soulgrind r's Profile

AuthUserFile /dev/null

AuthGroupFile /dev/null

AuthName “Access Control”

AuthType Basic

order deny,allow

deny from all

# whitelist home IP address

allow from 64.233.169.99

# whitelist work IP address

allow from 69.147.114.210

allow from 199.239.136.200

# IP while in Kentucky; delete when back

allow from 128.163.2.27

1. Secure the /wp-admin/ directory

You probably know that most of your WordPress sensitive information is stored in the /wp-admin/ folder. Right out of the box, WordPress leaves that folder open, so people can access these files if they know what they are doing.

Matt suggests to place a .htaccess file inside the /wp-admin/ folder to block the access to all IP addresses, except yours. Here is the code you need to put in the .htaccess file:

Step 0: Before You Get Started



• Just in case something goes wrong, make sure you have a backup. WordPress Backups is a comprehensive guide.
  
• Make sure the database user name registered to WordPress has permission to create, modify, and delete database tables. If you installed WordPress in the standard way, and nothing has changed since then, you are fine.
  
• Deactivate your plugins. A plugin might not be compatible with the new version, so it's nice to check for new versions of them and deactivate any that may cause problems. You can reactivate plugins one-by-one after the upgrade. This is particularly important when upgrading to WordPress 2.7!

Step 1: Replace WordPress files



1. Get the latest WordPress. Either download and extract it to your computer or download it directly to the server.
   
   1. As a reminder, to extract a tar.gz to a folder use this command, replacing (folder name) with the name of your folder: tar -xvzf latest.tar.gz -C ./(folder name)
      
   2. Delete your old wp-includes and wp-admin directories.
      
   3. Copy the new WordPress files to your server, overwriting old files in the root, except perhaps the wp-content folder (see "NOTE" below). You may use FTP or shell commands to do so. Note that this means *all* the files, including all the files in the root directory as well. If you use the default or classic theme and have customized it, then you can skip that theme.
      

Click the “Edit” link next to the Text widget.

In the new form that opens paste the following:

In the single line box name the widget something like “Adverts” : note this will be used as the menu heading, you see this on your blog, if you just want the AdSense ad unit with no menu heading leave this box blank.

In the large second box add

*UPDATE* I’m not linking plugins on this list anymore – just visit my Wordpress Plugins Used page to get all the links you need after you read the checklist.





1. Get the lastest version of Wordpress, download and install
2. Find a new wordpress theme with a good layout and upload
3. Login for the first time and activate askimet module with API key. I also upload and enable Wordpress.com Stats plugin using the exact same API key.
4. Add first “welcome to the site” post, delete default post
5. Delete first comment and “hello dolly” plugin
6. Under “Options->Permalinks” enable “custom” /%postname%/ for clean SEO friendly url’s
7. Click update to .htaccess file, if it fails make .htaccess writeable
8. Update the list of ‘ping’ services in ‘options->writing’. Be default there only one, and you want to notify as many services as possible every time you post. Here is the the most up to date list of ping services I could find.