Posted 4 years ago #
I've read some dated information on using the WP Prefix Table Changer plugin. It sounds like a good plugin to use, but is it truly "safe" to run? And does it work without problems with WP 2.5.1?
This is my first WordPress blog, so I'm a little hesitant to automatically use a plugin like this. Any feedback is appreciated.
Thanks.
I'd guess it should be safe with 2.5.1 but I'd want to read and follow closely the Backing_Up_Your_Database instructions before using that plugin!
http://blogsecurity.net/wordpress/wp-prefix-changer-v11-released/
Posted 4 years ago #
If you don't mind me asking, is changing the WP prefix really something that should be done? In your opinion, do most people change it -- or not? I'm guess, since I'm not a seasoned WP user, making that change makes me a little nervous. :-)
I'm currently using the WP Database Backup plugin to create backups. I hope its ability to restore is reliable. That's something I've not had to do yet, and that too makes me a little nervous.
Sounds like a I'm a nervous user, huh?! :-)
If you don't mind me asking, is changing the WP prefix really something that should be done?
Generally speaking? It wont ever hurt, and it can/might help. There's only one real reason for doing it, and it's to help ward off scripted attacks that assume the prefix is wp_ It's set by the way, inside your wp-config.php, and can be changed before any fresh install.
Theoretically though, if a large enough hole exists, and a malicious person is determined and smart enough, they could potentially use SQL to gleem your tables names (asuming they get that far). Furthermore, while it happens less and less, there are still occassional hiccups where MySQL errors show up on pages -- which of course, negates the whole purpose of the plugin.
Where this does really come in handy is scripted attacks though. 10 times out 10, if the WP database is defined in an exploit script, they use the standard wp_
Posted 4 years ago #
@whooami nice insight there. I totally overlooked on the SQL injection part.
Is that your plugin, Lester? I didnt even know.
I dont mean to suggest that its a not a good idea, lest anyone read my reply and come away thinking that. On the contrary, I dont think anyone should be using the default prefix, for reasons already stated. :)
But then, I also think that MySQL errors and PHP errors shouldn't be spit out onto pages either. And your error_log shouldnt be readable either.
Ah well.
Oh, and the important bits inside wp-config.php should be called from a file that lives outside of your web directory too :)
Posted 4 years ago #
http://wordpress.org/extend/plugins/wp-security-scan/ includes the table prefix changing code to work up to 2.5.1 and hides errors as well while activated.
Posted 4 years ago #
@whooami Nope that is not my plugin. I just happen to want to change my table prefix when I come across this. =D
This topic has been closed to new replies.
