Changing the WordPress table prefix in your MySQL database enhances security by reducing the risk of SQL injection attacks targeting default table names. Hereโs how you can do it safely and efficiently.
Contents
Step 1: Back Up Your Database
Back up your website before making any changes to ensure you can quickly restore it if something goes wrong. Tools like WP Staging make it easy to set up automatic backups. For more guidance, check out the backup and restore guide.
Step 2: Update the wp-config.php File
Access your website files using FTP (via clients like FileZilla) or the File Manager in your hosting control panel.

Navigate to the root directory of your WordPress installation, locate the wp-config.php file, and open it for editing.

Find this line:
$table_prefix = 'wp_';

Change ‘wp_’ to a unique prefix, such as ‘wpsecure_’, and save the file.
$table_prefix = 'wpsecure_';

Step 3: Rename Database Tables
Once wp-config.php
is updated, rename the tables in your database.
Using an SQL Query in phpMyAdmin:
Open phpMyAdmin, select your database, and navigate to the SQL tab. Execute the following query, replacing the placeholders with your actual database name and prefixes.
SET @database = "your_database_name";
SET @oldprefix = "wp_";
SET @newprefix = "wpsecure_";
SELECT
CONCAT(
"RENAME TABLE ",
TABLE_NAME,
" TO ",
REPLACE(TABLE_NAME, @oldprefix, @newprefix),
';'
) AS "SQL"
FROM information_schema.TABLES WHERE TABLE_SCHEMA = @database;

This query generates SQL commands such as:
RENAME TABLE wp_options TO wpsecure_options;
RENAME TABLE wp_users TO wpsecure_users;
Copy and execute these generated queries to rename your tables.
Step 4: Update Table References
Some WordPress tables, such as wp_options
and wp_usermeta
, contain references to the old prefix.
Run the Following Queries to Update References:
UPDATE `wpsecure_usermeta`
SET meta_key = REPLACE(meta_key, 'wp_', 'wpsecure_')
WHERE meta_key LIKE 'wp_%';
UPDATE `wpsecure_options`
SET option_name = REPLACE(option_name, 'wp_', 'wpsecure_')
WHERE option_name LIKE 'wp_%';
Step 5: Verify and Test Your Site
Clear your browser cache and log in to your WordPress admin panel. Check posts, pages, plugins, and overall site functionality. If any issues occur, review the wp-config.php file and recent database changes.
That’s all.
Final Thoughts
Changing the WordPress table prefix is a simple yet effective security measure. However, it should be combined with other security practices like keeping WordPress updated, using strong passwords, and implementing a firewall.
By following these steps carefully, you can successfully change the WordPress table prefix without breaking your site.
You can find a more in-depth technical article here:
How to rename the WordPress table prefix