The WordPress database creates tables during installation and it is the place where all the website data is being stored. We can simply call it the brain of the WordPress website and thus it becomes the target for hackers and spammers. WordPress is being used by millions of websites because of its flexibility and security. By making small corrections you can tighten up the security of the WordPress website.
One main thing that we all forget to change during WordPress installation is that, altering the database prefix. This is one of the easiest ways by which the hackers run automated scripts to make SQL injections or to hack your site. Make one small step to save your WordPress site from most of the minor attacks. By default the database tables are prefixed by wp_ and by changing this you can withstand attacks from amateur hackers. In this article, let us see how to change the default database prefix properly and quickly.
Have a Backup
It is always recommended to take a backup of your WordPress website. Have daily backs or scheduled backups using plugins like BackupBuddy or UpdraftPlus. Next thing you have to do is to setup maintenance page temporarily for your website, so that you will not let your visitors confused or landing to some other page.
The ones who are familiar with database changes can perform this manually. Else it is advised to use a plugin to make changes to the database. Let us discuss the database table prefix change by both the methods in detail below.
Edit Table Prefix in wp-config.php
Access your WordPress root directory by any FTP software and open the wp-config.php file and change the table prefix line from wp_ to something else like this pw_.
Note: You can only have alphabets, numbers and underscore in the table prefix and no special characters are allowed.
$table_prefix = ‘wp_’;
$table_prefix = ‘pw_’;
Change all your Database Table Names
Now access the database using phpMyAdmin and replace all the table names with the one you changed in the wp-config.php file. Choose your database and click the SQL menu and enter the command to rename tables. Change one table at a time. Replace all the tables with the wp_ prefix. Paste the lines in the SQL window and check the table name on the left. Change until all of your WordPress tables appear with the new prefix.
Rename table wp_commentmeta to pw_commentmeta;
Rename table wp_comments to pw_comments;
Rename table wp_links to pw_links;
Rename table wp_options to pw_options;
Rename table wp_postmeta to pw_postmeta;
Rename table wp_posts to pw_posts;
Rename table wp_terms to pw_terms;
Rename table wp_term_relationships to pw_term_relationships;
Rename table wp_term_taxonomy to pw_term_taxonomy;
Rename table wp_usermeta to pw_usermeta;
Rename table wp_users to pw_users;
Search in the options table to find the other fields using wp_ as the prefix so that we can replace them. Click the table name and click Browse menu and it will return all the results stored in that table. Under the option_name column header, change wp_user_roles to pw_user_roles. Use the edit option to change it.
SELECT * FROM `pw_options` WHERE `option_name` LIKE '%wp_%'
Use this query that will return all the results, so that you don’t have to miss anything to edit.
Now search all the usermeta fields that use wp_ as a prefix and replace it. The results may vary between sites and depending on the number of plugins you use.
SELECT * FROM `pw_options` WHERE `meta_key` LIKE '%wp_%'
Now your WordPress site is a lot more secure that before. Launch your site and it should work fine if you had followed the steps properly. Make a new backup of your database now which could help you in future.