by Victor | Installation notes

Essential plugins and settings for new WordPress sites

Plugins

  1. NinjaFirewall
    • Enable Full WAF mode
  2. Cloudflare
    • Connect using Cloudflare API token
  3. Child Theme Configurator
    • Deactivate once you have created the child theme

Cloudflare settings

  1. Page rule
    • Restrict access to wp-login*
      • whitelist your home country
      • whitelist IP address
  2. (advanced) Cloudflare Zero Trust
    • Access
      • Restrict access to wp-login.php
        • Requires email code
        • Requires specific email addresses
  3. (advanced) Security > WAF
    • Rate limiting rules
      • wp-login*
        • Limit the time
          e.g. 2 requests in 10 seconds

Housekeeping

  1. Delete built-in plugins
    • Hello Dolly
    • Akismet
  2. Settings > Discussion
    • Before a comment appears
      • Comment must be manually approved
 

Leave a Reply

Your email address will not be published. Required fields are marked *