The WordPress database creates tables during installation and it is the place where all the website data is being stored. We can simply call it the brain of the WordPress website and thus it becomes the target for hackers and spammers. WordPress is being used by millions of websites because of its flexibility and security. By making small corrections you can tighten up the security of the WordPress website.

One main thing that we all forget to change during WordPress installation is that, altering the database prefix. This is one of the easiest ways by which the hackers run automated scripts to make SQL injections or to hack your site. Make one small step to save your WordPress site from most of the minor attacks. By default the database tables are prefixed by wp_ and by changing this you can withstand attacks from amateur hackers. In this article, let us see how to change the default database prefix properly and quickly.

Read also How to Get an SSL Certificate for your WordPress website

Have a Backup

It is always recommended to take a backup of your WordPress website. Have daily backs or scheduled backups using plugins like BackupBuddy or UpdraftPlus. Next thing you have to do is to setup maintenance page temporarily for your website, so that you will not let your visitors confused or landing to some other page.

The ones who are familiar with database changes can perform this manually. Else it is advised to use a plugin to make changes to the database. Let us discuss the database table prefix change by both the methods in detail below.

Edit Table Prefix in wp-config.php

Access your WordPress root directory by any FTP software and open the wp-config.php file and change the table prefix line from wp_ to something else like this pw_.

Note: You can only have alphabets, numbers and underscore in the table prefix and no special characters are allowed.

Before: $table_prefix = ‘wp_’;

After: $table_prefix = ‘pw_’;

Change all your Database Table Names

Now access the database using phpMyAdmin and replace all the table names with the one you changed in the wp-config.php file. Choose your database and click the SQL menu and enter the command to rename tables. Change one table at a time. Replace all the tables with the wp_ prefix. Paste the lines in the SQL window and check the table name on the left. Change until all of your WordPress tables appear with the new prefix.

Rename table wp_commentmeta to pw_commentmeta;
Rename table wp_comments to pw_comments;
Rename table wp_links to pw_links;
Rename table wp_options to pw_options;
Rename table wp_postmeta to pw_postmeta;
Rename table wp_posts to pw_posts;
Rename table wp_terms to pw_terms;
Rename table wp_term_relationships to pw_term_relationships;
Rename table wp_term_taxonomy to pw_term_taxonomy;
Rename table wp_usermeta to pw_usermeta;
Rename table wp_users to pw_users;

Edit wp_options

Search in the options table to find the other fields using wp_ as the prefix so that we can replace them. Click the table name and click Browse menu and it will return all the results stored in that table. Under the option_name column header, change wp_user_roles to pw_user_roles. Use the edit option to change it.

SELECT * FROM `pw_options` WHERE `option_name` LIKE '%wp_%'

Use this query that will return all the results, so that you don’t have to miss anything to edit.

Edit wp_usermeta

Now search all the usermeta fields that use wp_ as a prefix and replace it. The results may vary between sites and depending on the number of plugins you use.

SELECT * FROM `pw_options` WHERE `meta_key` LIKE '%wp_%'

Final thoughts

Now your WordPress site is a lot more secure that before. Launch your site and it should work fine if you had followed the steps properly. Make a new backup of your database now which could help you in future.