name mode size
1stest.png 100644 256.07kB 100644 2.56kB 100644 37.82kB
header 100644 233.93kB
sitescreenshot.png 100644 414.86kB 100644 10.62kB
#Fast & Hard WordPress installer fasthardwp - automatically configures a WordPress installation with pre-hardened & pre-optimized settings from 4 simple questions. Usage: -change to domain's document root- wget sh fasthardwp -enter path for site (like /home/username/public_html/ or /var/www/)- -enter site url without slashes at the end (like -pick an admin username that isnt admin- -provide an email to receive the credentials at- When this script is ran it -Downloads wp-cli php package -Dynamically generates a database, database user, and random password (using cPanel API, for non cPanel servers replace with MySQL commands) -Sets stricter privileges for user -Randomly sets a secure admin password that only the email address entered will see -Downloads and configures WordPress -Configures wp-config.php and moves it up a directory to hide the configuration information -Configures an .htaccess that leverages browser caching, implements compression, and limits access to WordPress files and directories -Minifies CSS & JavaScript -Replaces stock header image with an optimized image -Downloads, installs, and activates Cerber Brute Force Protection plugin for wp-login security measures -Downloads and installs Two Step Authentication plugin to configure a second form of login authentication -Downloads, installs, and activates Caldera Forms for form validation and blocks spam/vulnerability bots/hackers with a built in honeypot -Downloads, installs, activates, and configures Black Hole for Bad Bots to automatically block bots which disobey robots.txt. robots.txt file created with bait rule, bait link added to header to block bots that disobey. -Downloads, installs, and activates AJAX Heartbeat tool. -Downloads, installs, and activates WP Deferred Js to defer parsing of javascript. -Downloads, installs, and activates Autooptimize plugin to further minify code. -Downloads, installs, and activates Duplicator for backups and migrations. -Hides WordPress version in functions.php -Sends admin email confirmation links, additional security tips, and randomly generated credentials for the WordPress admin and database. The plugins can be extended as needed by copying the bash code for installing a given plugin and replacing the links with the .zip download link from a plugin page, to extend for plugins like WooCommerce, SEO Ultimate, or SSL helpers. Currently completed but open to further suggestions for themes, optimization, and hardening additional vulnerabilities.