Jump to content

Cre8asiteforums

Web Site Design, Usability, SEO & Marketing Discussion and Support

highbids

Wp Security Scan Results, Need Help Fixing Wordpress 2.6

Recommended Posts

I just installed my first wordpress blog (2.6) & need some help with

correcting some security issues that the WP Security Scan plugin flaged.

 

Here is what it says I need to fix.

 

Your table prefix should not be wp_. Click here to change it.

 

Your WordPress version is successfully hidden.

 

WordPress DB Errors turned off.

 

WP ID META tag removed form WordPress core

 

No user "admin".

 

The file .htaccess does not exist in wp-admin/.

 

------------------------------------------------

System Information Scan

 

Operating System : Linux

Server : Apache/1.3.41 (Unix) mod_log_bytes/1.2 mod_bwlimited/1.4 mod_auth_passthrough/1.8 FrontPage/5.0.2.2635 mod_ssl/2.8.31 OpenSSL/0.9.7a

Memory usage : 8.28 MByte

MYSQL Version : 5.0.51a-community

SQL Mode : Not set

PHP Version : 5.2.6

PHP Safe Mode : Off

PHP Allow URL fopen : On

PHP Memory Limit : 64M

PHP Max Upload Size : 64M

PHP Max Post Size : 64M

PHP Max Script Execute Time : 30s

PHP Exif support : Yes ( V1.4 )

PHP IPTC support : Yes

PHP XML support : Yes

 

------------------------------------------------

WP - Database Security

 

Make a backup of your database before using this tool:

Change your database table prefix to mitigate zero-day

SQL Injection attacks.

 

Before running this script:

 

wp-config must be set to writable before running this script.

the database user you're using with WordPress must have ALTER rights

 

Change the current: prefix to something different if it's the default wp_

Allowed Chars are all latin Alphanumeric Chars as well as the Chars - and _.

Share this post


Link to post
Share on other sites

Hi highbids,

 

When it says to change your table prefix, that's for the database. Each of the sections of your database is called a table, which has columns and rows. The name of each table is prefixed with wp_ by default, which is easy to guess by hackers. If you change this in your installation of your database, it would be a good precaution.

 

The other things it tells you like version not showing means you are not displaying your version, which is good. Meta tag removed is good, because it means a hacker can't see which version you're using from your meta tag. No admin ID means that you have an administrator, but the name is not "admin" which is the default. Using the default "admin" for the administrator is not a good idea.

 

It's looking for an .htaccess file in your wp-admin folder which would prevent access to that folder. You can research more about this at WordPress.org, but it's good to restrict access (through the web) of your wp-admin folder and your wp-content/plugins folder.

 

all the best, :wacko:

 

-k.s.

Share this post


Link to post
Share on other sites

Hi k.s.

 

What should I change the database prefix to I have never done this, should I change it to

one number, a word or a combination of the two can you give me an example please.

 

Also how can I turn on WordPress DB Errors, do I do it in Cpanel.

 

And how do I make The file .htaccess for in wp-admin/

 

Best Regards.

 

highbids

Share this post


Link to post
Share on other sites

×