Change Your Table Prefix in WordPress the Simple Way

If your table prefix is “wp_” or “wp1_” or even “wordpress_”, then changing it will bring your WordPress site security to a higher level.

By default Fantastico installation sets “wp_” as a prefix for each WordPress table name. Since this is a known vulnerability, malicious users can exploit your data easily.
They specifically look for the wp_options table, because it will alter your WordPress site look. Through wp_options they can set the url to redirect to their sites, leaving you the impression that your site was defaced.

If you already have a WordPress site, take a look at either your config.php file or go to phpMyAdmin in cPanel to check your tables names.

// Entry in config.php showing wordpress table prefix used in the installation
$table_prefix  = ‘wp_’;
// Only numbers, letters, and underscores please!

Attackers can easily send malicious code using JavaScript injecting SQL targeting your wp_ based tables. To make your wordpress site really secure, change the prefix to something that is difficult to guess. I would pick something almost like a password, except you are limited here to only numbers, letters, and/or underscores.

You might want to check a plugin “wp prefix changer” written by Philipp Heinze for BlogSecurity.net. It should do the job for you. However, I had problems using it, and prefer the manual way which I already done for 2 blogs.

I strongly recommend you to do change the prefix, if it is plain wp_. Just follow the next 6 steps and you should be in good shape. I have tested these steps already with a WordPress 2.8 installation:

1- Take a backup

Since this is a change in your WordPress table structure, you will have to take a backup first.
In cPanel click on the “Backups” icon and click on “Generate/Download a full Backup” and proceed with a “Home Directory Backup”.

2- Edit your wp-config.php file and change

$table_prefix  = ‘wp_’;

to something like

$table_prefix  = ‘op2mro445_’;

3- Change all your your WordPress table names

Go to phpMyAdmin and choose your WordPress database. Click on sql menu item and enter the command to rename all your tables. Do it one table at a time.

Note: You might have more tables that start with “wp_” prefix, change all the tables.
Every time you paste one line into the SQL window, click on GO and see the table name change on your left. Keep changing the table names until all your wordpress tables have the new prefix.

Rename table wp_comments to op2mro445_comments;
Rename table wp_links to op2mro445_links;
Rename table wp_options to op2mro445_options;
Rename table wp_postmeta to op2mro445_postmeta;
Rename table wp_posts to op2mro445_posts;
Rename table wp_terms to op2mro445_terms;
Rename table wp_term_relationships to op2mro445_term_relationships;
Rename table wp_term_taxonomy to op2mro445_term_taxonomy;
Rename table wp_usermeta to op2mro445_usermeta;
Rename table wp_users to op2mro445_users;

4- Edit wp_options

Then you need to edit in the op2mro445_options table ( formaly wp_options ) table

Click on the table name link and then click on “Browse” menu item.
You will see all the data stored in that table. Look under the option_name column header and change wp_user_roles to op2mro445_user_roles.
You will be able to change it by clicking on the edit button for that record.

5- Edit wp_usermeta

And finally apply changes to op2mro445_usermeta formally ( wp_usermeta)

In phpMyAdmin highlight op2mro445_usermeta link and click browse menu.

Change every value under meta_key column header, that starts with the old prefix wp_ to the new prefix op2mro445_ the number or records might be different for your web site.

I had values wp_capabilities, wp_autosave_draft_ids, wp_user_level, wp_usersettings, and wp_usersettingstime for the field meta_key need, and changed each one to the new prefix: op2mro445_capabilities, op2mro445_autosave_draft_ids, op2mro445_user_level….

6- Done! Test your WordPress site now

It should be a lot more secure giving you the peace of mind to focus on blogging.

Oh, one more thing. Do another backup.

Comments are closed.