You can see my previous article on how to build a WordPress website.
Link: Alibaba Cloud Server Rapid Deployment Website Tutorial
This article mainly talks about the basic operation of WordPress, as well as website security protection and commonly used plug-ins.
WordPress Basic Operations
Change website theme
After installing WordPress, we can first change the theme. The theme can be free or uploaded by ourselves.
Click Appearance - Theme, and select your favorite theme to install and enable.
If it is a theme package, you can click "Upload Theme" and install it after uploading.
Then start setting the site title, and you can set the website description and keywords.
Set Site Title
Click the WordPress background panel menu to find "Appearance" - "Custom",
Set website logo and site icon
Here you can also upload website logos and site icons.
Set Site Menu
Then set the website classification and menu bar.
Click "Article" - "Category" on the left to add several categories.
Click "Appearance" - "Menu" to create a new menu, where you can add categories and links, or article pages.
Modify the copyright information at the bottom of the website and fill in the filing number.
Note: If the installation is domestic WordPress Theme In general, the author will add the "Theme Settings" option in the menu bar to make it easier to modify the website appearance and custom information. part Free theme The copyright information at the bottom of is easy to modify, but some are encrypted and difficult to modify. The paid themes can be modified at will.
To modify the information at the bottom of the website, you can generally open the "Appearance" - "Custom" settings, or directly modify the footer.php file, as shown in the following figure:
Then, you can publish articles, or upload pictures or videos. (Since the video file is large, it is generally recommended to insert the video playback address.)
The above is the basic WordPress website operation and simple decoration.
But for a website, what is more important is access speed experience, SEO optimization, and security protection.
Let's talk about these issues.
Improve the access speed of WordPress website
The first is the speed of website access. In addition to improving our server's own configuration and network bandwidth, we can also improve the speed of website access by caching plug-ins, reducing file size, optimizing code, etc.
Install the static cache plug-in
Common static cache plug-ins, such as WP Super Cache
WP Super Cache can help dynamic WordPress blogs generate static html files to avoid getting them through php every time you visit the website. It helps to improve the speed of website access.
Refer to this article for installation and use methods: How to use the WordPress static cache plug-in WP Super Cache
Reduce file volume
We can do lossless compression before uploading images, which usually saves more than 60% of the space.
For example, online tools for lossless compression: // tinypng.com/
If we want to upload videos, we can try to put video links from other platforms instead of uploading them directly to the server.
Optimize code
In terms of code, try to simplify the code and don't use too many special effects, which will slow down the opening of the website.
Website SEO
Then comes the question of website SEO
Website filing
If you want your website to be included by Baidu as soon as possible, it is recommended that when selecting servers, try to select servers in the domestic mainland and put them on record. Portal: AliCloud server / Tencent ECS
Because there is no server for filing now, it is more and more difficult for Baidu to include. Of course, it doesn't matter if your customers are mainly overseas.
Portal: Filing free ECS
Continuous updating of original articles
In addition, it is also necessary to continuously update the original articles, and reasonably set the keywords and labels of the articles.
Install SEO plug-in
Many people will install SEO plug-ins to facilitate website SEO settings, such as Yoast SEO, All in One SEO Pack, and these WordPress plug-ins can be installed and tested.
Speaking of SEO, here we also want to say that after configuring pseudo static, you can set the fixed link of the article. It is beneficial to SEO.
The steps to configure the pseudo static state of the website on the pagoda panel are as follows:
On the pagoda panel, select "Settings" behind the website, click "Pseudostatic", select "WordPress", and finally click Save. As shown in the figure below
Website security protection
Finally, let's talk about the more important issue of website security protection.
Do not use default user name
First of all, WordPress background login does not use the default admin user name, but changes it to your own, and makes all passwords more complicated.
If you want to modify it, you can add a user and set it as a new administrator. As shown in the figure below
The nickname should not be the same as the user name
The administrator nickname of WordPress is the same as the user name by default. If you do not modify the nickname, it is equivalent to exposing the login user name of the administrator when the author of the article displays it. This will bring certain security risks.
Therefore, remember to change the nickname. The modification method is:
Open the WordPress management menu "User" - "Profile", set a new nickname, and set the new nickname to public display.
Use genuine software and themes
Do not use pirated website programs or themes, try to choose genuine ones. Because online pirated themes or programs may have loopholes, may be installed with backdoors, etc., and may eventually cause losses.
Modify the default port of the pagoda panel
It is better to customize and modify the common default settings.
