Checklist for Testing and Configuring Word Press Installation - Maximize Database Security and Complete the Configuration File
(Page 3 of 4 )
WordPress version 2.6.1 and later has been updated with more security features than the older versions. This is very useful for protecting your site from severe infections of malware, hacking and MySQL injections.
To maximize database security, you will need to alter the following in the wp-config-sample.php file:
define('AUTH_KEY', 'put your unique phrase here' ); // Change this to a unique phrase.
define('SECURE_AUTH_KEY', 'put your unique phrase here' ); // Change this to a unique phrase.
define('LOGGED_IN_KEY', 'put your unique phrase here' ); // Change this to a unique phrase.
Editing this one will be difficult, especially if you need to think of long phrases. WordPress makes this easy for you, they have online secret key generator:
http://api.wordpress.org/secret-key/1.1/
To take advantage of it, you will need to open a new tab in your browser, copy and paste the URL above, and then press enter. You will see a generated code that looks something like this:
define('AUTH_KEY', 'maL839b{3.`OSWVrKy+r4^Ide5 !1mIk6(H5Zq|$hBG#`uF1UySR$,sBhj'#rI@');
define('SECURE_AUTH_KEY', '$L:rEausX3{PQQ*WdcQ4jWtLM 2@ErY2lnK,?h&Lb&mNp6d7R1_dAAt/a#ODS=,g');
define('LOGGED_IN_KEY', ')+`Lf*%fD<*T57!m*(!R#")_s:Y)V*gHOB++!^Em}/j"]a%eEahYvqw'i^Jn~tzf');
All you need to do is copy the code generated (do not copy the code above; you need separate code for yourself!) and replace this code in the wp-config-sample.php:
define('AUTH_KEY', 'put your unique phrase here' ); // Change this to a unique phrase.
define('SECURE_AUTH_KEY', 'put your unique phrase here' ); // Change this to a unique phrase.
define('LOGGED_IN_KEY', 'put your unique phrase here' ); // Change this to a unique phrase.
Now finalize all the code needed in the wp-config-sample.php. Let's have an actual example:
GIVEN:
Database name: Monkeybusiness
Username: Monkeybusiness
Password: Monkey97997
Hostname: p87mysql12.secureserver.net
Generated code from http://api.wordpress.org/secret-key/1.1/ :
define('AUTH_KEY', 'maL839b{3.`OSWVrKy+r4^Ide5 !1mIk6(H5Zq|$hBG#`uF1UySR$,sBhj'#rI@');
define('SECURE_AUTH_KEY', '$L:rEausX3{PQQ*WdcQ4jWtLM 2@ErY2lnK,?h&Lb&mNp6d7R1_dAAt/a#ODS=,g');
define('LOGGED_IN_KEY', ')+`Lf*%fD<*T57!m*(!R#")_s:Y)V*gHOB++!^Em}/j"]a%eEahYvqw'i^Jn~tzf');
Then the content of your wp-config-sample.php should look like this:
<?php
// ** MySQL settings ** //
define('DB_NAME', 'Monkeybusiness'); // The name of the database
define('DB_USER', 'Monkeybusiness'); // Your MySQL username
define('DB_PASSWORD', 'Monkey97997'); // ...and password
define('DB_HOST', 'p87mysql12.secureserver.net'); // 99% chance you won't need to change this value
define('DB_CHARSET', 'utf8');
define('DB_COLLATE', '');
// Change each KEY to a different unique phrase. You won't have to remember the phrases later,
// so make them long and complicated. You can visit http://api.wordpress.org/secret-key/1.1/
// to get keys generated for you, or just make something up. Each key should have a different phrase.
define('AUTH_KEY', 'maL839b{3.`OSWVrKy+r4^Ide5 !1mIk6(H5Zq|$hBG#`uF1UySR$,sBhj'#rI@');
define('SECURE_AUTH_KEY', '$L:rEausX3{PQQ*WdcQ4jWtLM 2@ErY2lnK,?h&Lb&mNp6d7R1_dAAt/a#ODS=,g');
define('LOGGED_IN_KEY', ')+`Lf*%fD<*T57!m*(!R#")_s:Y)V*gHOB++!^Em}/j"]a%eEahYvqw'i^Jn~tzf');
// You can have multiple installations in one database if you give each a unique prefix
$table_prefix = 'wp_'; // Only numbers, letters, and underscores please!
// Change this to localize WordPress. A corresponding MO file for the
// chosen language must be installed to wp-content/languages.
// For example, install de.mo to wp-content/languages and set WPLANG to 'de'
// to enable German language support.
define ('WPLANG', '');
/* That's all, stop editing! Happy blogging. */
if ( !defined('ABSPATH') )
define('ABSPATH', dirname(__FILE__) . '/');
require_once(ABSPATH . 'wp-settings.php');
?>
Finally, you will have to press File and Save as: wp-config.php
It is highly important to take out the -sample, so the final file to save after editing should be "wp-config.php."
After saving the file to the same WordPress folder, find the old file: wp-config-sample.php. Delete it, leaving the final edited file for uploading: wp-config.php
VERY IMPORTANT: A space in the wp-config.php can cause an installation fatal error therefore, use a PHP editor to detect and delete spaces before <?php and also after ?>.
Next: Dragging Your Selected Theme to the WordPress Folder and Uploading it to the FTP server >>
More Blog Help Articles
More By Codex-M
