Master WordPress: Setting up your local Development Environment
WordPress is a popular and powerful platform for creating websites, blogs, and online stores. But before you can start building your WordPress site, you need to set up a development environment where you can work on your site without affecting the live version.
A development environment is a safe and private space where you can install WordPress, test new features, experiment with plugins and themes, and debug any issues. It also allows you to work offline, without relying on an internet connection or a web server.
In this article, I will show you how to set up a local development environment for WordPress using a free tool called Local by Flywheel.
Local by Flywheel is an easy-to-use application that lets you create and manage multiple WordPress sites on your own computer.
What You Need to Set up a Local Development Environment for WordPress
To set up a local development environment for WordPress, you need the following:
A computer running Windows, Mac, or Linux.
A web browser such as Google Chrome, Firefox, or Microsoft Edge.
A text editor or an integrated development environment (IDE) such as Visual Studio Code, Atom, or Sublime Text. (I personally prefer VS Code because easy to customize and use 😁)
A local server stack that includes PHP, MySQL, and Apache or Nginx. This is what powers your WordPress site locally.
A WordPress installation package that includes the core files and the database.
You can download and install all these components separately, but that can be time-consuming and complicated. That’s why I recommend using Local by Flywheel, which bundles everything you need in one convenient package.
How to Install Local by Flywheel
Local by Flywheel is a free application that you can download from the official website: https://localwp.com/
To install Local by Flywheel, follow these steps:
Download the installer for your operating system from the website.
Run the installer and follow the instructions on the screen.
Once the installation is complete, launch the application and create an account or log in with your existing account.
You will see the main dashboard of Local by Flywheel, where you can create and manage your local WordPress sites.
How to Create a Local WordPress Site with Local by Flywheel
To create a local WordPress site with Local by Flywheel, follow these steps:
Click on the + button at the top left corner of the dashboard.
Choose a name for your site and click on Advanced Options to customize the domain name, path, and environment type. You can leave the default settings if you want.
Click on Continue to proceed to the next step.
Choose a username, password, and email address for your WordPress admin account. You can also choose whether to install WordPress multisite or not.
Click on Add Site to start creating your site. This may take a few minutes depending on your internet speed and computer performance.
Once your site is ready, you will see it listed on the dashboard. You can click on Admin to access the WordPress dashboard, or click on Open Site to view the front-end of your site in your browser.
How to Work on Your Local WordPress Site
Now that you have created your local WordPress site, you can start working on it as you would on any other WordPress site. You can install plugins and themes, create posts and pages, customize settings, and more.
Some of the benefits of working on a local WordPress site are:
You can work faster and see changes instantly in your browser.
You can work offline without needing an internet connection or a web server.
You can test new features and updates without affecting the live version of your site.
You can experiment with different plugins and themes without worrying about breaking your site or losing data.
You can debug any issues more easily using tools such as WP_DEBUG or Query Monitor.
How to Make Your Site Live
Once you are happy with your local WordPress site, you may want to make it live so that other people can access it on the internet. To do this, you need to migrate your site from your local environment to a web hosting service.
There are different ways to migrate your site from Local by Flywheel to a web host, but one of the easiest ways is to use the Connect feature of Local by Flywheel.
The Connect feature allows you to connect your local site to a web host such as WP Engine or Flywheel (both owned by the same company as Local by Flywheel) and push or pull changes between them.
To use the Connect feature of Local by Flywheel, follow these steps:
Click on the name of your local site on the dashboard and go to the Connect tab.
Choose a web host that you want to connect to. You will need to have an account with them and create a site on their platform first.
Follow the instructions on the screen to link your local site and your web host site.
Once the connection is established, you can push or pull changes between your local site and your web host site. Pushing changes means sending your local site to your web host site, while pulling changes means receiving your web host site to your local site.
You can also choose whether to push or pull the entire site or only specific parts such as the database, files, or plugins and themes.
Conclusion
Setting up a local development environment for WordPress is a smart and efficient way to work on your WordPress site. It gives you more control, flexibility, and security over your site.
Using Local by Flywheel, you can easily create and manage multiple WordPress sites on your own computer, without needing any technical skills or extra software.
