Hi everyone, and welcome to another episode of Tubetorial. I’m Lorraine Nepomuceno.
Today, I’ll be showing you some quick steps you can take to improve the security of your WordPress installation. Now, WordPress is one of the- if not THE most- popular blogging platform today, and it’s an excellent script, but that doesn’t mean it’s completely secure. It’s always a good idea to make sure your blog or website is running in a secure environment, so there’s less chance of you losing your important data.
The first step, and the easiest to do, is to change the main administrator account. After installing WordPress, you’re given an account with the user name of “admin” and an automatically generated password. Because this is common knowledge, one of the first things to do is create a brand new user account immediately, give it administrator privileges, and then delete the original admin account. Let me show you how:
Load up your WordPress dashboard. I’m logged in as the default admin account on this fresh WordPress installation. From here, I want to go to USERS then ADD NEW. Here, I’m going to fill out details for a new user account for myself. So…
Right at the end of the form- and this is very important- make sure you click on the dropdown menu next to “Role” and select “Administrator”. Then click ADD USER. This will ensure that your new account is an administrator one, and you can safely delete the original account.
The next step is to make sure that no one can browse your directories that DON’T have index.html or index.php files. This is very simple to do, and makes your installation more secure. What you want to do is open up your .htaccess file– I like to do this directly in my FTP program. I just right click on the file, choose “Edit with Transmit”, and add this line to the file:
Options All -Indexes
And finally, you’ll want to remove the WordPress Version information from your header code. This is quick and easy as well. Simply go into your THEME DIRECTORY > I’m using the Default KUBRICK theme… find the file named FUNCTIONS.PHP and add this to it:
<?php remove_action('wp_head', 'wp_generator'); ?>
The theme you’re using might not have a FUNCTIONS.PHP file, and that’s fine- you can create one yourself in any text editor, and upload it to your THEME DIRECTORY.
These are just some quick steps to secure your WordPress installation. I hope you found them useful.