Hackers like to exploit vunerable installations of WordPress.
They generally use automated means to scan sites for known weaknesses.
These weaknesses are generally overlooked by users who don’t change the default database table settings when they first setup a new installation of WordPress.
One of the most common vunerabilities is the database table prefix wp_.
When you first install WordPress, you have a chance to change this prefix from the default setting.
Default Prefix: wp_
Edited Prefix: wp_8biGseCreTs4U_
Edit Prefix During Manual Installation
You can change the prefix while installing WordPress (depending on the software used for auto installation) or by replacing the default code shown in this screen shot in your wp config file.
This can be done regardless of whether you install WordPress automatically or manually.
Change Prefix During Auto Installation
Once you have done this, Edit the prefix during auto install if using simple scripts at step 2.
Make sure the database name and connection details you enter here already exist.
This method assumes you’re using Bluehost’s simple scripts to install WordPress.
Changing Prefix After Installation
If you’ve already installed WordPress and published content, you can’t simply change your database prefix using the above solution.
If you do, you’ll get database connection errors resulting in site downtime.
To avoid connection errors after changing your db prefix, install a plugin that changes the prefix for you safely.
5 Plugins Which Change The WP_ Database Table Prefix
Here’s 5 plugins that do the job:
- Better WP Security
- Website Defender WordPress Security (Only tested this one)
- WP Security Scan
- WP Prefix Changer
- Change DB Prefix
I used the website defender WordPress security plugin.
Make sure your config.php file is writable and enter your secret prefix.
Change Database Prefix Manually
This method isn’t recommended for beginners.
You’ll need to access your database using phpMyAdmin and change:
- All the default WordPress prefixes
- Any plugin table prefixes
- All wp_options prefixes
- All wp_ user meta prefixes
After you’ve created a full backup of your site, replace the default database table prefix in your wp-config as shown above.
Once you do this, your site will be down until you finish editing all the table prefixes in the next step. (Hence the backup files)
Edit WordPress Tables
Using phpMyAdmin, locate all the core WordPress files and plugin files with the prefix wp_ and replace them with the exact same prefix you used in the previous step.
By default WordPress includes 11 tables which use the wp_ prefix.
Once you add plugins which also reqiure a database to run, you’ll find more.
In this case its 16 that need editing.
You can use this query for each table prefix that needs editing by changing the prefix to your own.
RENAME table `wp_commentmeta` TO `wp_8biGseCreTs4U_commentmeta`;
Edit WP_Options Table Prefixes
You’ll also need to search and replace your options tables and replace all instances of the default wp_ prefix with your secret prefix as used above.
You can use a query to do this by replacing your own prefix in this code below and work your way down each table:
SELECT * FROM `wp_8biGseCreTs4U_options` WHERE `option_name` LIKE 'wp_%'
Edit any options which include the default wp_ prefix with your own secure prefix.
Edit User Meta Table Prefixes
Use this query to search for user meta tables which include the default prefix and edit them with your own secure prefix.
SELECT * FROM `wp_8biGseCreTs4U_usermeta` WHERE `meta_key` LIKE 'wp_%'
Other Ways To Change Prefixes
You could download an export of your database tables from phpMyAdmin and use notepad ++ search feature to find and replace the table prefixes which start with wp_.
After you’ve changed all instances of wp_, drop (delete) your database before uploading the edited version into phpMyAdmin.
I tested these queries on a test site however you will save time using a good plugin.
Don’t forget a database backup!