How to Change WordPress Table Prefix for Better Security

Changing the WordPress table prefix in your MySQL database enhances security by reducing the risk of SQL injection attacks targeting default table names. Here’s how you can do it safely and efficiently.

Contents

1 Step 1: Back Up Your Database
2 Step 2: Update the wp-config.php File
3 Step 3: Rename Database Tables
- 3.1 Using an SQL Query in phpMyAdmin:
4 Step 4: Update Table References
- 4.1 Run the Following Queries to Update References:
5 Step 5: Verify and Test Your Site
6 Final Thoughts
7 Related Articles

Step 1: Back Up Your Database

Back up your website before making any changes to ensure you can quickly restore it if something goes wrong. Tools like WP Staging make it easy to set up automatic backups. For more guidance, check out the backup and restore guide.

WP STAGING WordPress Backup Plugin – Migration Backup Restore

Step 2: Update the wp-config.php File

Access your website files using FTP (via clients like FileZilla) or the File Manager in your hosting control panel.

Navigate to the root directory of your WordPress installation, locate the wp-config.php file, and open it for editing.

Find this line:

PHP

$table_prefix = 'wp_';

Change ‘wp_’ to a unique prefix, such as ‘wpsecure_’, and save the file.

PHP

$table_prefix = 'wpsecure_';

Step 3: Rename Database Tables

Once wp-config.php is updated, rename the tables in your database.

Using an SQL Query in phpMyAdmin:

Open phpMyAdmin, select your database, and navigate to the SQL tab. Execute the following query, replacing the placeholders with your actual database name and prefixes.

PHP

SET @database  = "your_database_name";
SET @oldprefix = "wp_";
SET @newprefix = "wpsecure_";

SELECT
    CONCAT(
        "RENAME TABLE ",
        TABLE_NAME,
        " TO ",
        REPLACE(TABLE_NAME, @oldprefix, @newprefix),
        ';'
    ) AS "SQL"
FROM information_schema.TABLES WHERE TABLE_SCHEMA = @database;

This query generates SQL commands such as:

PHP

RENAME TABLE wp_options TO wpsecure_options;
RENAME TABLE wp_users TO wpsecure_users;

Copy and execute these generated queries to rename your tables.

Step 4: Update Table References

Some WordPress tables, such as wp_options and wp_usermeta, contain references to the old prefix.

Run the Following Queries to Update References:

PHP

UPDATE `wpsecure_usermeta`
SET meta_key = REPLACE(meta_key, 'wp_', 'wpsecure_')
WHERE meta_key LIKE 'wp_%';

UPDATE `wpsecure_options` 
SET option_name = REPLACE(option_name, 'wp_', 'wpsecure_')
WHERE option_name LIKE 'wp_%';

Step 5: Verify and Test Your Site

Clear your browser cache and log in to your WordPress admin panel. Check posts, pages, plugins, and overall site functionality. If any issues occur, review the wp-config.php file and recent database changes.

That’s all.

Final Thoughts

Changing the WordPress table prefix is a simple yet effective security measure. However, it should be combined with other security practices like keeping WordPress updated, using strong passwords, and implementing a firewall.

By following these steps carefully, you can successfully change the WordPress table prefix without breaking your site.

You can find a more in-depth technical article here:
How to rename the WordPress table prefix