Support Center » Knowledgebase » Programming and Scripting » Security Tips » How to have a HACK PROOF and LIGHTNING FAST WordPress web site with Quadra Hosting

How to have a HACK PROOF and LIGHTNING FAST WordPress web site with Quadra Hosting



Security

WordPress is used by one in four websites. That makes it a prime target for hackers. There are a lot of ways that your site can be compromised, but two-thirds of all hacks are caused by vulnerabilities in WordPress plugins, themes, and core files.

Keeping WordPress secure requires constant vigilance. Exploits are being found for WordPress themes and plugins every day. Even WordPress itself has critical vulnerabilities from time to time. If you don’t stay on top of updates, your site will get hacked. It’s just a matter of when.

Performance

Every time you visit a WordPress page it needs to perform database queries to fetch content and run PHP code to render the page. These actions take time to perform.

Furthermore, there is a tendency to install a lot of plugins which can significantly slow down the WordPress site.

The Solution

The solution to both the above problems is easily achievable with your Quadra Hosting account. Here are the steps:

  1. Create a subdomain for your real WordPress site. For example you may call the subdomain "editor". The name editor is arbitrary, you can call it anything you like, e.g. wordpress, backend, admin, cms, etc. For example if your domain is called "mydomain.com", then the subdomain is "editor.mydomain.com".
  2. Install or move your WordPress site in the editor subdomain, leaving the main "mydomain.com" empty. 
  3. This is the key to making your site hack proof:
    • Password protect this whole subdomain using Apache's .htaccess password protection mechanism. If you are not familiar with this, please see: https://support.quadrahosting.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=122
    • Add the following block of code to your .htaccess 
      <IfModule authz_core_module>
      <RequireAny>
      Require all denied
      Require ip 202.146.
      </RequireAny>
      </IfModule>
      <IfModule !authz_core_module>
      Order allow,deny
      Allow from 202.146.
      Satisfy any </IfModule>
  4. Set up your wordpress site as normal, but use "editor.mydomain.com" as its domain name. If you have an existing WordPress site that has been set up on www.mydomain.com, you can move it and rename all the URLs to backend.mydomain.com. Quadra Hosting staff can assist with this process.
  5. Install the Simply Static WordPress plugin from here: https://wordpress.org/plugins/simply-static/
  6. Configure the Simply Static plugin with the following settings:
    • Destination URL: www.mydomain.com
    • Delivery Method: Local Directory
    • Local Directory: /hsphere/local/home/youraccountname/mydomain.com/ (note that youraccountname should be replaced with your FTP Login name)
  7. When you're ready to "Publish" your site, click "Generate" in the Simply Static plugin.
  8. Enjoy your FAST and HACK PROOF web site. Now you can leave your web site for years without ever having to keep updating WordPress/plugins, and be sure that it will never get hacked.

Additional Notes:

  • When using this method, you do not need to keep your wordpress / plugins (running in the "editor.mydomain.com") up to date for the sake of security. 
  • But please use a good password that is hard to crack for your editor / wordpress site.
  • For an extra security, disable PHP on the main web site (i.e. mydomain.com). You can disable PHP by turning it off in the control panel -> Web Options.
  • If you need to update the contents of your web site, simply go to http://editor.mydomain.com/wp-admin/ and add pages or modify your site. Once you're done with your edits, re-generate your static site again using the Simply Static plugin (as per step 7 above).

Assistance

  • If you have any questions, please do not hesitate to contact the Quadra Hosting support team.
  • While the instructions above should be pretty straight forward and easy to follow, the Quadra Hosting support team can set this all up for you for a small fee if you would like someone to do it for you.

Caveats

This solution does have some limitations, for example it won't work if you have a shopping cart or some other dynamically updated content.



Article Details
Article ID: 234
Created On: 09 May 2016 03:50 PM
 Back
 Login [Lost Password] 
Email:
Password:
Remember Me:
Please note that the login and password to the support area is NOT the same as your hosting control panel login and password
 
 Search
 Article Options
Home | Register | Submit a Ticket | Knowledgebase | Downloads | Control Panel User's Guide | Server Status
Language: