Start » WordPress » In general » Initial WordPress configuration

Initial WordPress configuration

Updated: 02/04/2021.

A brief overview of the basic configuration I do for most WordPress websites. Listed primarily as a personal reminder.

Table Of Contents (T.O.C.):

  1. E-Mail, DNS and nameservers
  2. Hosting account configuration
  3. WordPress installing and configuring
  4. Other services


1. E-Mail, DNS and nameservers

– T.O.C. –


2. Hosting account configuration

Adding the following in the “.htaccess” file of the home directory:

# BEGIN GREMLIN EDITS

# minimizing SSL/TLS renewal problems
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^.well-known - [L]
</IfModule>

# directory listing protection
Options -Indexes

# clickjacking attack protection
Header always append X-Frame-Options SAMEORIGIN

# MIME sniffing protection
Header set X-Content-Type-Options nosniff

# XSS protection
Header set X-XSS-Protection "1; mode=block"

# redirections - see below

# END GREMLIN EDITS

For redirections – if the website uses www, then:
(test with R=302, not 301, to confirm first that it works properly, and replace bikegremlin.com with the correct domain)

RewriteEngine on
RewriteCond %{HTTPS} !on [OR]
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule (.*) https://www.bikegremlin.com%{REQUEST_URI} [L,R=301]

If the site uses a naked domain, or a subdomain:

RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www. [NC]
RewriteRule ^ https://io.bikegremlin.com%{REQUEST_URI} [L,NE,R=301]

– T.O.C. –


3. WordPress installing and configuring

Install WordPress.

Add this to the beginning of the “wp-config.php” file:

// BEGIN GREMLIN CHANGES

// clickjacking attack protection
// better have this configured in .htaccess, so this is an extra
header('X-Frame-Options: SAMEORIGIN');

// XSS protection
@ini_set('session.cookie_httponly', true);
@ini_set('session.cookie_secure', true);
@ini_set('session.use_only_cookies', true);

// WP auto-uptade disabling
define( 'WP_AUTO_UPDATE_CORE', false );

// prolonging WP auto-save interval to 300 seconds
define( 'AUTOSAVE_INTERVAL', 300 );

// END GREMLIN CHANGES

– T.O.C. –


4. Other services

– T.O.C. –

Share...

Leave a Comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.