fritex
June 23, 2022, 11:39am
3
Shouldn’t be active all the time. Set it at least to Medium.
I’d suggest and sharing my useful post about WordPress security, if that’s a concern:
That is a good question out there.
I would say it cannot be stated as a general rule of thumb, as far as some WordPress websites do not have to use like POST or PUT (WP REST API, wp-json, plugins etc.), while other have to - just an example.
You could try to block TRACE & TRACK for example.
Or, if you could for example, limit HEAD, GET and POST for some specific IP or some similar scenario, where you protect your Website from bad bots, possible attacks, etc. in terms of security measurements. …
I am afraid you should look for better web hosting provider, or at least troubleshoot your theme and plugins:
Debugging PHP code is part of any project, but WordPress comes with specific debug systems designed to simplify the process as well as standardize code across the core, plugins and themes. This page describes the various debugging tools in WordPress...
Therefore, tune-up your PHP values a bit at your server/hosting provider/cPanel if you can:
memory_limit = 256M
max_execution_time = 300
max_input_time = 1000
max_input_vars = 5000 or 7000
post_max_size = 64M
upload_max_filesize = 32M
You should install some of the WordPress caching plugin for cache like WP Super Cache:
Make sure Cloudflare is proxied and set to
Regarding performance, you can try out Cloudflare APO for WordPress for a month and see how it goes:
Some useful multiple stuff linked inline here:
Despite of not knowing the capabilities of the origin host/server of ecwid provider, in terms of a W3TC, and despite this might be a question for StackExchange forums, but from my experience with, you would have to make sure and enable:
configure web server (Apache or Nginx or some other) → PHP tuning + PHP-OPCache (Zend)
Page Cache: Disk
Browser cache (configure per need)
Database cache: Memcached
Object cache: Redis
exclude cookie cache and pages like cart/account/checkout at W3TC due to the…
I would like to add a note from my experience.
Mostly, it depends on the origin host / server which needs to be optimized and tuned up.
The best case scenario which I have tested and is working perfectly fine (for my case) was the combination of:
dedicated server (1Gbps link, NvME disks, good CPU and enough RAM)
WP + WC (updated)
Nginx (with open file cache configured)
W3 Total Cache (PHP OPCache, Memcached, Redis, Page Cache, Browser Cache)
Cloudflare (Free or Pro plan)
Great one.
I wa…
In that case, I’d suggest you to whiltelist/allow your server IP by navigating to the Security → Tools → IP Access Rules. Add your origin host / server / web hosting IP address in the input field and select the action “allow” from the dropdown for your website.
Furthermore, are you using any of the WordPress security plugins which could restrict WP JSON or it’s API, so maybe some of your plugin(s) might not work as expected?
Can you share a screenshot of this Firewall rule?
for your website (both www and non-www).