WordPress Installation: Best for Security
One of the main selling points for any WordPress installation has always been how user-friendly it is. People have created high-level, gorgeous sites with millions of users built on WordPress. That being said, this ease-of-use could come back and bite you in a big way. While it might seem great that you can basically opt for one-click installation of your WordPress site, it’s essential that you take the manual route instead.
The Problem with Automated Installation
Of course, this doesn’t stop most people from taking the simple, automated route. You may already know that there are countless programs you can find online that will essentially handle the entire installation process for you.
Just some examples include:
- Fantastico
- APS (Plesk)
- Softaculous
- Installatron
While these and other programs will definitely get your WordPress site up and running in a very short period of time, the problem is that they also use the most basic installation settings. This shouldn’t come as too much of a surprise, considering it’s one-click software.
Unfortunately, the result is that hackers will have an extremely easy time getting through your basic security and having their way with your site if they want.
Where Hackers Will Attack
To give you a better idea of where this can go wrong, let’s take a look at some of the common areas these one-click programs get wrong:
- mSQL database passwords that are too simple (e.g. they’re fewer than 12 characters, don’t contain uppercase and lowercase letters, use actual words in the dictionary, etc.).
- WordPress MySQL database table prefix that is just “wp_” instead of something more secure that only approved parties would know.
- PHP error loggings aren’t set up and/or enabled.
- Temporary directory for PHP sessions that aren’t specified in the site’s wp-config.php file and/or don’t have the right permissions.
- Not using configuration salt for your cookies in the wp-config.php file.
- Lack of security measures in your .htaccess file
- Using “admin”—which is the default—user ID for the WordPress dashboard.
Now, maybe you’re going to install WordPress and then go back and address all these issues. However, you’d be much better off by simply doing a manual installation. This way, you’re building your site on a firm foundation which is going to be vital for its future performance, and the security of your content.
Doing the WordPress Installation Yourself
If you want to give manual installation a try on your own, the 7 steps below will take you through the entire process.
- First, download and unzip the WP package.
- Then, you’ll need to create a database for WP on your web server.
- You’ll also want to create a MySQL user with all the necessary privileges for accessing and modifying it.
- Find wp-config-sample.php and rename it to wp-config.php.
- Then add your database information to it.
- The fifth step is to upload your WP files to the location of your choosing on your web server. If you like, you can also integrate WP into the root of your domain. All you have to do is move all the contents of the unzipped WP directory (not including the directory) into the root of your server.
- Finally, run the WP installation script by accessing the URL in a web browser. It should be the one where you uploaded the WP files.
Although that may seem like a lot of work, especially for those who are new to this type of thing, it is absolutely vital to the future of your site that you handle it this way instead of taking a shortcut with one of the built-in wordpress installation softwares. As we mentioned above, the future security of your WordPress site depends on it.
If you don’t feel sure of how to do this, or haven’t the time to risk getting stuck, then why not try our service to get you set up correctly from the start? Just go to our pricing page to take up a plan for everything to cover you from backups, security and small fixes, or just purchase a one off task for our developers to install everything you need to begin your site.