WordPress security is an important matter for any blogger who wants to keep his site safe from hackers, malware and cyber attacks. We've already published a tutorial about the most important steps you should take for better WordPress security and now we want to complement this with a simple add-on about how to change the default WordPress database prefix to a custom value for better security.
By default, WordPress uses “wp_” as the table prefix in your database. And it's obvious that also hackers know about this fact which is a potential security risk. Therefore, it's better to not keep the default prefix and change it to something (anything) else. In case you run multiple WordPress websites, you could use a unique combination of letters and stick with it for all your installations.
1. WordPress Database Backup
The most important step before you even consider touching your database is to always backup your WordPress database first. Imagine how you would regret not having a backup in case something goes wrong and is messing up your site. There are many plugins available for WordPress database backups, for example “WP-DBManager”. Using a WordPress plugin is probably the most convenient way to backup your WordPress database, especially when you've never done something like this before.
2. Maintenance WordPress Plugin
Another step to keep your site safe and prevent issues during the database change is using a maintenance page while you are working on your site. You probably don't want that your visitors see that your site is down or broken in case there is an issue. So using a maintenance WordPress plugin probably isn't a bad idea. You could just display a message that your site will be back online soon or redirect your visitors to whatever destination you prefer, for example your Facebook fanpage, Google+ site or Twitter account.
3. Changing default table prefix In wp-config.php
If you have installed a fresh WordPress, then this is the last step to do. If not, you'll need to change a few more things. Please open the file “wp-config.php” which is located in your WordPress root directory. Change the table prefix line from wp_ to something else like this wp_myprefix_. You can only use numbers, letters and underscores. Feel free to create your own secure prefix.
4. Change all your WordPress table names from phpMyAdmin
This the most difficult step, as you will need to change your database table names to match the one you changed in the wp-config.php file. Simply open your hosting control panel, navigate to phpMyAdmin and select your database. Depending on your WordPress installation, you'll probably need to change several database tables. To rename tables in your database, you can run SQL, for example:
RENAME table `wp_comments` TO `wp_myprefix_comments`;
The database on the screenshot above is only a sql example of a WordPress database. The database of your site may have extra or less tables than this one, so please be careful.
5. Edit WordPress Databse Options Table
Now you need to search the options table for any other fields that are using wp_ as a prefix, so that you can replace them. The search results will return the
option along with any other options created by plugins, custom scripts, etc. You can now change the default prefix of these tables to your custom prefix. To achieve this easily, please run the following SQL:
SELECT * FROM `wp_myprefix_options` WHERE `option_name` LIKE '%wp_%'
6. Changing UserMeta Table in WordPress Database
Now please search the
for all instances of the old
prefix. The number of results may vary according to how many plugins you have installed. Now just change everything that has wp_ as prefix to the new custom prefix and you have completed that last step. You can do this by running this SQL:
SELECT * FROM `wp_myprefix_usermeta` WHERE `meta_key` LIKE '%wp_%'
Changing the default WordPress prefix “WP_” to something different is an additional step to increase the security of your WordPress site. For more security tips and WordPress security plugins, please read our guide: “All You Need to Know About WordPress Security”.