Softaculous WordPress Installation
I recently reviewed the Social Blog Blueprint (it is a very good blogging course for beginner and intermediate bloggers). My main gripe was showing 1-click installation of WordPress. The course recommends installing WordPress via the Softaculous script. I did notice that Softaculous allows you to change some of the default WordPress settings – this is a good thing!
So, I had a rummage around my cpanel for the Softaculous WordPress Install script and created this short video to complement my review of the Social Blog Blueprint. There’s a transcript below for those who prefer to read.
4 Simple Softaculous WordPress Install Security Tips
[showhide type=”transcript” more_text=”Show Full Video Transcript” less_text=”Hide Video Transcript” hidden=”yes”]Hi, it’s Jan Kearney at My Local Business Online. In this video I want to show you a couple of quick ways you can improve the security of your WordPress install when using the Softaculous installation script. I’ve been reviewing Sue and Dan Worthington’s new blogging course, the Social Blog Blueprint and it is actually a very good course. It’s ideal for beginner and intermediate bloggers who want to start a business blog and use it as the core of their online visibility system and strategy. However, I did have niggles over the security issues with 1-click WordPress installs. I wanted to clarify what I mean in this video.
It’s been a long time since I 1-clicked anything, I always manually install WordPress these days. I’ve never used the Softaculous install script, so I really can’t comment on it.
There are a couple of places on it that I noticed where you can tighten up security just by changing the basic settings that they give you for the WordPress install.
First off is the WordPress database name. In this case it’s wp82. I am assuming that these numbers are randomly generated, I don’t know off hand. But I would change your database name to something that doesn’t include the letters wp. It doesn’t matter what you call it, just change it over.
Most importantly is the table prefix. All WordPress installs come with the default table prefix of wp. What happens is, people who write these scripts to take advantage of your database know this. So they’re looking for this table prefix, or they’re often looking for this table prefix so change it. Don’t make it easy for them. It doesn’t matter what you change it to, just not wp. Make it random and unique to you.
I would advise keeping the underscore because that separates the table name and it makes it easier to read if you ever have to go look at your tables. So change your table prefix to something that’s unique to you. You can use 2-6 characters or so. Write it down somewhere safe so you know.
Now Sue did mention in the Social Blog Blueprint about changing the admin username. Don’t keep it as admin, neither have administrator nor for that matter your domain name. So in my case that would be mylocalbusinessonline. Because these people who try knocking on your front door and testing your password often use these logins as default often and will keep knocking trying to get in.
I would also increase the security and strength of your password. 60 out of 100 is strong, but definitely go for the 100 out of 100. That’s about it, I hope that helps. I’ll speak to you soon![/showhide]
Quick Softaculous Install Security Tips
1. Change the WordPress database name
2. Change the table prefix
3. Change the admin login name (Don’t use admin, administrator nor your domain name)
4. Strengthen your password
While it is impossible to secure your WordPress install 100% (or any other website for that matter!) these 4 tips will make it much harder for people to compromise your site.
Over to you…
How did you install your WordPress site? Have you ever been hacked? Share your experience in the comments!
Don’t forget to download your PDF: softaculous wordpress install security tips4 Simple Softaculous WordPress Install Security Tips [Video] by Jan Kearney