This entry is part 1 of 2 in the series Building WangenWeb

Screenshot WangenWeb FreshIn time of writing I sit on a freshly installed WordPress blog. And then it’s just to:

Edit or delete it, then start blogging!

No, it’s not as simple as that. Before you can start using your new WordPress blog, you need to secure it.

0. Installing WordPress

Installing WordPress is pretty strait forward, but what I usually do when setting up a new site is to put WordPress in a subdirectory.

And after uploading all the files and heading to the install page, I uncheck the “Allow my blog to appear in search engines like Google and Technorati”-field.

These two things gives me the freedom to play around with WordPress in peace, until I’m ready to go live with the site.

And if someone should enter the main URL of your site, they won’t find anything.

1. Changing the “admin” user

Screenshot wp_usersThe very first thing I did after installing was to open phpMyAdmin, find the database of the install, browse to wp_users and then changed the user_login and user_nicename of “admin” to something else.

An alternative way of doing this is simply creating a new user with Administrator rights under Users. Then log out of the ‘admin’ user and log in again with the new user, and delete the user called ‘admin’.

I prefer using the editing database method as it saves me time, but if you’re not comfortable with doing that, go with ‘create new user’ method.

Why do we do this?

Think of it, there’s a million self hosted WordPress blogs out there, and probably 95% has the Administrator login name of ‘admin’, which means that if someone wants to access your blog they only need to figure out the password.

2. Creating a good password

When installing WordPress you are sent a random password, but usually it’s not that easy to remember. A good password should be hard to figure out, but easy to remember.

What I usually do is to pick a phrase with at least seven words. This phrase can be anything: your favourite quote from a movie or book, the goal or purpose of your blog, a bible verse.

Just pick a phrase that mean something to you and you can easily remember, maybe something that people don’t find strange that you’ve written on a note.

I’m a Star Wars fan so a phrase like “Don’t underestimate the power of the Force” will mean something to me, and will be easy for me to remember. And people who know me would think it totally naturally for me to write that on paper somewhere.

Now, let’s take that phrase and create a password.

The easiest is to pick the first letters of every word: dutpotf

The next thing to do is the make some letters uppercase and others lowercase; let’s take the second and the last letter: dUtpotF

Of course a good password has numbers as well, and for this we can use a light version of L337-speak, replacing some of the letters with numbers.

In this case one of the t’s can become 7 and the o becomes 0: dU7p0tF

If you go to User -> Your Profile and put that into the password field WordPress will tell you it’s good.

Can’t remember “dU7p0tF”?

Write down the phrase on a piece of paper and add a little dot over the letters that have uppercase and a little dot under the letters that uses numbers.

Of course, you don’t have to use dots, you can use flowers, spaceships.. Just mark the letters with something that means something to you.

But what you shouldn’t do is to use the phrase as your secret key in wp-config.php

3. Spam protection

The third thing you need to do is to protect your blog against spam, as the spammers will find you as soon as you go live.

Luckily for you and me, WordPress comes with Akismet, so it’s just to activate and write in you API Key and you’re ready to roll.

You should also go to Settings -> Discussion and see to that “Comment author must have a previously approved comment” is checked. This will stop spam comments that Askimet don’t get from appearing on your blog.

The next thing to do is to delete the “Hello World!”-post and rewrite or delete the “About”-page.

Why? Because spambots are lurking on your door ready to attack your blog, and some of them are programmed to look especially for these two. This tell them that the blog is brand new, and they’re hoping you have not taken the steps above.

And besides, it is rather depressing to start your brand new blog with spam, spam and even more spam.

4. And start blogging..?

Now the blog is protected and it’s time to add content to your site. - Which will the next topic in “Building WangenWeb”.

Building WangenWeb

Building WangenWeb Part 2: Adding general content»