WordPress DB prefix


#1

By default EE + WordPress site is currently using the default WordPress DB prefix value of “wp_”. To increase your site’s security you should consider changing the DB prefix value to another value…


#2

All you need to do is edit this file

/etc/ee/ee.conf

and change PREFIX from false to true on this line

prefix = false

to

prefix = true

This will give you option to create your own prefix every time you create a new site.


#3

Although some security plugins recommend doing this, it doesn’t really provide any increased security at all. If someone can access your database then it’s already too late as it’s then trivial to find the prefix/table names.


#4

It’s not related to direct access to the database, only to attack like SQL injections.With the wp_ prefix, in case of security vulnerabilities, attacker may be able to inject data in your tables.


#5

For example Serverpilot changes your Wordpress DB prefix automatically which is really nice feature.


#6

Just use phpmyadmin to replace the default table prefix and then edit the prefix in your wp-config.php file.


#7

It’s not related to direct access to the database, only to attack like SQL injections.With the wp_ prefix, in case of security vulnerabilities, attacker may be able to inject data in your tables.

If they can inject SQL they can get the prefix - it’s no protection at all from this :slight_smile:


#8

No, but SQL injection will be easier if the attacker already now what tables of your database he should attack. With a custom prefix, it make it harder


#9

#10

When you check your nginx log you may found some records like :

/wp-content/plugins/my_custom_plugin/check_user.php?userid=-6859
 UNION ALL SELECT (SELECT CONCAT(0x7171787671,IFNULL(CAST(ID AS
 CHAR),0x20),0x616474686c76,IFNULL(CAST(display_name AS
 CHAR),0x20),0x616474686c76,IFNULL(CAST(user_activation_key AS 
CHAR),0x20),0x616474686c76,IFNULL(CAST(user_email AS 
CHAR),0x20),0x616474686c76,IFNULL(CAST(user_login AS 
CHAR),0x20),0x616474686c76,IFNULL(CAST(user_nicename AS 
CHAR),0x20),0x616474686c76,IFNULL(CAST(user_pass AS 
CHAR),0x20),0x616474686c76,IFNULL(CAST(user_registered AS 
CHAR),0x20),0x616474686c76,IFNULL(CAST(user_status AS 
CHAR),0x20),0x616474686c76,IFNULL(CAST(user_url AS CHAR),
0x20),0x71707a7871) FROM 
wp.wp_users LIMIT 0,1),NULL,NULL--

As you can see, the last line is FROM wp.wp_users. I have already faced to massive attacks on some servers, I use Graylog to analyze all logs and to alert me if it detect some particular queries, and almost all SQL injections attacks try to alert wp_users or wp_option, and the table is directly selected in the nginx request.


#11