Update Your WordPress Database Prefix for Better Website Security
When you install WordPress, it creates a few database tables beginning with the prefix of “wp_“. Despite being provided the option to change the prefix upon installation, many simply do not. Hackers anticipate this when constructing their malicious code and executing their attacks.
The good news is that you can change the default table prefix, post-install. This helps prevent some malicious code from executing but by no means is this perfect. This can be likened to taking a oral supplement to help prevent catching a cold.
How to Update Your WordPress Database Table Prefix
There are two ways to change your WordPress database table prefix.
1. UPDATE YOUR DATABASE TABLE PREFIX UPON INSTALLING WORDPRESS
The easiest way to change the WordPress database prefix is upon installing WordPress.
Simply replace the default “Table Prefix” field with anything you would like. But keep in mind that you may only use letters, numbers and underscores. For example:
- wp_abc_
- abc_wp_
- wpAbc_
- abc123
- Note no trailing underscore “_” or “wp” is needed in the string.
As the description for the “Table Prefix” field states, if you want to run multiple WordPress installations from a single database you should change the prefix. For example website A can have a prefix of “web1_” and website B a prefix of “web2_“. No doubt you can come up with more creative prefixes.
Note, running multiple websites off a single database is not recommended for what should be obvious security reasons as well as many other reasons. But if you must, that is how you can.
However, if you already have WordPress installed this next technique will show you what steps are need to update your table prefixes.
2. UPDATE YOUR DATABASE TABLE PREFIX POST INSTALLING WORDPRESS
Before we begin, you must make a full backup copy of your WordPress website and database. Once completed be sure to have it tested to ensure it will function should a restore be required. This is your responsibility.
If you don’t know how to do this, consider investing in your education by hiring us to show you how to create a proper backup of your WordPress website.
Alternatively, and really ideally, you would have a staging environment set up to test this on. This prevents testing potentially website access debilitating functions on your production copy of your website. Let us help you setup a staging environment for your website today.
With that said, let’s get on with updating our tables.
- Setup WordPress to use the new table prefix.
- Open the “wp-config.php” file in your favorite editor (we recommend Notepad++) which can be found within the root directory of your WordPress website. Locate the table prefix variable ( $table_prefix = ‘wp_’; ) and change it to the prefix you desire. For example: $table_prefix = ‘wp123_’;
- Keep in mind that you may only use letters, numbers and underscores when setting your prefix.
- Rename all your WordPress database tables
- Using a database editor, such as phpMyAdmin, to rename all your WordPress table prefixes to the one you specified in your wp-config.php file.
- Perform a Search and Replace on your OPTIONS table
- Search your “yournewprefix_options” table for any instances of the old prefix you are replacing. An example search query:
- SELECT * FROM ‘yournewprefix_options’ WHERE ‘option_name’ LIKE ‘%wp_%’
- This locates any rows containing the old “wp_” prefix within. Replace any values you find with the new prefix.
- If you are having issues logging in after updating your database prefix, you would want to search for and update option_name: wp_user_roles
- Search your “yournewprefix_options” table for any instances of the old prefix you are replacing. An example search query:
- Perform a Search and Replace on your USERMETA table
- Similarly, search your “yournewprefix_usermeta” table for any instances of the old prefix you are replacing. An example search query:
- SELECT * FROM ‘yournewprefix_options’ WHERE ‘meta_key’ LIKE ‘%wp_%’
- This locates any rows containing the old “wp_” prefix within. Replace any values you find with the new prefix.
- Similarly, search your “yournewprefix_usermeta” table for any instances of the old prefix you are replacing. An example search query:
- Test your website
- Almost done! We just have to make sure that our website is fully function after updating WordPress to use the new prefix. To test, simply log into your WordPress website and try creating a new post, a page and alter a widget to confirm that they work as intended. If everything functions correctly you may rest assured that you’ve successfully updated your WordPress database table prefix. Now your website has another layer of protection added.
If you found this article helpful, please take a moment to like us on Facebook, share this on your social media. Let us know if you have any questions that we may be able to assist you with.
