How to secure your WordPress Fantastico installations

secure fantastico install How to secure your Wordpress Fantastico installations

As we all know, installing wordpress blog using Fantastico is really easy and quick. Fantastico is a really great cPanel plugin. But, there’s a disadvantages of installing wordpress blog using it because of the security problem with that script if you follow the normal way to create a wordpress blog using fantastico tutorial. So, here it is the quick and easy way to patch the security holes from the fantastico wordpress installations.

The main problem installing wordpress blog using fantastico is it created the same database name and user for every installations of wordpress using fantastico. It will automatically created a Database name & user: wrdp_1 for every first installations. So, it will be easy for the hackers to enter your site since the only things that they need to figure out is your PASSWORD !!

It will be more tougher for them to hack your site if you patched this WordPress Fantastico installations immedietly. How to patch it? Easy, just create a new Database Name & Database Username with new password by following my previous tutorial on “How to create mySQL Databases in Cpanel“.

After you have finish creating the new Database name & Database username, open your cPanel homepage and search for Files panel. And then, click on that File Manager icon and select access Web Root.

open wordpress root files How to secure your Wordpress Fantastico installations

Select the folder where you have install the wordpress blog before using fantastico. And then, search for the wp-config.php file in it.

Click on edit to edit that config.php file. And then, you will found something like the codes:

<?php
// ** MySQL settings ** //
define('DB_NAME', 'hxppycom_n0TmyD4t4b4s3s');    // The name of the database
define('DB_USER', 'hxppycom_h4rDgu3');     // Your MySQL username
define('DB_PASSWORD', '91AEPHMH2Tqxj'); // ...and password
define('DB_HOST', 'localhost');    // 99% chance you won't need to change this value
define('DB_CHARSET', 'utf8');
define('DB_COLLATE', '');

// Change each KEY to a different unique phrase.  You won't have to remember the phrases later,
// so make them long and complicated.  You can visit http://api.wordpress.org/secret-key/1.1/
// to get keys generated for you, or just make something up.  Each key should have a different phrase.
define('AUTH_KEY', 'put your unique phrase here'); // Change this to a unique phrase.
define('SECURE_AUTH_KEY', 'put your unique phrase here'); // Change this to a unique phrase.
define('LOGGED_IN_KEY', 'put your unique phrase here'); // Change this to a unique phrase.
define('WP_POST_REVISIONS', 'false');
// You can have multiple installations in one database if you give each a unique prefix
$table_prefix  = 'wp_';   // Only numbers, letters, and underscores please!

// Change this to localize WordPress.  A corresponding MO file for the
// chosen language must be installed to wp-content/languages.
// For example, install de.mo to wp-content/languages and set WPLANG to 'de'
// to enable German language support.
define ('WPLANG', '');

/* That's all, stop editing! Happy blogging. */

if ( !defined('ABSPATH') )
	define('ABSPATH', dirname(__FILE__) . '/');
require_once(ABSPATH . 'wp-settings.php');
?>

Now, all you have to do is to replace this php code string:

define('DB_NAME', 'hxppycom_n0TmyD4t4b4s3s');    // The name of the database
define('DB_USER', 'hxppycom_h4rDgu3');     // Your MySQL username
define('DB_PASSWORD', '91AEPHMH2Tqxj'); // ...and password
define('DB_HOST', 'localhost');    // 99% chance you won't need to change this value
define('DB_CHARSET', 'utf8');
define('DB_COLLATE', '');

With the Database Name & Database Username with it’s password that you have created before. After that, save that files. Now, you Fantastico wordpress blog is already fully secured with its new database name & username with tough password.

For anyone that already have content in the blog that you installed using fantastico, you will lose all the content if you change your Databases. But, still there is another way to overcome this problem to have your WordPress Fantastico blog installations secured from the hackers. I will cover this in my another blog post. Do subcribe to my RSS Feed.

Comments

  1. Fatin Pauzi

    Nice tutorial, SYuxx. I believe, this tutorial totally helps some one who always use Fantastico as their main wordpress installation.

  2. BuyNiaga

    Syuxx, is it okay for you to show all those details, suchs password, etc?

  3. syuxx

    @fatin
    thanks =)

    @buyNiaga
    I have change back those password username etc. no worreh. hehe

  4. ashraflatif

    kira buat database baru… pastu export dari wrdp_1 ke the new database rite? then change the config.php. nak tnya klu buat mcm ni, utk auto update wordpress using fantastico.. dia ada kacau x? i mean, klu install wordpress di http://www.domain.com. pastu kita move manually ke http://www.domain.com/blog. then ada new updates. so kita xleh nak upgrades melalui domain.com/blog rite? kena move semula ke domain.com kan? klu ubah database je. boleh upgrade dgn mudah x? huhuhu ntah paham ke idak ni..ahahaha

  5. automated site

    I keep listening to the news speak about getting free online grant applications so I have been looking around for the best site to get one.

  6. Internet Business

    Thanks for the article. I didn’t know that Fantastico had this security hole.

    Seems that fixing it is more trouble than doing a manual installation!

  7. seo tips

    Hey very nice blog!! Man .. Beautiful .. Amazing .. I will bookmark your blog and take the feeds also…

  8. medieval coins

    ohh

  9. Refinancing

    Interesting post, just signed up to your RSS feed, hope to find some more great content here :)

  10. promosyon

    thanks admin

  11. euroluxury

    thanks for tips.. i have been thinking to migrate mine to a new place :)

  12. Yes this really explains the commentor how to comment in a right way, I had seen many people write very short comments and fill up the blog with spams and short silly comments. Comments should be meaningful as you mentioned. Thanks for the content – Siaar.

  13. CliffordX

    Hey have you watch how authentication keys are all the same across all domains or sub-directory?

    I found that too a while ago, that’s why I want to inform everyone.

    The installation makes it easy that all wp-config.php authentication unique keys are all the same across the cpanel wordpress installation in any domain you installing WP and this even up to latest version (2.9.2)

    This is why most WP blogs get spammed no matter what captcha you built into it. This is not WP weakness. It is the fantastico.

    Right now, I’m changing all my blogs with new authentication keys. I will make a video of this later on my blog.

  14. Schedule

    You you could edit the page subject How to secure your WordPress Fantastico installations to something more specific for your content you create. I enjoyed the the writing withal.

  15. derby air con

    I am extremely impressed along with your writing skills and also with the layout for your blog. Is that this a paid theme or did you customize it your self? Anyway keep up the excellent quality writing, it is rare to look a nice weblog like this one these days..

Leave a Reply