Useful Security Musts For WP-CONFIG.PHP
The wp-config.php file is the most important file in the WordPress installation. The file sits in the root of your WP installation and configures the database connection functionalities but also has some very important security details that can easily be updated to save your site from being hacked.
To access the wp-config.php file you can log into your FTP or Cpanel and edit the file on the fly. This article assumes that you already have your WordPress site setup.
The security keys is a set of encrypted variables which stores information in the user’s cookies. If you installed your WordPress prior to version 3.0 then you would have had to install the security keys manually in the wp-config.php file. However, the later version of WordPress wp-config file now come pre-installed with the security keys. Another thing to note is that prior to 3.0 there use to be 4 secret keys however, post 3.0 there are now 8 security keys available.
A set of SALTS can be generated here – WordPress Security Key Generator.
How do I update my Salts?
Like previously mentioned the Salts can be accessed from the wp-config.php file which can be found in your FTP or CPANEL on the root directory.
It’s a simple task of copying and replacing the current salts found in this page.
Changing the database prefix
The database prefix “WP_” is default across all WordPress installations. As another level of security is highly recommended to change this. The WP_ prefix can be changed on the first instance of the WordPress installation, but also must be updated in the wp_config.php file.
If you did not update your wp_ prefix in the database when you initially installed your WordPress site it can get a little tricky.
Before undertaking any changes your site, especially updating files and databases it’s imperative to take a backup of your site. We use the BackupWordPress plugin! OK, lets get started.
Step 1: Open your wp-config.php file and change the
$table_prefix = 'wp_';to something unique. It might be adding a few random numbers such as wp_12874_.
Step 2: Through MyPhpAdmin access your database. By default there are 11 database tables. If you have installed other plugins, there might be a few more than 11. You will need to click on the SQL tab and input the following;
RENAME table `wp_commentmeta` TO `wp_12874_commentmeta`;
RENAME table `wp_comments` TO `wp_12874_comments`;
RENAME table `wp_links` TO `wp_12874_links`;
RENAME table `wp_options` TO `wp_12874_options`;
RENAME table `wp_postmeta` TO `wp_12874_postmeta`;
RENAME table `wp_posts` TO `wp_12874_posts`;
RENAME table `wp_terms` TO `wp_12874_terms`;
RENAME table `wp_term_relationships` TO `wp_12874_term_relationships`;
RENAME table `wp_term_taxonomy` TO `wp_12874_term_taxonomy`;
RENAME table `wp_usermeta` TO `wp_12874_usermeta`;
RENAME table `wp_users` TO `wp_12874_users`;
Step 3: In the options table we need to also find any “wp_” prefixes and update this. And yes, we have another SQL Query for you. So like you previously did use the following code from the SQL tab.
SELECT * FROM `wp_12874_options` WHERE `option_name` LIKE '%wp_%'
Step 4: We also need to update the UserMeta table. Like you just did we will use the following code
SELECT * FROM `wp_12874_usermeta` WHERE `meta_key` LIKE'%wp_%
We are done!
These are two very important aspects to updating your wp-config file to prevent security hacks. It is recommended that ALL WORDPRESS sites undertake these two steps.
If you wish MySiteGotHacked to help you do this, feel free to contact us. But remember, don’t do anything without BACKING UP!