Hosting and Security
The default table prefix for a wordpress install is ‘wp_’ – make it different! Any attacker attempting to access database tables will use the default naming convention first – don’t make it easier for them!
Changing the table prefix on an existing site is quite involved so employ this from the outsetwhen you’re running through the setup.
Should you wish to do this to an existing installation, the table_prefix variable can be found as shown below in the wpconfig.php file:
This article describes how to set WordPress AUTH KEY parameters in your wp-config.php file to secure your cookies. These will ensure that your authentication cookies are encrypted using unique random salts – Codeseekah has done a good write-up and explanation here.
Let’s do it.
The page https://api.wordpress.org/secret-key/1.1/salt/ will generate suitably unique and random values on the fly and will look something like this:
define('AUTH_KEY', '-p*ac:4WAYd];@(XCtrR95F9 GM..7Ty-y/K?wVq1k|U*-QaX9<Tq[$v7SwI$[oj');
define('SECURE_AUTH_KEY', '[7;l|#G27hS<$N`H@V~PM8Tj<^rV[t|Tj(IB +?%ZTUyN8|1xM(ob|[cHzxq-C(^');
define('LOGGED_IN_KEY', 'xo|R-p(9;qNK9rhR^zwU+lgvQV0oR6jgqJ8|.=np1)>dc&Qx+-2b&d30ZxeDE(|c');
define('NONCE_KEY', '0@/BT#+%IQ3S#9YQg_h=.7zhq);|,TZ3j]*2<a]UuANXpX,ZIXf:kkfyV+@6zzPq');
define('AUTH_SALT', 'W+z`<d`6}aT #feo0#;q^+:})e,oCq*9A3u6=WXxsN^{2<5@.n53wQk2qa@4QPpI');
define('SECURE_AUTH_SALT', '6Z*}0sukZof!iCs|2]7bef9tLfbfjY@R#[<K-e3kgF~mIsu?&2-uzs@c>[i-IT8v');
define('LOGGED_IN_SALT', '=9o-~qia+jLY-ByE+Bc8T-j#=YH!mE-Hz4a,i-xR~nt)zoP[E:d8: J-tC^ke!?X');
define('NONCE_SALT', 'D|/=Qk+#0X@|?1217$AJQqR9h;|NOoc_|-q${B](
Now edit your file using vi, pico or nano etc:
# vi wp-config.php
Look for the section below which will have empty values, delete and replace with the ones you’ve generated above:
Save and exit, job done.
Warning: All you currently logged-in users will be logged out so make sure you tell them first!