One of the great things about WordPress is how customizable it is. This can make it tricky to know if you’re maintaining your site in the best way possible though.
This article details some WP Engine recommended best practices for WordPress. We’ve seen these general, security, and troubleshooting tips prove beneficial for many of our customers.
Take Advantage of WordPress’ Home/Site URLs
Rather than hard-coding domain names within your wp-config.php file, theme files, or other areas of your site, base your URL structure upon WordPress’ home and site URLs. This way, if your domain changes, the only place you’ll need to update it within your site is the General Settings page of your WordPress admin dashboard.
Don’t forget that all domains added to your site must be added to the Domains section of the WP Engine User Portal though!
Select Plugins & Themes with Active Maintainers
When selecting new plugins or themes, pay close attention to whether or not they are still being maintained. Look for recent updates, compatibility with the most up-to-date versions of WordPress, and active developers and/or community.
You can also check our disallowed plugins list during your search!
Run Updates Regularly
Ensuring that WordPress core, as well as all themes and plugins, are up to date is actually one of the most impactful actions you can take to keep your site secure. Updates provide patches to protect against known vulnerabilities.
Running all of the available updates for your site is also a great troubleshooting step. In addition to security patches, updates can include functional changes that affect how the various components of your site interact with one another.
Your WP Engine staging environment is a great place for testing updates!
Harden Your Site
While we do provide security features as part of our platform, here are a couple of other steps you can take to reinforce the security of your site:
- In regards to your WordPress user login, select usernames that are unique or difficult to guess. Refrain from using the standard “admin,” “administrator,” or “guest.”
- Utilize captcha on forms and comments to prevent spam submissions. Many of our customers have benefitted from Akismet for this purpose.
Check These Three Places When Troubleshooting
While our support team is happy to help diagnose any issue you may experience with your site, here are a few simple steps that you can take to get the process started:
- Check the Apache error log for clues. You can find more information here about how to view those logs and details on understanding the error messages that may arise.
- Disable the theme and all plugins. Your WP Engine staging environment is a great place to test this. If you do choose to troubleshoot on your live environment though, be sure to purge the cache after making changes.
- Check your .htaccess file for potentially problematic rules. See here for the default WordPress .htaccess rules.
For more of our recommendations, we invite you to read our “15 Ways To Harden The Security of Your WordPress Site” blog post.