I just installed my first wordpress blog (2.6) & need some help with correcting some security issues that the WP Security Scan plugin flaged. Here is what it says I need to fix. Your table prefix should not be wp_. Click here to change it. Your WordPress version is successfully hidden. WordPress DB Errors turned off. WP ID META tag removed form WordPress core No user "admin". The file .htaccess does not exist in wp-admin/. ------------------------------------------------ System Information Scan Operating System : Linux Server : Apache/1.3.41 (Unix) mod_log_bytes/1.2 mod_bwlimited/1.4 mod_auth_passthrough/1.8 FrontPage/5.0.2.2635 mod_ssl/2.8.31 OpenSSL/0.9.7a Memory usage : 8.28 MByte MYSQL Version : 5.0.51a-community SQL Mode : Not set PHP Version : 5.2.6 PHP Safe Mode : Off PHP Allow URL fopen : On PHP Memory Limit : 64M PHP Max Upload Size : 64M PHP Max Post Size : 64M PHP Max Script Execute Time : 30s PHP Exif support : Yes ( V1.4 ) PHP IPTC support : Yes PHP XML support : Yes ------------------------------------------------ WP - Database Security Make a backup of your database before using this tool: Change your database table prefix to mitigate zero-day SQL Injection attacks. Before running this script: wp-config must be set to writable before running this script. the database user you're using with WordPress must have ALTER rights Change the current: prefix to something different if it's the default wp_ Allowed Chars are all latin Alphanumeric Chars as well as the Chars - and _.
all it is saying is change the table prefix. Because when Zero Day Exploits come out, they usually go with the default prefix which is usually "wp_". But Wordpress is very secure and I highly doubt an exploit will come out for it.