Changing WordPress Default ‘wp’ - Table Prefix

If your table prefix is “wp_” or “wp1_” or even “wordpress_”, then changing it will raise your WordPress site security to a higher level.

During WordPress installation, the installation process sets “wp_” as a prefix for each WordPress table name. Since this is a known vulnerability, malicious users can try and exploit your table data.

They specifically look for the wp_options table, because it will alter your WordPress site look. Through wp_options they can set the URL to redirect to their sites, leaving you the impression that your site was defaced.

NOTE: You can check the table prefix of your WordPress site, either in your WordPress config.php file or go to phpMyAdmin in cPanel.

The following is the codespec entry in config.php file showing WordPress Database table prefix used in the installation as shown in Diagram 1.

NOTE: The table prefix should contain only numbers, letters and underscores as separators.

$table_prefix = ‘wp_’;

Diagram 1

Attackers can easily send malicious code using JavaScript to inject SQL while targeting your wp_ based tables. To make your WordPress site really secure, change the database table prefix to something that is difficult to guess.

It is recommended to change the prefix of WordPress database table (wp_). The following are the six simple steps to be followed to help make your WordPress Site secure.

Step -1: Before proceeding to change the WordPress database table prefix, it is useful to take the backup of your complete WordPress website, to revert everything back if anything unusual occurs.

Once this change is done to your WordPress table structure, do take a backup. Please refer tutorial WordPress Backup which details how to take a backup of your WordPress driven website.

Step -2 : Open wp-config.php file present in WordPress folder in any editor as shown in Diagram 2.
Locate $table_prefix in the file and change $table_prefix = ‘wp_’; to something like $table_prefix = ‘tblprefix_’;

Diagram 2

Step -3 : In your browser, open phpMyAdmin (if installed). It really is an easy interface to communicate with the MySQL Database Server.

Select your WordPress database as shown in Diagram 3.

Diagram 3

Click on SQL menu item as shown in Diagram 4.

Diagram 4

Enter the command to rename all your tables. Execute the command for one table at a time.

After entering the command to rename the table into the SQL window, click GO as shown in Diagram 5 and view the table name changing on the left side of Query window.

Diagram 5

“Your SQL query has been executed successfully” message is displayed as shown in Diagram 6.

Diagram 6

Keep changing the table names until all your WordPress tables have the new prefix.

Execute the following commands to change the WordPress database tables present in general.

Rename table wp_commentmeta to tblprefix_commentmeta;

Rename table wp_comments to tblprefix_comments;

Rename table wp_links to tblprefix_links;

Rename table wp_options to tblprefix_options;

Rename table wp_postmeta to tblprefix_postmeta;

Rename table wp_posts to tblprefix_posts;

Rename table wp_terms to tblprefix_terms;

Rename table wp_term_relationships to tblprefix_term_relationships;

Rename table wp_term_taxonomy to tblprefix_term_taxonomy;

Rename table wp_usermeta to tblprefix_usermeta;

Rename table wp_users to tblprefix_users;

Note: You might have more tables that start with “wp_” prefix, change all the tables.

Renaming the prefix of the WordPress database tables have been successfully executed as shown in Diagram 7.

Diagram 7

Step-4 : Then you need to edit the tblprefix_options table ( formerly known as wp_options ) table.

Locate the table and then click “Browse” menu item respectively as shown in Diagram 8.

Diagram 8

You will view all the data stored in that table. Locate wp_user_roles under the option_name column header and change wp_user_roles to tblprefix_user_roles.

You will be able to change it by clicking on the Edit for that record as shown in Diagram 9.

Note: wp_user_roles might not appear on the 1st page under options. So search for it in the table using page navigation.

Diagram 9

The editor window of the particular record opens. Change the value of column option_name from wp_user_roles to tblprefix_user_roles and click Go as shown in Diagram 10.

Diagram 10

Step – 5: And finally apply changes to tblprefix_usermeta table ( formally known as wp_usermeta ).

Locate the table and then click “Browse” menu item respectively as shown in Diagram 11.

Diagram 11

Change every value under meta_key column header, that starts with the old prefix wp_ to the new prefix tblprefix_.

The number or records might be different for each and every web site.

The following are the values that need to be changed as shown in Diagram 12.

wp_capabilities to tblprefix_capabilities
wp_user_level to tblprefix_user_level
wp_usersettings to tblprefix_usersettings and so on.

Diagram 12

Alternatively, you can run a query in phpMyAdmin to find out how many records are present that require to be changed.

Click on the Search link as shown in Diagram 13.

Diagram 13

Click Options as shown in Diagram 14.

Diagram 14

Under Options section, Add the following search condition ( meta_key like ‘wp_%’ ), and click the Go as shown in Diagram 15.

Diagram 15

The exact number of record you need to update will be displayed as a search result as shown in Diagram 16.

Diagram 16

Edit every value under meta_key column header, that starts with the old prefix wp_ to the new prefix tblprefix_ by clicking on Edit.

Step – 6 : Congratulations !! The WordPress is now secure from being easily hacked.

• < Prev