One area of WordPress setup that many people miss is changing their database prefix. This is a setting in the wp-config.php file that determines what WordPress uses to talk to your database. By default WordPress adds wp_ to the front of all of your tables, but you should consider changing this to something very random.

Why? Well, an exploit has just surfaced for the 2.1.3 version of WordPress (and possibly previous versions) that allows someone to steal your admin password–but it only works if they know your WordPress prefix. Of course since most people haven’t changed this they know to use wp_.

Unfortunately it’s not a simple fix AFTER you have installed things. The prefix gets written to your entire database, so DON’T change it now after you’ve installed and are running, it’ll cause you to create an entirely new database within your current one, but not set to your current settings. The actual fix would be to download your database .sql file and use a text editor to change the entire thing (Ugh!).

Anyway, I’m updating my install tutorial to mention this important step.