Locked Install and secure wordpress

~~¥akuza112~~ · March 14, 2012

1. Download wordpress and upload it to your FTP ( FileZilla )

Englisch (

This is the hidden content, please

)

2. Configure your wp-config.php

Firstly, you have to fill in the database information like :

This is the hidden content, please

It woud be good if you’ll use another prefix then the standard “wp_”, so use somethink like that:

This is the hidden content, please

Disallow File Edit ( will disallow file editing via wp-admin, but some designs like for example mystique needs that option, so activate it after you have setting up your design options )

This is the hidden content, please

Please let the Debug Function disabled ( false ) for security reasons, enable it only if you have problems and wants to see the errors.

This is the hidden content, please

Generate a security key @

This is the hidden content, please

and add this in your file

It could be look like :

This is the hidden content, please

3. Install WordPress

When you install wordpress, please do not use “admin” as account. You can change your display name every time (wp-admin/profile.php). A secure password is really important, i would use this generator

This is the hidden content, please

Could be look like this one : sN@KMqhKxlWV2oqubl]Esö0&8uYq@!vbgI!QDHJFpj5yb@>Z

4. Configure folder/file rights

The config.php should have 440 or 400 at its best, if these settings do not work, use 644.

This is the hidden content, please

4. Install plugins

Anti-Vorratsdatenspeicherung 2.0 ( saves the ip’s as MD5 hash ) so its better to use version 1, Ips will be saved as 127.0.0.1 , User-Agents and Emails won’t be saved.

This is the hidden content, please

Emails and user agent will be saved / IP’s will be saved as 127.0.0.1

AntiSpam Bee Alternative to Askimet, to block spam in comments, pingbacks.

Jetpack WordPress Statistics and more, you need a wordpress.com account to use it.

block-bad-queries/ protect wordPress against malicious url requests

WordPress File Monitor

This is the hidden content, please

WordPress Firewall 2

This is the hidden content, please

Secure WordPress by WebsiteDefender

This is the hidden content, please

Informations to the last 3 Plugins :

This is the hidden content, please

( only german )

4.1 Error, FTP Login data required @ plugin installation ?!

Here are 2 options

1. The unsecure, edit your wp-config like :

This is the hidden content, please

2. The secure, fill in your ftp login data and save the password in your browser.

This is the hidden content, please

5. Keep wordpress and plugins up to date

Check regulary if there are new WordPress and or Plugin Updates (/wp-admin/update-core.php)

If you want to be informed, use :

This is the hidden content, please

6. Remove the WordPress version / ( Error Messages )

Search in the theme folder the file functions.php and add these lines :

Remove the WP version :

This is the hidden content, please

Remove the WP – Login / Error Messages :

This is the hidden content, please

7. Delete unsecure files

readme.html

/wp-admin/install.php

8. Add some index.php files ( or index.html )

At the end you should add the index file (just create an empty file) in “unsecure” folders like “uploads“, “themes“.

9. Add an .htaccess File in your Webroot ( puplic_html/.htaccess, for example )

This is the hidden content, please

;)

This is the hidden content, please

Edited August 3, 2012 by ¥akuza112

~~¥akuza112~~ · August 3, 2012

Re: Install and secure wordpress

## Updated ::

fixxed invalid htaccess

btw if there is an error_log file .. make permissions to CHMOD 222 ;-)

Sign In

Locked Install and secure wordpress

Recommended Posts

¥akuza112

Link to comment

Share on other sites

¥akuza112

Link to comment

Share on other sites

Browse

Activity

Store

Important Information