» » Six Steps to Secure a WordPress installation

Six Steps to Secure a WordPress installation

posted in: Wordpress Tips | 0

Six Steps to Secure a WordPress installation


WordPress is fast becoming the most popular blog and content management system on the internet. Where it traditionally was only used as a blogging system, more and more businesses are turning to WordPress as their preferred content management system. Therefore it is very important to secure a WordPress Installation right from the start.


If you are familiar with the cPanel, you will certainly know how easy it is to install WordPress via Fantastico. But the Fantastico automated install does not give you much control over your installation and therefore, you will not be able to make small changes to Secure a WordPress Installation before your site is up and running.


It is much more secure to install your WordPress site via ftp because you can make changes to certain files before you upload it to your server.


Step one – Creating the Database for Secure a WordPress Installation.


When installing WordPress via Fantastico, it creates a database with the traditional wp_ prefix. But if you create the table in cPanel –> mysQL databases, you can give your database a different prefix. This makes it very difficult for anyone to hack into your database. Add the user and the user’s password. Do not use the same password for your database user and your WordPress Administrator and give this user all privileges.


Step two – Preparing for installation of WordPress


Download the newest version on WordPress from www.wordpress.org. Unzip it and upload folders within the ‘Wordpress’ folder to your server. It is important to always use the newest version of WordPress to Secure a WordPress Installation.


Open the file wp-config-sample.php form and complete your database name, username and password.


Step three – Installation of WordPress


After uploading the folders to your server, point your browser to http://yourdomain.com/readme.html (This address will depend on where you have installed the WordPress folders and files.)


Click on wp-admin/install.php, you will be taken to the installation page were you have to complete the necessary information.


Make use of a difficult username as well as password. Do not use ‘admin’ as the username. Hackers expect the admin of a site to have ‘admin’ as a username en can therefore with brute attacks decipher your password. You can make use of an online password generator to ensure you get a ‘difficult to crack’ password. http://freepasswordgenerator.com/


Your username can contain spaces and special characters.


After successful installation of WordPress, you will reach the login page to your admin dashboard.



Step 3 – Delete the Readme.html


Delete the ‘readme.html’ file after installation to Secure a WordPress Installation.


Step 4 – Create and include custom made security keys.


Open your wp-config.php file. Get custom made security keys here, https://api.wordpress.org/secret-key/1.1/salt/


Replace the default keys that were created while installing, with the keys you get from the key generator site.


Save the file and upload it to your server. You can do this once a month to Secure a WordPress Installation.


Step 5 – Securing the Important files


The first important file is the wp-config.php file. This file contains all the information of your site and therefore should be protected at all times.


The .htaccess file must also be protected as this file contains important information that influences the way and by whom your site is accessed.


Open the .htaccess file and place the following code into the file. Make sure not to delete any of the data.


To protect the wp-config.php file, paste the following code in the .htaccess file.


<Files wp-config.php>

order allow,deny

deny from all



To protect the .htaccess file, paste the following code into the .htaccess file.


<Files .htaccess>

order allow,deny

deny from all



Step 6 – Secure a WordPress Installation by hiding the WordPress version of your site.


If a hacker can read this information on your site, the hacker will know exactly what weaknesses your site has regarding the safety of your site.


Open the functions.php and paste following code into the file.


remove_action(‘wp_header’, ‘wp_generator’);


Save the file and upload it to your server.


Filing 4 Africa offers you Dedicated WordPress Hosting.


Freelance Express offers you professional website creation.


This concludes the Six Steps to Secure a WordPress Installation.