Following the release of WordPress 3.8, named “Parker” in honor of Charlie Parker, today, we revisit some of the fundamental elements of securing your WordPress site. Do note that it’s always a good idea to temporarily deactivate your WordPress plugins before you make any major changes to your WordPress (versions 3.8 and below) security and database setup including changing the prefix of your WordPress tables. To do this simply log into your WordPress dashboard, click on plugins, highlight the plugins that you want to deactivate, AND select deactivate from bulk actions.
Replace your table prefixes
You can use notepad if you’re on Windows or TextEdit on OS X for your text editor. If you’re on Windows I will highly recommend using Notepad++ as it has many more features than the default text editor or notepad. If you would like to install notepad++ on your computer then download it here:
Once your sql file is opened in your text editor, use the search and replace feature to replace all of the’wp_’ prefixes. The shortcut for search and replace is ‘ctr+f’, and then click on the ‘Find in Files’ tab.
The new prefix of your WordPress tables should be complicated just like your passwords so that it will be difficult for hackers to crack. A prefix of ‘thisisnoteasytocrack_’ is better than wp_, but GHSbs6ks982ggh_ is much better. So, make a complicated database prefix and then replace it with the default prefix of wp_. You should get a dialog box that says
Drop your tables
Log into phpMyAdmin, and click on the database that you want to drop. Highlight all of the tables, click the ‘With selected’ dialog box, upon doing so it will ask you for a confirmation if you really want to delete the tables. Click the Yes button. You should then get a confirmation that your SQL query has been executed properly. Now, upon importing the new sql file you should get a success message that your database has been successfully imported
Open up Wp-Config
The last piece of the puzzle is to edit wp-config.php. You should be able to find this file in the root directory of where you installed your blog. Look for the code that states: $table_prefix =’wp_’; From here, replace the current table prefix with the new one you have just made. Save and then exit out of your ftp software. The part of code you should look for is highlighted. After this is done, you can reactivate your plugins and now have additional peace of mind.
One of the top security plugins that I would recommend for webmasters to utilize is Better WP Security. You can get it here:
One of the most common problems with using WordPress plugins involves not fully understanding the logic of the associated code, in which case you are like a blind person being guided by a complete stranger. In the worst case scenario make sure to backup all of your database information before installing any new WordPress plugin (free and premium included).