Hardening WordPress: Pre-Install – Don’t Use the Default wp_ Database Table Prefix

This entry is part 1 of 2 in the series Hardening Wordpress

The default table prefix for a wordpress install is ‘wp_’ – make it different! Any attacker attempting to access database tables will use the default naming convention first – don’t make it easier for them!

Changing the table prefix on an existing site is quite involved so employ this from the outsetwhen you’re running through the setup.

Should you wish to do this to an existing installation, the table_prefix variable can be found as shown below in the wpconfig.php file:

Hardening WordPress: Set Unique Auth Keys and Salts for Authentication Cookie Encryption

This entry is part 2 of 2 in the series Hardening Wordpress

This article describes how to set WordPress AUTH KEY parameters in your wp-config.php file to secure your cookies. These will ensure that your authentication cookies are encrypted using unique random salts – Codeseekah has done a good write-up and explanation here.

Let’s do it.

The page https://api.wordpress.org/secret-key/1.1/salt/ will generate suitably unique and random values on the fly and will look something like this:

define('AUTH_KEY', '-p*ac:4WAYd];@(XCtrR95F9 GM..7Ty-y/K?wVq1k|U*-QaX9<Tq[$v7SwI$[oj');
define('SECURE_AUTH_KEY', '[7;l|#G27hS<$N`H@V~PM8Tj<^rV[t|Tj(IB +?%ZTUyN8|1xM(ob|[cHzxq-C(^');
define('LOGGED_IN_KEY', 'xo|R-p(9;qNK9rhR^zwU+lgvQV0oR6jgqJ8|.=np1)>dc&Qx+-2b&d30ZxeDE(|c');
define('NONCE_KEY', '0@/BT#+%IQ3S#9YQg_h=.7zhq);|,TZ3j]*2<a]UuANXpX,ZIXf:kkfyV+@6zzPq');
define('AUTH_SALT', 'W+z`<d`6}aT #feo0#;q^+:})e,oCq*9A3u6=WXxsN^{2<5@.n53wQk2qa@4QPpI');
define('SECURE_AUTH_SALT', '6Z*}0sukZof!iCs|2]7bef9tLfbfjY@R#[<K-e3kgF~mIsu?&2-uzs@c>[i-IT8v');
define('LOGGED_IN_SALT', '=9o-~qia+jLY-ByE+Bc8T-j#=YH!mE-Hz4a,i-xR~nt)zoP[E:d8: J-tC^ke!?X');
define('NONCE_SALT', 'D|/=Qk+#0X@|?1217$AJQqR9h;|NOoc_|-q${B](

Now  edit your file using vi, pico or nano etc:

# vi wp-config.php

Look for the section below which will have empty values, delete and replace with the ones you’ve generated above:

Save and exit, job done.

Warning: All you currently logged-in users will be logged out so make sure you tell them first!

Exit mobile version