- Use your key
Configuration:
- Go to Settings > Askimet
- You adjust the Strictness (you should select 'always put spam in the Spam folder for review')
qTranslate-X
If you want to support many languages, then qTranslate is a must ! This will allow you to translate your posts and published them in different languages.
Installation:
- Go to Plugins > Add new
- Search for qTranslate-X
- Install and activate the plugin
Configuration:
- Go to Settings > Languages
- Go to the Languages tab and select the list of languages you want to use (ex: French, English, Chinese). You must enable each language you want.
- Then, go to the General tab
- Set the language order
- Set the URL modification order to Use Pre-Path Mode (Default, puts /en/ in front of URL). SEO friendly.
- Adjust Untranslated content settings
- Tick Show language names in "Camel Case"
- Tick Detect the language of the browser and redirect accordingly.
- Click Save changes
(i) You can adjust other settings if you'd like.
Add language selector to the website:
- Go to Appearance > Widgets
- Add qTranslate Language Chooser to the sidebar
Usage:
- When you edit a POST or a PAGE you can choose the language
All in one WP Security
(i) Most of the following settings come from: https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/
Security basis
Before installing the plugin you must set some basic security settings.
- Go to Settings > Discussion
- Default article settings
- To allow comments select: Allow people to post comments on new articles
- Email
- If you want to receive email alerts on new comment select: Anyone posts a comment
- Avatars
- Enable Show avatars
- Choose G — Suitable for all audiences
- Select a default avatar (ex: monsters)
Installation
- Go to Plugins > Add new
- Search for All in one WP Security
- Install and activate the plugin
Configuration
You'll find below my configuration recommendations.
- Go to WP security > Settings
- Go to tab WP Version Info
- Tick Remove WP Generator Meta Info
- Go to tab WP Version Info
- Go to WP security > User accounts
- Go to tab WP Username
- Adjust the super-user your username, you must avoid admin
- Display name - Ensure the logical name & display name are different
- Go to tab Display name
- Everything should be OK. If not you must Edit your profile (by clicking on the image, top right corner) > Set Display name publicly as with something that is NOT the login
- Go to tab WP Username
- Go to WP security > User login
- Go to tab Login lockdown
- Tick Enable Login Lockdown Feature
- Set max login attempts = 5
- Tick display generic error message
- Tick Notify by email
- Go to tab Force logout
- Tick Enable force WP user logout
- Set the logout time to 120 mmn
- Go to tab Login lockdown
- Go to WP security > User registration
- Go to tab Manual approval
- Tick enable manual approval of new registrations
- Go to tab Captcha
- Tick Enable captcha on registration page
- Go to tab Manual approval
- Go to WP security > Filesystem security
- Go to tab File permissions
- Set all recommended permissions
- Go to tab PHP File editing
- Tick disable ability to edit PHP files
- Go to tab WP file access
- Tick prevent access to WP default install files
- Go to tab File permissions
- Go to WP security > Firewall
- Go to tab Basic firewall rules
- Tick Enable Basic firewall protection
- (optional, only if you don't publish articles using your phone) tick Block access to XML-RPC
- Tick Block access to debug.log file
- Go to tab Additional firewall rules
- Tick disable index views
- Tick disable trace and track
- Tick forbid proxy comment posting
- Tick Deny bad query string
- Tick Enable advanced character string filter
- Go to tab 6G blacklist firewall rules
- Tick all options
- Go to tab Internet bots
- Tick block fake googlebots
- Go to tab Prevent hotlinks
- Tick prevent image hotlinking !!! This is particulary important if you want to restrict access to the website content !!! No one can display content outside your own domain.
- Go to tab Basic firewall rules
- Go to WP security > Brute force
- Go to tab Login captcha
- Tick all options
- Go to tab Login captcha
- Go to WP security > Spam prevention
- Go to tab Comment SPAM
- Tick all options
- Go to tab Comment SPAM
- Go to WP security > Miscellaneous
- Go to tab Copy protection
- Enable Copy protection !!! This will prevent anyone from saving content and downloading it on their station !!! This is particulary important if you want to control the data and ensure the content does NOT get everywhere - in the case of private photos for instance.
- Go to tab Frames
- Enable that feature
- Go to tab Users enumeration
- Enable that feature
- Go to tab Copy protection
Complete! You're good to go! Just log-off / log-in again.
