1 minute read

This post is a bit more advanced, but important. One of the most common ways an intruder gets into your system is through what is called an SQL injection. In order to combat this, the most effective initial step you can take is to rename your WordPress table prefix. There are two ways to do this; find a plugin that does it, or more advanced if you have database access, is to make the changes yourself.

If you’re just installing WordPress, open the wp-config.php and change $table_prefix = ‘wp_’;

to $table_prefix = ‘wp_hg143g7_’;

Replacing hg143g7 with any combination of letters and numbers you wish. Now install WordPress, and all is well.

If you have WordPress already installed, backup your website and database before you follow the next steps. Expect a few minutes of downtime while you make these changes.

I’ve not tested this plugin, but there is a change table prefix plugin you can use. Run it once, then you can delete the plugin. done.

The more advanced manual option:

  • Change $table_prefix in wp-config.php as I suggested above.
  • Change the table names in phpMyAdmin, or using SQL:
RENAME table `wp_commentmeta` TO `wp_hg143g7_commentmeta`;
RENAME table `wp_comments` TO `wp_hg143g7_comments`;
RENAME table `wp_links` TO `wp_hg143g7_links`;
RENAME table `wp_options` TO `wp_hg143g7_options`;
RENAME table `wp_postmeta` TO `wp_hg143g7_postmeta`;
RENAME table `wp_posts` TO `wp_hg143g7_posts`;
RENAME table `wp_terms` TO `wp_hg143g7_terms`;
RENAME table `wp_term_relationships` TO `wp_hg143g7_term_relationships`;
RENAME table `wp_term_taxonomy` TO `wp_hg143g7_term_taxonomy`;
RENAME table `wp_usermeta` TO `wp_hg143g7_usermeta`;
RENAME table `wp_users` TO `wp_hg143g7_users`;

If there are other tables that start with wp_ from plugins etc, change them as well. Now search the options table:

SELECT * FROM wp_</span><span style="color: rgb(14, 48, 74); font-family: Monaco, Courier, monospace; font-size: 11px; background-color: rgb(238, 238, 238); ">hg143g7</span><span style="background-color: rgb(238, 238, 238); color: rgb(14, 48, 74); font-family: Monaco, Courier, monospace; font-size: 11px; ">_options WHERE option_name LIKE ‘%wp_%’

rename any results with wp_ to the new prefix. Now search usermeta for the same thing:

SELECT * FROM `wp_<span style="font-size: 11px; ">hg143g7</span>_usermeta` WHERE `meta_key` LIKE '%wp_%'

At this point any tables starting with wp_ should have the new wp_hg143g7_ prefix.