Secure Manual Install Using cPanel

July 21, 2021

WordPress Security Secure Manual Install Using cPanel

Video Transcript

This class is going to focus on the items in the WordPress installation process that are security related and things to consider in making these items as secure as possible.

Now, if you have never installed WordPress before, then this class may seem a bit rushed. I’ve got other classes on a more detailed install process. But those are less focused on security. This one is more focused on security and less on the install process. Now this class is going to use cPanel as a control panel.

If you use something else like site works, or plesk, or something like siteground Custom control panel, and you’re unable to locate the areas of the control panel that I’m talking about. Simply contact your hosting services support staff, and ask them where to find the items that we cover in this class. So first off, we’re going to head over to wordpress.org slash download, that will bring you to a page that looks similar to this depending upon whenever you actually go to this page, scroll on down a bit, check out some of the items on this page. But we’re mainly concerned with the download WordPress and then whatever version number is on that blue button doesn’t really matter because the process is still the same. Simply click on the blue button, download it to someplace on your computer, just remember where that’s at, because we’re going to upload it into our cPanel control panels File Manager.

Speaking of which, let’s go ahead and log into or go into our control panel. And if your cPanel Control Panel looks a little bit different than this, maybe different looking icons or more icons or less icons, and what’s being displayed here, don’t worry, more than likely your version of cPanel will have at the very least the same items we’ll be using in this class, we’re going to look at File Manager. And under databases, it is the MySQL database wizard or MySQL databases where you can basically create one step by step, a database wizard just a little bit easier. And then under security, we’re going to check out the availability of SSL for our domain, then under software, and yours might have a different name. But here we’re looking at the PHP version, you’re going to want the most up to date stable version of PHP. And at the time of this class being made, the most up to date version is version eight, but the most stable version is 7.4. So that’s what we want to have here. Matter of fact, let’s go ahead and do that now.

Right here, current PHP version, minus 7.4. If it said something else, like seven, two, or seven, three, I simply select 7.4. For example, and then click on Set as current, I’m not going to click on Set as current because I want 7.4. And if for some reason by you changing this, if things break on your site, of course, at this point, you don’t have it installed, so it shouldn’t but if you have other domains on this control panel, and they break, come on back in here and click on Reset to Default. Okay, that’s the PHP under SSL, let’s come on back down here to security. And under SSL or TLS status, click on that, yours should look like this, the green with a padlock over here. If it does not either individually, check the items that you want to have the SSL or what I would suggest just click this box here which selects everything and then click on Run auto SSL provider everything set up properly.

After a few moments, this will stop spinning and this will be done. And all of your checked items will have this same look the green circle with the green padlock. Otherwise, you’ll get an error message saying what happened to prevent that from taking place, in which case you contact your support and mentioned to them you tried to get SSL on your domain, and you got this error message and that they could fix that for you. So that’s the PHP version SSL, one backup here to our control panel. Now we want to upload the zip file that we downloaded from wordpress.org. And I did that earlier. And that’s located right here on my computer.

So now then I’m going to go into public underscore HTML directory is empty. Hopefully that’s going to change here in a bit, click on Upload. Then either I can click on the Select File, navigate to the location on my computer where that zip file set or just drag and drop it in here. Yours might look a little different than this. But on this version of cPanel, this is what I’m working with. Just drag and drop that in there, and it’s uploaded. Now then we’re going to need to unzip this and move all of those files that are in the zipped up folder into this public underscore HTML, go and select this click on extract or you can right click on it and click on extract. Now we’ve got the folder that’s unzipped and all the contents of that folder. I’m going to select all those because we want to move those into the public underscore HTML. So make sure whenever you right click in here that everything is still selected.

Then click on move. I’m going to get them out In this folder, and put them right there in the root directory, click on move files. Now that I click on public underscore HTML, and there’s everything. And we’ll come back here in a minute and clean things up. Now with WordPress uploaded into our file manager, come on back in here and go and create our database, go to database wizard, give it a name, be sure to document all this stuff. I’ve got a text document right here, I’m going to use the prefix which is dependent upon your server settings. My case it’s CSI to underscore yours are going to be different. And we have demo as the name. Next up myself, I always have the user name and the database name is the same, yours can be different. And you want to copy this into your text document like I’ve got right here, or somewhere.

I’ve got this one named Site Info document just long as you got your stuff organized, because you’re going to need this here in a minute, I use the password generator for the password. That’s one of those security items, you want a strong password, I go into advanced options, I want to max us out at 18. You better make sure that both is checked on alpha characters and non alpha characters and then click Generate password a couple of times, and then copy this in your clipboard. check that box, click on use password, and then paste this in your site info document, come back here and click on create user check all privileges. Click on Next step. Now you’ve got everything done as far as the database, you’ve got your WordPress files uploaded, I need to tie them together, go to your domain name in your browser, hit Enter.

And you should be presented with this form where you’re going to select the language of your preference. I’m sticking with English. Click on Continue telling you the stuff you’re going to need. That’s the stuff we’ve already got. Click on let’s go. database name, and username and my case password. More times than not your database host name will be localhost. But if you get an error here, just contact your hosting services support and ask them what is the database host name, you’re trying to install WordPress here under table prefix.
This is another one of those security layers, I would go ahead and change this from the default WP underscore to something else. Just make sure that the underscore is at the end no matter what you name this and you can name it whatever you want. Just make sure that the underscores at the end, click on Submit and run the installation. Give it a site title, not that big of a deal, because you can always take care of this later. But you do need a strong username. You’ve got some limitations here, and a strong unguessable password. And I usually change this to something but be sure to document this somewhere. Like for example on your document page.

And for this demo, I’m going to use this as my WordPress sites login username, unit a functioning email address, I’m going to click on discourage search engines and you can untick this or encourage search engines from inside of your newly installed WordPress admin dashboard. But at this point, click on install WordPress. It’s installed nine login, I’ve already got the username in my clipboard still grab that password. And here we go make whatever changes or updates you need. At this point, go ahead and do everything else he normally would with a new WordPress installation, but that’s covering our security aspect of installing WordPress manually, I would then go back into my file manager under cPanel and get rid of the zip file in the empty WordPress file by selecting them and deleting them.

And that’s going to bring us to the end of this class uncovering the security items in the manual installation process of WordPress using cPanel as our control panel. Thanks for checking it out and you have a great day.

Previous Lesson

Back to Course

Next Lesson

Secure Manual Install Using cPanel

Lessons in This Course

Why Hack My Site?

Computer Security

Secure Hosting

Managed Hosting

Secure Auto Install Using cPanel

Secure Manual Install Using cPanel

Monitor Site – Uptime

Backup Plugins

Manual Backup

Security for PHP

Remove User 1

Username Trickery

Hide Admin Username

Hide Any Username

Hide Database Prefix – Method 1

Hide Database Prefix – Method 2

Replace Security Keys – aka Salts

Secure Config PHP file

Customize Log-in Error Message

Brute Force Attacks and Solutions

Remove WordPress Version Number

Has Your Site Been Hacked?

Hacked Site Cleanup

What to do After Cleanup

Site Health Tool

The Good and Bad of Plugins and Themes