I suggest you ...

Auto-generating random WordPress database prefix to improve security

At the moment, a database prefix in each new WordPress instalation is set "wp_". This is makes a website insecure.

Could you auto-generate a random database prefix to fix that?

Thank you.
Marcin

56 votes
Sign in
(thinking…)
Sign in with: facebook google
Signed in as (Sign out)

We’ll send you updates on this idea

Marcin shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

9 comments

Sign in
(thinking…)
Sign in with: facebook google
Signed in as (Sign out)
Submitting...
  • Bas commented  ·   ·  Flag as inappropriate

    Why is this still not developed? Shouldn't be that hard and for security this would be very good!

  • Andrew commented  ·   ·  Flag as inappropriate

    Even after reading the Wordfence blog post that Ron posted, I think this is still a good feature request.

    There is zero downside to generating a prefix with some random characters -- if it's done at the time of installation, which is what we're talking about here.

    The upside might be small, but there's still a benefit. Even if it makes sites *slightly* less vulnerable, why not do it?

  • Marcin commented  ·   ·  Flag as inappropriate

    Ron, I have read most of the articles you shared.

    The main point that I see of the article is that changing the database prefix doesn't improve the security as there is a way for hackers to identify the changed database prefix, and changing it on a live site might cause issues.

    However, if the hacker or a bot does not know the way to detect the new database prefix, changing it improves makes it more work for them to hack your site.

    The idea is to auto-generating a random WordPress database prefix when the new application is created so that people do not need to try to change it on a live site.

    In my opinion, there is still a benefit to changing the database prefix.

  • Al commented  ·   ·  Flag as inappropriate

    I would use IThemes security. It's better and easier than wordfence for security anyway! It will also change the DB prefix for you in the "advanced settings" back up your DB first though!!!

  • Marcin commented  ·   ·  Flag as inappropriate

    Yes, they are tools that will help you do that, but it should be automated. Making life of all of us easier.

  • Bruce Munson commented  ·   ·  Flag as inappropriate

    I absolutely agree and support this!
    It is a WordPress security step that should always be done.

Feedback and Knowledge Base