How to install WordPress Securely
How to fix Gaping Security Hole Left By Fantastico
- An outdated version of WordPress. It installed WP version 3.0.3. The current version today is 3.0.4. Not good to start out with outdated WordPress since 3.0.4 was a important security update.
- Created database name of wrdp1. This is standard. If I created another one it would be wrdp2. Malicious hackers know this is how they’re created and it gives them more ammo.
- Created a database username the same as my database name. Why make it so easy for evil doers? They just need to guess my password now.
- The database password is 12 characters long and contains upper and lowercase letter and numbers. Not too bad, but I prefer 14 characters minimum and some symbols too.
- The table prefix created was wp_. I was given no option to choose the table prefix. Crackers know this is standard. You should use something other than wp_.
- Created a file named fantversion.php, which is common for all auto installers. This is a security risk if crackers know how to break into it.
- After I installed, I got this note… We only offer auto-installation and auto-configuration of WordPress but do not offer any kind of support. For the WordPress beginner this would have them confused as to where to find help if it didn’t install properly.
- I’ve read online that there have been times during upgrades that they stall or have conflicts and at times break websites.
Brute Force blocked by wordfence
version no longer appears in wordpress.
block hackers and bad bots
hide admin area