|
|
# Good Practices on Wordpress
|
|
|
# Good Practices on WordPress
|
|
|
|
|
|
Wordpress is a Content Management System (CMS) and we can use to develop good websites.
|
|
|
WordPress is a Content Management System (CMS) and we can use it to develop good websites.
|
|
|
|
|
|
If we are using wordpress in our software we need to know how to do right things together, in our style... Faircoop style. Always thinking in distributed, free content and free software and change our system for the good of commons.
|
|
|
If we are using WordPress as one of our software tools we need to know how to do the right things together, in our style... FairCoop style. Always thinking about distributed, free content, free software, and use our system for the good of commons.
|
|
|
|
|
|
I'm proposing to check this kind of rules however we want but start here:
|
|
|
I'm proposing to follow these kind of rules starting here:
|
|
|
|
|
|
## Starting project:
|
|
|
- We need to understand the requirements of the project:
|
... | ... | @@ -12,37 +12,37 @@ I'm proposing to check this kind of rules however we want but start here: |
|
|
- Information to offer.
|
|
|
- Functionalities.
|
|
|
- Contents.
|
|
|
- Way to use, communication way, graphics...
|
|
|
- Way to use, way of communication, graphics...
|
|
|
- Design.
|
|
|
- Create a version control and issue tracker
|
|
|
- Develop version
|
|
|
- Testing version
|
|
|
- Production version
|
|
|
- Create a structure for file management inside using coherence, (e.g. if you upload a photo for the blog, create a folder in file management naming blog...)
|
|
|
- In Wordpres we have to take care about plugings because there are a lot with no many testing and maybe not secure... please use more stars and downloads
|
|
|
- Check modules not using and try to reduce.
|
|
|
- In WordPress we have to take care about plugins because there are a lot with not much testing and maybe some that are not secure... please use ones with more stars and downloads.
|
|
|
- Check which plugins are not used, and try to remove them.
|
|
|
- Backup always
|
|
|
- Think on the future
|
|
|
- Think of the future
|
|
|
|
|
|
|
|
|
* * *
|
|
|
|
|
|
|
|
|
## Security recommendations:
|
|
|
If you can edit .htaccess will be easy and clean because modules sometimes are not necessary.
|
|
|
If you can edit .htaccess will be easier and cleaner because sometimes plugins are not necessary.
|
|
|
|
|
|
- Backup, backup, backup and backup --> You can use a plugin but its enough with All In One WP Security & Firewall we use for more things on this security
|
|
|
- Keep Wordpress and plugins up to date
|
|
|
- Backup, backup, backup and backup --> You can use a plugin but it's enough with All In One WP Security & Firewall, and we will use more things for security.
|
|
|
- Keep WordPress and plugins up to date
|
|
|
- Smart username and passwords (Don’t user “admin” as your username and choose a complex password)
|
|
|
- Block bad bots (.htaccess / robots.txt / ipblock)
|
|
|
- Always Use Secure Connections (sftp - SSL - ssh)
|
|
|
- Redirecction and use SSL --> Lets encrypt and .htaccess or with plugin like "simple ssl".
|
|
|
- Security modules:
|
|
|
- Redirecction and use SSL --> Lets Encrypt and .htaccess or with plugin like "simple ssl".
|
|
|
- Security plugins:
|
|
|
- [WP Security & Firewall](https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/)
|
|
|
Follow the instructions to complete points in security
|
|
|
- User Accounts (different username that nickname, strength the passwords... )
|
|
|
- User Accounts (use a different username than your nickname, strong passwords...)
|
|
|
- User login (block user too many attempts, force logout...)
|
|
|
- Database security (have a good prefix and backup regullary)
|
|
|
- Database security (have a good prefix and backup regularly)
|
|
|
- Filesystem security (Check files and prevent use .php)
|
|
|
- Firewall (Activate it)
|
|
|
|
... | ... | @@ -60,7 +60,7 @@ I'm proposing to check this kind of rules however we want but start here: |
|
|
## Performance Recommendations
|
|
|
|
|
|
- Cache performance on Wordpress:
|
|
|
- Cache needs to change on server .htaccess if ou have access good if not ask for an administration.
|
|
|
- Cache needs to change on server .htaccess - if you have access good if not ask for an administration.
|
|
|
You can test for example this plugin [W3 Total Cache](https://wordpress.org/plugins/w3-total-cache/)
|
|
|
|
|
|
- Minify JavaScript, CSS and HTML.
|
... | ... | |