Tips on Creating a Secure Wordpress Install.

First off, do a manual install, forget Fantastico. Upload your Wordpress files, rename wp-config-sample.php to wp-config.php and let’s get started.

Create your database in Mysql via cPanel, don’t call it wordpress – be a bit more creative, like wrdpr1 or prwd1, same with the database user, you are allowed 7 characters so let you imagination run wild. Use a secure password at least 12 characters – using a combination of uppercase, lowercase and numbers, don’t use passwords like GeorgeBush or happybirthday.

When you assign your user to the wordpress database, don’t give them all permissions, this might save you some grief later – the user only needs SELECT, UPDATE, INSERT, DELETE, CREATE,ALTER and DROP to do everything required within Wordpress.

Lets edit the wp-config file, use the auth, secure auth, loggedin and noonce keys to help secure your installation. Head over to https://api.wordpress.org/secret-key/1.1/ the Wordpress.org secret-key service for the keys, and just copy and paste them into your wp-config file – pretty simple.

Now, change the table prefix in the wp-config file from wp_ to something like 12wka_

Save your wp-config file and re upload it. Run your install – congratulations, you have a reasonably secure wordpress install, now we want to do a couple of post-installation changes.

Log in to your cPanel and use phpMyAdmin and take a look at your database, your table prefixes have all been changed to what you set it to in wp-config, we now want to edit the default login name from admin to something else – just makes it a bit more secure. Select the users table from the left menu and then click browse. Click the edit button to edit admin (which is the only current user). Then in the user_login field, simply delete the word admin and put something more secure in there such as BlogMarks35, then click the go button which will save the change for you.

Now you can login to your wordpress admininstration panel and make any changes you want. One that I would recommend is the install of the plugin – WP Security Scan. Just do a search for it, and install it and it will show any issues with your current Wordpress installation.

Also, remove the wordpress installation file i.e install.php as another precaution.

There are more things you can do to really batten down the hatches such as .htaccess files and other things, but with the basics above you are on well on the way to having a pretty secure blog.

Have you ever had the problem of trying to upload an MP3 file via Wordpress Admin to your hosting server and seen the horrible error – “File is too big. Maxiumum filesize is 2M”.

Don’t sweat it, this is pretty simple to fix and we will show you how to get it working easily.

Firstly a bit of background information, this is not an issue with Wordpress, but with your host’s php setup. Obviously they have set the upload_max_filesize to 2M in their php.ini file. Easy to fix, just login to your blog via ftp and have a look in your root directory and see if you can see a php.ini file there, if it is simply edit the upload size to something like 10 or 20M.

No php.ini file in your root directory? This is still not an issue, all you need to do is make one. Here’s how:
Open up your text editor,and add the lines:

upload_max_filesize = 20M
post_max_size = 20M

Save the file as php.ini and then upload it into your wp-admin directory and any other directory where you want the default rule to be changed.

M stands for Megabyte and you can set this to whatever you wish.