During WordPress installation
While the process is famous for its short duration (5min), we recommend spending a few more minutes to make it more secure.
As a good precautionary measure (although there’s a bit of controversy on the matter) we suggest you change the default database prefix from wp_ to something else (like a random string, e.g. l3xfr_) when installing WordPress. The particular prefix is declared in wp-config.php file. If you need to change the table prefix after installation (a quite risky process), you can check out these two guides: How to Change the WordPress Database Prefix to Improve Security and Change Your Database Prefix to Improve Security.
After completing the installation, you can keep wp-config.php file one level up on the server’s default public access directory (like public_html). Using your FTP account, you can move that file away from the rest files of the installation to make sure nobody will be able to access and change it, resulting in ruining your website.
Now, let’s see the very basics.
No joke, you need to do regular Back ups. Thankfully, there are some great Plugins for doing that: BackWpUp, UpdraftPlus WordPress Backup Plugin, etc. We recommend automated regular backups, especially to some external FTP or Cloud Storage solution (Dropbox, Google Drive) for security purposes. Alternatively, you can download the latest backups to your hard drive.
- Keep WordPress System (Core) always up to date. It’s just one click and you have the latest version installed.
- Keep all themes and plugins up to date. It may take a while but, usually there are reasons for authors to provide new versions…
Add Comment