When you, or your web developer, launched your WordPress site a database table prefix was determined. The prefix helps define and keep organized all of your WordPress data whether this data be something innocuous like the content of posts, or something serious like users and their passwords. The default prefix for WordPress tables is wp_. So, by default, the table wp_post stores the content of your posts and wp_users stores your users’ information. Makes sense, right?
Maybe too much sense. With literally millions of WordPress sites all using the wp_ prefix, it’s a quick, common target of automated hack attempts.
Automated hacks can quickly scan for WordPress sites that may be running vulnerable software. Once found, they’ll attempt to exploit the software by injecting code to create their very own user within wp_users in your database. With a personal user account to your site they can really do whatever they want. All this can happen because they were specifically looking for the database table wp_users.
If your users table was instead called something like 2squirrels_users or, better yet, b5ok8_2d_users, the hack above would not work. You can easily change your default prefix to upgrade the security of your website, either during WordPress installation, or after. And you can do it in 5 minutes.
At the bottom of the database connection window you’ll see a Table Prefix field defaulted to wp_. Even though the instructions say, “If you want to run multiple WordPress installations in a single database, change this” change it anyway. I selected evr45wr_7_. Click Submit. Security upgraded in WAAAAY less than 5 minutes.
Find and install a plugin to do the trick. You might try Change DB Prefix for a simple, lightweight option with lots of installs and good reviews. I’ve used version 1.3 on sites running 4.4.1 with flawless results. Security upgraded in 5 minutes.
If you’re a DIY kinda person you could also update your table prefix the manual way. It’s not hard, but will take you longer than 5 minutes. Maybe that method will be a future post.
Also published on Medium.