WordPress Go Live Steps
written by: Jeff McNearWordPress Go Live Steps
ADD TO WP-CONFIG FILE (disables file editing)
define('DISALLOW_FILE_EDIT', true);
DELETE THESE FILES
- (root)/readme.html [info about site]
- (root)/wp-admin/install.php [could be executed if connection to database is cut]
ADD TO MAIN .htaccess FILE (under root of site)
NEUTRALIZE AUTHOR LOGIN NAME VIA ID – brute force attacks
<IfModule mod_rewrite.c>
RewriteCond %{QUERY_STRING} ^author=([0-9]*)
RewriteRule .* https://www.youtube.com/watch?v=slQAHnEAlQg? [L,R=302]
</IfModule>
DENY ACCESS TO xmlrpc.php FILE – brute force attacks
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>
PROTECT HTACCESS FILE
<files .htaccess>
order allow,deny
deny from all
</files>
BLOCK INCLUDE ONLY FILES
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
SECURE WP-CONFIG.PHP
<Files wp-config\.php>
Order Deny,Allow
Deny from all
</Files>
CANONICAL FAVICONS – believe it or not a common point of attack
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} !^/favicon.ico$ [NC]
RewriteCond %{REQUEST_URI} /favicon(s)?\.?(gif|ico|jpe?g?|png)?$ [NC]
RewriteRule (.*) http://example.com/favicon.ico [R=301,L]
</IfModule>
GO LIVE INDEXING STEPS
WEBMASTER TOOLS
- GOOGLE SEARCH CONSOLE: search.google.com/search-console/about?hl=en
- BING: bing.com/toolbox
SUBMIT FOR INDEXING
MASS SUBMISSIONS
GOOGLE ANALYTICS