Why and How to Change your WordPress Database Prefix – Prevent SQL Injection


WordPress powers a huge number of websites – about an eighth of the world’s websites, to be precise. Thanks to this popularity, WordPress is unfortunately subject to an array of malicious attacks. Spammers and hackers are constantly trying to insert bad links into WordPress sites, add additional content and cause other harm to such websites.

One popular method utilized by these hackers is known as SQL injection, a process which involves the hacker attempting to insert spam directly into your WordPress database, the location where WordPress holds all of your web content. By default, WordPress gives a default prefix of wp_ to all the tables in your database. If you don’t take the time to change the prefix, spammers are able to easily target your database as it’s quite easy for them to find where your content is stored.

Thus, it’s best to change your database prefix. The task is not terribly challenging, particularly if you haven’t installed WordPress site yet. If you have already installed WordPress there are a few more steps but the process still takes less than 10 minutes.

How to Change WordPress Database Prefix Easily

  • First, make sure you take a backup of all the files and your entire database. This is important to do before making any changes to WordPress or the database, no matter what the changes may be.
  • If you have already installed WordPress, skip step 2 and go right to step 3. If you’re ready to install WordPress for the first time, the process is quite simple. Just change the Table Prefix option to whatever you’d like during the installation process.
  • If you’ve already installed WordPress you can definitely change the prefix but it’s a bit more complex. First, find your wp-config.php file and open it up. If you don’t already have the file on your computer you can get it from your web host file manager or download the file via FTP.
  • Find the line which starts with the variable ‘$table_prefix
WordPress DB Prefix
WordPress DB Prefix
  • Change the value after the equal sign to whatever prefix you desire. Make sure you keep the quotes and semi-colon present in the code.
  • Upload the new file to your site and make sure that you replace the old file. This step causes your site to stop working but the next steps will fix it.
  • Open up your MySQL client and connect it to your WordPress database.
  • Find each table which starts with wp_ and rename it to the proper prefix for your website.
  • To fix the permissions error when logging in, find your prefix_usermeta table and locate the row with your user_id, typically 1. The “meta_key” value is going to be “wp_capabilities.”
  • Replace the wp_ in the meta_key section with the prefix you have chosen.
  • Make the same changes to the wp_user_level option in the prefix_usermeta table, making sure you change the prefix for the correct user ID.
  • Navigate to the prefix_options table. Find wp_user_roles and replace the wp_ with your prefix. At this point the process is complete.

The process is not too challenging, with the proper MySQL software and a bit of database and php knowledge. If for any reason you don’t feel comfortable with the requirements for changing the table, do not attempt to alter the database. Making an incorrect change could cause your site to stop working completely.

As an alternative, many plugins are available which can change your WordPress database. Search the WordPress site or a popular plugin site to find one which suits your security needs, and then enjoy a newly secured WordPress website.

About the Author

John Gower is a writer for NerdWallet, a personal finance website dedicated to helping you save money with financial tips on everything from WordPress to the best online brokerage accounts.

About the author


Professional Blogger. Android dev. Audiophile.


Leave a Reply

By Sidharth

Recent Posts