Setting Up a Secure WordPress Blog During WP Installation
The way I typically install a fresh copy of WordPress (video below)
By John Hoff
Setting up a secure WordPress blog right from the beginning is the best way to go.
Thanks to WordPress 3.0 (and now beyond), WordPress has made it much easier to get a head start on creating a more secure blog.
In this article, I want to first highlight a few changes WordPress 3.0 and beyond allow us to do and then I'll show you in a video below how I typically install a fresh version of a WordPress blog.
What WordPress 3.0 Has Added
So far (as of the writing of this article - 7/9/10), these enhancements WP 3.0 has given us mainly apply to new, fresh manual installs of WordPress.
During the installation process, WordPress let's you do 2 new things while the 3rd is done automatically for you:
Why These 3 Things Are Important#1 - The default username
Some bloggers out there say that changing your default username from admin to something else really doesn't help you create a more secure WordPress blog. I tend to disagree with that notion, and so does it seem the creators of WordPress.
You see, by changing your default username from admin to something else, like say johnsID, you're making it much more difficult for hackers to guess your username and password. To crack into your blog, some hackers will use a program like Brute Force Password Discovery which will run millions of combinations of words to try and figure out what your password is.
But to get in, they need to get both your username and password correct.
So why let them guess correctly with the username admin? Just change it and move on. The good news is that WordPress 3.0 allows you to create a unique username right there during the installation process.
#2 - Changing the database prefix
Just like I mentioned in #1 above, why let a possible intruder guess what your database prefix is?
Many hackers will "guess" that your database prefix is wp_.
That is the prefix used by millions of blogs which the owners have not taken the time to change so that their blog is a little more customized and not so cookie cutter.
If you're not sure what all that means, just know that when you install WordPress 3.0 and above manually, be sure to change the default table prefix from wp_ to something more obscure, like tx32Lv_ or something.
#3 - Secret Keys
Like you'll see in the video below, secret keys are long strings of characters which you can add into your wp-config.php file which will help the secure WordPress blog notion.
Basically what they do is help encrypt your cookie which contains your password during the login process.
Again, if you're not sure what this all means, the good thing is that WordPress 3.0 and above does this automatically for you when you install a fresh copy.
Creating a Secure WordPress Blog During Installation Video
When I install WordPress, I typically do it manually. There are also a few things I do right from the beginning to help get my blogs on the fast track to being secure.
To learn everything I do, you'd want to check out my book, WordPress Defender; however, in addition to the adding the 3 topics I talked about above, I also move all my core files out of the main (or root) WordPress directory.
This does two things for me:
Okay, enough talking, let's watch me set up a WordPress blog.
Video 1: Installing WordPress 3.0
Note that these videos were created over on my blog, so they reference WP Blog Host.
Video 2: Moving WordPress Core Files Out of Root
So now that you have your blog set up and on the fast track to being secure, you can go out and get all those plugins, like the Popup Domination WordPress Plugin and SEO Scribe Plugin to help drive traffic to your site and get you making a little money with it.
Want to learn more about WordPress Security?
Get the WordPress Defender eBook | Contact Us
© 2011 John Hoff, All Rights Reserved