Title: Security issues?
Last modified: August 20, 2016

---

# Security issues?

 *  [jbardy](https://wordpress.org/support/users/jbardy/)
 * (@jbardy)
 * [13 years, 8 months ago](https://wordpress.org/support/topic/security-issues-5/)
 * Hello, I am doing design work for a company and they want help with their existing
   wordpress website. Now I am new to wordpress/websites, and I just figured out
   how to access their site via SFTP and phpMyAdmin.
 * I downloaded the Ultimate Secuirty Plugin and it says there are a few concerns.
 * Database prefix is one of these concerns. I have no prior experience messing 
   with SQL/SFTP/phpmyadmin, so is this something I could easily fix?
 * I read this suggestion on actual wordpress documentation too, so I figure it’s
   something I should do.
 * Here’s the tutorial I found to follow for it: [http://www.wpbeginner.com/wp-tutorials/how-to-change-the-wordpress-database-prefix-to-improve-security/](http://www.wpbeginner.com/wp-tutorials/how-to-change-the-wordpress-database-prefix-to-improve-security/)
 * I just want to make sure this tutorial follows the full procedure.
    I’ve made
   a backup of all my plugins, themes, and the sql database in the event I mess 
   it up, but these feel like dangerous waters for me.
 * I’m concerned because I’ve read this is something that should be done during 
   the initial installation process of the site. I’m afraid doing it now won’t make
   all the necessary changes since there is content on the site unlike at the beginning.
 * Can someone tell me if this is worth messing with and if I am looking to do it
   properly?
 * Another “concern” that came up in the plugin was to remove the version number
   of the wordpress site. Because I have the latest, it does not matter, but it 
   tells me to add a few snippets of code to the function.php file.
    This is something
   I would do via SFTP and is it something I should do regardless?
 * Many thanks!

Viewing 10 replies - 1 through 10 (of 10 total)

