Secure Auto Install Using cPanel

July 21, 2021
WordPress Security Secure Auto Install Using cPanel

Video Transcript

This class is going to focus on the items in the WordPress quick installation process that are security related and things to consider in making these items as secure as possible.

Now this class is going to be using cPanel as a control panel. If using something else like site works, direct admin or something like siteground Custom control panel, and you’re unable to locate the area of the control panel that I’m talking about. Simply contact your hosting services support and ask them where to find that particular item. Now, in plesk, if that’s a control panel, you’re working with the auto installer services called WordPress toolkit. And to help you kind of follow along, there’s what’s called the plesk University and you can find that@university.plesk.com slash catalog and then just type in WordPress.

And that’ll bring you to this page here. It’s a free class that walks you through the entire installation process using WordPress toolkit within plesk. That’s your option if you’re a plus user. Now some auto installers are listed in wordpress.org. In case softaculous is not one that you have access to that would be fantastico installed Tron softaculous and plesk. This information here is extremely outdated, but I thought it worth mentioning anyway, this can be found@wordpress.org slash support slash article slash automated dash installation. Now while fantastico in its current form, I believe it’s called fantastico. f3. Not very popular, but it’s still out there.

So it’s worth mentioning, installed Tron not as popular as softaculous. But it too is out there. And of these mention softaculous and install Tron has a majority of the security related items I’m going to be covering in this class. Now that said, no matter what auto installer you’re using, or even if you’re doing it manually, and you’re not using an auto installer, many of these items I’m going to be covering in this class can be tweaked or hardened, even after installation again, whether it’s manually installed or using an auto installer, but it is easier if you’re able to do it during the auto installation process. So let’s get back on track here.

And I’m back into our cPanel control panel. And the items we’re going to be looking for, again, no matter what method you’re using, be it through an auto installer, or after the fact we want to make sure we have a strong site login username, a strong site login password, the SSL or HTTPS protocol, security related plugin something that would limit the login attempts to be able to change the WordPress table prefix and backups. I’ll show you the backup process within softaculous. But my suggestion is to use a third party plugin instead of the built in option backups are a must whichever way you decided to go but do not do both. I’m going to detail the entire backup process later in this course, covering both the manual and plugin options.

Okay, now we’ve got all that out of the way. Let’s go ahead and go through the installation process. Once you are in your control panel, look for your auto installer. In this case, it’s going to be under software for cPanel. And I’m looking for softaculous.
There’s also another column in here or section called softaculous. This contains all of the applications for softaculous. In which case, I would just click on WordPress. But I’m going to go right to softaculous. And then select WordPress, we’ve got a lot of options here. Our main concern is one that says install. Here’s where we choose our protocol. If you have that option at the drop down and select HTTPS, I prefer this over the HTTPS with the www and you’ve got these little tooltips. Hover over these to get some additional information. Like for example here under the subdirectory. If you’re going to go that route, be sure to hover over this to learn the do’s and don’ts for that the site name description, we can tackle that later. So I’m just going to leave that alone for now.

Here’s a couple of those other security related items, the admin username and the admin password, you can see that it’s already set at strong, it’s best to have this at 100. I like to have at least 12 to 18 characters in here. And a nice combination of special characters, upper and lowercase letters and numbers. The key item here under admin username to not use an easily guessed username, like admin. And for admin password, do not use an easily guessed password, the admin email, make sure that’s a functioning email. Oh, and if it wasn’t obvious, be sure to document these. Matter of fact, I’m gonna go ahead and do that. Now. Before I forget it. I’m gonna go ahead and change this.

It’s always a good idea or I’m just overly paranoid to go ahead and change whatever’s in there. As a default, even if it does look very secure to begin with, and be sure to copy that to your clipboard, put it on a document where you can save all the important stuff. Ideally, things like passwords and usernames are best saved in what’s called a password manager, then we scroll on down here, select the language, here’s that security related plugin I was talking about, I’m gonna go ahead and check that to install that. These other ones I’m gonna leave off, check out the tooltip. If you want to learn more about that in case you want that they’re not security related at all, so I’m just not even going to bother with them.

And we come on down here further, we’ve got an advanced option. Here’s where we can change the database name, even though it looks secure, it’s a default, I’m going to go ahead and change this to that. And again, best to document this in the entire database name is the prefix underscore, and then whatever you put in here, just like this, that’s the database name. And the table prefix, even though it looks secure, I’m going to change it, make sure that it ends with the underscore and the upgrade information. That’s personal preferences.

I’ll leave that up to you how you decide to go that route myself, I would not do an auto upgrade. And then the backup options. Again, myself, I would leave these off and use a third party option like a plugin. But if you are going to do this, use these tooltips here for some additional information. Like for example, in the drop down here, you might want to go with a local folder and change this to whatever is best for your particular situation. If you do a lot of content, once a day would probably be best. If you do intermittent content, maybe once a month or a custom date, backup rotation. Let’s go ahead and activate this. So this is highlighted. This tells you that after every second backup, the oldest one will be deleted. That way, you will only have two backups, the previous one and the current one, the third one the oldest one that’s going to be deleted. That’s what that means.

I’m gonna go ahead and turn this off, and then click on Install. And there you have it, be sure to test your login. Go ahead and click on that. And you might be prompted to use your login username and password that you just created. As you can see right here, that’s my username. And there are other security steps we’ll cover in future classes where you can harden things after the installation. Like for example, not displaying your username up here. At this point, you want to go through the normal post installation process of cleaning things up, setting your permalinks doing your themes and doing the things you would normally do after you’ve got a new site installed. Well that’s going to bring us to the end of this class on using the auto installer within cPanel to install WordPress more securely. Thanks for checking it out and you have a great day.

Previous Lesson
Back to Course
Next Lesson