How To Guides WordPress Security

How To Change Default Table Prefix (wp_) In WordPress

Default table prefix (which is wp_) is something which nobody cares about while installing the WordPress or in the beginning days of his WordPress blog. But when the website grows, security becomes a concern and we look back at the flaws in our existing WordPress installation. But we can not afford a new installation just to repair a couple of loopholes. Good thing is that we can change the table prefix of our WordPress database anytime. Even better thing is that it is pretty easy as well. So read on.

What this table prefix does anyways?

WordPress runs on MySQL databases. Each database has some tables in it. WordPress prefixes each table it creates with a prefix. The default prefix is wp_. What this simple hook does is that each table created by WordPress starts with an identifier. It means:

table users becomes wp_users,
table posts becomes wp_posts and so on…

The advantage is that all tables related to your WordPress installation are marked and grouped. You can now use the same database for another WordPress installation or in fact any other need like other CMS or shopping cart or forum. Though most hosting packages come with unlimited databases, this should not stop WordPress giving you ability to install multiple WordPress instances in a single database. There is no harm in it anyways.

To install another WordPress though you will need to use a different prefix say wp2_ so that thing do not get mixed up. You can find your table prefix in your wp-config.php file.

The problem with default table prefix wp_.

Most manual installations (and many one click auto installations) of WordPress do not care to change the default prefix. And why should they care? They are never going to use this database for another installation.

The problem is, It’s predictable.

Though nobody is going to read your database tables unless he has a database user and password, SQL injections are always threat. It means a hacker can predict what table names your website is using even without knowing your database name, username or password. A list of all tables created by WordPress, (if default prefix is used) is here. By using a prefix other than default you give your hacker some extra hard time because now he has to find the table names first.

How to change default table prefix in existing WordPress website.

Using plugins

There are many plugins for this exact task, but many of them have several issues. This plugin does that for you automatically. Just remember backup your website before and after using this plugin. Also remember to uninstall and delete this plugin after your prefix is changed successfully because you will never need it again.

The manual method


WordPress Security

How These 6 Passwords Make Your WordPress Blog Vunerable

Secured your WordPress blog using a very strong WordPress administrator password? Well, your job is not finished yet. Your beloved blog may still be vulnerable, as there are more passwords you need to secure to prevent hackers an easy entry. Some of them may not be very obvious, but any of them, if hacked can bring chaos, so read on:

1. Your WordPress administrator password(s)

First thing to know is that if there are more than one users, there are more than one passwords. And all those passwords need care. Being the manager of your website team, you need to know the fact that people are predicable, and so are the passwords. As described in this analysis of 10 million passwords by WPEngine, most people tend to use memorable passwords.

No matter how much you encourage your team to use strong credentials someone of them may turn out to be the Trojan. You can however take action now to avoid it.

First thing first, secure your own admin password

If you think your own password, while being simple is impossible to guess, you may be bluntly wrong. This comprehensive article by Dan Goodin tells that cracking software (and hardware) are becoming stronger day by day.

Core WordPress has an inbuilt password generator, so use this tool anytime and change your password to a strong one. Just go to users -> Your Profile -> Account Management -> New Password.

An administrator can also go to other users’ profile and change password for them (without seeing their existing ones).

Downgrade other administrators

Unless you are running a fairly large organization, working 24×7, you do not need more than one administrators. So, it is the time to review the role of all users and downgrade them to their appropriate role. Unless a second administrator is absolutely necessary, downgrade it to either editors or author. If you choose to keep more than one administrators, force them to use very strong passwords.

Force strong passwords to all users

Yes, editors too, not just admins need to use strong credentials because a compromised account of even an editor is a threat. One easy way to do it is this simple plugin. It simply forces all users who have publishing privilege to use strong password next time they login. Further you should periodically review your users and delete the inactive ones.

2. Your hosting account credentials

Just because you purchased your hosting in a hurry or someone else did that for you, you should not leave that gate open. A hosting service itself has several passwords which can be used as a backdoor entry by hackers and give you a nightmare.

