How To Change The Default WP Prefix in Your Database Tables

Hackers like to exploit vunerable installations of WordPress.

They generally use automated means to scan sites for known weaknesses.

These weaknesses are generally overlooked by users who don’t change the default database table settings when they first setup a new installation of WordPress.

One of the most common vunerabilities is the database table prefix wp_.

When you first install WordPress, you have a chance to change this prefix from the default setting.

Default Prefix: wp_

To

Edited Prefix: wp_8biGseCreTs4U_

Edit Prefix During Manual Installation

You can change the prefix while installing WordPress (depending on the software used for auto installation) or by replacing the default code shown in this screen shot in your wp config file.

Default WordPress Database Table prefix

This can be done regardless of whether you install WordPress automatically or manually.

$table_prefix  = '8biGseCreTs4U_';

Change Prefix During Auto Installation

You’ll need to create a database manually using the MySQl database wizard located under the database section in cPanel.

Once you have done this, Edit the prefix during auto install if using simple scripts at step 2.

Make sure the database name and connection details you enter here already exist.

Change Table Prefix

This method assumes you’re using Bluehost’s simple scripts to install WordPress.

Changing Prefix After Installation

If you’ve already installed WordPress and published content, you can’t simply change your database prefix using the above solution.

If you do, you’ll get database connection errors resulting in site downtime.

Caution: Backup your files & databases before editing your database tables.

To avoid connection errors after changing your db prefix,  install a plugin that changes the prefix for you safely.

5 Plugins Which Change The WP_ Database Table Prefix

Here’s 5 plugins that do the job:

  • Better WP Security
  • Website Defender WordPress Security (Only tested this one)
  • WP Security Scan
  • WP Prefix Changer
  • Change DB Prefix

I used the website defender WordPress security plugin.

Make sure your config.php file is writable and enter your secret prefix.

Plugin to change wp database prefix

Change Database Prefix Manually

This method isn’t recommended for beginners.

You’ll need to access your database using phpMyAdmin and change:

  • All the default WordPress prefixes
  • Any plugin table prefixes
  • All wp_options prefixes
  • All wp_ user meta prefixes

Edit WP-Config

After you’ve created a full backup of your site, replace the default database table prefix in your wp-config as shown above.

Once you do this, your site will be down until you finish editing all the table prefixes in the next step. (Hence the backup files)

Edit WordPress Tables

Using phpMyAdmin, locate all the core WordPress files and plugin files with the prefix wp_ and replace them with the exact same prefix you used in the previous step.

WP Prefix Tables

By default WordPress includes 11 tables which use the wp_ prefix.

Once you add plugins which also reqiure a database to run, you’ll find more.

In this case its 16 that need editing.

You can use this query for each table prefix that needs editing by changing the prefix to your own.

RENAME table `wp_commentmeta` TO `wp_8biGseCreTs4U_commentmeta`;

Edit WP_Options Table Prefixes

You’ll also need to search and replace your options tables and replace all instances of the default wp_ prefix with your secret prefix as used above.

You can use a query to do this by replacing your own prefix in this code below and work your way down each table:

SELECT * FROM `wp_8biGseCreTs4U_options` WHERE `option_name` LIKE 'wp_%'

Edit any options which include the default wp_ prefix with your own secure prefix.

Edit User Meta Table Prefixes

Use this query to search for user meta tables which include the default prefix and edit them with your own secure prefix.

SELECT * FROM `wp_8biGseCreTs4U_usermeta` WHERE `meta_key` LIKE 'wp_%'

Other Ways To Change Prefixes

You could download an export of your database tables from phpMyAdmin and use notepad ++ search feature to find and replace the table prefixes which start with wp_.

After you’ve changed all instances of wp_, drop (delete) your database before uploading the edited version into phpMyAdmin.

Conclusion

I tested these queries on a test site however you will save time using a good plugin.

Don’t forget a database backup!