 *  [samateo](https://wordpress.org/support/users/samateo/)
 * (@samateo)
 * [13 years, 8 months ago](https://wordpress.org/support/topic/security-issues-5/#post-3101906)
 * yes, the tutorial should work to change your db prefix.
 * Removing the version of wp you use will do nothing to make it more secure. Anyone
   attempting to hack your site will be looking for and testing vulnerabilities 
   not version number.
 * That said, the following snippets (placed in your themes functions.php file) 
   can remove the wp generator from your site and feeds.
 *     ```
       // remove version from head
       add_filter( 'the_generator', create_function('$a', "return '';") ); // return empty version
       remove_action( 'wp_head', 'wp_generator' ); // <meta name="generator"
   
       // remove version from feeds
       foreach( array('rss2_head', 'commentsrss2_head', 'rss_head', 'rdf_header', 'atom_head', 'comments_atom_head', 'opml_head', 'app_head') as $feed ) {
           remove_action( $feed, 'the_generator' );
       }
       ```
   
 *  Thread Starter [jbardy](https://wordpress.org/support/users/jbardy/)
 * (@jbardy)
 * [13 years, 8 months ago](https://wordpress.org/support/topic/security-issues-5/#post-3101915)
 * So is this something I should absolutely do?
 * In the event that it messes something up, I have a plugin called PressBackup 
   installed. There is a restore function as well; does this restore the database
   and all other content?
 * Thanks again.
 *  [samateo](https://wordpress.org/support/users/samateo/)
 * (@samateo)
 * [13 years, 8 months ago](https://wordpress.org/support/topic/security-issues-5/#post-3101940)
 * “So is this something I should absolutely do?”
 * It can’t hurt 😉 take a look at [Hardening WordPress](http://codex.wordpress.org/Hardening_WordPress#Database_Security)
   Under ‘Security through obscurity’ it reads …
 * “_Change the table\_prefix: Many published WordPress-specific SQL-injection attacks
   make the assumption that the table\_prefix is wp\_, the default. Changing this
   can block at least some SQL injection attacks._“
 * With respect to the plugin which I personally have never used, the text under‘
   Warnings’ under ‘[Other Notes](http://wordpress.org/extend/plugins/pressbackup/other_notes/http://)‘
   indicates you must ‘change permissions of ”themes” “plugins” and “uploads”’ I
   imagine this is because it will back up those areas of your site. I attempted
   to install the plugin but received a fatal error.
 * Of course, you can always copy those folders to a safe area yourself (along with
   a copy of your database) before you change the db prefix.
 * With respect to the code snippets, those can easily be removed if you decide 
   to again advertise the version of WordPress you are running.
 *  Thread Starter [jbardy](https://wordpress.org/support/users/jbardy/)
 * (@jbardy)
 * [13 years, 8 months ago](https://wordpress.org/support/topic/security-issues-5/#post-3101941)
 * Thanks again.
 * I have updated everything manually, locally and on Dropbox.
 * In the event that the site gets messed up, all I’d need to do is copy all files
   except for the SQL to the root folder via FTP.
 * The SQL i’d have to import via phpMyAdmin, correct?
 * If something gets messed up while changing the database prefix, wouldn’t I only
   need to re-import the SQL database via phpmyadmin and not touch the FTP files?
 * Thanks again.
 *  [samateo](https://wordpress.org/support/users/samateo/)
 * (@samateo)
 * [13 years, 8 months ago](https://wordpress.org/support/topic/security-issues-5/#post-3101944)
 * yes, with phpMyAdmin you can import the sql you saved. The only file you may 
   need to look at is wp-config.php in order to verify that you have the correct
   value for $table_prefix
 * More information on editing wp-config [here](http://codex.wordpress.org/Editing_wp-config.php#table_prefix).
 *  Thread Starter [jbardy](https://wordpress.org/support/users/jbardy/)
 * (@jbardy)
 * [13 years, 8 months ago](https://wordpress.org/support/topic/security-issues-5/#post-3101950)
 * Thanks a lot.
 * Now, if I install a new theme via FTP, would I just remove all files within the
   current theme folder and replace with the new theme folder? Is this better to
   do than via the theme’s dashboard? I am going to purchase a premium theme, so
   I’m guessing you HAVE to install downloaded premium themes via FTP since they
   aren’t built into the wordpress database.
 * That being said, is it a security issue to install premium themes from various
   websites?
 * Installing a new theme via FTP would keep all my posts, plugins, and database
   I assume… I hope.
 * Thanks a lot for the help, I am going to do great things once i sort out initial
   info.
 *  [samateo](https://wordpress.org/support/users/samateo/)
 * (@samateo)
 * [13 years, 8 months ago](https://wordpress.org/support/topic/security-issues-5/#post-3101956)
 * WordPress allows you to have multiple themes in the themes directory, each in
   it’s own folder. At any one time however, only one can be active.
 * With the new Customizer feature added in WordPress 3.4, you can preview a theme
   in your admin area without making it active on the front-end. Click ‘Live Preview’
   on an inactive theme or ‘Customize’ on your active theme.
 * WordPress checks the [theme repository](http://wordpress.org/extend/themes/) 
   when you search for themes inside the admin area. Some of those themes may have
   premium upgrades. Regardless, you can FTP any theme premium or other onto your
   server, just put it into the themes directory.
 * A theme (any theme) can pose a security threat, even a premium theme. A good 
   practice is to run [Theme-Check](http://wordpress.org/extend/plugins/theme-check/)
   on whatever theme you might use before it goes live.
 * Installing themes should not affect your content or plugins. Depending on how
   you want the content to show up, your theme might need some tweaking in order
   for it to display the content as you would like.
 * WordPress [theme development](http://codex.wordpress.org/Theme_Development) is
   a good place to start to understand how themes are put together and how they 
   can be extended.
 *  Thread Starter [jbardy](https://wordpress.org/support/users/jbardy/)
 * (@jbardy)
 * [13 years, 8 months ago](https://wordpress.org/support/topic/security-issues-5/#post-3101960)
 * You’re a life saver. Here’s a few more questions while I got ya…
 * This is a potential theme for the site: [http://themeforest.net/item/karma-clean-and-modern-wordpress-theme/168737](http://themeforest.net/item/karma-clean-and-modern-wordpress-theme/168737)
 * It seems this theme is popular; looks like they have video tutorials and a good
   support forum. It’s been downloaded tons of times and has lots of features. Seems
   like a better bang for the buck than most premium themes.
 * Do you think all these options will cause problems?
 * As for installation, thanks. I think I will probably keep the current theme files
   until the entire transfer is made, and FTP this new theme in and try the preview
   option from within wordpress dashboard to preview it. I heard some people have
   problems installing premium themes through dashboard instead of FTP.
 * I expect hours of customization after install, but at least this theme comes 
   ready to configure it, a couple great color styles too.
 * I’ll make sure to run theme-checker. Do i have to have the theme installed and
   activated in order to run theme-checker?
 *  [Japh](https://wordpress.org/support/users/japh/)
 * (@japh)
 * [13 years, 8 months ago](https://wordpress.org/support/topic/security-issues-5/#post-3101961)
 * Hey Jbardy, you do have to have a theme installed to run the Theme-Check plugin
   over it, but it doesn’t need to be activated. There is a dropdown menu in Theme-
   Check for you to select any of your installed themes to be checked.
 *  Thread Starter [jbardy](https://wordpress.org/support/users/jbardy/)
 * (@jbardy)
 * [13 years, 8 months ago](https://wordpress.org/support/topic/security-issues-5/#post-3101962)
 * Ahh that’s even better. I can check a theme before I even activate it.
 * WordPress is starting to amaze me. I had no idea it had so many featuers at such
   an easy configuration (for the most part).

Viewing 10 replies - 1 through 10 (of 10 total)

The topic ‘Security issues?’ is closed to new replies.

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 10 replies
 * 3 participants
 * Last reply from: [jbardy](https://wordpress.org/support/users/jbardy/)
 * Last activity: [13 years, 8 months ago](https://wordpress.org/support/topic/security-issues-5/#post-3101962)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics