cyang255

Hi bemdesign,

I means there are many php plugins, mysql plugins, so I was wondering how would other more experiences WordPress developers use? What do you guys use? Does WordPress already support them in core? Sorry, I am really new to WP 4.3, so I need to a lot of reading to find out these “basic” stuff.

Any suggestions on which plugin to use or API to call is very appreciated. Thanks.

We have leased a dedicated server, our vendor has installed firewall for us, it was so tight that something even filter out our own members for invalided login attempts.

So, I am looking for idea to secure WordPress to make it harder to hack. Although we are none-profit organization and do not carry any credit card information, but it’s still not fun that your sites got hacked.

So, any suggestions are very appreciated. What is the best practices for keeping WordPress secure as “Federal Reserve Bank”, LOL

Thanks.

Ok, I found the problem. So stupid of me, it was the line under

<Directory “/var/www/html/sites”>

AllowOverride None

must change to

AllowOverride All

After I changed the line, restart apache2 server then everything works now.

Ok, I did not answer the question correctly. The WP 4.3 is untared to /var/www/html/site/wpdemo directory.

The apache httpd.conf has a entry – DocumentRoot “/var/www/html/sites”

Here is part of the httpd.conf

DocumentRoot “/var/www/html/sites”
#
# Relax access to content within /var/www.
#
<Directory “/var/www”>
AllowOverride None
# Allow open access:
Require all granted
</Directory>

# Further relax access to the default document root:
<Directory “/var/www/html/sites”>
#
# Possible values for the Options directive are “None”, “All”,
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that “MultiViews” must be named *explicitly* — “Options All”
# doesn’t give it to you.
#
# The Options directive is both complicated and important. Please see
# https://httpd.apache.org/docs/2.4/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks

#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be “All”, “None”, or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride None

#
# Controls who can get stuff from this server.
#
Require all granted
</Directory>

Hi Frans,

First, I installed WP 4.3 on AWS, and it’s in the root directory of /var/www/html/sites/wpdemo

Here is the .htaccess

RewriteEngine On
RewriteBase /wpdemo/
RewriteRule ^index\.php$ – [L]

# add a trailing slash to /wp-admin
RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]

RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ – [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L]
RewriteRule . index.php [L]