WordPress Database Security: Why Change the Database Tables PrefixSubmitted by Robert Abela on July 19, 2011 - 6:36 am 44 Comments
The majority of reported WordPress database security attacks were performed by exploiting SQL Injection vulnerabilities. By renaming the WordPress database table prefixes you are securing your WordPress blog and website from zero day SQL injections attacks.
WordPress Database Security: The Prefix Guessing Game
By default, all WordPress database tables’ names start with the prefix “wp_” as shown in the screen shot below.
If a malicious user discovers a zero day SQL injection vulnerability in WordPress (which does happen from time to time), unless you rename the WordPress database table prefixes to something else, the malicious user can easily guess the WordPress database table names and exploit the vulnerability against your blog or website. To make things worse, there are a myriad of scripts and automated scanners available on the internet that specifically scan and target WordPress blogs and websites. If a malicious user exploits such vulnerability against your blog or website, he can:
- Gain administrative access to your blog.
- Tamper your blog and website.
- Gain access to other sensitive databases on that server.
- Gain administrative access to your web server.
Therefore by renaming the WordPress database table prefixes, you are automatically enforcing your WordPress database security against such dangerous attacks because the attacker would not be able to guess the table names. We recommend to use difficult to guess prefixes, like long random strings which include both letters and numbers.
WebsiteDefender WordPress Security is the ultimate plugin created by WebsiteDefender to secure your WordPress installation, which helps you automate this process. Alternatively you can manually change your WordPress database table prefixes manually by following this step by step guide; How to manually change WordPress database table name prefix
- Pingback: How To Change Default wp_ Table Prefix in WordPress - WPSpeak.com on May 8, 2013
- Pingback: How To Change Default wp_ Table Prefix in WordPress | A Pressed World on May 16, 2013
Sorry, comments for this entry are closed at this time.