Changing the WordPress Database Table Prefix, Security through Obscurity

WordPress Security is a hot topic, and rightly so.

If there are more than 70 millions WordPress sites, and your site is one of them, you better believe you’re a target.

Most hacking attempts are attempted off the back of scans that are fired off across the web looking for sites with known vulnerabilities.

If your site responds with a “Yes, I have that vulnerability”, you’re probably going to get picked apart.

So how can we prevent this?

By end of this series of articles on security, you’re going know all the easiest and most effective ways to minimize your surface area to attack.

In the 1st article in this series, I’ll explain the WordPress Database Table Prefix, what it is, and how you can easily change it.

What is the WordPress Database Table Prefix?

The WordPress database table prefix is simply a string of letters and numbers that are used when assigning names to the tables of the WordPress database.

The default prefix is: wp_

This means, if my WordPress site has the prefix “wp_”, all the tables in my database will begin with these 3 letters. (See the image)

What has this got to do with security?

Let’s say there’s a vulnerability in a plugin, or even in WordPress itself that somehow allows for the execution of code/MySQL on your WordPress database, for example.

As a hacker, I’m going to assume your database tables all begin with “wp_” and design any exploits accordingly. Chances are high that I’ll be right and I’ll get lucky.

Can the WordPress Database Prefix be changed?

Absolutely it can.

But it’s quite a manual job.

There are many reports of how it can be done, but experience has taught us that many how to guides are actually incomplete.

Your site needs to know what your WordPress database table prefix is before it can load the site. And in order to tell it, the prefix is stored within your wp-config.php file.

You can see it for yourself. Open up your wp-config.php file and look for the line that starts with: $table_prefix

That will tell you your prefix.

Warning: don’t change your prefix yet!

If you change your prefix in this file, hoping that’s the solution, unfortunately it’s a little more complicated. There is more to do.

How to rename the WordPress Database Prefix – the hard way

There are 5 steps to renaming the database table prefix:

1) Create a backup of the WordPress database and wp-config.php file

If you’re using WorpDrive WordPress backup, simply run a quick backup. After a few moments once it’s completed, continue on.

2) Edit your wp-config.php with the new prefix value

Open up your wp-config.php and change the value of the database prefix in the line that starts with $table_prefix.

Remember to keep the quotes around the name of the prefix – very important.

It could look something like:

$table_prefix = 'my_new_prefix_';

When you’re done, upload and replace the file back to your site.

3) Change the names of the database tables

Open up an editor to your database, say in phpMyAdmin, browse to your database and click on SQL (see image below).

To get you started, here is some SQL that you can use to rename your tables. In this case, we have assumed that your new prefix is: ‘my_new_prefix_’

RENAME table `wp_commentmeta` TO `my_new_prefix_commentmeta`;
RENAME table `wp_comments` TO `my_new_prefix_comments`;
RENAME table `wp_links` TO `my_new_prefix_links`;
RENAME table `wp_options` TO `my_new_prefix_options`;
RENAME table `wp_postmeta` TO `my_new_prefix_postmeta`;
RENAME table `wp_posts` TO `my_new_prefix_posts`;
RENAME table `wp_terms` TO `my_new_prefix_terms`;
RENAME table `wp_term_relationships` TO `my_new_prefix_term_relationships`;
RENAME table `wp_term_taxonomy` TO `my_new_prefix_term_taxonomy`;
RENAME table `wp_usermeta` TO `my_new_prefix_usermeta`;
RENAME table `wp_users` TO `my_new_prefix_users`;

4) Update User Meta fields

This is often overlooked, but failing to update these will prevent you from logging in again.

In the same window as before, use the command below to help you automatically find and replace all your necessary fields:

UPDATE `my_new_prefix_usermeta` SET `meta_key` = REPLACE( `meta_key`, 'wp_', 'my_new_prefix_' )

5) Update options table data

Again, below, use the following command to update any options table data:

UPDATE `my_new_prefix_options` SET `option_name` = 'my_new_prefix_user_roles' WHERE `option_name` = 'wp_user_roles'

And you’re done.

How to rename the WordPress Database Prefix – the easy way

The easiest way to do this is automatically.

With iControlWP – our dashboard for managing multiple WordPress sites – you can rename the prefix on 1 site, or on some/all your websites at once.

This is the simplest way to do it, and you wont need any other plugins or other such addons.

Not only that, you can take full advantage of all the other security features iControlWP can offer your WordPress websites and you can sign-up today for free.

Get The iControlWP Advantage Today

iControlWP lets you manage your plugins, themes, and security (and much more) across all your WordPress website from one convenient, secure, dashboard.

And it’s free to signup. No commitments, no credit cards. Just good WordPress management.