Basic security for WordPress

Finally it's Friday! and today I am going to give you some tips on cybersecurity at a very basic level in WordPress.

So that this entry is not too long, I will write a post of medium and advanced difficulty talking about security issues. Today we will start with something lighter and easier to digest.

Change the database prefix

When we are installing WordPress, when we are asked for the necessary credentials to connect to the database, there is a field that asks us to choose a prefix for the database.

This prefix can never be wp_ as you see in the photo. You have to change and put any other, you can hit the keyboard if you want and click on continue.

The reason why you should not use this prefix is ​​because it is the default value in all WordPress installations, therefore it is known by everyone, and unfortunately in the world there are also people who want to compromise your site and make bad things with him. I will write a post later showing the consequences that leaving wp_ as a prefix can have, but for now let's continue.

Some of the readers may be saying "Víctor, I have been working with my blog for 20 years and I did not change the prefix correctly, what can I do now", very easy, there are security plugins where you can change this without problems. My teammate Paco explained one of them in 5 essential plugins for WordPress.

Username and password

This is where we all kill it and screw it up to the bottom. After correctly entering the database credentials, we will be asked to create a user, which of course will be the Site Administrator.

The Admin user and the password 1234567 are one of the most used credentials in the world, you can check the data at this article about computer attacks.

It costs nothing to stop to think of a name for the user, which is not obvious and some alphanumeric password with some strange character in between.

If our administrator user is compromised, we will be in serious trouble, since they will be able to do practically whatever they want with our website.

Regarding usernames and passwords we could go too long so in the future there will be a link on this site to a complete post on this subject.

Hide WordPress version

In this last tip on basic security for WordPress, we're going to get into the mud a little bit, but just a little bit don't panic.

To hide our version of WordPress in many posts, I find that they only delete the readme.html and it is true that this deletes the version of our WordPress from many sites but it is still visible if we use inspect element and go to the header data.

To delete our version from here we will need to place a code snippet in our function.php

Attention! before copying any of the following code, make a backup of your siteIt's always good to have a backup on hand in case something breaks.

function remove_complete_version() { return ''; } add_filter('the_generator', 'remove_completely_version');

And that's it, once this piece of code is placed in our function.php, all that remains is to enter our web hosting by ftp and delete the readme.html file.

After these 2 simple steps, the version will be completely hidden.

I hope these little safety tips will help you. I will make more posts like these explaining many aspects of security in WordPress.

Greetings and see you soon.