Subtotal | $0.00 |
RENAME table `wp_commentmeta` TO `newprefix_commentmeta`;
RENAME table `wp_comments` TO `newprefix_comments`; RENAME table `wp_links` TO `newprefix_links`; RENAME table `wp_options` TO `newprefix_options`; RENAME table `wp_postmeta` TO `newprefix_postmeta`; RENAME table `wp_posts` TO `newprefix_posts`; RENAME table `wp_terms` TO `newprefix_terms`; RENAME table `wp_term_relationships` TO `newprefix_term_relationships`; RENAME table `wp_term_taxonomy` TO `newprefix_term_taxonomy`; RENAME table `wp_usermeta` TO `newprefix_usermeta`; RENAME table `wp_users` TO `newprefix_users`; |
SELECT * FROM `newprefix_options` WHERE `option_name` LIKE '%wp_%' |
SELECT * FROM `newprefix_usermeta` WHERE `meta_key` LIKE '%wp_%' |
8. Using secure FTP (SFTP) and Shell access (SSH)
Uploading files via FTP is a quick way to make a new site up and running or add new files to your account. However, SFTP is more secure, and your passwords are encrypted to help prevent hackers from learning it. You can find a more detailed guide on how to upload your files via FTP or SFTP here.
SCP and SSH are another secure methods of adding or transferring your site’s files.
If you do want to use FTP (or use cPanel details for FTP connection), it’s a good idea to delete any FTP accounts that you’re not using to prevent them from being accessed without your consent. This is a great way to help keep your site and information more secure.
9. Hiding the WordPress version
Another good idea is to remove the generator meta for WordPress. This meta shows the version of your WordPress site. You may open your website and check your source code by pressing CTRL + U on Windows or Option+Command+U on Mac. If the WordPress version is visible for hackers, it’s more easy for them to target the vulnerabilities of the specific version to hack into your website.
In order to hide your WordPress version, navigate your current theme at /wp-content/themes/yourtheme/ and insert the code below into the function.php file:
/* Hide WP version strings from scripts and styles
* @return {string} $src * @filter script_loader_src * @filter style_loader_src */ function fjarrett_remove_wp_version_strings( $src ) { global $wp_version; parse_str(parse_url($src, PHP_URL_QUERY), $query); if ( !empty($query['ver']) && $query['ver'] === $wp_version ) { $src = remove_query_arg('ver', $src); } return $src; } add_filter( 'script_loader_src', 'fjarrett_remove_wp_version_strings' ); add_filter( 'style_loader_src', 'fjarrett_remove_wp_version_strings' ); /* Hide WP version strings from generator meta tag */ function wpmudev_remove_version() { return ''; } add_filter('the_generator', 'wpmudev_remove_version'); |
RENAME table `wp_commentmeta` TO `newprefix_commentmeta`;
RENAME table `wp_comments` TO `newprefix_comments`; RENAME table `wp_links` TO `newprefix_links`; RENAME table `wp_options` TO `newprefix_options`; RENAME table `wp_postmeta` TO `newprefix_postmeta`; RENAME table `wp_posts` TO `newprefix_posts`; RENAME table `wp_terms` TO `newprefix_terms`; RENAME table `wp_term_relationships` TO `newprefix_term_relationships`; RENAME table `wp_term_taxonomy` TO `newprefix_term_taxonomy`; RENAME table `wp_usermeta` TO `newprefix_usermeta`; RENAME table `wp_users` TO `newprefix_users`; |
SELECT * FROM `newprefix_options` WHERE `option_name` LIKE '%wp_%' |
SELECT * FROM `newprefix_usermeta` WHERE `meta_key` LIKE '%wp_%' |
The number of entries may vary depending on how many plugins you are using and such. Here you need to change everything with wp_ to the new prefix as well.
Once done, make sure you update your wp-config.php file with the new database prefix:
Also, you can change the database prefix using special plugins like Change DB prefix or Change table prefix.
6.2 Changing the database username and password
In order to change the database username or password, log into cPanel >> click on the MySQL Databases menu in the Databases section:
Under Current users, you will see all created database users in your account. Here you can Set new password or Rename the necessary database user by choosing the corresponding option:
For changing the password, click on Set password. In the new window, insert your new password twice and click Change password:
To change the database username, click Rename. In the new window you need to specify the new username you wish to have (this will be the part after cPanelusername_ ) and click Proceed in order to save changes:
Once the database username or password are changed, you need to update your wp-config.php file with the corresponding details:
7. Setting password protection for important files and folders
In order to prevent your WordPress site from being hacked we recommend setting the password protection for system files and folders.
To create the password protection, follow these steps:
7.1 Go to cPanel >> Files >> Directory Privacy to access a list of your site’s folders:
7.2 Choose the directory you wish to protect and click on it:
7.3 Put a checkmark on Password protect this directory and name your protected directory, insert the username and password and click on the Save button to save your changes:
You can follow our specially created tutorial on how to set up password protection in order to get more details.
In addition, you can set up internal protection rules in .htaccess to protect your files and folders.
NOTE: It is very important to protect the wp-config.php file and wp-adminfolder since they are more susceptible to a hacker attack.
8. Using secure FTP (SFTP) and Shell access (SSH)
Uploading files via FTP is a quick way to make a new site up and running or add new files to your account. However, SFTP is more secure, and your passwords are encrypted to help prevent hackers from learning it. You can find a more detailed guide on how to upload your files via FTP or SFTP here.
SCP and SSH are another secure methods of adding or transferring your site’s files.
If you do want to use FTP (or use cPanel details for FTP connection), it’s a good idea to delete any FTP accounts that you’re not using to prevent them from being accessed without your consent. This is a great way to help keep your site and information more secure.
9. Hiding the WordPress version
Another good idea is to remove the generator meta for WordPress. This meta shows the version of your WordPress site. You may open your website and check your source code by pressing CTRL + U on Windows or Option+Command+U on Mac. If the WordPress version is visible for hackers, it’s more easy for them to target the vulnerabilities of the specific version to hack into your website.
In order to hide your WordPress version, navigate your current theme at /wp-content/themes/yourtheme/ and insert the code below into the function.php file:
/* Hide WP version strings from scripts and styles
* @return {string} $src * @filter script_loader_src * @filter style_loader_src */ function fjarrett_remove_wp_version_strings( $src ) { global $wp_version; parse_str(parse_url($src, PHP_URL_QUERY), $query); if ( !empty($query['ver']) && $query['ver'] === $wp_version ) { $src = remove_query_arg('ver', $src); } return $src; } add_filter( 'script_loader_src', 'fjarrett_remove_wp_version_strings' ); add_filter( 'style_loader_src', 'fjarrett_remove_wp_version_strings' ); /* Hide WP version strings from generator meta tag */ function wpmudev_remove_version() { return ''; } add_filter('the_generator', 'wpmudev_remove_version'); |
Need help? We're always here for you.