You can also migrate your site from Local by Flywheel to a web host using the Connect feature, and sync changes between them.
I hope this article helped you learn how to set up a local development environment for WordPress using Local by Flywheel. If you have any questions or feedback, feel free to leave a comment below. Happy WordPressing!
1 note
·
View note
18 Ways to Harden the Security of Your Website
Fix Hacked Site - Malware Removal and Website Security Service.
18 Ways to Harden the Security of Your Website
Some systems are hard to hack, but most of the time, websites get hacked because they are vulnerable, and basic security measures still need to be taken.
In this post, we will discuss how to harden your WordPress website.
Related: A Beginner’s Guide To Hardening WordPress Security
Before you start
We’ve organized the listing with ease of execution so you can begin on top and function your means down. Please begin by mounting MalCare and using the Solidifying website option. That’s a significant action in the proper instructions, and afterward, you can return below for further activity.
Pro-Tip: We recommend that you always back up your site before making any changes, even those that are security related. Better safe than sorry!
5 EASY ways to increase your WordPress security
Let’s start this list with the low-hanging fruit. If you make these basic adjustments, we’ll all feel good about our progress in securing WordPress.
Related: How To Make A Website Secure: Tips You Can’t Ignore
1. Set strong passwords
Passwords are the lowest hanging of all the low-hanging fruit. That’s why they’re so often neglected. And that’s why they go to the top of the list of things to do to secure WordPress sites.
Passwords are hard to remember, and some of the best practices are tedious: no duplicate passwords; no simple passwords; a mix of letters, numbers, and signs; the list is indeed daunting, especially when you stop counting how many services you use.
Even though the probability is low, brute force attacks now use dictionary attacks to guess passwords. We recognize this, so we suggest using a password manager like LastPass. Use an instantly created string of numbers, letters, and symbols to protect your account.
2. Require the use of strong passwords
Staying on solid passwords is the next item on your to-do list.
If multiple users use your website, you must make sure each user uses a strong password and regularly changes it. On a small scale, this may be easier, but when it comes to a larger team, it would be better to have software that automates this for you.
WordPress will warn you by default if you choose a weak password
However, you can override this by enabling the “Confirm use of a weak password” option. In this way, you make your website vulnerable to attacks.
Used Plugins like Expire passwords to force users to upgrade their passwords. That permitted you to establish a maximum number of days before the password expires. Nevertheless, many of these plugins last updated a very long time ago, so we would not suggest their use.
3. Implementing permissions with the least privileges
You can have six predefined roles on a WordPress site: Super Admin, Manager, Editor, Author, Contributor, and Subscriber. Each duty has a collection of consents and can perform particular tasks. These tasks are called abilities. Can locate the complete checklist of functions and also abilities right here.
Note: For a single site, the administrator role is the most powerful; for a multisite, it’s the super admin role.
For a single site, you only require a limited number of administrators. The rule of thumb here is that you should have as few administrators as possible. The reason is simple: you reduce the risk of hackers stealing administrators’ credentials.
4. Install SSL
SSL is a way to transfer data securely from the user to the server and back over an encrypted connection.
Apart from the fact that it is an excellent safety method, Google needs websites to have SSL. It tends to penalize sites by displaying “Not Secure” in the web browser rather than the friendly eco-friendly lock, suggesting that an internet site is running over HTTPS rather than HTTP.
It made it reasonably complicated to mount an SSL certificate, yet that’s all over now. We have a complete guide on mounting SSL and an additional one to guarantee all your web pages are HTTPS.
Related: Why SSL Is Important For Website Security
5. Set up a WordPress security plugin
All the other products in our listing approximately this factor are hands-on enhancements you make to your website. Feel confident these are easy steps that do not require excessive configuration or plugin setup.
The rest of this list is more intricate. Many of the actions are included in MalCare’s Site Setting attribute.
You’ll save a lot of time by mounting the plugin and using our dashboard to establish the steps.
6 MEDIUM measures to harden WordPress
Each of the WordPress hardening measures presented in this section requires a plugin to be installed. We do not recommend installing plugins frivolously, as they often contain vulnerabilities and become entry points for infections. Please choose a plugin wisely to implement the following security measures.
