Has your website ever been hacked? It doesn’t matter whether your answer is yes or no. You need to add security measures to your WordPress powered website. This article will be the first in a series on ways to help make your WordPress installation more secure.
That Sinking Feeling
I’m not a security expert, I’ve had my own sites hacked. It’s no fun at all, and that just may be the understatement of the year. It totally sucks.
First to realize that all your hard work is in real jeopardy.
Second to start down the path of trying to figure out what files are compromised.
Third how to clean up your install.
Fourth? Fourth is when you really focus on securing your WordPress site.
Security Is Not An Afterthought
Security should be number one. It should be the first thing you do, even when planning your site and right through installation, and configuration. This is something we preach relentlessly. Not because we think we’re better, but because it’s happened to us and it sucks.
Security Should be Built In
When we install WordPress, we make sure to start building in security right away. This involves a lot of strong passwords. I’m talking about everything from your domain registrar to your hosting account. Use strong passwords. Period.
There is no more excuse to use the same old password with every account you open, especially when it concerns your WordPress business website. Quite likely, your livelihood. You don’t lock your door by tying string into a knot so why would you let any jerk with a pair of cheap scissors or pocket knife could come along and easily gain access to your property.
The same rule applies with your online accounts, and most importantly (behind your online bank account), is your website. Are you going to lock others out using by tying a flimsy string around it? Or are you going to secure it with multiple padlocks, motion sensor cameras, and guard dogs?
Start with strong passwords and getting a robust Password Manager.
Database and Table Prefix Naming
Now that you have a strong password for your website related accounts, you should make sure that you create a database with a strong name also. If you already have a database that WordPress is using, you’re probably OK. It would be a bit difficult to change that at this point.
However, you should definitely have a strong database table prefix that your WordPress website uses. If I’ve lost you by mentioning database table prefix, don’t worry, it’s not really that technical.
WordPress uses a database to store information. This database has a name. When you run through the installation of WordPress, either on your own (which we recommend) or automatically through your host, WordPress creates tables inside this database.
Each table’s name is determined by WordPress, including the table name prefix of wp_, but you have the opportunity to change this during the WordPress installation process…or even afterword. The default table names in your database can be seen in the image below.
Imagine how many millions of WordPress powered websites are using the default “wp” prefix. Now imagine what a likely target these sites could be to ill intentioned people.
Start Thinking About Security and Learning All You Can
The good news is that learning about the security of your WordPress powered website is something you can do do relatively easily. You don’t need to wear shorts pants and taped up glasses. The community openly shares their knowledge and there are dozens of powerful plugins available that will help you to secure your site.
I mentioned that changing your already existing prefix on table names is possible, and I’ll show you exactly how to do that in the next post in this series. Stay tuned!