The first and most important step if you have still not chosen web hosting yet is to choose a hosting environment that is absolutely secure. Choosing the right host will save a lot of time for you and also pick the right packages that work for your website.<\/p>\n\n\n\n
Bluehost<\/a> Recommended by WordPress<\/strong><\/p>\n\n\n\n WordPress recommends several hosting providers to host your WordPress website.<\/p>\n\n\n\n One of these hosting providers that recommended by WordPress and we recommended too is Bluehost<\/a><\/p>\n\n\n\n Bluehost <\/a>is very secure with good support through phone or chat.<\/p>\n\n\n\n And you can easily install WordPress to it and here is How to Create a WordPress Website with Bluehost<\/a>, from choosing a WordPress package to picking a theme.<\/p>\n\n\n\n Important! at this article we provide some methods that require editing the source code of a WordPress which could break your website if not done correctly. If you are not comfortable with any of these methods requiring coding, please check with a developer first.<\/p>\n\n\n\n <\/p>\n\n\n\n The default WordPress URL to login to the dashboard is (\/wp-admin) or (\/wp-login.php).<\/p>\n\n\n\n We suggest changing these default WordPress URLs for admin login by using this plugin WPS Hide Login.<\/p>\n\n\n\n When you define a new custom login URL to your website then the (wp-admin) directory and the (wp-login.php) page become inaccessible, so you must remember and save the new login URL that you defined.<\/p>\n\n\n\n Suggested Plugin: WPS Hide Login <\/strong><\/p>\n\n\n\n https:\/\/wordpress.org\/plugins\/wps-hide-login\/<\/a><\/p>\n\n\n\n After active it plugin go to Setting > General > WPS Hide Login: define new Login URL & Redirection URL.<\/p>\n\n\n\n Don’t forget if you\u2019re using any caching plugin you should add the slug of the new login URL to the list of pages not to cache.<\/p>\n\n\n\n Important Note: If you are using another security plugin that may include the option (change the default admin login URL), so don’t use this plugin in this case to avoid any conflicts issues.<\/strong><\/p>\n\n\n\n In general, don’t use different plugins that did the same job, especially those plugins for security or performance.<\/p>\n\n\n\n <\/p>\n\n\n\n Simply without talking deeply technically, XMLRPC.php is a feature that allows for connection to WordPress remotely like to connect to a WordPress via a Smart Phone.<\/p>\n\n\n\n The big problem with XML-RPC function is that it has become a backdoor in WordPress for hackers, scripts, Brute Force Attacks, DDoS attacks or bots.<\/p>\n\n\n\n To disable XML-RPC on your WordPress there are many plugins that do this for you and some of the general security plugins have an option to do that<\/p>\n\n\n\n Suggested plugin: Disable XML-RPC<\/p>\n\n\n\n https:\/\/wordpress.org\/plugins\/disable-xml-rpc\/<\/a><\/p>\n\n\n\n Just activate this plugin and it will automatically disable XML-RPC.<\/p>\n\n\n\n or on .htaccess<\/strong> file.<\/p>\n\n\n\n Replace xxx.xxx.xxx.xxx with an IP address you want to give access to xmlrpc.php or remove access completely by simply removing this line.<\/p>\n\n\n\n WP-Cron on WordPress is used to schedule a post to publish, check for updates, send email notifications, and more.<\/p>\n\n\n\n WP-Cron on WordPress It is similar to CRON jobs on the host cPanel which is used to schedule tasks at periodic fixed times, dates, or intervals.<\/p>\n\n\n\n It might be a good feature if you need to publish posts at specific dates later on, but the problem with this feature is it slows down the server and impact the performance especially if you run more than WordPress website on the same server or you have a huge web content with a list of tasks that need to be checked by WP-Cron whenever a page is visited which high the load on the server.<\/p>\n\n\n\n For me, I prefer to disable this feature to improve website performance even I have never used the schedule feature, and it is up to you to choose to keep it or disable it according to your needs.<\/p>\n\n\n\n 1- Go to (wp-config.php) file<\/p>\n\n\n\n 2- Add:<\/p>\n\n\n\n Before \u201cThat\u2019s all, stop editing! Happy blogging.\u201d<\/p>\n\n\n\n Now wp-cron.php will not run automatically each time someone visits your website.<\/p>\n\n\n\n If you still need a scheduling feature after disabling wp-corn via the above way, you could use plugins like WP Crontrol, Advanced Cron Manager \u2013 Debug & Control, or just make your own search for the best choice from many plugins.<\/p>\n\n\n\n Nulled theme means a cracked version of a premium theme.<\/p>\n\n\n\n These nulled themes sometimes include malware or backdoors which provide a subsequent access point to your website for hackers.<\/p>\n\n\n\n You should also use any plugins for malware scanners to detect possible malicious code in nulled\/free WordPress Themes before using it, malware scanner like:<\/p>\n\n\n\n Anti-Malware Security and Brute-Force Firewall<\/p>\n\n\n\n https:\/\/wordpress.org\/plugins\/gotmls\/<\/a><\/p>\n\n\n\n if you are familiar with setup WordPress on localhost, it will be better to use this plugin to scan nulled\/free themes locally before uploading it online and using it.<\/p>\n\n\n\n![\"\"](\"https:\/\/saedx.com\/blog\/wp-content\/uploads\/2022\/03\/bluehost-logo.png\"){kind=logo}
<\/a>2- Change the WordPress default URL of the admin login<\/strong><\/h2>\n\n\n\n
3- Disable XML-RPC<\/strong><\/h2>\n\n\n\n
# Block WordPress xmlrpc.php requests\n <Files xmlrpc.php>\n order deny,allow\n deny from all\n allow from xxx.xxx.xxx.xxx\n <\/Files><\/code>\n<\/pre>\n\n\n\n3- Disable WP-Cron (wp-cron.php) for Faster Performance<\/strong><\/h2>\n\n\n\n
To disable WP-Cron:<\/h3>\n\n\n\n
define('DISABLE_WP_CRON', true);<\/code><\/p>\n\n\n\n4- Avoid using a nulled WordPress theme<\/strong><\/h2>\n\n\n\n
5-Disable Emojis in WordPress<\/strong><\/h2>\n\n\n\n