Aug

The 5 Minute Secure Wordpress Install

Filed in: Blog Setup, Wordpress Issues, wordpress by Scott Freed on 08-26-09

Tips on Creating a Secure Wordpress Install.

First off, do a manual install, forget Fantastico. Upload your Wordpress files, rename wp-config-sample.php to wp-config.php and let’s get started.

Create your database in Mysql via cPanel, don’t call it wordpress – be a bit more creative, like wrdpr1 or prwd1, same with the database user, you are allowed 7 characters so let you imagination run wild. Use a secure password at least 12 characters – using a combination of uppercase, lowercase and numbers, don’t use passwords like GeorgeBush or happybirthday.

When you assign your user to the wordpress database, don’t give them all permissions, this might save you some grief later – the user only needs SELECT, UPDATE, INSERT, DELETE, CREATE,ALTER and DROP to do everything required within Wordpress.

Lets edit the wp-config file, use the auth, secure auth, loggedin and noonce keys to help secure your installation. Head over to https://api.wordpress.org/secret-key/1.1/ the Wordpress.org secret-key service for the keys, and just copy and paste them into your wp-config file – pretty simple.

Now, change the table prefix in the wp-config file from wp_ to something like 12wka_

Save your wp-config file and re upload it. Run your install – congratulations, you have a reasonably secure wordpress install, now we want to do a couple of post-installation changes.

Log in to your cPanel and use phpMyAdmin and take a look at your database, your table prefixes have all been changed to what you set it to in wp-config, we now want to edit the default login name from admin to something else – just makes it a bit more secure. Select the users table from the left menu and then click browse. Click the edit button to edit admin (which is the only current user). Then in the user_login field, simply delete the word admin and put something more secure in there such as BlogMarks35, then click the go button which will save the change for you.

Now you can login to your wordpress admininstration panel and make any changes you want. One that I would recommend is the install of the plugin – WP Security Scan. Just do a search for it, and install it and it will show any issues with your current Wordpress installation.

Also, remove the wordpress installation file i.e install.php as another precaution.

There are more things you can do to really batten down the hatches such as .htaccess files and other things, but with the basics above you are on well on the way to having a pretty secure blog.

RSS feed | Trackback URI

Comments »

No comments yet.

Trackback responses to this post

Digg it Save to Del.icio.us Subscribe to My RSS feed

Add this to:

BMS On Twitter

#wordpress Web Design AND Social Networking Services Now Offered to Golf Professionals ... http://bit.ly/9PlTOF about 41 minutes ago from twitterfeed
#wordpress New poll shows Democrats losing ground on national security http://bit.ly/dujdT4 about 3 hours ago from twitterfeed
Most Wanted Business/Magazine Wordpress Premium Themes | AEXT.NET http://ow.ly/16LaTI about 3 hours ago from HootSuite
#wordpress BrightTALK Hosts Panel Presentation on Social Media for Asset Management Firms http://bit.ly/cGZiKa about 5 hours ago from twitterfeed
#wordpress Cisco Boosts Bandwidth Play With CRS-3 Intro http://bit.ly/aiNb5D about 7 hours ago from twitterfeed
#wordpress Michigan Internet Marketing Company Ingenex Digital Launches New Web Site http://bit.ly/cMo05w about 11 hours ago from twitterfeed
Wordpress Web Hosting the Big Balance Winner http://ow.ly/16KWWN about 11 hours ago from HootSuite
WordPress 'the leading blog publishing tool' http://ow.ly/16KU6D about 13 hours ago from HootSuite
Ian Stewart joins Automattic as it prepares WordPress 3 http://ow.ly/16KSBw about 14 hours ago from HootSuite
#wordpress The Social Media Expert Crisis Descends http://bit.ly/9oQixR about 15 hours ago from twitterfeed