Contents
Softaculous WordPress Installation
I recently reviewed the Social Blog Blueprint (it is a very good blogging course for beginner and intermediate bloggers). My main gripe was showing 1-click installation of WordPress. The course recommends installing WordPress via the Softaculous script. I did notice that Softaculous allows you to change some of the default WordPress settings – this is a good thing!
So, I had a rummage around my cpanel for the Softaculous WordPress Install script and created this short video to complement my review of the Social Blog Blueprint. There’s a transcript below for those who prefer to read.
4 Simple Softaculous WordPress Install Security Tips
[showhide type=”transcript” more_text=”Show Full Video Transcript” less_text=”Hide Video Transcript” hidden=”yes”]Hi, it’s Jan Kearney at My Local Business Online. In this video I want to show you a couple of quick ways you can improve the security of your WordPress install when using the Softaculous installation script. I’ve been reviewing Sue and Dan Worthington’s new blogging course, the Social Blog Blueprint and it is actually a very good course. It’s ideal for beginner and intermediate bloggers who want to start a business blog and use it as the core of their online visibility system and strategy. However, I did have niggles over the security issues with 1-click WordPress installs. I wanted to clarify what I mean in this video.
It’s been a long time since I 1-clicked anything, I always manually install WordPress these days. I’ve never used the Softaculous install script, so I really can’t comment on it.
There are a couple of places on it that I noticed where you can tighten up security just by changing the basic settings that they give you for the WordPress install.
First off is the WordPress database name. In this case it’s wp82. I am assuming that these numbers are randomly generated, I don’t know off hand. But I would change your database name to something that doesn’t include the letters wp. It doesn’t matter what you call it, just change it over.
Most importantly is the table prefix. All WordPress installs come with the default table prefix of wp. What happens is, people who write these scripts to take advantage of your database know this. So they’re looking for this table prefix, or they’re often looking for this table prefix so change it. Don’t make it easy for them. It doesn’t matter what you change it to, just not wp. Make it random and unique to you.
I would advise keeping the underscore because that separates the table name and it makes it easier to read if you ever have to go look at your tables. So change your table prefix to something that’s unique to you. You can use 2-6 characters or so. Write it down somewhere safe so you know.
Now Sue did mention in the Social Blog Blueprint about changing the admin username. Don’t keep it as admin, neither have administrator nor for that matter your domain name. So in my case that would be mylocalbusinessonline. Because these people who try knocking on your front door and testing your password often use these logins as default often and will keep knocking trying to get in.
I would also increase the security and strength of your password. 60 out of 100 is strong, but definitely go for the 100 out of 100. That’s about it, I hope that helps. I’ll speak to you soon![/showhide]
Quick Softaculous Install Security Tips
1. Change the WordPress database name
2. Change the table prefix
3. Change the admin login name (Don’t use admin, administrator nor your domain name)
4. Strengthen your password
While it is impossible to secure your WordPress install 100% (or any other website for that matter!) these 4 tips will make it much harder for people to compromise your site.
Over to you…
How did you install your WordPress site? Have you ever been hacked? Share your experience in the comments!
Don’t forget to download your PDF: softaculous wordpress install security tips
4 Simple Softaculous WordPress Install Security Tips [Video] by Jan Kearney
Jenn Alex Brockman says
I started doing the bottom two for all my clients several years ago. I haven’t done the top two, probably because I don’t understand how that changes things when I have to go look for a file.
Jan Kearney says
Hi Jenn, the changes will only affect the database – you shouldn’t see any difference on a day-to-day basis.
Bonnie Gean says
I remember when I did a video about WordPress installations and you flinched at the instructional video.
Ever since then… I don’t tell people to use the CPANEL and FTP method to install the software manually!
I believe it makes the installation much more secure – as you show in today’s video!
Thanks for the reminder! I shall not forget. 🙂
Jan Kearney says
I’d still prefer a manual install Bonnie with the tweaks to wp-config and htaccess etc. Of course you can do those too when installing as per the vid 🙂
Denise says
Great tutorial because we have to think about security more every day. I had purchased some WP themes a while back that had security breach virus build right into them that my hosting company had to remove. Not fun, which is why I now test everything before I ever pass it along to someone else. Security hacker are really one of my biggest pet peeves.
Jan Kearney says
What a nightmare Denise! It’s one of my pet peeves as well – and yo can’t be too careful these days.
Thanks for popping in and sharing your experience 🙂
Victoria Virgo says
I always do number 3 – but not the other two. Touching that part of WordPress always scares me. Think I am going to break something.
Jan Kearney says
I felt the same way Victoria – and then had a whole bunch of blogs compromised. These days I’d rather be safe than sorry! Look on the bright side, if you tighten up during install, there’s not much to break! You can always wipe and start again 🙂