How to Install Wordpress, Part 3. Security

April 5, 2009 by lindac

Now you have all the basics set up, and your plugins are activated. You’re almost ready to start blogging. But first, let’s take care of a little security. Did you know that the default install of most blogs leave directory content open to prying eyes? For example, if you type in on most blogs, you can see all the plugins they’re using. That’s also a route that hackers use to find out which plugin they can exploit to hack your blog. So, let’s close that door, shall we?

I. Simple Security

  1. Create a Blank Index.html file. Here’s how;
    • Open a notepad file.
    • Into the file, type the message “Sorry, you’re looking for something that isn’t here” or something similar. Or, leave it blank if you prefer.
    • Save the file as index.html
        Note: Be sure to change the file type to “all files” not “text files” so your file is not saved as a text file.
  2. Upload the file to your plugins and themes folders.
    • If you know how to use ftp, put the file in
      public_html –> wp-content –> plugins and
      public_html –> wp-content –> themes

    • If you do not know how to use ftp, you can do this in your cpanel.
      • Log into cpanel
      • Click Files –> public_html –> wp-content –> plugins
      • Click the “upload” arrow at the top of the page.
      • Click “browse” and find the index.html file. Upload
      • Repeat to upload to Files –> public_html –> wp-content –> themes

Cpanel Upload Illustration
This is what you’ll see when you’re in the cpanel file upload tool. This illustration shows the plugins folder. When logging into the themes folder, the url (shown in left of illus) will say “themes” instead of plugins.


J. Spam Reduction

If you’re installing wordpress to use as a niche site to sell a product, and you will not have comments turned on, you can skip this step. If you will have comments enabled, you want to be sure to do all you can to prevent spammers from posting spammy links on your blogs.

  1. Activate Akismet
    Akismet is pre-installed on all blogs, but you’ll need an API key to activate it. Go to and click to “sign up.” At the bottom, select “just a username, please.” You’ll get an API key to use with your self hosted blog.

  2. Don’t Use Spammy Words
    When you use spammy words, you will draw spambots. Just keep that in mind.

  3. Set Parameters in Settings –> Discussion
    • Hold a comment in the queue if it contains 3 or more links
    • You can even fill in the “blacklist” — enter all the profane and spammy words you can think of. Posts containing those words will be held for moderation.

Happy Blogging!

Leave a Comment

design by inspired by Compexplorer Copyright © 2009 All rights reserved. Entries (RSS) and Comments (RSS)