Support » Requests and Feedback » 2 Suggestions to decrease hacking / hackers

  • gariben

    (@gariben)


    My sites are getting hacked regularly even though my sites are currently up to date and only using the most to update popular plugins

    I think there are some easy modifications that might reduce hacking.

    1) the admin users always defaults to “admin”. On the installation, we should have an option to choose our own username.

    2) the table_prefix is defaulted to “wp_”; Maybe we can leave the default as “wp_” but on the installation, it should ask us if we want to change the table prefix.

    Thanks,
    Mike

Viewing 6 replies - 1 through 6 (of 6 total)
  • Jeremy Clark

    (@jeremyclark13)

    Member

    1. http://codex.wordpress.org/Hardening_WordPress#Security_through_obscurity
    2. When editing your wp-config.php file you had the option to change this.
    http://codex.wordpress.org/Editing_wp-config.php

    Roy

    (@gangleri)

    1. It can be done lateron, but indeed, if it was asked before install, there would be a lot less admin logins;
    2. That’s true and actually a very good idea to be beforehand. Maybe it can be a tip in the installation instructions.

    gariben

    (@gariben)

    thanks for the reply.

    1) Yes.. I just recently changed some of my hack sites to a different username via phpmyadmin. I’m saying..alot of people might not know how to change the username. Also.. it makes it harder for hackers to hack into WordPress sites if everybody uses different username instead of “admin”

    2) Yes.. I found out that we didn’t know we need to use “wp_” But how many people actually know this? We should let the user defined the 2 or 3 characters for the table_prefix. I only knew about this when the sites were hacked. It’s kinda tedious to change table_prefix if you have already created/setup the wordpress sites

    Basically.. these two measures are to make wordpress sites harder to hack. As WordPress becomes more and more popular (it’s already popular) more hackers and amateur hackers will tried to hack sites using “admin” username or searching for “wp_” as it is the most common.

    Anyways.. these are just suggestions.. and I think it is fairly simple to implement.

    Thanks,
    Mike

    whooami

    (@whooami)

    Member

    But how many people actually know this?

    as many as actually read the wp-config.php; presumably you dont fall into that category.

    Moderator Samuel Wood (Otto)

    (@otto42)

    WordPress.org Admin

    1. I wish it were possible to change the username from within the admin screens. Yeah, the user would have to relogin, but heck, they just typed in a username, meh?

    2. It would be fairly easy to let the automatic wp-config setup ask for a prefix, actually. Might be worth adding. If you’ve never used the automatic setup, create a brand new wp site, but don’t create a wp-config.php file first. Really. It works.

    whooami

    (@whooami)

    Member

    Might be worth adding.

    yah, get ready for an additional 1000 support questions. a day.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘2 Suggestions to decrease hacking / hackers’ is closed to new replies.