Broadly speaking, the high-level goals for this website are as follows:
- Make the UI/UX simple and intuitive,
- Showcase my portfolio with supplemental digital media,
- Make it easy and safe for people to reach out to me
Based on these goals, here are some relatively accessible action items to start this off:
- Install and/or modify an existing WordPress template,
- Find useful plugins
- Read through basic usage – maintenance of the WordPress documentation
- Update the menus to reflect my post categories and relevant static webpages
- Put together some photographs to use as banners / home page media
So far, I purchased a Udemy “WordPress for beginners” course, and have begun going through that content as well.
- Changed theme of website to a template which I like the look of more
- Optimized website performance: Activated page caching, minify, and database caching to disk.
- Finding a CDN would help minimize VM usage, as well as potentially increase load speed of media elements. Maybe I could use backblaze b2…
- Changed website url structure to something far more readable
- Added favicons (android-chrome, apple-touch, browserconfig.xml, mstile, site manifest)
- Scanned site with Nessus
- Some directories on the web server are browsable. Some PHP files may be callable in the wp-include directory. Don’t know how much of a security threat this poses.
- An X-Frame_Options response header or Content-Security-Policy response header is not present in all content responses.
- Enforce HSTS, tweaked firewall rules, disabled access to xlmrpc.php
- Modified .htaccess, added X-security rules to protect against XSS attacks, page-framing/clickjacking, and content sniffing
- Todo: Add content security policy, X permitted cross domain policy, feature policy, expected certificate transparency.