How are you changing your WordPress table prefix?
Find and replace in notepad++ replace all in current document ‘wp_’ with ‘randomstring_.’ Then changing the wp-config to match.
BTW, that’s in a .sql that I exported from the original db. I then import the changed .sql into a new db and repoint WP to that one in the wp-config file. This is probably unnecessary info, but it doesn’t hurt to know.
Can I please get some love? I’ve read a few other threads about this, https://buddypress.org/support/topic/resolved-table-prefix-change-old-topics-dont-display-new-topics-go-to-db-table-with-old-prefix/ suggested that I needed to alter bb-config.php, but I understand from https://buddypress.org/support/topic/bb-config-php-file-is-missing/ that bb-config.php is no longer used. The later lead me to https://codex.buddypress.org/getting-started/guides/migrating-from-old-forums-to-bbpress-2/, which covers importing forums but doesn’t seem to get me what I need. Any help would be greatly appreciated.
BTW, this is the site http://weheal.org if that helps.
Your $table_prefix still has to be defined in your wp-config.php, so I don’t think you’re getting all the “increased security” you think you’re getting.
Well, I’m no securities expert by any means, but I need this site to be as hard as possible. I’m just trying to take every precaution. From what I’ve read it’s a fairly common practice: http://www.firedaemon.com/blog/wordpress-hardening-guide
Also, you can block access to wp-config.php with the following in .htaccess, although I’m not sure how someone would be able to view the php anyways.
#block wp-config.php
<files wp-config.php>
order allow,deny
deny from all
</files>
Yes, it’s not a catch all. If some one is determined I’m sure there are ways to find your unique prefix. However, I think it would still stop a lot of script kiddies. If someone can inject sql I’d imagine your still in trouble. I would still like to know how to do it though.
Can some one please help me out. The site supports a good cause and they are nice clients. I really don’t want them getting sued if some ones info gets leaked.
To block those files you would use robots.txt, not .htaccess.
robots.txt is for instructing search bots on which pages to index and crawl. It does not block access to anything, merely instructs compliant bots on what to do with the site. .htaccess instructs the server on how to handle http requests as well as many settings for php, caching, etc. You should really study https://httpd.apache.org/docs/current/howto/htaccess.html and this http://www.robotstxt.org/robotstxt.html. I don’t mean to be pedantic, but if you want to be helpful you should be well informed before commenting.
Turn on wp_debug
and see what the errors are.
Well gee, I feel stupid now. I tried things again with a different string to get the errors and everything worked perfectly. I’ve got no idea why? Only thing I can think is that I used a slightly shorter string this time and some updates have occurred since I last tried. Anyways, thank you for your help.