Several years ago we took the decision to embrace the use of open source platforms, in particular WordPress, accepting that these were going to become the way forward. With the mass availability of themes at very little cost it takes a lot to shy away from them and revert to the use of basic HTML mark-up for a general day to day website.
WordPress is a state-of-the-art semantic personal publishing platform with a focus on aesthetics, web standards, and usability. WordPress is both free and priceless at the same time. More simply, WordPress is what you use when you want to work with your blogging software, not fight it.
As WordPress is open source software it is regularly updated and is free, which of course is great news, but with that comes the associated problem that hackers have easy access to the source code and this makes WordPress sites open to hacking on a regular basis.
As an example of the sheer level of the problem of attacks against WordPress websites, the ever so popular Wordfence plug in, as we wrote this blog post on the 12th December 2019, reported that in the previous 30 days it had blocked an outstanding 3,389,940,569 attacks against WordPress websites and backlisted 68,398 Malicious IP addresses.
With this in mind, once you have installed WordPress, we would recommend that you read our Blog Post ‘WordPress Sites – Security and Essential Plugins’ and consider installing what we recommend as the absolute minimum requirement when installing and configuring your WordPress site in order to protect it as much as possible from future hacking attempts that it will inevitably receive.
Installing WordPress via CPanel Softaculous Apps Installer
If you have the facility to do so we would recommend that you set up an SSL Certificate on your hosting account before you commence the installation of WordPress.
This next bit of advice catches an awful lot of people out, please take heed now otherwise you may have to move you WordPress installation, if it is not moved correctly you may even have to start over again with a completely fresh installation, losing any work that you have already done. If you do have to move your WordPress installation please do read our Blog post WordPress Site Migration before attempting to move it.
When installing via the Softaculous Apps Installer, in the ‘Software Set Up’ area, where it says ‘Choose Installation URL’ remove the ‘wp’ from the ‘in Directory’ field so the field is left empty, this will then install WordPress into the root of your directory and your site will show as you expect when a user enters your direct URL only.
The WordPress Database is the ‘brain’ for your entire WordPress site because every single piece of information is stored within it thus making it a hacker’s favourite target. Spammers/Hackers will try to perform SQL injection attacks on your site, you will make it easier for the hackers to perform a mass attack by retaining the default database prefix ‘wp_’.
Therefore, when setting up the database we would recommend that you do not use the standard database prefix of ‘wp_’ use something random like ‘gb_7’.
Username and Roles
The standard username for the Administrator with all the powers to change anything on your site is ‘admin’ never use this username or allow it to be registered as a user!
At the point of installation/set up use an administrator username that is very random and one that is not easy to guess by anyone. (i.e. not your name…) Only ever use this administrator account for the installation, set up and subsequent configuration of your WordPress site, never use it to make any posts or write any pages on your WordPress site.
Once your site is set up and configured set up another user account with roles/privileges as an Editor (Somebody who can publish and manage posts including the posts of other users) or an Author (Somebody who can publish and manage their own posts) We would suggest the role of Editor for the site owner/administrator to use on a daily basis and Author for other people you wish to have full access to make posts on your WordPress site – An Author cannot write or edit pages whilst an Editor can. You can read more about WordPress roles here.
When you have set up your users and their privileges, go back to edit the Users Profile, set within the Users ‘Nickname’ the name you would wish to be displayed publicly and then, using the drop down box, set the ‘Display name publicly as’ to the Nickname you had entered.
Whilst we are talking about Usernames, it may be a good idea for you to have a read through our article on Usernames and Passwords.