WordPress Go Live Steps

written by: Jeff McNear

ADD TO WP-CONFIG FILE (disables file editing)

define('DISALLOW_FILE_EDIT', true);

DELETE THESE FILES

  • (root)/readme.html [info about site]
  • (root)/wp-admin/install.php [could be executed if connection to database is cut]

ADD TO MAIN .htaccess FILE (under root of site)

NEUTRALIZE AUTHOR LOGIN NAME VIA ID – brute force attacks

	<IfModule mod_rewrite.c>
	RewriteCond %{QUERY_STRING} ^author=([0-9]*)
	RewriteRule .* https://www.youtube.com/watch?v=slQAHnEAlQg? [L,R=302]
	</IfModule>

DENY ACCESS TO xmlrpc.php FILE – brute force attacks

   <Files xmlrpc.php>
    order deny,allow
    deny from all
    </Files>

PROTECT HTACCESS FILE

     <files .htaccess>
     order allow,deny
     deny from all
     </files>

BLOCK INCLUDE ONLY FILES

     RewriteEngine On
     RewriteBase /
     RewriteRule ^wp-admin/includes/ - [F,L]
     RewriteRule !^wp-includes/ - [S=3]
     RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
     RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
     RewriteRule ^wp-includes/theme-compat/ - [F,L]

SECURE WP-CONFIG.PHP

     <Files wp-config\.php>
     Order Deny,Allow
     Deny from all
     </Files>

CANONICAL FAVICONS – believe it or not a common point of attack

     <IfModule mod_rewrite.c>
      RewriteEngine On
      RewriteBase /
      RewriteCond %{REQUEST_URI} !^/favicon.ico$ [NC]
      RewriteCond %{REQUEST_URI} /favicon(s)?\.?(gif|ico|jpe?g?|png)?$ [NC]
      RewriteRule (.*) http://example.com/favicon.ico [R=301,L]
     </IfModule>

GO LIVE INDEXING STEPS

WEBMASTER TOOLS

SUBMIT FOR INDEXING

MASS SUBMISSIONS

GOOGLE ANALYTICS

analytics.google.com/analytics/web/