For example, the default port for pagoda panel login is 8888. Remember to modify it. To do this, change the "Panel Settings" in the background of the pagoda panel to a new port number, and add this new port number to the security group of the ECS.
Set database access permissions
Set the database permissions to only be accessed by the local server, which can be set directly on the pagoda panel. Click "Database" on the left side of the panel, click "Permission" on the back, and set the access permission to the local server.
Hide WordPress version number
If you use an old version of WordPress, it is not ruled out that there may be old vulnerabilities. Hiding the version number of WordPress can also reduce the risk of the website being exploited by hackers to some extent.
To hide the version number of WordPress, just put the following code at the end of the functions.php file of the theme.
//Hide version number
function wpbeginner_remove_version() {
return ;
}
add_filter(the_generator, wpbeginner_remove_version);
Directory encryption and file access prohibition
You can add an additional layer of password (such as login directory) to the specified directory of WordPress, or prohibit access to important files.
In the website settings of the pagoda panel, select "Access restriction" to set encrypted access and forbidden access.
Modify WordPress background login address
The default login address of WordPress background can be modified through the plug-in WPS Hide Login. (You must remember to configure pseudo static first. As mentioned earlier, if you configure pseudo static)
As we all know, the default background login address of WordPress is: domain name/login.php or domain name/wp admin
By installing the WPS Hide Login plug-in, you can customize the login address. Let others not find your login portal.
First search and install the plug-in, and click Enable
Then, in Settings, change the login address. After you customize the settings, save the changes. Be sure to remember the new login address.
If you accidentally forget the new login address, just delete the plug-in file and restore the default login address. The file directory of the plug-in is located in the plugins folder under the wp content directory.
Specify IP address for remote login
In the security group settings of ECS, specify SSH login as your own IP address. This shields other IP addresses from logging into your ECS remotely.
Change to key login mode
We usually use the password remote login method. We can also change to a more secure SSH key login method. After the general key login is set successfully, the original password login mode will be automatically disabled.
You can set a key pair on the ECS console, associate it with our ECS, and enable key login.
If you don't want to use the key pair, you can unbind it from the ECS. Restore password login mode.
Modify the default SSH port number
The port number of the SSH remote connection server is 22 by default. We can also change it to another port number to use the new port number for SSH connection, but the default 22 port cannot be connected.
The operation method is:
First, select "Security" on the left side of the pagoda panel, and set the SSH port to the new port number, for example, 122 port here. Click OK.
Next, open the new port in the security group of the ECS.
Connect via remote connection software, such as Xshell, as shown in the figure
Hide the real IP address of the origin station
The real IP address of the source station is hidden by configuring the CDN. The domestic CDN needs the domain name for filing. CDN acceleration service can be used in Alibaba Cloud 、 Tencent Cloud 、 Qiniu Cloud Wait for the platform to buy.
You can also use foreign free CDNs, such as cloudflare, but the speed of domestic access may become slower.
Enable flow control
If your website has opened CDN and object storage, you should pay as you go. When the budget is limited, you can enable traffic control to prevent the loss of traffic costs caused by a large number of malicious accesses.
The steps to enable flow control are: Pagoda Panel Website Settings - Flow Limit, as shown in the figure
Paid security plug-ins or services
You can also protect site security through paid security plug-ins or services.
WordPress security plug-ins, such as Wordence or All In One WP Security&Firewall (pay for some pro functions)
Pagoda panel professional plug-in, such as Nginx firewall, etc
Open the "Software Store" to search for professional or enterprise plug-ins, but it is a paid plug-in, which can be purchased separately, or you can directly open the professional or enterprise version, during which all plug-ins are free of charge. If you are sure to pay for the use, remember to Get the pagoda gift package 。
You can also purchase more professional security services from Alibaba Cloud or Tencent Cloud, such as DDoS protection 、 Web application firewall WAF 、 Cloud firewall The protection level is higher, but the price is also more expensive.
The above methods can play a role in protecting website security to a certain extent.
Backup data regularly
Of course, we also know that no matter what kind of system, there will be a risk of being breached.
Therefore, we must develop the habit of regular backup, such as server snapshot backup service, or download website data to save locally. This can be set up in the background of the pagoda panel for free to automatically backup website and database files, and then downloaded to local storage.
The above is all about the basic operation of WordPress, website security protection and common plug-in tutorials.
It may not be perfect, so this article will also be updated continuously, and you are welcome to pay attention to it.
It's not easy to create. You are welcome to praise and pay attention. Thank you!
Original link: syunz.com/615.html
Source: Cloud Tutorial
The copyright of this article belongs to the author. Please do not reprint it without permission.
