WordPress is used by one in four websites. That makes it a prime
target for hackers. There are a lot of ways that your site can be
compromised, but two-thirds of all hacks are caused by vulnerabilities
in WordPress plugins, themes, and core files.
Keeping WordPress secure requires constant vigilance. Exploits are
being found for WordPress themes and plugins every day. Even WordPress
itself has critical vulnerabilities from time to time. If you don’t stay
on top of updates, your site will get hacked. It’s just a matter of when.
Every time you visit a WordPress page it needs to perform database
queries to fetch content and run PHP code to render the page. These
actions take time to perform.
Furthermore, there is a tendency to install a lot of plugins which can significantly slow down the WordPress site.
The solution to both the above problems is easily achievable with your Quadra Hosting account. Here are the steps:
- Create a subdomain for your real WordPress site. For example you may call the subdomain "editor". The name editor is arbitrary, you can call it anything you like, e.g. wordpress, backend, admin, cms, etc. For example if your domain is called "mydomain.com", then the subdomain is "editor.mydomain.com".
- Install or move your WordPress site in the editor subdomain, leaving the main "mydomain.com" empty.
- This is the key to making your site hack proof:
- Set up your wordpress site as normal, but use "editor.mydomain.com" as its domain name. If you have an existing WordPress site that has been set up on www.mydomain.com, you can move it and rename all the URLs to backend.mydomain.com. Quadra Hosting staff can assist with this process.
- Install the Simply Static WordPress plugin from here: https://wordpress.org/plugins/simply-static/
- Configure the Simply Static plugin with the following settings:
When you're ready to "Publish" your site, click "Generate" in the Simply Static plugin.Enjoy your FAST and HACK PROOF web site. Now you can leave your web site for years without ever having to keep updating WordPress/plugins, and be sure that it will never get hacked.
- Destination URL: www.mydomain.com
- Delivery Method: Local Directory
- Local Directory: /hsphere/local/home/youraccountname/mydomain.com/ (note that youraccountname should be replaced with your FTP Login name)
- When using this method, you do not need to keep your wordpress / plugins (running in the "editor.mydomain.com") up to date for the sake of security.
- But please use a good password that is hard to crack for your editor / wordpress site.
- For an extra security, disable PHP on the main web site (i.e. mydomain.com). You can disable PHP by turning it off in the control panel -> Web Options.
- If you need to update the contents of your web site, simply go to http://editor.mydomain.com/wp-admin/ and add pages or modify your site. Once you're done with your edits, re-generate your static site again using the Simply Static plugin (as per step 7 above).
- If you have any questions, please do not hesitate to contact the Quadra Hosting support team.
- While the instructions above should be pretty straight forward and easy to follow, the Quadra Hosting support team can set this all up for you for a small fee if you would like someone to do it for you.
This solution does have some limitations, for example it won't work if you have a shopping cart or some other dynamically updated content.