Docs

Security

Security is paramount when it comes to website management. FlyWP’s Security page provides a suite of settings that help you protect and harden your WordPress site against common vulnerabilities and attacks.

Accessing the Security Page

From the FlyWP dashboard, navigate to your chosen site.
Click on the “Security” option in the left sidebar.

Security Configuration Options

7G Firewall

Purpose: A cutting-edge security firewall by Perishable Press, designed to safeguard your site from malicious attacks.
Recommendation: Enabling this provides an additional layer of defense against known vulnerabilities.

Disable XML-RPC

Purpose: Prevents remote clients from communicating with WordPress through the XML-RPC protocol.
Recommendation: If you’re not using applications that require XML-RPC (like certain mobile apps), keep this disabled.

Disable RSS and Atom Feeds

Purpose: Turns off feed updates, preventing users from subscribing to your site updates via feed readers.
Recommendation: Only necessary if you don’t want to offer feed-based updates to readers.

Protect Directories

wp-content Directory & wp-includes Directory:
- Purpose: Shields these directories from direct access, preventing unauthorized users from accessing sensitive files.
- Recommendation: It’s wise to enable these settings to ensure maximum security for your site content.

Disable `wp-links-opml.php`

Purpose: Disables the ability for users to export their links to an OPML file.
Recommendation: This feature is rarely used; keeping it disabled can prevent potential misuse.

Disable Comments

Purpose: Turns off comments on your website.
Recommendation: Activate this if you don’t require comments or are using an external commenting system.

Disable Trackbacks

Purpose: Prevents other sites from sending trackbacks to your site.
Recommendation: Keep disabled if you’re not using trackbacks.

Add Security Headers

Purpose: Appends security headers to your site, enhancing protection against attacks.
Recommendation: Always enable this, especially if you’re using SSL.

Disable WP Admin

Purpose: Turns off access to the WordPress admin area.
Recommendation: Use this if you’re away or don’t need frequent access to the admin dashboard to prevent unauthorized access.

Purpose: Restricts access to the WordPress login page.
Recommendation: Activate during periods of high unauthorized login attempts or if you’re away for extended durations.

Restrict Theme & Plugin Access

Themes & Plugins Editor: Disables the option to edit themes and plugins via the WordPress admin.
Themes & Plugins Update and Installation: Disallows the ability to update or install themes and plugins through the WordPress admin.
Recommendation: Keeping these settings active ensures no accidental or unauthorized changes occur within your themes or plugins.

Docker powered blazing fast and optimized WordPress site management platform on the cloud

© 2024, FlyWP Inc. All rights are reserved.

Company

Terms and Conditions

Affiliate Program

Servers

Akamai (Formerly Linode)

Custom Servers & VPS

Compare

Cloudways vs FlyWP

GridPane vs FlyWP

ServerAvatar vs FlyWP

xCloud vs FlyWP

RunCloud vs FlyWP

Links

Contact & Support

FlyWP Community

Feedback & Roadmap

Contact us at [email protected] for more queries and further assistance