1. 2-factor authentication
One of the most common techniques hackers use to infiltrate websites is the login page. They use a method called strength strikes, where they utilize robots to think about an internet site’s login credentials. Hackers recognize that many individuals use the same username and password for numerous accounts on the Internet, so it becomes easier to play the guessing game! Another way for hackers to break into a website is if your data has been shared from another website.
To protect yourself, you can set up two-factor verification for each user – whether they are a super administrator, administrator, editor, author, contributor, or subscriber.
Many sites, such as Gmail, offer users the option of two-step verification to log in to their accounts. That requires customers to offer their credentials and a password created in real-time (typically a one-time password sent to the signed-up telephone number). That makes it harder for hackers to split your account or access your WordPress control panel.
2. Limit login attempts
There’s a reason why websites, especially banks, only give their users three attempts to enter their usernames and password correctly. After that, you can select “forgot password” or even get locked out of your accounts. The following image is an instance of a warning displayed on the login screen when the user has tried to log in with incorrect credentials.
That is important to prevent brute force attacks and reduce the success of hackers and scammers.
WordPress allows a limitless variety of login attempts by default. Enabling a minimal variety of login attempts on your site raises safety and security and makes you confident that hackers can not attempt thousands of mixes to get. You can use three methods to limit login efforts on your website.
➢ You can install a plugin as Limit Login Attempts Reloaded
The plugin carries out captcha-based security that protects against destructive robots from accessing your website. If you currently have the MalCare security plugin on your internet site, you will instantly have limited protection against stopped-working login efforts.
By manually putting code right into the functions.php file. You must add a WordPress activity and hook a filter with a suitable callback function. This approach is practically challenging and high-risk. If you are not knowledgeable about shows, you must not attempt this.
You can find the code for the 3rd choice and an extra thorough explanation in our short article regarding limiting login efforts.
3. Keep an audit log
While this isn’t a WordPress hardening measure per se, it is an essential security measure.
Set up a plugin like WP Security Audit Log that records whatever is on your website. That way, you’ll understand what your customers are doing and when. You can, after that, monitor what’s taking place on your site and hold users answerable for their actions.
The plugin tracks every little thing – logins and logouts, adjustments made, productions, adjustments, deletions, additions, updates, and so on. You can check out the task log to recognize suspicious activity or adjustments made if you get hacked.
Can notify you immediately if critical changes have been made to your website. You can also log out or block any user with just one click.
4. Automatic logout of inactive users
This function is mainly found on banking websites and applications that log you out after a particular period of inactivity. That is to secure your account from unauthorized access.
You can use a plugin with a logout attribute for non-active sessions to set this up.
5. Set up alerts for suspicious WordPress logins
Hackers are constantly finding new ways to bypass security features, so we need to be vigilant. It is advisable to set up alerts on your site to be informed about suspicious activities as soon as they occur.
For this purpose, you need to utilize a security plugin like MalCare. It will constantly scan your website and warn you when it detects malware or something suspicious.
6. Set up a web application firewall
A web application firewall blocks hackers even before they visit your website. It does this by tracking IP addresses – a numerical identifier designated to every tool connected to the Web.
If the IP address has performed malicious activity, it will be flagged and blocked from visiting your website.
If you set up a firewall with a security plugin, you can be sure that you have the best possible protection for your website.
7 COMPLEX WordPress Hardening Methods
Now we come to the complicated methods for hardening WordPress. The following measures require some programming or development experience. Otherwise, mistakes can lead to website crashes and downtime.
Proceed with some caution when using these hardening methods, and if you haven’t done it yet, please secure your site.
1. Block PHP execution in untrusted folders
That is a bit technical, but let’s simplify it as much as possible.
First, you must know that PHP is a scripting language utilized in internet development. A PHP feature is a block of code written in a program that can perform to execute a particular job. Likewise, your WP website contains files and also folders. However, only specific documents and also folders use PHP features. Once a hacker has access to your website, he can develop his folders or insert his PHP functions right into the existing folders.
