7. Security

Jump to bottom

alex_prokopenko edited this page Dec 1, 2017 · 4 revisions

[DRAFT]

Security

Salts

By default installer will generate WordPress salts automatically. To replace them you can change .env variables:

AUTH_KEY
SECURE_AUTH_KEY
LOGGED_IN_KEY
NONCE_KEY
AUTH_SALT
SECURE_AUTH_SALT
LOGGED_IN_SALT
NONCE_SALT

Salts can be generated with:

Custom composer command: composer wp:salts
WordPress generator: https://api.wordpress.org/secret-key/1.1/salt/

WP Admin HTTP Authentication

We recommend to set one more level of security - add additional HTTP password protection. You can do this with our composer script:

composer wp:secure -u "login" -p "password"

Next: mu-plugins autoloader