Opened 2 years ago
Closed 2 years ago
#55396 closed enhancement (duplicate)
Automatically add table prefix on WordPress setup
Reported by: | sruthi89 | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | |
Component: | Security | Keywords: | has-patch has-screenshots |
Focuses: | Cc: |
Description
The default table prefix easily allows a SQL Injection vulnerability. Currently, on WordPress setup also, the default prefix is auto-filled, which users may ignore.
So on WordPress setup, the table prefix can be auto-filled with randomly generated characters, preferably four characters, which will solve this issue.
Attachments (3)
Change History (5)
#2
@
2 years ago
- Milestone Awaiting Review deleted
- Resolution set to duplicate
- Status changed from new to closed
Duplicate of #11454.
The table prefix is not a security feature.
Its purpose is to make it easier to run multiple WP installations in a single database, e.g. on a shared hosting environment.
Thus it does not make sense to randomize it.
Note: See
TracTickets for help on using
tickets.
Default prefix