Last time I wrote about Wordpress security best practices and I guess my post was not so popular because someone tried an SQL Injection just to see if I am secure enough as I pretend.
At 7th point in that article I was telling you to change the prefix of database tables from wp_ to something else but I also warned you that this is a tricky part as you might end up with your blog broken. I usually do this part quickly by exporting the database tables, editing them offline, and importing the modified tables. The problems may appear when editing the exported file, so I will give you a second way of doing this job without problems. The disadvantage now is that it will take you more time, but it is easier.
1. Back-up your blog first.
Use backup plugins you have instaled on your blog or go to cPanel, click on the Backups icon and click on Generate/Download a full Backup and proceed with a Home Directory Backup.
2. Edit wp-config.php
While you are still in cPanel click on File Manager icon and look for wp-config.php file. Open it and look for a line that looks like this:
$table_prefix = ‘wp_’;
Change it into something like this:
$table_prefix = ‘rt23hash_’;
Of course, instead of rt23hash you will put there your desired prefix.
3. Change all tables prefix
Now it’s the time consuming part, so be careful not to miss a step.
In cPanel go to phpMyAdmin. Select the database of your blog (if you have only your blog on your domain, there will be only one database). You will se something like in the picture below:
On the left list you will see all the tables in the database. Note that you might have more tables, depending on your installed plugins. For each table, click on its name in the left column and then click on Operations.
Change the prefix from wp_ to your desired prefix (in our example rt23hash_). DON’T forget the underscore. Click OK and then go to the next table until all tables will have the new prefix.
4. Edit wp_options
The old wp_options table will be now rt23hash_options or whatever prefix you entered. Click on it, make sure it’s on Browse tab and look for a column option_name. There are more than 300 entries in the table, so you will have to browse between pages until you find wp_user_roles. Change its prefix too (it will become rt23hash_user_roles in our example) by clicking on the pen icon.
5. Edit wp_usermeta
This step is similar with step 4, only this time we will select rt23hash_usermeta (old wp_usermeta table).
Change every value under meta_key column header that starts with the old prefix wp_ to the new prefix (rt23hash_ in this example). The number of records might be different for your web site. I had values like wp_capabilities, wp_autosave_draft_ids, wp_user_level, wp_usersettings, and wp_usersettingstime for the field meta_key.
That’s it. Your blog should be a lot more secure now giving you the peace of mind to focus on blogging. Test your blog, see if you can login and access your dashboard.
If everything is ok, do another back-up. Keep also the old back-up, just in case you will discover an issue later. But if you did everything step by step, and you didn’t miss some entries in the tables, it should be fine.
Your friends are using WordPress too? Give them the link to this article so they secure their blogs too.
Articole asemanatoare:
Great artigle :) keep doing this great work