Many people feel that WordPress is just bad when it comes to security. Over the years, WordPress has grown in popularity with millions of websites using it. Therefore, it has become a favorite target for most of the attackers and hackers who develop malicious and automated scripts to nuke websites with bots in order to hack a website, publish spam comments, or do SQL injection.
Good thing is that WordPress is really flexible and you can tighten security by making small adjustments. Though all security measures are not foolproof, one single security step can stop the basic attacks. By changing default WordPress database prefix, you can stop novice hackers from running SQL injection on your website.
When you install WordPress, it creates tables in the database with the wp_ prefix.
Before making any changes to your website, make sure you’ve created a backup. Use plugins like BackupBuddy or UpdraftPlus to schedule backups. If your site is hosted on Cloudways, then most probably you already have a backup of your entire site. If not you can take one manually by pressing the “Take Server Backup Now” button.
I personally make changes in the database manually, so I know exactly what changes I have made. For beginners, it is better to use a plugin to make changes to your database. But, I will cover both the methods to change WordPress database prefix.
Changing WordPress Database Prefix Manually
I am more comfortable with making such changes manually. There are plugins available that do the exact same thing. But the thing is I don’t want another plugin on my site and you never know when a vulnerability in the plugin pops up and you lose your website. Here are the few steps involved in changing the database prefix manually.
- Editing wp-config.php
- Renaming the Database Tables Using SQL Query
- Renaming the wp_ fields in Database Table
First thing first, you need to decide what prefix you want to use. For the purpose of this tutorial, we are going to change database prefix from wp_ to cw_.
Step 1: Editing wp-config.php
Access the root directory of your WordPress installation through an FTP software like FileZilla, find and edit the wp-config.php file using any code editor of your choice. My favorite is Sublime Text Editor.
In the wp-config.php file, find the line that reads $table_prefix = ‘wp_’ and replace the wp_ with cw_ (or whatever prefix you prefer).
Save the file and upload it to the root of your WordPress installation.
Step 2: Renaming the Database Tables Using SQL Query
By default, WordPress creates tables with prefix wp_ in MySQL database that we connect to it. There may be more tables with wp_ prefix if you have a plugin that requires its own table.
To change the database prefix, access your MySQL database through MySQL Manager that your host offers.
The fastest way to change the database names is to change by running SQL queries. Run the SQL command from your MySQL Manager and use the following commands to make the change
RENAME table `wp_commentmeta` TO `cw_commentmeta`; RENAME table `wp_comments` TO `cw_comments`; RENAME table `wp_links` TO `cw_links`; RENAME table `wp_options` TO `cw_options`; RENAME table `wp_postmeta` TO `cw_postmeta`; RENAME table `wp_posts` TO `cw_posts`; RENAME table `wp_termmeta` TO `cw_termmeta`; RENAME table `wp_terms` TO `cw_terms`; RENAME table `wp_term_relationships` TO `cw_term_relationships`; RENAME table `wp_term_taxonomy` TO `cw_term_taxonomy`; RENAME table `wp_usermeta` TO `cw_usermeta`; RENAME table `wp_users` TO `cw_users`;
Note: Make sure, you write above line for every table present in your database.
You can use any name in place of cw_ but just keep in mind, only numbers, alphabets, and underscores are allowed.
Step 3: Renaming the wp_ fields in Database Table
Apart from tables, there are two fields (cw_options and cw_usermeta in our case) by default that has field name beginning with wp_.
By using the following queries, we can change the prefix of those fields containing a wp_ prefix.
UPDATE `cw_options` SET `option_name`=REPLACE(`option_name`,'wp_','cw_') WHERE `option_name` LIKE '%wp_%'; UPDATE `cw_usermeta` SET `meta_key`=REPLACE(`meta_key`,'wp_','cw_') WHERE `meta_key` LIKE '%wp_%';
Changing Database Prefix Through Plugin
If you don’t want to dive into database stuff and make changes manually, then you can use “Change Table Prefix plugin to make the changes in just 1 step.
In security perspective, this is not a foolproof method but it will allow you to stop basic attacks and automated scripts that target databases with a wp_ prefix. There is always a vulnerability and flaw waiting to be discovered but you can tighten them by following 10 WordPress security issues & how to fix them.