To stop such a hack, you can obstruct the execution of PHP functions from an unknown folder. Also, you can disable the execution of PHP functions in places where it is not necessary.
To do this, perform the following steps:
Tampering with the backend files and database tables of WordPress is a risky business and can lead to the collapse of your website. It requires technical knowledge. If you need to know what you are doing, it is best to get help from a professional.
1. Access your Website’s files through cPanel > File Manager. You will need your FTP credentials to access your files. If you do not have accessibility to cPanel, you can utilize an FTP client like FileZilla.
2. go to public_html, and you will see three folders: wp-includes, wp-admin, and wp-content.
3. next, look for the .htaccess file. If it is not, you can develop one by opening up a text editor like Notepad and saving the file as .htaccess.
4. Paste the following code into your .htaccess file.
<files *.php>
deny from all
</files>
5. When creating a new file, you must upload it to two directories: wp-includes and wp-content/uploads.
That will change the file permissions and prevent a PHP file from running in those directories. If all this is too technical for you, you can automate this with security plugins like MalCare.
➢ Disable file editor
Hackers can control your site if they access a WordPress admin account. From the control panel, they can modify the coding of your theme and plugins via the “Editor” option. The most common hacks done through these editors are SQL injections, SEO spam hacks, and Japanese SEO spam. They can also upload scripts to display their content, deface your website, spam your users, etc.
To locate the editor, go to Appearance > Editor. And Also, Plugins > Plugin Editor.
To disable the editor, you require to access your wp-config documents. Can utilize the same way we utilized documents manager or FTP to access the internet site files right here.
The next part requires technical programming skills and risks breaking your website if you need to do it right. If you don’t know what you’re doing, you shouldn’t try it, even if it looks so easy. We recommend utilizing the “disable file editor” feature in MalCare.
If you want to proceed with the manual method, we have detailed the steps you need to follow.
1. In your file manager, locate your wp-config file and right-click to bring up the “Edit” option.
2. Now your wp-config file opens, and you wonder what to do next! Don’t panic. Scroll down and find the line:
/* That’s all. Finish editing! Have fun publishing. */
3. Paste above it the following code
define( ‘DISALLOW_FILE_EDIT’, true );
4. Save the variations and close the editor.
5. Return to your dashboard and see that you no longer get the editor option.
Note: If you don’t have access to cPanel, you can download your wp-config documents employing FTP. Open it in any full-screen editor and include the line of code. Publish the data back to the website as you downloaded it. You can overwrite the old file.
➢ Change security key
WordPress saves your credentials for easy login, so you don’t have to re-enter them whenever you want to log in. It is important to note that the data is stored in encrypted form.
If the information is stored in plain text, a hacker can easily read it if they get their hands on it. When the data is encrypted, it looks like random text that they can’t use.
To encrypt the information, WordPress has to use recalled security keys and salts. Keys are random variables that encrypt your administrator username and password, and salts help take the encryption a step further.
Hackers can decrypt the encrypted data and hack into your account if they get their hands on your security keys and salts.
Now access your files using the method described above and paste the generated values into your wp-config file here:
Again, this requires a code change, so we only advise WordPress website owners to try this if they are technically savvy. Using a security plugin that will do the job for you is best.
2. Prohibit plugin installations
To set up a plugin, a customer or client must extensively examine its compatibility and credibility. That can result in various problems on your site, so it is best to avoid this opportunity altogether.
You can disable the plugin and also theme updates and setups in two ways:
You can include a line of code in the wp_config.php configuration files.
Following the same method as described in the previous section, add the following line:
define(‘DISALLOW_FILE_MODS’,true);
Note: Please note that you need to delete this line of code if you want to update themes and plugins or install new ones.
➢ Making use of a safety plugin
The easiest way to make it possible and disable this function is to utilize a plugin. If you make use of MalCare, all you must do is click a button to make it possible and disable the attribute.
That is an extreme measure, but it is necessary if you have a lot of users working with your website or if you want to prevent your customers from installing plugins unnecessarily.
➢ Save your wp-config.php file
The wp-config.php data is one of the most critical files in your WordPress installation and a favorite target for hackers. The wp-config file not only contains the credentials for your website’s database but is also responsible for making a WordPress website work.
