WordPress Security…


With all the recent press about global brute force attacks on WordPress I decided to install the Better WP Security plugin last Sunday.

It includes loads of security features, including the big ones mentioned in the recent attacks:

  • Changing the name of the “admin” user.
  • Changing the ID of your renamed admin user.
  • Changing the table prefix.
  • Max login attempts lockdown.

Of the 5 blogs I manage, 4 worked straight off with this plugin. Unfortunately, one required a few attempts, so remember to take filesystem and database backups before you start or you may not end up in a happy place.

Over the week since activating the plugin I’ve been quite interested/scared by the results. I’ve been getting several emails a day telling me of user lockdowns due to attempted brute force attacks originating from USA, Russia and the Netherlands.

If you have a self-hosted WordPress installation, you really need to take some basic steps stop yourself becoming a victim. There are a number of security plugins available, which I’m sure work equally well, but I only have experience of this one.

Good luck.



How to Change the WordPress Table Prefix


Assuming my current WordPress prefix was “wp_” and I wanted to change it to “banana_”, then I would do the following…

Take a backup of your database and file system. Remember, if you screw up and trash your blog you will thank yourself for the extra time you spent doing this!

Amend the “$table_prefix” setting in the “wp-config.php” file.

$table_prefix = 'banana_'; // Only numbers, letters, and underscores please!

Rename all the tables, swapping the “wp_” prefix with “banana_”. For example, the following statement would rename the “wp_comments” table to “banana_comments”.

RENAME TABLE wp_comments TO banana_comments

Perform the following updates.

UPDATE banana_options SET option_name = 'banana_user_roles' WHERE option_name = 'wp_user_roles'
UPDATE banana_usermeta SET meta_key = 'banana_capabilities' WHERE meta_key = 'wp_capabilities'
UPDATE banana_usermeta SET meta_key = 'banana_user_level' WHERE meta_key = 'wp_user_level'
UPDATE banana_usermeta SET meta_key = 'banana_autosave_draft_ids' WHERE meta_key = 'wp_autosave_draft_ids'

If you don’t do these updates, the blog will work, but when you try to access the admin site you will be greeted with a message saying,

You do not have sufficient permissions to access this page.

That’s it!



WordPress 3.3 Released…


WordPress 3.3 is now live and ready for download.

The automatic upgrade was as smooth as ever. A couple of themes needed to be upgraded too. The menus are a little different and there is now a new persistent dashboard header, but it all seems like business as usual for the casual blogger like me.