WordPress Secure your installation Set a custom prefix for WordPress tables


Example

When you install WordPress to your server, the installation script will place a prefix in front of all the WordPress MySQL table names. This prefix is set to 'wp_' by default. The WordPress posts table will be called wp_posts for example. By changing the table prefix you can create some security by obscurity. This way when a hacker attempts SQL injection attacks, they will have to guess the prefix of your table rather than just using 'wp_'. You can set this prefix to be whatever you like.

Set Prefix in New WordPress Installation

If using famous 5 minute installation Change prefix in field during installation.

enter image description here

If installing via WordPress CLI use the following command:

// set other variables above, or substitute your strings in.
WP_DBPREFIX=foo
wp core config --dbname="$MYSQL_DBNAME" --dbuser="$MYSQL_USERNAME" --dbpass="$MYSQL_PASS" --dbprefix="$WP_DBPREFIX"_ --locale=en_AU

Change Prefix in Existing Installation

Changing the prefix is a little more difficult. Firstly use a FTP program like FileZilla to edit the wp-config.php file. Change the entry $table_prefix = 'wp_'; to $table_prefix = 'foo_'; substituting 'foo' for your desired prefix.

Next we'll need to edit the database. If you have access to phpMyAdmin, login and do the following:

  • Select the WordPress database enter image description here
  • Select all tables and in the dropdown select replace table prefix.enter image description here
  • In "From" type 'wp_'. In "To" type your prefix, 'foo_' in this example and press "Submit". enter image description here
  • Tables should now look like this:enter image description here

If you can't use phpMyAdmin then use the following MySQL command:

RENAME table `wp_comments` TO `foo_comments`

You'll need to run that command for each table, substituting 'comments' for the other table names.

Next we need to change a few entries in some tables. Run this query on the 'foo_options' table

SELECT * FROM  foo_options WHERE option_name LIKE '%user_roles%'

A entry with option_name of 'wp_user_roles' should appear. In that entry change the 'option_name' entry from wp_user_roles to foo_user_roles.

Then open up 'foo_usermeta' table and find every entry with 'wp_' at the front. enter image description here and change it to 'foo_'. The number of entries you must change will depend on how many users you have. enter image description here

That should be all you need to change the prefix in an existing installation