WordPress Security Tip – Change Your Theme Name

This is a quick tip – never use the “default” theme in WordPress. Even if you decide to use the default theme for your blog, change the name to something unique. I have started to think about my theme names like passwords and am using unique names for each site.

It appears that many times the hackers and exploiters will get into your site and edit the default theme. If you change it to something else, it can make it a bit harder to be exploited. It doesn’t mean you won’t be exploited, just that it might help a bit. Think of it as that little chain you put on your front door. It won’t stop a criminal from getting in, just make them kick the door harder.

Changing the theme is easy – here’s how I do it.

  • Login to your admin panel and select the appearance option
  • Select the themes option (you may already be on this page)
  • Now FTP to your blog and change the name of the theme from Default to something unique (e.g. sd2tge0)
  • Reload your themes page and select the newly renamed theme

Related: Our commentary on the good, bad and the exploited in our move from Drupal to WordPress.

2 Responses

  • f68187

    i think thats useless couse if someone right clicks on an image of the theme ( view image info) the explorer will show the full path containing the new renamed folder… lol

    • Damien

      Indeed, simply calling up a stylesheet will tell me all I need to know about paths. htaccess protect what needs to be protected, folders and access to the config file. Done.