WordPress set up

Please see the handy WordPress installation guide here.

Also see this guide on setting up WordPress on our servers.

WordPress core files

Never edit any core files within WordPress.


See the theme guidelines here.


Please install the below plugins by default:

Activate all bar Wordfence. This will be activated when the site is set live.

WP Config

Ensure the wp-config.php has the below code in it (to stop admin users installing plugins, taking unauthorised backup’s of the site etc).

define( 'DISALLOW_FILE_MODS', true );


Your htaccess boilerplate file should have 3 things in it:

  • A link to the htpassword
  • WordPress’s permalink structure
  • A statement to protect the xmlrpc.php from hacking attempts.
AuthUserFile /var/www/vhosts/example.com/subdomains/subdomain-name/.htpasswd
AuthGroupFile /dev/null
AuthName EnterPassword
AuthType Basic
require user admin

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

<Files "xmlrpc.php">
Order Allow,Deny
deny from all


Your htpassword file should contain the below which incorporates our standard site login details:


WordPress settings

  • Settings > Permalinks should be set to ‘Post Name’
  • Never tick: Discourage search engines from indexing this site when setting up the site or during development.