WordPress Security Tip – Change Your Theme Name

This is a quick tip – never use the “default” theme in WordPress. Even if you decide to use the default theme for your blog, change the name to something unique. I have started to think about my theme names like passwords and am using unique names for each site.

It appears that many times the hackers and exploiters will get into your site and edit the default theme. If you change it to something else, it can make it a bit harder to be exploited. It doesn’t mean you won’t be exploited, just that it might help a bit. Think of it as that little chain you put on your front door. It won’t stop a criminal from getting in, just make them kick the door harder.

Changing the theme is easy – here’s how I do it.

  • Login to your admin panel and select the appearance option
  • Select the themes option (you may already be on this page)
  • Now FTP to your blog and change the name of the theme from Default to something unique (e.g. sd2tge0)
  • Reload your themes page and select the newly renamed theme

Related: Our commentary on the good, bad and the exploited in our move from Drupal to WordPress.

Two Good Password-Related Resources

I just wanted to make a good, quick post about two good resources I find myself using quite a bit.  The first is an md5 encrypter.  It’s a very nice, simple tool that simply converts any string into an md5-encrypted string.

At work, I find myself making a lot of very simple scripts that require me to set up administration areas, but don’t really warrant taking the time to set up online registration, etc.  Instead, I simply use the md5 encrypter to encrypt the passwords I want to use, and then I enter those encrypted passwords directly into the database.

You can find that tool, along with quite a few others, at http://www.iwebtool.com/tools.  The link directly to the md5 encryption tool is http://www.iwebtool.com/md5.

The other tool I’ve found myself using quite a bit, for basically the same reasons listed above, is a random password generator.  The one I’ve been using the most is presented by PCTools.com.  It offers a lot of options, and does a very nice job of generating random, secure passwords.  You can find that tool at http://www.pctools.com/guides/password/.