WordPress Security is a hot topic, and rightly so.
If there are more than 70 millions WordPress sites, and your site is one of them, you better believe you’re a target.
Most hacking attempts are attempted off the back of scans that are fired off across the web looking for sites with known vulnerabilities.
If your site responds with a “Yes, I have that vulnerability”, you’re probably going to get picked apart.
So how can we prevent this?
By end of this series of articles on security, you’re going know all the easiest and most effective ways to minimize your surface area to attack.
In the 1st article in this series, I’ll explain the WordPress Database Table Prefix, what it is, and how you can easily change it.
What is the WordPress Database Table Prefix?
The WordPress database table prefix is simply a string of letters and numbers that are used when assigning names to the tables of the WordPress database.
The default prefix is: wp_
This means, if my WordPress site has the prefix “wp_”, all the tables in my database will begin with these 3 letters. (See the image)
What has this got to do with security?
Let’s say there’s a vulnerability in a plugin, or even in WordPress itself that somehow allows for the execution of code/MySQL on your WordPress database, for example.
As a hacker, I’m going to assume your database tables all begin with “wp_” and design any exploits accordingly. Chances are high that I’ll be right and I’ll get lucky.
Can the WordPress Database Prefix be changed?
Absolutely it can.
But it’s quite a manual job.
There are many reports of how it can be done, but experience has taught us that many how to guides are actually incomplete.
Your site needs to know what your WordPress database table prefix is before it can load the site. And in order to tell it, the prefix is stored within your wp-config.php
file.
You can see it for yourself. Open up your wp-config.php file and look for the line that starts with: $table_prefix
That will tell you your prefix.
Warning: don’t change your prefix yet!
If you change your prefix in this file, hoping that’s the solution, unfortunately it’s a little more complicated. There is more to do.
How to rename the WordPress Database Prefix – the hard way
There are 5 steps to renaming the database table prefix:
1) Create a backup of the WordPress database and wp-config.php file
If you’re using WorpDrive WordPress backup, simply run a quick backup. After a few moments once it’s completed, continue on.
2) Edit your wp-config.php with the new prefix value
Open up your wp-config.php and change the value of the database prefix in the line that starts with $table_prefix
.
Remember to keep the quotes around the name of the prefix – very important.
It could look something like:
$table_prefix = 'my_new_prefix_';
When you’re done, upload and replace the file back to your site.
3) Change the names of the database tables
Open up an editor to your database, say in phpMyAdmin, browse to your database and click on SQL (see image below).
To get you started, here is some SQL that you can use to rename your tables. In this case, we have assumed that your new prefix is: ‘my_new_prefix_’
RENAME table `wp_commentmeta` TO `my_new_prefix_commentmeta`; RENAME table `wp_comments` TO `my_new_prefix_comments`; RENAME table `wp_links` TO `my_new_prefix_links`; RENAME table `wp_options` TO `my_new_prefix_options`; RENAME table `wp_postmeta` TO `my_new_prefix_postmeta`; RENAME table `wp_posts` TO `my_new_prefix_posts`; RENAME table `wp_terms` TO `my_new_prefix_terms`; RENAME table `wp_term_relationships` TO `my_new_prefix_term_relationships`; RENAME table `wp_term_taxonomy` TO `my_new_prefix_term_taxonomy`; RENAME table `wp_usermeta` TO `my_new_prefix_usermeta`; RENAME table `wp_users` TO `my_new_prefix_users`;
4) Update User Meta fields
This is often overlooked, but failing to update these will prevent you from logging in again.
In the same window as before, use the command below to help you automatically find and replace all your necessary fields:
UPDATE `my_new_prefix_usermeta` SET `meta_key` = REPLACE( `meta_key`, 'wp_', 'my_new_prefix_' )
5) Update options table data
Again, below, use the following command to update any options table data:
UPDATE `my_new_prefix_options` SET `option_name` = 'my_new_prefix_user_roles' WHERE `option_name` = 'wp_user_roles'
And you’re done.
How to rename the WordPress Database Prefix – the easy way
The easiest way to do this is automatically.
With iControlWP – our dashboard for managing multiple WordPress sites – you can rename the prefix on 1 site, or on some/all your websites at once.
This is the simplest way to do it, and you wont need any other plugins or other such addons.
Not only that, you can take full advantage of all the other security features iControlWP can offer your WordPress websites and you can sign-up today for free.
Get The iControlWP Advantage Today
iControlWP lets you manage your plugins, themes, and security (and much more) across all your WordPress website from one convenient, secure, dashboard.And it’s free to signup. No commitments, no credit cards. Just good WordPress management.
Great feature guys.
These days I change my DB prefix when I set up the site, but on some of my earlier sites I left it at the default.
This would have been a great tool to have in those days.
View CommentGlad you like it Keith! 🙂
View CommentWe’ve found it quite useful ourselves and figure we should find a way to simplify the process.
Cheers!
Paul.
is there any other easy method?
View CommentWordPress is a highly customizable CMS that have been adopted by millions around the web.
View CommentUnfortunately with the so much popularity, WordPress became a top target of many hackers who created automated scripts to target various vulnerabilities in the WordPress.
One of the way to harden the security of your WordPress website is to change default database prefix from “wp_” to something else.
Really great complement method of mine concerning about how change table prefix at https://phpmatters.com/how-to-change-wordpress-database-table-prefix/. To be frank, securing WordPress databases by changing the database table prefix is really a helpful method for both newbies and professionals. I was thinking my sharing is complete enough. But after reading your post, I think I should make some improvements to better serve my friends. Thanks a lot for the sharing.
View Comment