Thread: Wordpress Configuration Security

I'm a noob when it comes to blogging... so to protect myself in the future, I asked one of my online friends to see if he could hack into my wordpress blog. He did and he said he did it very easily. He told me that since I used the default configuration naming conventions (database name and prefix), he was able to do some "SQL Injection". The suggestion to me was to make my table prefixes a different name that's impossible to randomly guess (instead of wp, make it 2j23kj9 or something random). Since I'm only in the configuration stage of my blog, a complete reinstall didn't hurt so bad.

I'm sure most of you know this, but I figured I would share it anyway in case someone else was like me and didn't know.

I guess to further this question, does anyone know how to hack blogs further than what my buddy can do? If you can, would you be willing to hack into my blog and then provide a way to harden the blog? How much would you charge? If I decide to have someone do this, I will give them admin rights to access the blog for this. Thanks.