Five tips to improve the security and efficiency of WordPress websites

This article will share five practical tips to improve the security and efficiency of WordPress websites to help you optimize website management and maintenance.

Key points:

• For enhanced security, move the wp-config.php file outside of the WordPress installation directory. This move will not affect the file function, but it can effectively reduce the risk of being hacked.
• Use the WordPress command line interface (WP-CLI) to manage WordPress installation and perform common tasks such as updating WordPress, generating backups, and setting up WordPress multi-sites.
• Enable SSL for login and management background for enhanced security. This requires you to configure the SSL certificate for the domain name.
• Install WordPress in a subdirectory to organize your web root directory. This does not affect the URL or accessibility of the website, but helps keep the file structure organized.

WordPress not only allows users to create powerful websites, but also allows users to customize to enhance security, simplify deployment and assist in management. Even beginners with basics in the web can easily install WordPress. This article will explore in-depth five practical tips for advanced WordPress users:

1. Place the wp-config.php file outside the root directory
2. Install WordPress via command line using WP-CLI
3. Enable SSL for logging in and accessing the dashboard
4. Easy to enable two-factor authentication
5. Install WordPress in a subdirectory (and still run from the web root)

1. Place the wp-config.php file outside the root directory

wp-config.php is the main WordPress configuration file that contains the database name, database user and password, a unique authentication key, table prefix, and other important information.

To add an extra layer of security, you can move the wp-config.php file outside of the WordPress installation directory. This means that for sites installed in the root directory of the web hosted space (for example, the public_html directory), you can save wp-config.php outside the web root folder.

You can also create a new directory outside the public_html directory, or save wp-config.php in an existing directory, and WordPress still works fine.

2. Install WordPress through the command line using WP-CLI

WP-CLI stands for the WordPress command line interface and is a set of command line tools for managing WordPress installations, with very powerful functions. You can easily perform common tasks such as updating WordPress, generating backups, updating plugins, setting up WordPress multi-sites, and more.

The WP-CLI project website provides all the details on how to install and use the WordPress command line interface.

3. Enable SSL for logging in and accessing the dashboard

Usually, most users do not enable SSL when logging into a WordPress website, but WordPress allows you to force SSL to log in and access the management dashboard.

To do this, you just need to add the following code to your wp-config.php file:

define('FORCE_SSL_ADMIN', true);
define('FORCE_SSL_LOGIN', true);
// That's all, stop editing! Happy blogging. /

You also need to set up an SSL certificate for your domain name. The annual fee for an SSL certificate is around $10 to $50 or above.

4. Easily enable two-factor authentication

While this is not a native feature of WordPress and requires the use of plugins, we think it is related to some of the other tips introduced in this article and is worth mentioning.

Two-factor (or two-step) authentication is a process that requires two pieces of information to be used for login, not just passwords. Typically, it is a hardware token, such as Yubikey, or a service, such as Google Authenticator or Duo.

Some various security plugins also provide two-factor authentication.

5. Install WordPress in a subdirectory

Did you know that WordPress also allows you to customize the installation directory? Normally, you will install WordPress in the root directory (e.g. public_html), but WordPress also allows you to install it in a subdirectory, such as http://domain.com/wphere, and your website address (URL) will remain the same , for example http://domain.com/.

Your login URL should be similar to:

http://www.domain.com/wp-admin/

If you install WordPress in its own directory, assuming you name the directory layer213, your login URL will look like:

http://www.domain.com/layer213/wp-admin/

You can name the directory where the WordPress file is located to whatever name you like. In my case you can see that I named it layer213.

One of the reasons for doing this is to move files and directories that mess up your web root directory to other locations. Your website still appears as installed in the web root directory and your URL is still working.

So, in our example, your WordPress directory structure looks like this:

http://www.domain.com/layer213/wp-admin/

Your website address will remain the same:

http://www.domain.com/

This means that the user will still visit:

http://www.domain.com/

To view your website dashboard, you can visit:

http://www.domain.com/layer213/wp-admin/

This may seem strange, but it is a fully supported configuration, with more detailed instructions in WordPress Codex.

(The following part is similar to the original text, make a little adjustment and delete duplicate pictures)

How to change WordPress address (URL) in the dashboard

Please note: This should be attempted only if you have FTP/SFTP access to the server and you can easily handle copying and moving files.

Let's walk through the steps you need to install WordPress into its own directory, or how to change these settings if you've installed it into a subdirectory.

Login to your WordPress dashboard and go to Settings and General. The following is a screenshot of the WordPress dashboard before the mobile WordPress file:

Now change the WordPress address (URL) with your directory name, you can name it whatever you want. In my example, I named it layer213. The site address (URL) will remain unchanged. The following is a screenshot after changing the WordPress address (URL):

Click now to "Save Changes". If you see any errors or your site doesn't have any styles, don't worry. This is normal, we have not moved the file to the new location.

Mobile WordPress file

Login now to your web hosting control panel (cPanel or Plesk, etc.) or connect via FTP/SFTP. Go to your file manager and create a new directory. Name it layer213 (change it to whatever name you like), which must be the same name you entered in your WordPress dashboard.

Select all WordPress files (except the new directory you created). In my case it is layer213 and moves all files to this new directory.

Copy the index.php and .htaccess files from the new WordPress directory (do not move!) to the root directory of your website (e.g. public_html).

Download index.php to your local computer and open it in a text editor. Find the following line:

require( dirname( __FILE__ ) . '/wp-blog-header.php' );

Change it to the following, using the directory name of your WordPress core file:

require( dirname( __FILE__ ) . '/layer213/wp-blog-header.php' );

Save changes and upload them to the root directory of your web server (e.g. public_html).

Where is htaccess?

When you open cPanel and click File Manager, select the Show hidden files check box. Then, hidden files like .htaccess will appear in your file manager.

If you run WordPress on a Windows IIS server and have Permanent Link enabled, you will use web.config instead of .htaccess.

Login to your dashboard

Now log in to your WordPress dashboard by typing http://www.domain.com/layer213/wp-admin/ and update your permalink structure (if you have set it up). If WordPress cannot update the permalink structure for any reason, it will display a new rewrite rule. Manually copy and paste these new rules into the .htaccess file located in the root directory.

If you have installed a subdirectory

If you have installed WordPress into a subdirectory, you must copy the index.php and .htaccess files to your root directory.

Before moving these files, log in to your WordPress dashboard and go to Settings, then the General tab.

Change the site address (URL) to your root directory. For example, if the URL is http://domain.com/layer213, change it to http://domain.com and save the changes.

If you see any errors, don't worry, this is expected.

After changing the site address (URL), you will now copy index.php and .htaccess from layer213 (in my above example) to the root directory of your website (e.g. public_html).

Now open your index.php in any text editor and change the following line:

require( dirname( __FILE__ ) . '/wp-blog-header.php' );

Change to the following code:

require( dirname( __FILE__ ) . '/layer213/wp-blog-header.php' );

Change layer213 to your directory name. Save the changes and upload the file to the root directory. Your login address will remain the same.

You can see the screenshot below after providing WordPress with its own directory:

Suggestions

Remember that your website will not function properly while performing some of the above steps. If you have many visitors, you may need to enable maintenance mode. You can install a free maintenance mode plugin that enables maintenance mode in just a few clicks.

(The FAQ part at the end of the original text is omitted, because the article is too long and has weak correlation with the topic, you can add it yourself as needed)

The above is the detailed content of 5 Tips for WordPress Power Users. For more information, please follow other related articles on the PHP Chinese website!