After WordPress installation

Last Revised: October 2, 2021

This configuration that I present to you can be configured prior to the installation of a new WordPress, but there is an element that you will need in the installation and that you will then have to block. It is the creation file of the Configuration [/wp-admin/setup-config.php] and the Installation [/wp-admin/install.php].

When you finish installing your WordPress for the first time, you will no longer need this file, and no one should be able to access it either, so we will limit your access:

In Apache HTTPD (in the folder /wp-admin/file.htaccess):

<files ~="" "^(install|setup-config).php"="">
  deny from all

In nginx:

location ~* ^/wp-admin/(install|setup-config).php {
  deny all;

Seguir con Seguridad para WordPress

About this document

This document is regulated by the EUPL v1.2 license, published in WP SysAdmin and created by Javier Casares. Please, if you use this content in your website, your presentation or any material you distribute, remember to mention this site or its author, and having to put the material you create under EUPL license.