Frontity and WordPress Security

Kent · 11 December 2020 00:37

Hi,

I have some questions regarding the different redirect methods to hide the WordPress installment.

Should we use both the Frontity REST API - Head Tags Plugin and the Simple Website Redirect Plugin??

And what about the Frontity PHP plugin, is that laid on the ice for now?

What about security when hosing Frontity and WordPress with Pantheon’s Decoupled Service?
Which plugins will be necessary with Pantheon’s Decoupled Service when this goes live: Decoupled CMS - Going Headless | Pantheon

Should any of these be used?

Perhaps @stevepersch can tell us more about how security can be set up with Pantheon when running their Decoupled Service with Frontity??

Will the WordPress installment and login page be open publicly with Pantheon, or will we need to first log in to Pantheon’s dashboard to enter the WordPress back-end?

What about the Embedded Mode feature… Don’t you need that with Pantheon?

This can also be of interest regarding the security of your WordPress installation, but if this is necessary on Pantheon I do not know… Should we run Wordfence with Pantheon?

Should You Hide Your WordPress Login Page?

No, it’s not necessary… Look at the explanation here:

It’s better to protect your login like this:

juanma · 11 December 2020 12:39

Hi @Kent

Regarding Wordpress security, in this thread our Lead Developer (and Co-founder of Frontity) shares his point of view:

Regarding this, maybe @SantosGuillamot can give you more information on the status of this Frontity PHP plugin.

Regarding the rest of your questions I think @luisherranz can help you better than me.
@luisherranz any thoughts on these questions?

SantosGuillamot · 15 December 2020 07:45

Right now we only have the proof of concept of the Embedded mode, which is the first step to build the PHP plugin. We were discussing different possibilities in this Feature Discussion, but I will open a new one to talk exclusively about the Frontity PHP plugin in the coming days.

Regarding estimations, it’s hard to say. It’s one of our top priorities right now, but our initial idea is to address other features like AMP, Server Extensibility or Frontity hooks first.

Anyway, for things like the redirects you mentioned, plugins like the one you shared should be enough right now.

Not 100% sure about this, but I assume it should be similar to a common WordPress site and you can install the Security plugins you prefer. This is a Pantheon guide about WordPress security in case it helps.

Your WordPress should be used as any WordPress installation. This means that you can login in mysite.com/wp-admin as you usually do.

Kent · 17 December 2020 09:15

Thanks for the nice replies guys