Skip to content

Steps to a Secure WordPress Installation

by Hayley7 on October 12th, 2010

As a WordPress designer/developer, I’m frequently installing WordPress. Along the way, I’ve compiled a sort of checklist to guide the process so I don’t overlook any steps.

1. Download and unzip the latest version of WordPress

Get it here: www.wordpress.org

2. Create a Database and User on your web server

Refer to the WordPress Docs for instructions on using cPanel, or if on a local test server, phpMyAdmin to create your database and user.

3. Edit the wp-config.php file

Chris Coyier has written a fabulous article detailing everything about editing and saving your wp-config file. Be sure to read it and follow all the steps. Here’s a quick recap:

  • Rename wp-config-sample.php to wp-config.php
  • Enter database credentials
  • Enter unique secret keys and salts for security – via the WordPress.org secret key generator
  • Change the database table prefix
  • Extra tricks:
  • Limit post revisions
  • Set blog address and site address

4. Install WordPress by navigating to wp-admin/install.php

Be sure to change the default user name ‘admin’ to increase security.

5. Delete the install.php file

This is another way to boost security.

6. Protect important files and directories with .htaccess

Place this code in your site’s root .htaccess file:


# SECURE .HTACCESS
    <Files .htaccess>
     Order Allow,Deny
     Deny from all
    </Files>  

# SECURE WP-CONFIG
    <Files wp-config.php>
     Order Deny,Allow
     Deny from all
    </Files>  

# SECURE WP-ADMIN
<FilesMatch ".*">
 Order Deny,Allow
 Deny from all
 Allow from 123.456.789
</FilesMatch>

^Of course, you would change the IP address to your own in the above example.

7. Log into the dashboard and complete these settings:

a) User profile

b) Tagline

c) Time Zone

d) Writing, Reading, and Discussion (just look them over to make sure everything’s fine)

e) Change permalink structure

8. Activate Akismet or other spam protection

9. Install and configure SEO and Security Plugins

All in One SEO Pack is a great plugin for improving search engine optimization, as well as Google XML Sitemaps

Install these plugins for security monitoring (recommended by Chris Coyier, WordPress Security Lockdown

10. That’s it! Now you can start on the fun stuff. Good luck!

From → Resources

No comments yet

Leave a Reply

Note: XHTML is allowed. Your email address will never be published.

Subscribe to this comment feed via RSS