There are some really basic things we can do right away when installing a new WordPress site to enhance its security.
It's often stated on the Internet that deleting wp-admin/install.php
and wp-admin/upgrade.php
is a good way to add security. That's not really true, though, as the files can't be accessed after an installation. However, that doesn't mean that you can't remove them. I usually remove those two files.
The next thing you should absolutely do is make the proper edits to wp-config.php
. There's one thing in particular that you really need to do when setting up wp-config.php
, and that is generating unique salts and keys used for authentication. The section in wp-conifg
where this is defined can be seen in the following screenshot:
Another great thing you can do before you're even finished installing WordPress is to choose a username other than Admin. By default, the installation wizard chooses the admin
username, as seen in the next...