Get WordPress

Make WordPress Core

Opened 2 years ago

Closed 2 years ago

#55396 closed enhancement (duplicate)

Automatically add table prefix on WordPress setup

Reported by: sruthi89's profile sruthi89 Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Security Keywords: has-patch has-screenshots
Focuses: Cc:

Description

The default table prefix easily allows a SQL Injection vulnerability. Currently, on WordPress setup also, the default prefix is auto-filled, which users may ignore.

So on WordPress setup, the table prefix can be auto-filled with randomly generated characters, preferably four characters, which will solve this issue.

Attachments (3)

55396.diff (777 bytes) - added by nithi22 2 years ago.
default-prefix.png (191.8 KB) - added by nithi22 2 years ago.
Default prefix
random-prefix.png (190.4 KB) - added by nithi22 2 years ago.
Random prefix

Download all attachments as: .zip

Change History (5)

@nithi22
2 years ago

@nithi22
2 years ago

Default prefix

@nithi22
2 years ago

Random prefix

#1 @nithi22
2 years ago

  • Keywords has-patch has-screenshots added; needs-patch removed

#2 @swissspidy
2 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Duplicate of #11454.

The table prefix is not a security feature.

Its purpose is to make it easier to run multiple WP installations in a single database, e.g. on a shared hosting environment.

Thus it does not make sense to randomize it.

Note: See TracTickets for help on using tickets.