Note that it's easy to retrieve table names with read access to the "information_schema" database in MySQL, so in order to gain the full advantage of changing table prefixes, one should also block the MySQL user from accessing "information_schema".

Ulf

On Mon, Jul 1, 2013 at 8:21 PM, Dom Latter <bitfolk-users@latter.org> wrote:

On 08/06/13 13:25, Ian wrote:

BWPS makes a big fuss about changing the database prefix for example.
But if someone has access to the database, you're stuffed regardless.

I'm a bit late but I just thought I'd comment here - it may be no use
at all against a real attacker but the greatest threat to most wordpress
sites comes from scripted attacks - which may well assume a default
wp_ prefix. Because it works (for the attacker) well enough.

To avoid getting eaten by the lion, you don't have to run faster than
the lion, just faster than the people around you.

So anything that might make a scripted attack give up and move on to
the next target is an effective security measure.

_______________________________________________
users mailing list
users@lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/users