Wp Security Scan Results, Need Help Fixing Wordpress 2.6
Posted 18 July 2008 - 12:03 AM
correcting some security issues that the WP Security Scan plugin flaged.
Here is what it says I need to fix.
Your table prefix should not be wp_. Click here to change it.
Your WordPress version is successfully hidden.
WordPress DB Errors turned off.
WP ID META tag removed form WordPress core
No user "admin".
The file .htaccess does not exist in wp-admin/.
System Information Scan
Operating System : Linux
Server : Apache/1.3.41 (Unix) mod_log_bytes/1.2 mod_bwlimited/1.4 mod_auth_passthrough/1.8 FrontPage/18.104.22.16835 mod_ssl/2.8.31 OpenSSL/0.9.7a
Memory usage : 8.28 MByte
MYSQL Version : 5.0.51a-community
SQL Mode : Not set
PHP Version : 5.2.6
PHP Safe Mode : Off
PHP Allow URL fopen : On
PHP Memory Limit : 64M
PHP Max Upload Size : 64M
PHP Max Post Size : 64M
PHP Max Script Execute Time : 30s
PHP Exif support : Yes ( V1.4 )
PHP IPTC support : Yes
PHP XML support : Yes
WP - Database Security
Make a backup of your database before using this tool:
Change your database table prefix to mitigate zero-day
SQL Injection attacks.
Before running this script:
wp-config must be set to writable before running this script.
the database user you're using with WordPress must have ALTER rights
Change the current: prefix to something different if it's the default wp_
Allowed Chars are all latin Alphanumeric Chars as well as the Chars - and _.
Posted 18 July 2008 - 12:27 AM
When it says to change your table prefix, that's for the database. Each of the sections of your database is called a table, which has columns and rows. The name of each table is prefixed with wp_ by default, which is easy to guess by hackers. If you change this in your installation of your database, it would be a good precaution.
The other things it tells you like version not showing means you are not displaying your version, which is good. Meta tag removed is good, because it means a hacker can't see which version you're using from your meta tag. No admin ID means that you have an administrator, but the name is not "admin" which is the default. Using the default "admin" for the administrator is not a good idea.
It's looking for an .htaccess file in your wp-admin folder which would prevent access to that folder. You can research more about this at WordPress.org, but it's good to restrict access (through the web) of your wp-admin folder and your wp-content/plugins folder.
all the best,
Posted 18 July 2008 - 06:43 AM
What should I change the database prefix to I have never done this, should I change it to
one number, a word or a combination of the two can you give me an example please.
Also how can I turn on WordPress DB Errors, do I do it in Cpanel.
And how do I make The file .htaccess for in wp-admin/
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users