Pimp my WordPress

Broadly speaking, the high-level goals for this website are as follows:

  • Make the UI/UX simple and intuitive,
  • Showcase my portfolio with supplemental digital media,
  • Make it easy and safe for people to reach out to me

Based on these goals, here are some relatively accessible action items to start this off:

  • Install and/or modify an existing WordPress template,
  • Find useful plugins
  • Read through basic usagemaintenance of the WordPress documentation
  • Update the menus to reflect my post categories and relevant static webpages
  • Put together some photographs to use as banners / home page media

So far, I purchased a Udemy “WordPress for beginners” course, and have begun going through that content as well.

2021-01-21:

  • Changed theme of website to a template which I like the look of more
  • Optimized website performance: Activated page caching, minify, and database caching to disk.
    • Finding a CDN would help minimize VM usage, as well as potentially increase load speed of media elements. Maybe I could use backblaze b2…
  • Changed website url structure to something far more readable
  • Added favicons (android-chrome, apple-touch, browserconfig.xml, mstile, site manifest)
  • Scanned site with Nessus
    • Some directories on the web server are browsable. Some PHP files may be callable in the wp-include directory. Don’t know how much of a security threat this poses.
    • An X-Frame_Options response header or Content-Security-Policy response header is not present in all content responses.

2021-01-22:

  • Enforce HSTS, tweaked firewall rules, disabled access to xlmrpc.php
  • Modified .htaccess, added X-security rules to protect against XSS attacks, page-framing/clickjacking, and content sniffing
    • Todo: Add content security policy, X permitted cross domain policy, feature policy, expected certificate transparency.

Leave a Reply

Your email address will not be published. Required fields are marked *