Author: Jarno Vos
Enable an efficient and performant firewall
A firewall is a filter. Specifically, the Really Simple Security firewall looks at requests coming into your site and blocks the ones that look like attacks — things like SQL injection attempts, cross-site scripting, and requests from known malicious IP addresses — before they ever reach WordPress. It runs cleanly in the background. You do not need to configure rules manually. Once it is active, it logs blocked requests so you can see exactly what it has caught. 404 Blocking
DISALLOW_FILE_EDIT is defined and set to “false”
When activating the “Disable the built-in file editors” feature under Settings -> Hardening in Really Simple Security, you might receive a notice that “the DISALLOW_FILE_EDIT constant is defined and set to false” as shown in the below image. This means that DISALLOW_FILE_EDIT has been defined in the wp-config.php with a false value, and Really Simple Security cannot override this while that is the case. The solution is to remove the following line from your wp-config.php file: define( ‘DISALLOW_FILE_EDIT’, false ); After doing
Installing an SSL certificate on MediaTemple
After generating your Let’s Encrypt SSL certificate in Really Simple Security (step-by-step instructions here), you will have received three files: CRT, KEY and CABUNDLE. These files have to be uploaded in your MediaTemple Dashboard, after which your site will be secured with SSL. Login to the MediaTemple user portal Navigate to the “Overview” page Find your domain in the list of sites and click the domain where SSL should be installed Select “Manage SSL Certificate Options” or “SSL Options” (this
Generate an SSL certificate with Let’s Encrypt
Most hosting providers will provide you with an SSL certificate. Really Simple SSL attempts to detect and enforce the installed SSL certificate automatically. If your hosting provider does not offer free SSL certificates, but does allow for the installation of third-party SSL certificates: you can generate a free Let’s Encrypt SSL certificate with Really Simple SSL. The below steps will guide you through the SSL generation process. Important Note: your Hosting Provider may restrict the generation/installation of third-party SSL certificates.
Fixing SSL Incomplete certificate chain error
What impact does the “Incomplete Certificate Chain” error have on your website? A missing chain certificate can indirectly cause problems related to the security of your website, and could impact your visitors’ ability to reach your website on certain mobile devices (mostly Android). Fortunately, your hosting provider/certificate supplier can easily fix the Incomplete Certificate Chain for you. Still, it might be interesting to know why this occurs in the first place. Chain of Trust: When is a certificate considered trustworthy?