Security is paramount when it comes to website management. FlyWP’s Security page provides a suite of settings that help you protect and harden your WordPress site against common vulnerabilities and attacks.
Accessing the Security Page
- From the FlyWP dashboard, navigate to your chosen site.
- Click on the “Security” option in the left sidebar.
Security Configuration Options
- Purpose: A cutting-edge security firewall by Perishable Press, designed to safeguard your site from malicious attacks.
- Recommendation: Enabling this provides an additional layer of defense against known vulnerabilities.
- Purpose: Prevents remote clients from communicating with WordPress through the XML-RPC protocol.
- Recommendation: If you’re not using applications that require XML-RPC (like certain mobile apps), keep this disabled.
Disable RSS and Atom Feeds
- Purpose: Turns off feed updates, preventing users from subscribing to your site updates via feed readers.
- Recommendation: Only necessary if you don’t want to offer feed-based updates to readers.
- wp-content Directory & wp-includes Directory:
- Purpose: Shields these directories from direct access, preventing unauthorized users from accessing sensitive files.
- Recommendation: It’s wise to enable these settings to ensure maximum security for your site content.
- Purpose: Disables the ability for users to export their links to an OPML file.
- Recommendation: This feature is rarely used; keeping it disabled can prevent potential misuse.
- Purpose: Turns off comments on your website.
- Recommendation: Activate this if you don’t require comments or are using an external commenting system.
- Purpose: Prevents other sites from sending trackbacks to your site.
- Recommendation: Keep disabled if you’re not using trackbacks.
Add Security Headers
- Purpose: Appends security headers to your site, enhancing protection against attacks.
- Recommendation: Always enable this, especially if you’re using SSL.
Disable WP Admin
- Purpose: Turns off access to the WordPress admin area.
- Recommendation: Use this if you’re away or don’t need frequent access to the admin dashboard to prevent unauthorized access.
- Purpose: Restricts access to the WordPress login page.
- Recommendation: Activate during periods of high unauthorized login attempts or if you’re away for extended durations.
Restrict Theme & Plugin Access
- Themes & Plugins Editor: Disables the option to edit themes and plugins via the WordPress admin.
- Themes & Plugins Update and Installation: Disallows the ability to update or install themes and plugins through the WordPress admin.
- Recommendation: Keeping these settings active ensures no accidental or unauthorized changes occur within your themes or plugins.