Welcome to the Treehouse Community
Looking to learn something new?
Martin Falada1,628 Points
New WordPress Class - Security Suggestion
I have been using WP for a while now, but I am going through the course out of interest.
I noticed it suggests using the 1 Click Install... which I don't generally suggest doing... but if you are going to do that there is an important step that was missed.
In the setup area, Zac suggests changing the Admin name... this is a good point... but skipped right over changing the DATABASE PREFIX.
Some 1-Click installers will randomize DB Prefix, but not all do. Many will just leave it as wp_
It is very important to randomize the DB Prefix because it makes SQL injection attacks very difficult. If you just use the "Default" Prefix, then an attacker can easily know the table names when they are crafting their attacks.
wp_users is VERY common mySQL table for WP (since majority of people do not know to change it). So many attackers hit that.
jh3ad_users is random and thus would not be in the hackers "toolbelt" meaning they would have to find a different way.
Food for thought, that this may be something to add to the video as a pop up bubble or something.
Zac GordonTreehouse Guest Teacher
+1 to this point
I mention this in some of the course, but not in the others, depending on the level or if I can assume they should know it. Great to post the point tho!