5 Easy Tips before beginning #WordPress Development

Hey Everyone, welcome back to another video tutorial on AWS lightsail hosting and wordpress tips. Today I’ll show you 5 tips for a basic configuraitons after installling a blank instance of WordPress. These are the first items I configure on WordPress and are important towards making your site secure and reliable and I recommend them before starting to develop your website on WordPress.

Most of these steps can be done with a plugin but I wanted to show you these steps without the use of plugins in case you don’t want increase your plugin footprint

Tip 1:

Disable XML-RPC – this disables the feature that allows remote/programmtic access to your content through APIs. This is useful if you intend to push your content to mobile apps or external applications. If you don’t then it is a good practice to disable this feature.

Paste this in the .htaccess file. Update the IP below to allow an IP to use XML-RPC

# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
allow from 123.123.123.123
</Files>

Or in functions.php add this code:

// Disable use XML-RPC
add_filter( 'xmlrpc_enabled', '__return_false' );

// Disable X-Pingback to header
add_filter( 'wp_headers', 'disable_x_pingback' );
function disable_x_pingback( $headers ) {
    unset( $headers['X-Pingback'] );

return $headers;
}

Tip 2:

Disable Comments and Trackbacks – If you do not intend to use comments and trackbacks for your website then it is best to disable this to prevent spammers and bots to target your posts/pages.

Tip 3:

Disable File Editor – this is never needed and you should always disable it. Open wp-config.php and add this

define('DISALLOW_FILE_EDIT', true);

Tip 4:

Disable WordPress version. This is best to hide the specific version of WordPress your site is using to the public. Add following to functions.php

function wp_remove_version() {
return '';
}
add_filter('the_generator', 'wp_remove_version');

Tip 5:

Change the default Username. WordPress does not allow the changing of username by default and if you use a single-click install of WordPress like Bitnami they come with an Administrator user that is generic. So to change the username, the simplest way is to make a new user and delete the old one, however if that is not possible, maybe because you’ve already used your email address then use a plugin called Change Username

Change username using wp cli by running the following command on a SSH terminal prompt. Replace ‘mukesh’ and ‘user’ below with the proper users for your situation.

sudo wp --allow-root db query "UPDATE wp_users SET user_login =  'mukesh' WHERE user_login = 'user'"