Installing wordpress to see how well it goes. Hestia install scripts worked fine, easy to use. No choice of directory, only root. Might as well do some dev on Marwane’s site at the same time.
Because we’re using nginx we need to restrict public access to the .user.ini file. Wordfence explains how here. Also apparently we need to follow the instructions to remove the optimizations. or,
Alternately, you can remove the firewall setup files and related code by enabling the option “Delete Wordfence tables and data on deactivation”. This is found in the “General Wordfence Options” section on the “Dashboard” > “Global Options” page. You then need to deactivate Wordfence on the WordPress “Plugins” page. This method will reset all Wordfence options entirely after you activate it again since it removes all Wordfence tables and data.