Join Jeff Starr for an in-depth discussion in this video Customize the database prefix, part of WordPress: Developing Secure Sites .
- [Narrator] As the world's most popular blogging software, WordPress is a huge target for malicious scripts, hacks and spam. One of the best ways to secure your WordPress database is to change the default table prefix. In this video, you'll learn how to do this quickly and easily during the WordPress installation process. As shown here, by default WordPress prefixes its tables with wp_. WordPress tables that use this default value are heavily targeted by bad bots and malicious scripts.
So by changing the default prefix to something unique, you effectively immunize your database against such automated attacks. That way, if an attacker targets your database using the default table name like, wp_posts, the request will fail if you've changed the default table prefix to something else like this for example. This is an example of security through obscurity and is a useful technique for further protecting your site. The easiest and recommended method of changing the default prefix happens during the installation process, before submitting the installation page.
Before submitting this page, open the WordPress configuration file and scroll down to right here in the database prefix section. Changing this prefix to anything other than wp_ is going to boost your site security. It's perfectly safe to include wp_ as long as you add more to it. Here are three helpful tips for changing the default database prefix. Begin the prefix with wp_ so the tables appear in order among other WordPress tables, then choose any sequence of random alphanumeric characters and then end the prefix with an _ so the WordPress table names stand out and are easily recognizable.
Notice how that final underscore makes the table names easy to distinguish. Following these tips, let's customize the default prefix for our demo site. A quick edit and we can save and upload the file to the server. Now that we've customized the database prefix, we can continue with the installation process. So we enter the required info and click the install WordPress button. WordPress is now installed. So let's jump over to phpMyAdmin and check out the database.
And everything looks great. Here we see all of the default database tables named with our custom prefix. So our work here is finished and we're ready to begin using our new WordPress site. Note that if you've already set up WordPress and want to change the default prefix, it's still possible, but beyond the scope of this tutorial. For an excellent step by step guide, check out my post at Digging Into WordPress. Changing the prefix after installing WordPress is fine, but setting it up before installation is much easier.
The point is that by using something other than the default prefix, you'll protect your database from a majority of automated attacks. In this video we've seen how to customize the database prefix for new WordPress sites. A prime example of how a few seconds can save you countless hours of stress and frustration.
- Backing up and restoring your site
- Setting up strong passwords
- Understanding users and roles
- Choosing trusted plugins and themes
- Changing and recovering passwords
- Configuring authentication keys
- Securing the login page
- Fighting spam in the comments
- Blocking access and detecting hacks
- Building a firewall for WordPress
- Detecting and blocking bots
- Auditing your WordPress security