Welcome to the Treehouse Community
Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community!
Looking to learn something new?
Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.Start your free trial
Martin Falada1,628 Points
New WordPress Class - Security Suggestion
I have been using WP for a while now, but I am going through the course out of interest.
I noticed it suggests using the 1 Click Install... which I don't generally suggest doing... but if you are going to do that there is an important step that was missed.
In the setup area, Zac suggests changing the Admin name... this is a good point... but skipped right over changing the DATABASE PREFIX.
Some 1-Click installers will randomize DB Prefix, but not all do. Many will just leave it as wp_
It is very important to randomize the DB Prefix because it makes SQL injection attacks very difficult. If you just use the "Default" Prefix, then an attacker can easily know the table names when they are crafting their attacks.
wp_users is VERY common mySQL table for WP (since majority of people do not know to change it). So many attackers hit that.
jh3ad_users is random and thus would not be in the hackers "toolbelt" meaning they would have to find a different way.
Food for thought, that this may be something to add to the video as a pop up bubble or something.
Zac GordonTreehouse Guest Teacher
+1 to this point
I mention this in some of the course, but not in the others, depending on the level or if I can assume they should know it. Great to post the point tho!