WP Update Salts – How To Secure WordPress

If you have ever edited your wp-config.php, you may be familiar with WordPress salt keys. Those are custom strings used to enhance the security of your WordPress installation. Every action that requires some user input is passing through encryptions and those encryptions include a piece of salt in it.

If you want to increase the security of your WordPress installation, it is recommended to update salts in your wp-config.php time to time. In this post, you will learn how to update WordPress Salt keys to increase your website security.


How To Update WordPress Salt Keys

Follow the steps below to update wp salts in your wp-config file:

  1. Open the wp-config.php file using the Cpanel code editor or downloading the file.
  2. Generate new salts using WordPress API tool: https://api.wordpress.org/secret-key/1.1/salt/
  3. Copy and paste new salt keys. Make sure to copy all of the keys generated.
  4. Save and upload the file in place.

If you don’t have access to a code editor or FTP folders, you can also use a plugin like Salt Shaker to do update salt keys in your wp-config file. However, since this is an important edit, I recommend doing it manually.

I hope you enjoyed this tip about updating wp salt keys. Follow our twitter account for more tips on WordPress.

[How To] htaccess Use Custom Error Document in the Current Folder

Apache only allows the ErrorDocument directive using the document root directory. If you don’t want to hard code full path of your error document in the htaccess file, but still need to use your own directory, you can use the following rewrite hack to redirect all errors to your static HTML file.

# Use Custom Error File in Current Folder
<IfModule mod_rewrite.c>
  RewriteEngine On
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteRule .* 404.html [L]
</IfModule>

Originally, if you were to type the full path of the document, you could use the following statements in your htaccess file:

ErrorDocument 500 /full-path-to/files/404.shtml
ErrorDocument 401 /full-path-to/files/404.shtml
ErrorDocument 402 /full-path-to/files/404.shtml
ErrorDocument 403 /full-path-to/files/404.shtml
ErrorDocument 404 /full-path-to/files/404.shtml

WordPress Hosting Requirements: 10 Critical Items to Check!

WordPress Hosting packages differ a lot between hosting providers. But to call a Hosting, “WordPress Hosting”, that provider should meet certain requirements. Otherwise, it will fail badly and you will notice it fairly late.

You can find our top WordPress Hosting Requirements for 2020 in the following list. Before selecting your WordPress Hosting Provider, make sure you have checked all those requirements carefully.

WordPress Hosting Requirements: 10 Critical Requirements

1. LAMP Stack

LAMP is the shortname for Linux-Apache-MySQL and PHP. WordPress runs on LAMP stack hosting servers. If your hosting doesn’t provide you any of those required software, then maybe it is not so suitable for WordPress. I know this seems most obvious, but there are many users out there trying to use Windows hosting for WordPress. So, listen to our word and just pick a Hosting with Linux servers using LAMP stack.


2. PHP Version 7.2

With the recent updates on WordPress core, minimum requirement of PHP changed from 5.6 to 7.2. Meaning if you want to get WordPress updates (which we highly recommend you to do so) you should go with a Hosting server that allows you to choose your PHP version. Or at least the version they have installed should be 7.2. Many of the old hosting servers are still using PHP 5.6, which will cause many security fails in the following years. So, if you are starting fresh, just go with a hosting server that has 7.2. Otherwise, you may need to ask your hosting server how to change PHP version through CPanel.


3. Caching Support

WordPress is a highly dynamic content management system, meaning that, it requires a lot of CPU and RAM to generate a page made up of all dynamic content. So, it is critical that your Hosting should provide you necessary tools for caching static pages and database queries. For the caching plugin, I prefer using LiteSpeed Cache, which works best if your host is using LiteSpeed Web Server. If you don’t have this option however, the best alternative seems to be W3 Total Cache. But W3TC is a little harder to setup.

Tip: A2 Optimized WordPress Hosting installs WordPress with Caching enabled by default. So, you don’t have to waste time on this, if you go with A2.


4. Cpanel

Cpanel is a Linux based control panel that allows you to manage your hosting in many ways. Using Cpanel you can backup your site, edit databases, make new installations and more. If you are going to select a hosting provider for a brand new website, I highly recommend you to go with the one that has Cpanel on it. It will make give you full power on your hosting.


5. Automatic Backups

Although WordPress is a highly secure platform, you still don’t know what troubles you may have. So, I recommend taking backups frequently. Today, most of the hosting providers have a backup plan. If you go with a hosting that has an automated backup plan, you won’t regret it. Because they don’t only backup WordPress but all your files.


6. Security

WordPress is a very secure platform if you are regularly updating your site. However, your hosting should be secure too. There are many levels of hosting security. User, Database, Operating system, etc. Of course, you can handle most of those using premium plugins. But picking a highly recognized, security optimized hosting server will make you feel more comfortable. But, don’t forget to take backups in any case!


7. Unlimited Space

When you are uploading images to WordPress you don’t realize how fast you can fill a 250MB hosting. But you can do it really fast. Because WordPress makes at least 3 different sizes of each picture you upload.

Nowadays, hosting providers have a really nice offer. They have unlimited plans (well unlimited in size, but limited in the number of files) which can handle a large site with nearly 50k images in it. If you are planning to use more images than this, however, you should consider a VPS.


8. Free SSL

SSL is now a requirement for SEO. Because Google announced that https sites will appear higher on results, now all websites are converting to HTTPS. Many of the hosting providers now have at least Free SSL service, so you can easily serve your website over https. If you select a hosting provider with Free SSL, you won’t have to pay extra fees for SSL Certificates.


9. One-Click Software Installer

In the old times, we had to create our own databases and install our own platforms using PHP scripts. Today, most of the hosting providers have that option called One-Click Software Installer. Now you can install WordPress using a few inputs without any manual actions. It’s very quick and also allows you to manage and upgrade your installations later on. By selecting a hosting with a one-click installer option, you will have access to many more software installations without any hassle.


Conclusion

Choosing the right hosting for your website is hard. I had to try at least 6 before finding the best option. In this post,  I have tried to share you the most basic requirements for high performance, SEO optimized and secure WordPress website. If you have a favorite, please share it with us in the comments with the main reason you are recommending it.

Cheers.