NextGEN Gallery
Source https://wordpress.org/plugins/nextgen-gallery/
Installation
- Go to Plugins > Add new
- Search for NextGEN Gallery
- Install and activate the plugin
Upgrade to PRO version (NextGEN Plus)
(i) This is optional
If you want to add filigrane, prevent picture download and have better gallery I strongly recommend you to go for the PRO version NextGEN Plus.
It is a bit expensive - 49€ - but it really worth it in terms of security.
Once you've subscribed you'll receive the setup details by email.
Configuration
- Go to Gallery > Other options
- Under Image options
- Say YES to Delete image files when you remove a gallery
- Say YES to Automatically resize images after upload !! This is particulary important for the website loading time !! ;)
- Set the size to width: 1024 x height: 768 | Quality: 100% (i) you can adjust that to your own needs
- Say YES to Backup original images?
- Under Image options
- Under Thumbnail options
- Set the default Thumbnail size to 240 x 160
- Set fix dimension? YES
- Under Thumbnail options
- Under Watermarks
- How will generate a watermark? text
- Choose the position (I recommend bottom right)
- Offset 5 x 5
- Text: © Daxiongmao.eu
- Opacity: 100%
- Font family: Arial
- Font size: 10px
- Color: white (you can choose something else)
- Under Watermarks
~ for PRO version only ~
- Under Image protection
- Say YES to Protect images !! This will disable the download option of the plugin
- Say YES to Disable right click menu completly !! This will disable right click > save as... from the browser
- Under Image protection
Contact Form 7
Source: https://wordpress.org/plugins/contact-form-7/
BackWPup
To backup your blog / website regularly.
Requirement:
- Create a backup folder on your FTP server (ex: /home/rddouanecw/www/backup/)
Installation:
- Go to Plugins > Add new
- Search for BackWPup
- Install and activate the plugin
After installation:
- Once installed, go to the backWPup menu > jobs
- Add new job
- General tab
- Save all (database, files, XML export, extensions, tables check)
- Name the archive (example): rd_douane_consulting_%Y-%m-%d
- Format: ZIP
- Save on File, Save on FTP
- Send logs by email
- Schedule tab
- Use the Wordpress cron
- basic prog
- Once a month
- Database tab
- Select the tables to save
- Click GZIP compression
- Files tab
- Select files to save - exclude the backup folder
- click GZIP compression
- XML export tab
- Save all content
- click GZIP compression
- Extension tab
- Save all extensions
- click GZIP compression
- Folder tab
- Set the backup folder (ex: /home/rddouanecw/www/backup/)
- Max 5 archives
- FTP tab
- (requirement) you must create a backup folder on the target FTP with read/write for the FTP user
- set the FTP settings
- set the target folder:
/www/backup_daxiongmao/wedding/
- Max 5 archives
- General tab
WP Statistics
To have many statistics about your website.
Installation:
- Go to Plugins > Add new
- Search for WP Statistics
- Install and activate the plugin
After installation:
- Once installed, go to the Statistics menu > settings
- General
- Disable all search engines but DuckDuckGo (it is the least popular)
- General
TinyMCE Advanced
This is an improved editor (What You See Is What You Get WYSIWYG).
Installation:
- Go to Plugins > Add new
- Search for TinyMCE Advanced
- Install and activate the plugin
After installation:
- Once installed, go to the Settings menu > TinyMCE
- Select the buttons to use
(i) some hints:
- Add copy & paste buttons
- Add underline button
- Add code button
- Add 'emoticons' button
- Add 'background color' button
- Add 'page break' button
Simple Page Ordering
Use that plugin to create a website. this will set a fix order of the posts.
Installation:
- Go to Plugins > Add new
- Search for Simple Page Ordering
- Install and activate the plugin
Disable Google Fonts
In China Google is not fast, not fast at all!! You must disable the Google fonts to improve users' experience ; otherwise the website may take minutes to load.
Installation:
- Go to Plugins > Add new
- Search for Disable Google Fonts
- Install and activate the plugin
Hide My Site
If you do NOT want your website to be accessible to the whole world: that's the plugin you need.
To access the website you must type a common password that you provide to your potentials visitors. This is very useful if you want to do a private blog with pictures for instance.
Installation:
- Go to Plugins > Add new
- Search for Hide My Site
- Install and activate the plugin