In the last post of this series, I demonstrated how to configure SSL and SPDY. In this post I’m going to tie up a few loose ends and cover a number of topics that didn’t quite make the cut in previous posts. I’ll start with security and how you can further protect your sites against Cross-site Scripting (XSS) and Clickjacking threats. While on the subject of security I’ll also take the opportunity to discuss automatic updates and how to enable them. Next, I’ll show you how to correctly configure FastCGI caching for use with plugins such as WooCommerce, to ensure that you do not cache your checkout or account pages. Finally, I’ll demonstrate how to easily setup automated tasks across multiple sites with a few examples of tasks I like to perform. More Security In the previous post you learned how to configure SSL to encrypt connections between the browser and server, but this still leaves sites open to other areas of attack, such as XSS, Clickjacking and MIME sniffing. Let’s look at each of those now. XSS The most effective way to deal with XSS is to ensure that you correctly validate and sanitize all user input, including that within the WordPress admin areas. That said, input validation
Share This