Besides disabling file editing, you can do two things here: change security keys and disallow plugin installation.
Hide wp-config.php
The first option is to move the wp-config.php file up one level. That is not a specific measure in the true sense but is meant to make it harder for malware to find the file. However, moving the file does not make it impenetrable, so set appropriate expectations.
Note: There is no consensus among developers on whether moving the file is a good idea or not. This action may be ineffective in some cases, such as the vulnerability in Contact Form 7. However, we make getting hacked as hard as possible.
➢ Reject access to wp-config. PHP
Denying access is a far more concrete action; if you do this, you will not have to relocate the file. Go to yours. htaccess documents and also add the complying with code at the very beginning:
<files wp-config.php>
order allow, deny
deny from all
</files>
There are a couple of points you can make to safeguard your wp-config. PHP documents. This article gives a list of every one of them that you can do in one session.
➢ Separate databases
If you are running more than one website with separate WordPress installations, it is advisable to separate the databases and store them in different locations. If hackers gain access to one site, your other sites will remain unharmed – at least in theory, as much depends on the other sites’ security.
Although this is best done during installation, it can also do it later, and it’s worth the effort. However, this requires some familiarity with MySQL and its configurations.
➢ Securing wp-admin
To take login security to the next level – which you should do – you can force logins to be transmitted over SSL. Make sure you’ve installed SSL and fixed any mixed content issues.
Then, navigate to the wp-config.php file you’re familiar with by now and paste in this code:
define(‘FORCE_SSL_ADMIN’, true);
We know this is a straightforward step, but there’s a reason it’s included here in the Complex section. Plugins sometimes play poorly with SSL; sometimes, SSL can be configured in unusual ways.
➢ Using a WordPress security plugin
To do much of what we recommended above quickly and rapidly, mount MalCare.
Good WordPress safety and security plugins incorporate the website hardening actions you need to execute on your site with a web application firewall program, robot protection, and a scanner. So you can invest a little time figuring out the technological facets.
However, only some plugins offer the same convenience and benefits. There are quite a few plugins, but we recommend MalCare because it gets the job done quickly and conveniently with just a few clicks.
When you mount the plugin, your website is already protected. Below’s just how:
Checks your internet site regularly and also checks for the dubious task.
A proactive firewall that blocks malicious traffic from visiting your website
Real-time notifications when malware is present on your Website
3. 1-click malware cleanup
Apart from all these features, there are various levels of website hardening that you can implement on your website. These measures are optional, as only some website owners want to implement these security measures on their websites. You can decide what you intend to do depending on your needs.
Related: How To Secure Your WordPress Website Against Malware Infection
The three levels of website hardening that you can implement are
Basic measure
That allows you to block PHP from running in untrusted folders. You can also disable file editing. As mentioned earlier, this is a step you should take.
Under normal circumstances, you wouldn’t be dealing with WordPress files and folders. You would only operate your website through the wp-admin dashboard. You also don’t require to edit anything in the file editor of themes and plugins. By disabling them, you lose some of the doors that hackers can use to attack your website.
Advanced
You can block the installation of plugins and themes, meaning no one can install new plugins and themes on your website. This measure is extreme and should be taken if you suspect a hack or too many people are working on the website. If you require to install a new plugin/theme, you need to disable it from the MalCare dashboard.
Paranoia
Often WordPress websites are run by a team of people, with each person having their login. That increases the possibility for hackers to think credentials and access your website. Here you can change the security keys and reset the passwords for all users.
It is vital to alter all security keys and passwords regularly. If you have a big group, this will undoubtedly assist automate and speed up the process.
That is a crucial step to ensure you don’t get hacked again if you recover from a hacking attack.
You’ll also benefit from the following WordPress security features for your website:
Limited login attempts
CAPTCHA-based login
Warnings in case of unauthorized access
An activity log that shows file changes/updates on your website.
It also assesses every IP request to secure you from hacks like brute-force strikes.
It additionally prevents usual WordPress security dangers like SQL injection assaults and SEO spam, as well as utilizing your Website for DDOS strikes.
