5 Minute Security Upgrade: Change your wp_ database table prefix

When you, or your web developer, launched your WordPress site a database table prefix was determined. The prefix helps define and keep organized all of your WordPress data whether this data be something innocuous like the content of posts, or something serious like users and their passwords. The default prefix for WordPress tables is wp_. So, by default, the table wp_post stores the content of your posts and wp_users stores your users’ information. Makes sense, right?

Maybe too much sense. With literally millions of WordPress sites all using the wp_ prefix, it’s a quick, common target of automated hack attempts.

Automated hacks can quickly scan for WordPress sites that may be running vulnerable software. Once found, they’ll attempt to exploit the software by injecting code to create their very own user within wp_users in your database. With a personal user account to your site they can really do whatever they want. All this can happen because they were specifically looking for the database table wp_users.

If your users table was instead called something like 2squirrels_users or, better yet, b5ok8_2d_users, the hack above would not work. You can easily change your default prefix to upgrade the security of your website, either during WordPress installation, or after. And you can do it in 5 minutes.

During Installation

At the bottom of the database connection window you’ll see a Table Prefix field defaulted to wp_. Even though the instructions say, “If you want to run multiple WordPress installations in a single database, change this” change it anyway. I selected evr45wr_7_. Click Submit. Security upgraded in WAAAAY less than 5 minutes.

Don't believe everything you read; changing the Table Prefix isn't just for multiple WP installs.
Don’t believe everything you read; changing the Table Prefix isn’t just for multiple WP installs.

After Installation

Find and install a plugin to do the trick. You might try Change DB Prefix for a simple, lightweight option with lots of installs and good reviews. I’ve used version 1.3 on sites running 4.4.1 with flawless results. Security upgraded in 5 minutes.

A view of the updated database tables showing the unique new prefix.
A view of the updated database tables showing the unique new prefix.

If you’re a DIY kinda person you could also update your table prefix the manual way. It’s not hard, but will take you longer than 5 minutes. Maybe that method will be a future post.

Leave a Reply

Your email address will not be published. Required fields are marked *

See if Cinch is right for you.

Ask us anything. Seriously. Like, what is the air speed velocity of an unladen swallow?

Start a chat right now

Or go ahead and Sign up now