Become Wordpress Professional - Your Ultimate Wordpress Guide

Thursday, 21 March 2013

How to Protect Install.php for Extra Wordpress Security

How to Protect wp-install.php for WordPress advanced Security
In this tutorial you will learn how to protect the WordPress Installation file using the variety of different methods. Protecting the installation file is important to add an extra layer of security. Open your online web host Cpanel account here you want to look for the WordPress installation file and this file is located in wp-admin directory and named as install.php

This file is used to Install WordPress and after the installation, this file should be removed or protected. There are two different ways to do this 
  1. Delete the file after installing WordPress
  2. Add a slice of code to your .htaccess file to protect file from being misused

Deleting the Install.php file from WordPress directory

Any of these methods only takes a minute and work just fine. Now from above three methods the first one is delete the file. So right click and delete install.php from WordPress directory and the file will no longer exist. There is no reason to keep the file after installation. 

The downside of this approach is WordPress will return the missing file the next time you update. This is certainly easy method but the file error will be returned when next time you update wordpress so there is more fixed and flexible solution.

Add slice of code in .htaccess file to protect wp-install.php

Open the .htaccess file in your root installation directory and to protect the file on server level grab the copy of blank .htaccess file or create a new if it does not exist in wp-admin directory already. Next copy and paste the following code

# PROTECT install.php
<Files install.php>
 Order Allow,Deny
 Deny from all
 Satisfy all

Copy the above code and paste it in .htaccess file of your wp-admin directory or beneath any existing rule of .htaccess was already stored inside the directory and save the file. Lets check that this code is working or not, return to the browser and here is the default path of WordPress Installation file:

Open it and refresh the page and you see the Forbidden error 

You see that the page is now safe and secure and any request for installation file will be blocked. Any of the above techniques will improve the security by preventing unwanted site access. 


Post a Comment

Please Avoid Spamming. Comments will be moderated before they are published.