Site   Web

June 9, 2017

How to Change the WordPress Database Prefix to Improve Security

Every WordPress geek knows the WordPress Database prefix starts with wp. Don’t think that I am educating a hacker about this — all hackers are well aware of this fact.

There is a purpose for changing the database prefix. Hackers use lousy SQL injections (I prefer using injections than queries) with advanced settings to alter your database prefix which results in the crashing of your site. You can avoid this problem by changing the prefix wp with something unique, which no one can guess.

Read on to discover the correct steps to change your WordPress Database Prefix. Once completed, the change prevents hackers from accessing your Database.

But before rushing into the tutorial, I would like to give you some pros and cons of changing the prefix of your database.

The Common Recommendation

You should change your Database prefix because doing so prevents hackers from accessing your account. When your site is vulnerable to a SQL injection — which means that they can execute an SQL query of unethical form — hackers can extract all of your information. This includes your login credentials which they prefer to extract first so they can change it and keep you out of your own website. After this, they can use your website for whatever purpose they want.

You definitely want to protect your site from this menace.

Cons of changing WordPress Database Prefix

There are not actually cons for a database prefix change, however, I want to refer to because it can be pointless. If a hacker can initiate an unauthorized SQL query over your database, then one thing is for sure, your database is in open connection.

If your database is in open connection then there is no point of changing the prefix for the database. The hacker can initiate a second query for the search of usermeta and postmeta. With this information, he can know your new prefix — problem solved for the hacker, but a big worry for you.

I don’t mean to scare you, however, if you really want to secure your database, changing the database prefix is just one step.

Pros of changing WordPress Database Prefix

Changing database prefix is a recommended practice by WordPress Codex for hardening security. This has been practiced since the start of WordPress: more than 10 years.

This step is crucial and aids your security. Hackers create programs that crawl into hundreds of websites seeking loopholes. They don’t use any kind of known browser like we all do.

When the bot successfully finds the loophole, the query is executed and the process continues from there. If you have successfully changed your database prefixes, your site will be safe for the time being. However, remember one thing, in this case, your site is still vulnerable. So, do not consider this single step a solution for the problem.

OK, enough scary talk, let’s get to work.

Changing the table prefix

For this, you have to visit your WordPress folder and search for a file named “wp-config.php”. If you want, you can edit the file directly using the cPanel, or you can use FTP to reload an edited download copy.

Login to cPanel, then go to Files > File manager > wp-config.php. Then click edit at the top.

Locate “$table_prefix  = 'wp_';”. Here you can change wp to your desired word, but don’t choose something predictable. You are allowed to use any numbers, letters or underscores if you prefer.

Save the file and open your site.

Hmm, broken right? That is because your database’s main data doesn’t match your changes. This leads you now to change your prefixes in your database. And it is completely normal, so chill.


Next, login to phpMyAdmin to run some SQL queries.

Here you have to enter your queries which results in changing main tables in your WordPress database.

Now enter your first query as RENAME table `wp_tablename` TO `newprefix_tablename`;

Use the original table name and your new prefix in place of tablename and newprefix.

If you have single installs for WordPress. Then you have to enter the following queries,

RENAME table `wp_commentmeta` TO `newprefix_commentmeta`;

RENAME table `wp_comments` TO `newprefix_comments`;

RENAME table `wp_links` TO `newprefix_links`;

RENAME table `wp_options` TO `newprefix_options`;

RENAME table `wp_postmeta` TO `newprefix_postmeta`;

RENAME table `wp_posts` TO `newprefix_posts`;

RENAME table `wp_terms` TO `newprefix_terms`;

RENAME table `wp_term_relationships` TO `newprefix_term_relationships`;

RENAME table `wp_term_taxonomy` TO `newprefix_term_taxonomy`;

RENAME table `wp_usermeta` TO `newprefix_usermeta`;

RENAME table `wp_users` TO `newprefix_users`;

If you have multi-site networks, you have to add the following queries,

RENAME table 'wp_blogs' TO 'newprefix_blogs' ;

RENAME table 'wp_blog-versions' TO 'newprefix_blog_versions' ;

RENAME table 'wp_registration_log' TO 'newprefix_registration_log' ;

RENAME table 'wp_site' TO 'newprefix_site' ;

RENAME table 'wp_sitemeta' TO 'newprefix_sitemeta' ;

Update Table Entries

Next, you have to make certain updates in the table option. You can use the following query to run a search on the options table.

SELECT * FROM `newprefix_options` WHERE `option_name` LIKE '%wp_%'

You’ll see the list of those entries which are not updated yet, click the edit button to make the changes and then save it.

Updating usermeta Table entries

Just like the option table entries, enter the following query in the search box to search for all usermeta table entries,

SELECT * FROM `newprefix_usermeta` WHERE `meta_key` LIKE '%wp_%'

Here also you must edit the entries in the list.

The Final Step

Now, you have updated successfully, and you’re good to go. Before doing anything else, however, it is a good idea to make a full backup of the changes you made.

You won’t see any change in the front end, but you have taken one step toward making your website more secure.

If you entered your URL and if it shows you any errors, there is a possibility that one of your tables was left behind, I recommend you check to see if any table was missed.

With these steps, you can change your database prefixes and save yourself from  blunders. If you feel you’re on an open connection, check it with your host provider. Don’t be careless about the security of your website.

Here is the checklist you should follow:

  • Changing the table prefix.
  • Changing Database prefixes.
  • Update option table entries.
  • Update usermeta table entries.
  • DONE

If you get stuck, feel free to contact me via comments.


Alana Berge is a Web developer working for Awebstar, a reputed company in developing WordPress theme, plugins. If you are about to hire WordPress Developer Singapore, Alana is the right choice. She is an admirer of sharing her innovative ideas with others on the web related to new web design and development technology trends.