A full-fledged WordPress security plugin is more than the number of its parts. Although these procedures are adequate danger security, they form a powerful obstacle against malicious tasks. Install MalCare now, and rest assured that you’ve done everything possible to protect your website.
➢ For extra credit
While the following tips do not fall into the category of WordPress hardening, they are still best practices for security-conscious website administrators. We recommend implementing these measures once you’ve worked through the list above.
4. Secure your Website
The decidedly uninteresting access on this checklist: Back-ups. We know this; we develop the best-in-class backup plugin for WordPress.
A bad scenario best illustrates the importance of a good backup. Imagine you’ve invested months and years in building your website. It has customers, engages content, generates revenue through advertising, and has a good reputation. And poof, one day, it’s gone. Maybe a malware infection or a server was failing at your host; for one of a million factors. Imagine that. What would you certainly offer to have a backup under those circumstances?
Back-ups are vital. It’s just common sense
5. Keep your computer free of malware
Sometimes it’s the obvious things that get to us. Whatever computer you use – or even WiFi – has an impact on the security of your website. There’s no point protecting WordPress if there’s a keylogger on your computer; you’ve given your credentials to a hacker.
➢ Always keep everything up to date
Aside from WordPress, it’s essential to keep themes and plugins up to date. Vulnerabilities are discovered daily, and plugin developers release patches to fix those vulnerabilities.
If you do not utilize plugins or styles, you should eliminate them. You can constantly reinstall them later on if you need them once again.
On a side note, this is a vital factor in buying plugins. A paid plugin is typically actively maintained and also has an assistance channel for concerns you might have. A proactively preserved plugin is an investment in safety and security.
6. Use SFTP
If you utilize FTP to transfer files to your server, you need to change to SFTP. SFTP functions the same way when transferring files other than over SSH. The moved information is encrypted and can not be read throughout the transfer. Likewise, SFTP uses authentication for both the customer and the web server.
SFTP is ending up being the brand-new criterion, replacing FTP. The arrangement is virtually the same, so there is no good factor to continue with the old methods.
7. Use a trusted web host
Most security articles (like this one) focus on what you can do as a website administrator to make your site secure. You can do a lot, and installed applications cause most security breaches. However, that doesn’t mean the server is invulnerable.
You can only do something if your web host does its part to protect its servers. Servers are also vulnerable to attacks, and not just the digital variety. For example, are the servers in a physically secure location? Could a hacker gain access to the space and steal data that way? These are essential considerations, but a website administrator has limited influence.
So what can you do? Choose a trusted web host. A good web host will be transparent about their practices and list specific measures to protect their servers from attacks. There are better places to cut corners, as a cheap web host could be a very costly decision in the long run.
Conclusion
Malware removal is a tedious and challenging process that can lead to missteps and costly mistakes. Experts should only perform this process, and that can be expensive. Moreover, you have already lost data, traffic, reputation, and much more at this point.
So yes, take a preventative technique to security and mount a great WordPress security plugin. Then come back to this article and apply it to solidify actions, and lastly, check your site for usual WordPress solidifying mistakes.
If You Want To Make Your Website Security More Robust, You Need To Think About Hardening. To Harden, Your Website Means To Add Different Layers Of Protection To Reduce The Potential Attack Surface. With Website hardening, the Fix Hacked Site team can apply vulnerability-agnostic patches to any website.
You Might Also Enjoy
Why SSL Is Important For Website Security
How to make a website secure: tips you can’t ignore
How can “The Site Ahead Contains fix Malware” errors on a WordPress website?
Can you get viruses or malware just because you visit a website?
The post 18 Ways to Harden the Security of Your Website appeared first on Fix Hacked Site.
https://media.istockphoto.com/photos/login-and-password-cyber-security-concept-data-protection-and-secured-picture-id1271787791?k=20&m=1271787791&s=612x612&w=0&h=RcMVeM61cefDIdxdgiZJjhVcnTsaHqqcO6Cc3gkb9lc=
https://fixhackedsite.com/18-ways-to-harden-the-security-of-your-website/?utm_source=rss&utm_medium=rss&utm_campaign=18-ways-to-harden-the-security-of-your-website
0 notes