I get even more bizarre results: HTTP/1.1 301 Moved Permanently I also did this command to check for range request support… Common thing for old time server administrators to block HEAD requests, unfortunately this is not compatible with podcasting. It appears your web server LiteSpeed may be blocking HEAD requests. I ran the following command from a shell prompt to test for HEAD request support:įor your media URL, this is what I got in return: HTTP/1.1 403 ForbiddenĪlt-Svc: quic=":443" ma=2592000 v="39,43,46", h3-22=":443" ma=259200 Performs a byte range request to get the first 2MB of the file to read the ID3 tags for meta information including the durationīoth the HEAD request as well as the byte range request is required for Apple podcasts.Performs a HEAD request to check URL is valid.# cd /var/www/html/īefore the # BEGIN WordPress line, add these rulesets and save the file.The verify feature in PowerPress does 2 things: Navigate to the WordPress root folder and edit the. To make all those changes, follow these steps. Username enumeration can make brute force attacks easier for bad actors. Block User Enumeration Attempts: If you visit you can see your main administrator's username.Disable PHP Error Reporting: By default, OpenLiteSpeed instances have display_errors disabled in the PHP configuration.These steps prevent unauthorized access and prevent LiteSpeed from serving the file in plain text if the server stops executing PHP. Secure the wp-config.php File: Securing the wp-config.php file keeps your database credentials safe.Hide Static Files: Fingerprinting static files allows attackers to determine the WordPress version.Disable XML-RPC: This function is normally safe to disable unless you know that you need it.There are several security improvements you can make to the. You can also reboot the server, which serves the same purpose. For example, many popular caching and security plugins will modify. You'll also need to restart LiteSpeed whenever a WordPress plugin modifies. htaccess rules, you must restart LiteSpeed. # cd /var/www/html/wp-includesĪfter changing.
You'll repeat the same steps as the uploads folder, except in the wp-includes folder. htaccess Rules for the wp-includes Folder # BEGIN Block PHP ExecutionĬhange ownership of the file to & chgrp www-data. htaccessĪdd the following rule and save the file. # cd /var/www/html/wp-content/uploadsĮdit the. Navigate to the WordPress uploads folder. The directories to forbid PHP execution in are:Īdd the. Specific directories can hold user-uploaded content or have no need for PHP execution. Disable PHP Execution in Unsafe Directories
Deploy an OpenLiteSpeed WordPress instance.Before launching your site, there are a few extra steps to ensure your site and server stay secure.
The OpenLiteSpeed image includes a powerful set of tools to start a WordPress site.