Hey Everyone, welcome back to another video tutorial on AWS lightsail hosting and wordpress tips. Today I’ll show you 5 tips for a basic configuraitons after installling a blank instance of WordPress. These are the first items I configure on WordPress and are important towards making your site secure and reliable and I recommend them before starting to develop your website on WordPress.
Most of these steps can be done with a plugin but I wanted to show you these steps without the use of plugins in case you don’t want increase your plugin footprint
Tip 1:
Disable XML-RPC – this disables the feature that allows remote/programmtic access to your content through APIs. This is useful if you intend to push your content to mobile apps or external applications. If you don’t then it is a good practice to disable this feature.
Paste this in the .htaccess file. Update the IP below to allow an IP to use XML-RPC
# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
allow from 123.123.123.123
</Files>
Or in functions.php add this code:
// Disable use XML-RPC
add_filter( 'xmlrpc_enabled', '__return_false' );
// Disable X-Pingback to header
add_filter( 'wp_headers', 'disable_x_pingback' );
function disable_x_pingback( $headers ) {
unset( $headers['X-Pingback'] );
return $headers;
}
Tip 2:
Disable Comments and Trackbacks – If you do not intend to use comments and trackbacks for your website then it is best to disable this to prevent spammers and bots to target your posts/pages.
Tip 3:
Disable File Editor – this is never needed and you should always disable it. Open wp-config.php and add this
define('DISALLOW_FILE_EDIT', true);
Tip 4:
Disable WordPress version. This is best to hide the specific version of WordPress your site is using to the public. Add following to functions.php
function wp_remove_version() {
return '';
}
add_filter('the_generator', 'wp_remove_version');Tip 5:
Change the default Username. WordPress does not allow the changing of username by default and if you use a single-click install of WordPress like Bitnami they come with an Administrator user that is generic. So to change the username, the simplest way is to make a new user and delete the old one, however if that is not possible, maybe because you’ve already used your email address then use a plugin called Change Username
Change username using wp cli by running the following command on a SSH terminal prompt. Replace ‘mukesh’ and ‘user’ below with the proper users for your situation.
sudo wp --allow-root db query "UPDATE wp_users SET user_login = 'mukesh' WHERE user_login = 'user'"
All videos tutorials on the website as well as the YouTube channel aim to provide a simplified process for a specific scenario; there could be many different factors and unique use cases you may have. The tutorials may not cover every situation; so treat is as a starting point or learning concept to apply to your unique situations, and consider this inspiration but not prescription or explicit direction.
