WP software updates
- All software updated on Mondays using: managewp.com
Malware scanner
- Use an external scanning service such as sitecheck.sucuri.net which uses external resources to scan the site review our list of security testing services
- Scanning a website is a memory intensive activity.
Plugins
- All in One Security with our custom settings. (firewall disabled)
Server Level
- force SSL on the domain
- Ensure using latest stable release of PHP
- Most hosts have a Firewall to limit login attempts (protection from brute force attacks). If a clients server does not have a firewall, we will use the All in One firewall
.htaccess
putting global https://forums.cpanel.net/threads/htaccess-global.242511/
# ActionSkills Security Headers
<IfModule mod_headers.c>
Header set X-XSS-Protection "1; mode=block"
Header set X-Frame-Options "SAMEORIGIN"
Header set X-Content-Type-Options "nosniff"
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
# Header set Content-Security-Policy ...
Header set Referrer-Policy "same-origin"
Header set Feature-Policy "geolocation 'self'; vibrate 'none'"
</IfModule>
# End ActionSkills Security Headers
Spam
Install Google reCAPTCHA or hCaptcha
We prioritise hCaptcha as Google’s reCAPTCHA is part of tehir surveillance engine.
