'}}

I thought about security measures for WordPress

At HanamiWEB Online School,

●Ask questions in real-time in the virtual study room!

●Ask as many questions as you want via chat!

●E-learning materials that you can learn as much as you want, 24 hours a day!

All included for just 2,500 yen/month!

Have you ever thought about security measures for your homepage or website?
The security settings introduced here are essential even for sites that do not use WordPress.

[WordPress security measures #1] Always-on SSL

If you have heard of the term SSL, you may already have it set up! It is a standard security setting for websites, not just WordPress.

Always-on SSL, which is said to be related to SEO

After configuring SSL on your contracted server, you will need to set up the site to redirect anyone accessing http to https.

For WordPress, use a plugin or edit your .htaccess file.

We introduce security settings that anyone can easily do with xserver!

[WordPress security measures #2] After switching to HTTPS, set up HTST preload

I'm sure many of you don't know about this.

Once you have enabled Always-On SSL, you will want to set up HTML preloading.

How to set up HSTS preload in 3 minutes – A must-do after switching to Always-On SSL

I set it up with reference to the above.

In the .htaccess file

Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; prelo

Add this. After adding

https://hstspreload.org/

Go to and register your site. It was so easy!

[WordPress security measures 3] XSS (Cross-site scripting) measures

This is a required setting for WordPress security. I added a header to .htaccess to protect against attacks using XSS (Cross-Site Scripting).

Header set X-XSS-Protection "1; mode=block" 

[WordPress Security Measures #4] XSS (Cross-Site Scripting) Countermeasures IE Settings

In Internet Explorer, if scripts are mixed in due to XSS, they will be interpreted as HTML. To prevent this, I added the necessary code to .htaccess.

Header set X-Content-Type-Options nosniff 

[WordPress Security Measures #5] Clickjacking Attack Countermeasures

I added this to .htaccess to ensure it can't be embedded on other websites and to prevent clickjacking attacks.

Header always append X-Frame-Options SAMEORIGIN 

Things to be careful of when editing .htaccess

The .htaccess file is an important file that controls the display of the server. It is a file that is prone to causing problems without you realizing it, such as full-width spaces being entered.

When a problem occurs, the site turns completely white and displays an error message, such as a 500 error, which is very frustrating.

I'll tell you how to edit it!

  1. Be sure to save the unedited .htaccess file on your own PC or elsewhere.
  2. First, add one line, upload the file to the server, and then reload (F5 key) to update the website and check for errors and any problems with the website design. If there are no problems, continue working.
  3. If an error occurs, upload the file you backed up in step 1 to the server and restore it.
  4. By repeating the above steps and handling your files carefully, you can prevent irreparable damage to the greatest extent possible.

Recommended SEO Check Tools

Here is an SEO check tool that I use regularly.

https://www.checkbot.io/

It can be extended into Google Chrome, so when you click on the icon on the site you want to check, it will perform an SEO analysis.

This security setting did not appear in 100%, so I made the settings as shown here.

After setting

wordpressのセキュリティ設定

This is 100%. There are various other security measures, such as setting up a plugin to change the login URL, but this time I introduced the essential security settings other than WordPress, which edits .htaccess!

If you are using xserver, please refer to this as well!

How to strengthen security internally in WordPress

We have introduced the WordPress security settings on the server side, but the following article introduces how to configure WordPress to strengthen its internal security, including security measures against unauthorized logins to Worpdress.

By configuring them together, you can further strengthen security!

Once you've strengthened your security, it's time to strengthen your SEO!

Leave the reskilling of your website to us!

Since 2019, we have been sharing skills related to WordPress and websites. We have accumulated case studies and know-how, and are good at quickly and accurately solving problems. If you have any concerns about your website, please feel free to contact us via our official LINE account!

↑Click to open the official LINE page

Latest Articles

'}}
How to Accept Credit Installment Payments Using Lifter LMS
'}}
Explains how to customize the LifterLMS system automatic output page
'}}
LifterLMS Customization example when the registration date and active date are different due to bank transfer, etc.
'}}
(Solved) Emails sent from WordPress to Gmail are not being sent [Lollipop]
WP Rocket - WordPress Caching Plugin
en_USEnglish