Title: Are default settings sure enough?
Last modified: August 20, 2016

---

# Are default settings sure enough?

 *  [wpreser](https://wordpress.org/support/users/wpreser/)
 * (@wpreser)
 * [13 years, 11 months ago](https://wordpress.org/support/topic/are-default-settings-sure-enough/)
 * Hi,
 * I’d like to know if, for beginners, the default install settings are enough sure
   for wp-based blog or website?
    If I install WordPress and do nothing to modify
   codes or make modifications, will my website be enough secure?
 * Thank you

Viewing 10 replies - 1 through 10 (of 10 total)

 *  [rafa1](https://wordpress.org/support/users/rafa1/)
 * (@rafa1)
 * [13 years, 11 months ago](https://wordpress.org/support/topic/are-default-settings-sure-enough/#post-2789164)
 * If by secure you mean nobody can hack into it, as long as you are updated to 
   the newest version (which you can do automatically if you’d like) yes.
 * If you want to be 1000% secure instead of 100% you can do a little more such 
   as (if you did quick install) change the default username of admin to something
   else.
 * Theres more on this [site](http://markmaunder.com/2011/12/08/wordpress-security-ways-hack-wordpress-site/).
 *  Thread Starter [wpreser](https://wordpress.org/support/users/wpreser/)
 * (@wpreser)
 * [13 years, 11 months ago](https://wordpress.org/support/topic/are-default-settings-sure-enough/#post-2789176)
 * Of course I’d like to be secure 1000% with a little web development knowledge!
   
   Do WP developers deliver by default “highly-secured” tool or should we be a savvy
   developer to get his own WP website as secure as possible? If it is only a matter
   of changing the default admin account, it is easy to attain! Are you sure that
   changing the default username will switch the security level up to 1000% instead
   of 100%? I’m a little bit doubtful..!
 *  [rafa1](https://wordpress.org/support/users/rafa1/)
 * (@rafa1)
 * [13 years, 11 months ago](https://wordpress.org/support/topic/are-default-settings-sure-enough/#post-2789184)
 * Ok, more like 250% more. That [link](http://markmaunder.com/2011/12/08/wordpress-security-ways-hack-wordpress-site/)
   explains why
 * > Do WP developers deliver by default “highly-secured” tool or should we be a
   > savvy developer to get his own WP website as secure as possible?
 * Yes. As long as you have downloaded the newest model (which you can do automatically).
   People are able to hack the older ones, but the WordPress community is so big
   and active that as soon as new ways to hack it come out new solutions to avoid
   them come up too. I could be wrong, but I feel like the Drupal and (whatever 
   the other one ) community isn’t as big and passionate about their CMS.
 * As I said earlier you can automatically have the new wordpress versions update
   automatically. Even if you don’t there will be a reminder on your screen.
 * You can also find plugins to be more secure. I had never tried any. But to answer
   your question, yes, developers deliver a very “highly secured” tool to begin 
   with.
 *  Thread Starter [wpreser](https://wordpress.org/support/users/wpreser/)
 * (@wpreser)
 * [13 years, 11 months ago](https://wordpress.org/support/topic/are-default-settings-sure-enough/#post-2789188)
 * OK, thanks.
    By the way, about plugin, could we really trust them? Are they verified
   and approved by WP developers or they add their plugins, as in a market, and 
   it is up to the user on his own to choose? I tried a plugin (with more 1 million
   downloads!) but I lost my WP install, so I’m a little bit skeptical!
 *  Thread Starter [wpreser](https://wordpress.org/support/users/wpreser/)
 * (@wpreser)
 * [13 years, 11 months ago](https://wordpress.org/support/topic/are-default-settings-sure-enough/#post-2789189)
 * The plugin in question is “Better WP Security” !
    After I installed it and applied
   the “recommended” options, I lost the access to my localhost install!
 *  [rafa1](https://wordpress.org/support/users/rafa1/)
 * (@rafa1)
 * [13 years, 11 months ago](https://wordpress.org/support/topic/are-default-settings-sure-enough/#post-2789193)
 * > By the way, about plugin, could we really trust them? Are they verified and
   > approved by WP developers or they add their plugins, as in a market, and it
   > is up to the user on his own to choose?
   >  I tried a plugin (with more 1 million
   > downloads!) but I lost my WP install, so I’m a little bit skeptical!
 * Wow. Thanks for telling me that. I assumed that plugins with enough downloads(
   about 10k+) are trustable.
 * U think somebody knew any of your passwords, or you accidentally changed a theme
   option. Or in other words, what happened to your WP install?
 *  Thread Starter [wpreser](https://wordpress.org/support/users/wpreser/)
 * (@wpreser)
 * [13 years, 11 months ago](https://wordpress.org/support/topic/are-default-settings-sure-enough/#post-2789206)
 * It was down! I can’t access the install folder! So, I removed WP and re-installed
   WP _de nouveau_!
    Edit: the downloads number was more than 100 000, not 1 000
   000 as I said in the previous post.
 *  [rafa1](https://wordpress.org/support/users/rafa1/)
 * (@rafa1)
 * [13 years, 11 months ago](https://wordpress.org/support/topic/are-default-settings-sure-enough/#post-2789214)
 * 100k’s still a lot. Hmm…I’m assuming you went to the directory in Cpanel. So 
   was there nothing in that file, or did the file not extend? And you couldn’t 
   press duplicate on the folder and back it up just in case?
 *  [WPyogi](https://wordpress.org/support/users/wpyogi/)
 * (@wpyogi)
 * [13 years, 11 months ago](https://wordpress.org/support/topic/are-default-settings-sure-enough/#post-2789216)
 * @ wpreser — did you look at this page:
 * [http://codex.wordpress.org/Hardening_WordPress](http://codex.wordpress.org/Hardening_WordPress)
 *  Thread Starter [wpreser](https://wordpress.org/support/users/wpreser/)
 * (@wpreser)
 * [13 years, 11 months ago](https://wordpress.org/support/topic/are-default-settings-sure-enough/#post-2789224)
 * Thank you for the link, WPyogi.
    I found the following:
 * > Note that wp-config.php can be stored ONE directory level above the WordPress(
   > where wp-includes resides) installation. Also, make sure that only you (and
   > the web server) can read this file (it generally means a 400 or 440 permission)
 * I have this file at 644, have I do it 400 or 440? The website will continue to
   work?

Viewing 10 replies - 1 through 10 (of 10 total)

The topic ‘Are default settings sure enough?’ is closed to new replies.

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 10 replies
 * 3 participants
 * Last reply from: [wpreser](https://wordpress.org/support/users/wpreser/)
 * Last activity: [13 years, 11 months ago](https://wordpress.org/support/topic/are-default-settings-sure-enough/#post-2789224)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics