[wp-trac] [WordPress Trac] #11454: Add suffix to table prefix on installation
WordPress Trac
wp-trac at lists.automattic.com
Wed Dec 16 08:45:06 UTC 2009
#11454: Add suffix to table prefix on installation
-------------------------+--------------------------------------------------
Reporter: micasuh | Owner: ryan
Type: enhancement | Status: new
Priority: normal | Milestone: 3.0
Component: Security | Version: 2.9
Severity: normal | Keywords: table_prefix, table prefix, sql injection, vulnerability
-------------------------+--------------------------------------------------
The default table prefix easily allows a SQL Injection vulnerability.
Since many hosts use one-click installers, table_prefix often gets
overlooked. Wordpress should automatically inject a suffix to the
table_prefix field upon installation.
Change the default table prefix:
{{{
table_prefix = wp_
}}}
to something more random such as:
{{{
table_prefix = wp_xyz123_
}}}
where '''xyz123''' is equal to a randomly generated value no less than 6
characters.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11454>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list