Again, trying to get a handle on posting regular on here (yeah this is the 4th post in a few months, I’m really trying!). Here are a few security mearsures I always take when setting up a new WordPress install. Some of these have come from other people as I have come across them. If you see anything here that you’ve seen somewhere else please don’t think I’m trying to steal anyone’s content, I just have no idea where I read some of this stuff, so I have no idea who to credit. That being said, here we go: 1) Change the default table prefix.
I always make it a point to change the default table prefix for the database. Anything other than ‘wp_’ helps database security. Although I would not recommend using the full site name, something like that would be too easy to guess.
2) Change the default ‘admin’ user.
You can’t do this from the admin section of WordPress, so you’ll have to edit the database using something like phpMyAdmin. Changing the default username to something not easy to guess also helps prevent any potential security breach.
3) Make sure your /wp-content directory and sub-directories each have an index.php file in them.
I know this is a standard feature with WordPress now, but I still come across sites from time to time that don’t have these files (for whatever reason). But having an index.php (even if it’s blank) will cause someone trying to access something like you’re plugins directory to call the index file, thus not revealing the file structure and any plugins you may be using. The 3 directories that really need this are /wp-content, /wp-content/plugins, and /wp-content/themes.