As we all know, installing wordpress blog using Fantastico is really easy and quick. Fantastico is a really great cPanel plugin. But, there’s a disadvantages of installing wordpress blog using it because of the security problem with that script if you follow the normal way to create a wordpress blog using fantastico tutorial. So, here it is the quick and easy way to patch the security holes from the fantastico wordpress installations.
The main problem installing wordpress blog using fantastico is it created the same database name and user for every installations of wordpress using fantastico. It will automatically created a Database name & user: wrdp_1 for every first installations. So, it will be easy for the hackers to enter your site since the only things that they need to figure out is your PASSWORD !!
It will be more tougher for them to hack your site if you patched this WordPress Fantastico installations immedietly. How to patch it? Easy, just create a new Database Name & Database Username with new password by following my previous tutorial on “How to create mySQL Databases in Cpanel“.
After you have finish creating the new Database name & Database username, open your cPanel homepage and search for Files panel. And then, click on that File Manager icon and select access Web Root.
Select the folder where you have install the wordpress blog before using fantastico. And then, search for the wp-config.php file in it.
Click on edit to edit that config.php file. And then, you will found something like the codes:
<?php // ** MySQL settings ** // define('DB_NAME', 'hxppycom_n0TmyD4t4b4s3s'); // The name of the database define('DB_USER', 'hxppycom_h4rDgu3'); // Your MySQL username define('DB_PASSWORD', '91AEPHMH2Tqxj'); // ...and password define('DB_HOST', 'localhost'); // 99% chance you won't need to change this value define('DB_CHARSET', 'utf8'); define('DB_COLLATE', ''); // Change each KEY to a different unique phrase. You won't have to remember the phrases later, // so make them long and complicated. You can visit http://api.wordpress.org/secret-key/1.1/ // to get keys generated for you, or just make something up. Each key should have a different phrase. define('AUTH_KEY', 'put your unique phrase here'); // Change this to a unique phrase. define('SECURE_AUTH_KEY', 'put your unique phrase here'); // Change this to a unique phrase. define('LOGGED_IN_KEY', 'put your unique phrase here'); // Change this to a unique phrase. define('WP_POST_REVISIONS', 'false'); // You can have multiple installations in one database if you give each a unique prefix $table_prefix = 'wp_'; // Only numbers, letters, and underscores please! // Change this to localize WordPress. A corresponding MO file for the // chosen language must be installed to wp-content/languages. // For example, install de.mo to wp-content/languages and set WPLANG to 'de' // to enable German language support. define ('WPLANG', ''); /* That's all, stop editing! Happy blogging. */ if ( !defined('ABSPATH') ) define('ABSPATH', dirname(__FILE__) . '/'); require_once(ABSPATH . 'wp-settings.php'); ?>
Now, all you have to do is to replace this php code string:
define('DB_NAME', 'hxppycom_n0TmyD4t4b4s3s'); // The name of the database define('DB_USER', 'hxppycom_h4rDgu3'); // Your MySQL username define('DB_PASSWORD', '91AEPHMH2Tqxj'); // ...and password define('DB_HOST', 'localhost'); // 99% chance you won't need to change this value define('DB_CHARSET', 'utf8'); define('DB_COLLATE', '');
With the Database Name & Database Username with it’s password that you have created before. After that, save that files. Now, you Fantastico wordpress blog is already fully secured with its new database name & username with tough password.
For anyone that already have content in the blog that you installed using fantastico, you will lose all the content if you change your Databases. But, still there is another way to overcome this problem to have your WordPress Fantastico blog installations secured from the hackers. I will cover this in my another blog post. Do subcribe to my RSS Feed.