Security

WP software updates

Malware scanner

Plugins

Server Level

  • force SSL on the domain
  • Ensure using latest stable release of PHP
  • Most hosts have a Firewall to limit login attempts (protection from brute force attacks). If a clients server does not have a firewall, we will use the All in One firewall

.htaccess

putting global https://forums.cpanel.net/threads/htaccess-global.242511/


# ActionSkills Security Headers
<IfModule mod_headers.c>
    Header set X-XSS-Protection "1; mode=block"
    Header set X-Frame-Options "SAMEORIGIN"
    Header set X-Content-Type-Options "nosniff"
    Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
    # Header set Content-Security-Policy ...
    Header set Referrer-Policy "same-origin"
    Header set Feature-Policy "geolocation 'self'; vibrate 'none'"
</IfModule>
# End ActionSkills Security Headers

Spam

Install Google reCAPTCHA or hCaptcha
We prioritise hCaptcha as Google’s reCAPTCHA is part of tehir surveillance engine.