1. Home
  2. Docs
  3. Site
  4. Security

Security

Security is paramount when it comes to website management. FlyWP’s Security page provides a suite of settings that help you protect and harden your WordPress site against common vulnerabilities and attacks.

Accessing the Security Page

  1. From the FlyWP dashboard, navigate to your chosen site.
  2. Click on the “Security” option in the left sidebar.

Security Configuration Options

7G Firewall

  • Purpose: A cutting-edge security firewall by Perishable Press, designed to safeguard your site from malicious attacks.
  • Recommendation: Enabling this provides an additional layer of defense against known vulnerabilities.

Disable XML-RPC

  • Purpose: Prevents remote clients from communicating with WordPress through the XML-RPC protocol.
  • Recommendation: If you’re not using applications that require XML-RPC (like certain mobile apps), keep this disabled.

Disable RSS and Atom Feeds

  • Purpose: Turns off feed updates, preventing users from subscribing to your site updates via feed readers.
  • Recommendation: Only necessary if you don’t want to offer feed-based updates to readers.

Protect Directories

  • wp-content Directory & wp-includes Directory:
    • Purpose: Shields these directories from direct access, preventing unauthorized users from accessing sensitive files.
    • Recommendation: It’s wise to enable these settings to ensure maximum security for your site content.

Disable wp-links-opml.php

  • Purpose: Disables the ability for users to export their links to an OPML file.
  • Recommendation: This feature is rarely used; keeping it disabled can prevent potential misuse.

Disable Comments

  • Purpose: Turns off comments on your website.
  • Recommendation: Activate this if you don’t require comments or are using an external commenting system.

Disable Trackbacks

  • Purpose: Prevents other sites from sending trackbacks to your site.
  • Recommendation: Keep disabled if you’re not using trackbacks.

Add Security Headers

  • Purpose: Appends security headers to your site, enhancing protection against attacks.
  • Recommendation: Always enable this, especially if you’re using SSL.

Disable WP Admin

  • Purpose: Turns off access to the WordPress admin area.
  • Recommendation: Use this if you’re away or don’t need frequent access to the admin dashboard to prevent unauthorized access.

Disable Login

  • Purpose: Restricts access to the WordPress login page.
  • Recommendation: Activate during periods of high unauthorized login attempts or if you’re away for extended durations.

Restrict Theme & Plugin Access

  • Themes & Plugins Editor: Disables the option to edit themes and plugins via the WordPress admin.
  • Themes & Plugins Update and Installation: Disallows the ability to update or install themes and plugins through the WordPress admin.
  • Recommendation: Keeping these settings active ensures no accidental or unauthorized changes occur within your themes or plugins.