Customer portal/dashboard

Most web hosting companies and products (shared, VPS or managed) provide a customer dashboard where they can manage their purchase, add and remove services and ask for support. This dashboard may contain direct access links to cpanel, email accounts, databases, ftp accounts, domains and backups. Here you can also reset your Cpanel/plesk password. So you do not want to compromise with security of this dashboard.

Cpanel/Plesk login

Almost all shared hosting plans, most managed VPS plans  few managed WordPress plans come with a cpanel or plesk login. Cpanel/Plesk is the place to control almost everything about your website, so naturally most attention is required to keep hackers away. This control panel inevitably has its own login credentials which need your care.

Note: Many hosting services have direct access link to cpanel from their dashboard, so you may never need to use cpanel credentials, nevertheless you should change the password to a very strong one.

FTP account(s)

These days, with one click installation of wordpress, use of FTP is quite uncommon. But if you created an FTP account at some point of time, do not leave it unattended. Delete it if no longer required, else at least harden its credentials.

3. Your MySQL user & wp-config.php file.

MySQL database user

If you installed WordPress using one of the latest click installation tools, there is not much to worry about this point. Because these tools create and use strong passwords for MySQL database.

But if you installed WordPress manually, did you used a really strong password (using the in house tool) back then? As the database username and password are required just once, i.e. during the installation of WP, there is no need to make them easy to remember. You may want to check this password again, (which you will find  in wp-config.php file). If it is not alright, you can always change by logging into your cpanel -> Databases -> MySQL databases. Select the appropriate user and reset password, then copy the same into your wp-config file again.

wp-config.php file

Another mistake, though rare, people do is they accidentally save their wp-config.php file as wp-config.txt which is a disaster as shown in this video.

So positively check your file manager for any such file exists.

Another good step will be to deny access to this file completely using this code in your .htaccess file.


# protect wpconfig.php
<files wp-config.php>
order allow,deny
deny from all


4. Your domain registrar

In case your domain registrar is different from your hosting company, do not forget to secure access to that. Domain hijacking is a worse nightmare than a hacked website because though hacked WordPress installation is possible to be restored, few people have ever successfully recovered their hijacked domains.

I strong recommend to use 2 Factor Authorization or other such security feature which your domain registrar provides.

5. Your backup storage service

If you do not regularly backup your website remotely, you should start doing this today. But you should also ensure that you did not leave a weak access to hackers to your backup/cloud storage service like Dropbox, Amazon S3, Google Drive, Onedrive etc.

6. Your primary email

Do you ever realize that if your primary email is hacked everything in your world is endangered. Because almost all services online use primary email for recovery of forgotten password, which hacker can then use once he has access to your email. Your WP Admin account, hosting account, domain account and what not! Not just from business point of view, but from privacy concerns too you need to ensure maximum security for your primary email.

Use only reputed email service

One good way to ensure your email security is to only use a top email provider for your email needs (like Gmail, Ymail or Live). I recommend that if you are using personalized emails like [email protected] even then use Gsuite(formerly Google Apps) or outlook (Microsoft).

Look out for any forwarders

Go to settings and delete any forwarders which forward your emails to a less secure email service and hence compromise with your email’s security. Even if you are using forwarders to consolidate several email accounts in one, you should choose a reputed service like gmail this service.

Enable 2-Factor Authentication

The best thing you can do to secure your email address is to enable 2FA. It means that a second authentication, other than the password, will always be required to login to your email account. The second factor can be a One Time Password (OTP) sent via SMS or voice call to your mobile phone number or one of the several other options like mobile app or physical key(pendrive).

Note: Good thing is that two factor authentication option is also available in WordPress in the form of this plugin.

Tips to keep your passwords even safer

Do not use the same password everywhere

No matter how strong it is, you should not use your one password anywhere else. Use a different password every time you register for a new online. For example your email password should not be used while buying a WordPress theme. Almost every service provider these days requires you to register while making the purchase, but not all of them are as secure as your email provider (Google/Yahoo/Microsoft) or WordPress. So if their website get hacked your other account with same password immediately becomes vulnerable regardless of the strength of the password.

Use only high reputation password manager.

Once your passwords are too strong to crack, they are also very difficult to memorize. Almost everyone uses software to save all those passwords. Thus your security relies upon the reputation of the software where all your passwords are kept. I only save all my passwords in Google Chrome except a few very important ones which I prefer to write down physically.

