Resources     Blog  

  1. Home
  2. WordPress Tutorials
  3. How to Improve Security by Changing the WordPress Database Prefix

How to Improve Security by Changing the WordPress Database Prefix

Are you concerned about security on your website? WordPress security is a serious matter and you can improve it by changing the WordPress database prefix. A WordPress database contains all of the information for your website, which makes it a prime target for hackers. By default, the WordPress database prefix is “wp_” and is quite easy to locate and target.

If you are on a brand new website, it is quite easy to change these prefixes, but on an established one, you will have a harder time. This is because many items on your website will be calling files that have the “wp_” prefix. For this reason, you need to be very thorough when you change the prefix. Today, I will demonstrate how to improve your website’s security by changing your WordPress database prefix.

Why is Changing the Database Prefix Effective

You may be wondering why exactly changing the database prefix is effective and the answer is quite simple. When searching a page, most people will skim through looking for key terms, words, images, etc, but what happens when you don’t find what you are looking for? Most people will leave and this is true for hackers as well. They want to be in and out as quickly as possible to avoid detection. A database can contain thousands of files and without a clear target, it can be time-consuming to find the correct file. It is a simple, but effective measure to guard your website, but skilled hackers will be able to find other ways to locate these files.

Create a Backup of Your Database

It is easy to understand why a database is so important and whenever you are about to directly change information within a database, you must create a backup. One misstep and you could cripple your entire website. This could lead to a bad user experience or extended downtime. A backup will ensure that you can bounce back from any mistake and revert your website to a working state.

How to Improve Security by Changing the WordPress Database Prefix

Today, I will demonstrate how to improve your website’s security by changing your WordPress database prefix. You will not need any plugins, but you will need access to your cPanel. Login information is given to you when you create an account with your web host. You do not need to have any coding knowledge to do this, but remember, if you make a mistake use the backup you made beforehand.

What to Change Your Prefix To

Changing your prefix is not a hard task, but before you begin you should decide what to name it. You are only allowed to use letters, numbers, and underscores in the new name. You may be thinking to change it to some elaborate name, but it’s not worth the trouble. This will prevent amateur hackers that are looking for websites that still use the default prefix, but there are plenty of other signs to look for if you are experienced enough.

Here are some example of appropriate prefixes:

wp_123

wp_abc

wp_abc123

wp_abc_123_

It is best to use a random assortment of numbers and letters and underscores instead of obvious words that stand out. As you can tell, it is still quite easy to recognize files that would use one of these prefixes, but not so easy when you are rushing or searching for default names.

Changing the Table Prefix

You will need to edit the wp-config.php file. All you need to do is add one line of code that contains your new prefix.

Let’s start by logging into the cPanel and clicking on the File Manager option. The File Manager will allow you to access all of the files related to your website.

Click on the File Manager option.

You need to locate your theme’s wp-config.php file. Click on the public_html directory. The wp-config.php file will be located here. Right-click on the wp-config.php file and select the Edit option.

Select the Edit option.

A pop-up window will show up. This box will warn you to create a backup of your files before editing anything. This will ensure that you can revert your website back to when it was working if something goes wrong. Click on the “Edit” button. A new tab will open containing all of the code from the file.

Click on the "Edit" button.

Now you just need to enter this one line of code into the file. Copy and paste the following line of code, but remember to use the prefix of your choice, do not copy the one in this tutorial: 

$table_prefix = ‘wp_abc_123_’;

Once you have inserted the code into the wp-config.php file, click on the “Save Changes” button to finish.

Click on the "Save Changes" button.

Changing Your Database Table Prefixes

You are now ready to change your prefixes. There are 11 default WordPress databases. Each one has the “wp_” prefix and needs to be changed. You can do this manually or using some simple SQL code that I will provide for you. Either way is acceptable, just make sure that your prefix is consistent with the one you added to your wp-config.php file.

In the Databases section, click on the phpMyAdmin option.

Click on the phpMyAdmin option.

You will see all of the databases you have created. Find the one that you are currently using and click on it. Click on the “SQL” tab to use some code to change all of your prefixes.

Click on the "SQL" tab.

If you are on an existing website, you will most likely have more than the 11 default tables. Add as many lines as necessary to the code.

Here is some code for a default website:

RENAME table `wp_commentmeta` TO `wp_abc_123_commentmeta`;
RENAME table `wp_comments` TO `wp_abc_123_comments`;
RENAME table `wp_links` TO `wp_abc_123_links`;
RENAME table `wp_options` TO `wp_abc_123_options`;
RENAME table `wp_postmeta` TO `wp_abc_123_postmeta`;
RENAME table `wp_posts` TO `wp_abc_123_posts`;
RENAME table `wp_terms` TO `wp_abc_123_terms`;
RENAME table `wp_termmeta` TO `wp_abc_123_termmeta`;
RENAME table `wp_term_relationships` TO `wp_abc_123_term_relationships`;
RENAME table `wp_term_taxonomy` TO `wp_abc_123_term_taxonomy`;
RENAME table `wp_usermeta` TO `wp_abc_123_usermeta`;
RENAME table `wp_users` TO `wp_abc_123_users`;

If you need more lines, just use the same code structure to create them. Click on the “Go” button to proceed with the change.

Click on the "Go" button.

Changing the Rest of the Prefixes

All of the main tables will now have their respective prefixes changed, but there are plenty of files that will need to be changed within these tables. Again the SQL Query is our best friend to locate them all. There are two locations, in particular, to go through, which are the Options table and the Usermeta table.

Here are the SQL Query codes to locate all of the files that use the default prefix:

Options Table:

SELECT * FROM `wp_a123456_options` WHERE `option_name` LIKE ‘%wp_%’

Usermeta Table:

SELECT * FROM `wp_a123456_usermeta` WHERE `meta_key` LIKE ‘%wp_%’

Go through every file and change every default prefix. Make sure you are consistent and thorough. If you do not get every file, it can cause problems on your website. Once this is done, test your website to make sure everything is in order. If it not working and you are unsure why, use the backup to restore your website.

Congratulations, you have successfully changed your database prefixes. This will help protect your website from malicious attacks.

Take Security Seriously

WordPress is a very secure platform that is well protected on its own, but you will need extra security. There are a lot of great security plugins to choose from that can help guard your website against any kind of attack. Having valuable information stolen does not just impact you, but also all of your website’s visitors who might have their information stolen as well. It will certainly not look good for your website if you suffer and lose their information.

How long has it taken you to completely change the prefixes? Have you found the process challenging?

Author: Chris Racicot

Chris is the Support Manager at GreenGeeks and has been with the company since 2010. He has a passion for gaming, scripting and WordPress. When he’s not enjoying his sleep, he’s working on his guitar skills and fiddling with 3d printing.

Was this article helpful?

Related Articles

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.