- Install the newest version only
- Don't install from cpanel/fantastico. Do it yourself.
- Change the secret keys in wp-config.php to something different
- Change the database prefix in wp-config.php from the default wp_
- Install only necessary plugins (prevents exploits from direct input)
- Remove unused themes (prevents exploits from direct input)
- Remove unused plugins
- Change the admin username to anything other than admin
- In the user profile, change "Display name publicly as" to something other than your username. Use firstname or something else so people can't see your username when viewing blog posts.
- Wordpress should be at most 1 version behind the most up-to-date
- Wait a week or two for any version to stabilize before upgrading
- Update plugins regularly
- If daily backups aren't made, backup prior to doing upgrades
This can get tricky. There are several fields in the database that rely on the prefix. By changing the database prefix, you might run into a permission error when logging in to wordpress Use the steps below to fix this. If you change the prefix before installing this should work out of the box. Using the Site Software section of cPanel does not work as expected. (Fantastico not tested)
In the {prefix}options table, the wp on the wp_user_roles setting needs to be whatever the database prefix is. So if the database prefix is wpdb_, then the options table is called wpdb_options and wp_user_roles needs to be changed to wpdb_user_roles.
In the {prefix}usermeta table, all meta_key fields starting with wp need to be updated to the {prefix}. So wp_capabilities would be changed to wpdb_capabilities if using the example above.
The plugin WSD Security has an option to change the prefix for you.