WordPress.org

Ready to get started?Download WordPress

Forums

2 Suggestions to decrease hacking / hackers (7 posts)

  1. gariben
    Member
    Posted 5 years ago #

    My sites are getting hacked regularly even though my sites are currently up to date and only using the most to update popular plugins

    I think there are some easy modifications that might reduce hacking.

    1) the admin users always defaults to "admin". On the installation, we should have an option to choose our own username.

    2) the table_prefix is defaulted to "wp_"; Maybe we can leave the default as "wp_" but on the installation, it should ask us if we want to change the table prefix.

    Thanks,
    Mike

  2. Jeremy Clark
    Moderator
    Posted 5 years ago #

    1. http://codex.wordpress.org/Hardening_WordPress#Security_through_obscurity
    2. When editing your wp-config.php file you had the option to change this.
    http://codex.wordpress.org/Editing_wp-config.php

  3. Roy
    Member
    Posted 5 years ago #

    1. It can be done lateron, but indeed, if it was asked before install, there would be a lot less admin logins;
    2. That's true and actually a very good idea to be beforehand. Maybe it can be a tip in the installation instructions.

  4. gariben
    Member
    Posted 5 years ago #

    thanks for the reply.

    1) Yes.. I just recently changed some of my hack sites to a different username via phpmyadmin. I'm saying..alot of people might not know how to change the username. Also.. it makes it harder for hackers to hack into WordPress sites if everybody uses different username instead of "admin"

    2) Yes.. I found out that we didn't know we need to use "wp_" But how many people actually know this? We should let the user defined the 2 or 3 characters for the table_prefix. I only knew about this when the sites were hacked. It's kinda tedious to change table_prefix if you have already created/setup the wordpress sites

    Basically.. these two measures are to make wordpress sites harder to hack. As WordPress becomes more and more popular (it's already popular) more hackers and amateur hackers will tried to hack sites using "admin" username or searching for "wp_" as it is the most common.

    Anyways.. these are just suggestions.. and I think it is fairly simple to implement.

    Thanks,
    Mike

  5. whooami
    Member
    Posted 5 years ago #

    But how many people actually know this?

    as many as actually read the wp-config.php; presumably you dont fall into that category.

  6. Samuel Wood (Otto)
    Tech Ninja
    Posted 5 years ago #

    1. I wish it were possible to change the username from within the admin screens. Yeah, the user would have to relogin, but heck, they just typed in a username, meh?

    2. It would be fairly easy to let the automatic wp-config setup ask for a prefix, actually. Might be worth adding. If you've never used the automatic setup, create a brand new wp site, but don't create a wp-config.php file first. Really. It works.

  7. whooami
    Member
    Posted 5 years ago #

    Might be worth adding.

    yah, get ready for an additional 1000 support questions. a day.

Topic Closed

This topic has been closed to new replies.

About this Topic