Use a good antivirus program for your device.

Once you have saved all your passwords (never save your primary email password as email can be used as a recovery option) security of your computer/device also becomes important. There are always malware, key-loggers and spyware trying to get access of your computers for sensitive data. So purchase a good reputed antivirus program with firewall and keep the 24×7 monitoring on.

How To Guides

How To Use Bookmarks And Jump Links In WordPress Posts

What are jump links?

Jump links (also known as anchor links or a bookmark links and sometimes hash links) are hyperlinks on a web page, which when clicked allow the user to jump to a specific point of a page. The specified point of the target page is called a Bookmark or Internal Anchor. So basically a jump link jumps you directly to a bookmark on a webpage (rather than just opening the webpage).

How bookmarks and jump links are helpful in a wordpress blog?

Bookmarks are great for organizing the content of a really long wordpress post. Long articles are good for SEO. And because you do not want to scare away your readers your blog post should contain sub-headings or sections or topics.

But why stop here? You can go ahead and create a bookmark for all your important sections. And then you can use jump links to point directly to those sections whenever needed. This can be helpful in several ways.

  • You can link directly to a section of a long article having several sections rather than linking to the whole article. In fact a link to the whole article may confuse your reader and will leave him on his own to find the section of reference.
  • You can create a table of contents which not only lists all the topics covered in a long article but also takes your reader directly to any of those topics when clicked. Another jump link then takes him back to the table of contents after reading is finished. All of this without scrolling down or scrolling up relentlessly. Best example of this practice is Wikipedia.
Example of table of contents in wikipedia using jump links
Example of table of contents in Wikipedia using jump links
  • You can make a list of references or definitions at the bottom of the post and a jump link will take the reader directly to the particular reference or definition in no time. Another one takes him back to the point of reading (where the reference was used). Again, the best example of this practice is Wikipedia.

Are jump links and bookmarks good for SEO?

Definitely yes! Anything which enhances your reader’s experience is good for SEO. You can not always link to a full length article as its content may be too broad for the context. But, a precise subtopic of that long post can be always be linked to. Hence ability to link to just a precise subtopic can increase the number of internal links you have.

In fact, google includes jump links in its rich snippets for prominent websites just like regular sitelinks. It also treats the anchor text used for such jump links just like a regular anchor text of an internal link.

Jump links used as sitelinks in Google's rich snippet
Jump links used as sitelinks in Google’s rich snippet

The increased ability to be linked will also attract more external backlinks. In fact a well organized post with a handy table of contents is more likely to attract social bookmarking and backlinks acting as a link bait.

How to create a jump link?

It is much more simpler than you think. You only need to know some most basic HTML (or just follow a simple format)

Firstly, you need to define an anchor (bookmark). It can be done in any of three ways. Just enter the text editing mode of your post editor and use any one of these three codes of your choice.


<h2 id="chapter1">Chapter One: Introduction</h2>




<h2><a id="chapter1">Chapter One: Introduction</a></h2>




<h2><a name="chapter1">Chapter One: Introduction</a></h2>


Remember that <h2> tag here makes your text a sub heading (second level). You can use h3, h4, h5, h6 or h7 if appropriate. You can even not use <h2> tag and just use <a> tag. An <a> tag will be more usable instead of <h2> tags when you are creating a tiny link to jump back to the top of the page.

Now you are ready to link to this bookmark/anchor. All you need to do this is a URL.
If you are linking from the same page you will need to use #nameofthebookmark as the URL. Do not worry about the fact that this does not look like a proper URL. The full code will be like

<a href="#chapter1">Go To The Introduction Section</a>

However, if you are linking from other pages or external website you will need full url or that page and add #nameofthebookmark for example full code will be like this:

<a href="">Go To Introduction</a>

Thats it, you have mastered jumplinks. But the actual job will be to carefully select sections of the page to make them bookmarks, make bookmarks of them and link to them. To go back to the table of contents you need the anchor the text “Table of Contents” at the beginning of the post in a similar way and then create a link to it and copy paste it right after end of each section. Link text for these links may be “Go to top”.

Working Example

Try this simple example.