Good Gallery
WordPress

WordPress Security

Security measures, banned plugins, and server access policies for WordPress on Good Gallery

WordPress Security

Good Gallery enforces several security measures on WordPress installations to protect your blog and maintain server performance for all customers.

Banned Plugins

WordPress is powerful because you can use hundreds of different plugins on your website. However, plugin quality varies greatly, and they do not always work well in every server environment. Additionally, many plugins can cause serious performance issues for all blogs hosted on Good Gallery WordPress servers.

Some plugins are not supported or allowed. If you install any of the following plugins, they will be disabled automatically. The plugins included in this list are subject to change without notice.

Note: Attempting to use banned plugins may result in your website being temporarily deactivated.

The following plugins are banned:

  • Adminer
  • Backup
  • Backup Scheduler
  • BackUpWordPress
  • BackWPup Free
  • Bad Behavior
  • Broken Link Checker
  • Contextual Related Posts
  • Duplicator
  • Duplicator Pro
  • Dynamic Related Posts
  • EWWW Image Optimizer
  • EZPZ One Click Backup
  • File Commander
  • Fuzzy SEO Booster
  • Google XML Sitemaps with Multisite Support
  • HC Custom WP-Admin URL
  • IP Blacklist Cloud
  • iThemes Security
  • Jetpack
  • JR Referrer
  • No Revisions
  • Online Backup for WordPress
  • Ozh' Who Sees Ads
  • Portable phpMyAdmin
  • Quick Cache
  • Quick Cache Pro
  • Recommend to a Friend
  • SEO Auto Links & Related Posts
  • SI CAPTCHA Anti-Spam
  • Similar Posts
  • Spyder Spanker
  • Spyder Spanker Pro
  • Super Post
  • SuperSlider
  • Text Passwords
  • The-Codetree Backup
  • ToolsPack
  • Tweet Blender
  • W3 Total Cache
  • Wordfence Security
  • WordPress Gzip Compression
  • WordPress Mailing List
  • WP Database Optimizer
  • WP File Cache
  • WP phpMyAdmin
  • WP PostViews
  • WP Rocket
  • WP Slimstat
  • WP Super Cache
  • WP Symposium
  • WP-DB-Backup
  • WP-DBManager
  • WPEngine Migrate
  • WPEngine Snapshot
  • Yet Another Featured Posts Plugin (YAFPP)
  • Yet Another Related Posts Plugin (YARPP)
  • ZenCache

Pingbacks & Trackbacks

In WordPress, a pingback is a notification that someone has created a link to your blog from another blog. This feature creates an automatic reciprocal link to the website linking to your blog.

There is a security flaw in WordPress that allows attackers to abuse the pingback feature to launch Distributed Denial of Service (DDoS) attacks on websites.

Since a pingback has no known SEO benefit and given the security threat associated with this feature, pingbacks and trackbacks are disallowed on blogs hosted on Good Gallery servers.

XML-RPC (XMLRPC)

There is a security flaw in WordPress that allows attackers to use XML-RPC to launch Distributed Denial of Service (DDoS) attacks on websites. To prevent this potential security issue, XML-RPC is disabled on blogs hosted on Good Gallery servers.

Narrative

Narrative offers an Auto-Publish Service that uses XML-RPC. Since XML-RPC is a prohibited service on Good Gallery blog servers, that feature is not supported.

However, Narrative has launched a WordPress plugin that does not require an XML-RPC connection. Although the Good Gallery product team has not tested the plugin, that may be worth exploring.

PHP

PHP is an open-source, server-side scripting language. WordPress and WordPress plugins and themes are written in PHP.

PHP software on Good Gallery WordPress servers is regularly updated. Updates typically occur 6 months after a new PHP release is made available. This delay provides theme and plugin creators with additional time for software updates.

PHP updates address performance issues and security concerns. Additionally, according to Google's website testing tools, servers running outdated PHP versions may negatively affect website SEO.

Infrequently updated plugins and themes may not operate as expected on the latest PHP version.

PHP Compatibility Checker

If your website is experiencing plugin issues, you can use the PHP Compatibility Checker plugin to determine if PHP might be related.

Follow these steps to use the PHP Compatibility Checker plugin:

  1. Sign In to your WordPress blog's administrative tools.
  2. Hover your cursor over the Plugins menu.
  3. Choose Add New.
  4. Search for PHP Compatibility Checker.
  5. Click the Install Now button.
  6. Click the Activate button.
  7. Hover your cursor over the Tools menu.
  8. Choose PHP Compatibility.
  9. Click the Scan site button.
  10. Deactivate or Delete incompatible plugins.

You can deactivate or delete any incompatible plugins. You might locate comparable plugins by searching for PLUGIN-NAME php 7 compatible using your preferred search engine.

Username Vulnerability

Choose WordPress usernames that are difficult to guess. Hackers use scripts that take advantage of common username and password combinations.

Avoid these usernames:

  • admin
  • first name
  • last name
  • first name + last name
  • first initial + last name
  • domain name
  • public email address
  • business name

If your WordPress blog uses one of those insecure usernames, follow these steps to create a new username:

  1. Sign In to your WordPress blog's administrative tools.
  2. Hover your cursor over the Users menu.
  3. Choose All Users.
  4. Click the Add New button.
  5. Complete the required information.
  6. Change the Role dropdown option to Administrator.
  7. Click the Add New User button.
  8. Log Out of WordPress.
  9. Sign In to WordPress using the new username and password.
  10. Hover your cursor over the Users menu.
  11. Choose All Users.
  12. Hover your cursor over the old username.
  13. Click the Delete link.
  14. Click the radio button next to Attribute all content.
  15. Choose your new username from the dropdown list.
  16. Click the Confirm Deletion button.

Server Access

By restricting access to its servers, Good Gallery prevents unapproved third-party software installations. This helps ensure that systems always perform at optimum levels.

This restriction also minimizes server attack surfaces and helps guarantee that networks, servers, applications, and websites are secure for all clients.

This level of security means that Good Gallery does not provide FTP access, cPanel access, database access, file access, or .htaccess file access.

FTP Access

Good Gallery does not provide FTP access to its servers.

cPanel Access

Good Gallery does not provide cPanel access to its servers.

.htaccess

Good Gallery does not provide access to .htaccess files on its servers.

WordPress Files

To manage WordPress files, use an authorized WordPress Plugin or the built-in WordPress media management capabilities.

Other Files

See the Storage section for additional information about online storage for hosted files.

WordPress Maintenance

Automatic updates and backups for your Good Gallery WordPress blog

Security & Authentication

Security features and authentication options for your Good Gallery website

On this page

WordPress SecurityBanned PluginsPingbacks & TrackbacksXML-RPC (XMLRPC)NarrativePHPPHP Compatibility CheckerUsername VulnerabilityServer AccessFTP AccesscPanel Access.htaccessWordPress FilesOther Files