Forums

The forums ran from 2008-2020 and are now closed and viewable here as an archive.

Home Forums Back End WordPress Security Question

  • This topic is empty.
Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • June 1, 2010 at 12:39 pm #29210
    JoshWhiteDesign
    Member

    Hi everyone,

    I was curious about a question regarding some security recommendations made by Chris in his book. Specifically where you alter the database prefixes prior to installation in the config file from "wp_" to something else.

    Does altering this affect anything like plugin installation? Or if you upgrade to a new version WP, does that remain unaffected, or does it change how these things function?

    Thanks!
    Josh

    June 5, 2010 at 7:25 am #77127
    rudynorman
    Member

    The short answer to all your questions is "no". You’re fine in changing the prefix just as Chris recommends. For one, if you weren’t, then Chris and Jeff wouldn’t have put the suggestion in the book. Allow me to try and explain it.

    Wordpress isn’t as dump as to ONLY be able to be installed on databases with "wp_" table prefixes. Instead, WordPress uses the prefix you define, and installs on the database you choose. Everything about wordpress them becomes dependent on your server – including your table prefix, database name, URL, etc. It’s all different in every case that WordPress is installed, so to have ONE groups of settings that EVERYONE has to follow doesn’t make much sense.

    As for your plugins, many of them set up their own tables on your database anyway, which means your "wp_" prefix usually only affects your actual wordpress install.

    Sorry if I didn’t do a great job explaining it – I find it hard to type out a detailed description. Just understand that you’re perfectly safe in changing the "wp_" prefix for the database.

    Now changing it for the URL’s on the files … that’s a different story in which you are NOT safe to do so unless you seriously know what you’re doing!

    June 8, 2010 at 6:04 pm #77380
    Chris Coyier
    Keymaster

    Exactly what I would have said…

    If the plugin was really trying to follow convention, it could always access your definied prefix and add tables with that. I’m not sure what percentage of plugins actually do that, but I bet some do and some don’t. Ultimately, I don’t think you’ll ever notice any issues with changing the prefix, and potentially prevent some bad scripts from doing bad things while you are at it.

  • Author
    Posts
Viewing 3 posts - 1 through 3 (of 3 total)
  • The forum ‘Back End’ is closed to new topics and replies.