HOW TO CHANGE THE WORDPRESS DATABASE PREFIX TO IMPROVE SECURITY
WordPress is a dynamic content management system that stores your website’s content – posts, pages, themes, and plugins – in a database.
And since the database contains important information (such as your login credentials), it’s no surprise that it is a popular hacker target. Hackers develop SQL injections, automated scripts, and other malicious code to attack various databases, break into websites, or publish spam comments. For this reason, it’s very important that you protect your database and create regular backups of it.
Fortunately, WordPress is very flexible and, by making small changes, you can secure your site’s database. Although there is no security measure that is guaranteed to be foolproof, you can still protect your site’s database from novice attackers simply by changing its default table prefix.
With this in mind, in this post, we’ll walk you through a step by step tutorial to show you how you can change the WordPress database prefix.
A Look at the Default WordPress Database Tables
When you install WordPress, it creates 12 tables in the database each with the wp_ prefix. Many people don’t change the database prefix when they install WordPress on their website. Hackers know this and they exploit it perfectly.
The good news is that you can change the default table prefix to something that’s vague and difficult to guess – sort of like a secret key or a password. There are two different ways you can change your WordPress database’s tables depending upon whether you already have WordPress installed on your website or not.
METHOD 1: CHANGING THE DEFAULT DATABASE TABLE PREFIX BEFOREINSTALLING WORDPRESS
The easiest way to change the WordPress database prefix is before installing the CMS to your website. Before you install WordPress, navigate to the wp-config.php file and scroll down until you find $table_prefix = ‘wp_’;.
METHOD 2: CHANGING THE DEFAULT DATABASE TABLE PREFIX AFTERINSTALLING WORDPRESS
If you’ve already installed the WordPress CMS to your website, you can change the default database prefix by following these steps:
STEP 1: BEFORE YOU BEGIN
Since we’ll be making changes to the wp-config.php file, it is highly recommended that you create a full backup of your WordPress database before changing the table prefix. If you get a lot of traffic on your website then it would be a good idea to redirect your site’s visitors to a temporary maintenance page.
STEP 2: CHANGE THE DEFAULT TABLE PREFIX
Open up your wp-config.php file located in your WordPress root directory. Scroll down until you find the table prefix line i.e. $table_prefix = ‘wp_’;. Change the database prefix from ‘wp_’to something random like ’wp_a1b2c3d4’.
STEP 3: RENAME ALL WORDPRESS DATABASE TABLES
Next, navigate to your WordPress database through phpMyAdmin and rename all of the table prefixes to the one you specified in your wp-config.php file. As we mentioned before, there are a total of 12 default WordPress tables. One way to do that is to rename each table manually. But that take a lot of time. So, to make things faster, here’s a list of SQL commands that you can run to rename all 12 of the default WordPress tables:
If you have plugins installed on your WordPress website then chances are you might have a few extra tables in your database. If so, simply rename them, too – either manually or by modifying one of the SQL commands given above.
In order to minimize the risk of a hacking attempt, it’s a good idea to rename all of your WordPress database tables that begin with the default prefix to something random.
STEP 4: MODIFY THE OPTIONS TABLE
Next, we need to search the options table for any instances of the old, default prefix so we can replace them, too. Here’s an SQL query to save you some time:
SELECT * FROM `wp_ a1b2c3d4_options` WHERE `option_name` LIKE '%wp_%'
The purpose of this is to find any options that begin with wp_ and replace them with the new prefix i.e. wp_ a1b2c3d4. Running this SQL query will return the wp_user_roles option in addition to any other options that might have been created by the plugins you’ve installed to your website.
Once you’ve found all of the options, rename them to the new prefix.
STEP 5: MODIFY THE USERMETA TABLE
Similarly, search the usermeta table for any instances of the old prefix so that you can replace it with the new prefix. Here’s an SQL query to help you out:
SELECT * FROM `wp_ a1b2c3d4_usermeta` WHERE `meta_key` LIKE ‘%wp_%’
Running this query returns all of the usermeta fields that begin with the wp_ prefix. Simply rename all of them to the new prefix.
TEST TO MAKE SURE EVERYTHING WORKS
That’s it! You’re all done and your website should be working properly. To double-check that everything functions the way it should, log in to your WordPress website’s back-end and test out the admin panel, create a dummy post (and page), and make sure your widgets work as they should on the front-end.