Your WordPress database holds every critical piece of your site's information, making it a top target for hackers and automated SQL injection attacks. Many overlook changing the default wp_ table prefix during installation, allowing attackers to easily target known vulnerabilities. As experienced WordPress security experts, we've helped thousands secure their sites—this simple prefix change is one of the most effective defenses. It's straightforward for new installs but requires careful steps for live sites to avoid disruptions.
Subscribe to WPBeginner for visual guidance.
If you prefer written steps or the video isn't suitable, read on.
Always back up your WordPress database first. Maintain daily backups with a trusted plugin like BackupBuddy. Additionally, redirect visitors to a temporary maintenance page to prevent issues during the process.
Open your wp-config.php file in the WordPress root directory. Edit the table prefix line from $table_prefix = 'wp_'; to a unique value like $table_prefix = 'wp_a123456_';.
Note: Use only letters, numbers, and underscores.
Access your database via phpMyAdmin (easily found in cPanel on most hosts).
WordPress has 12 core tables by default—renaming manually is tedious. Use this SQL query for efficiency (replace wp_a123456_ with your prefix):
RENAME TABLE `wp_commentmeta` TO `wp_a123456_commentmeta`; RENAME TABLE `wp_comments` TO `wp_a123456_comments`; RENAME TABLE `wp_links` TO `wp_a123456_links`; RENAME TABLE `wp_options` TO `wp_a123456_options`; RENAME TABLE `wp_postmeta` TO `wp_a123456_postmeta`; RENAME TABLE `wp_posts` TO `wp_a123456_posts`; RENAME TABLE `wp_terms` TO `wp_a123456_terms`; RENAME TABLE `wp_termmeta` TO `wp_a123456_termmeta`; RENAME TABLE `wp_term_relationships` TO `wp_a123456_term_relationships`; RENAME TABLE `wp_term_taxonomy` TO `wp_a123456_term_taxonomy`; RENAME TABLE `wp_usermeta` TO `wp_a123456_usermeta`; RENAME TABLE `wp_users` TO `wp_a123456_users`;
Add queries for any plugin-specific tables following the same pattern.
Search and replace remaining wp_ references in the options table:
SELECT * FROM `wp_a123456_options` WHERE `option_name` LIKE '%wp_%';
Review results and update each matching entry manually.
Similarly, check user meta:
SELECT * FROM `wp_a123456_usermeta` WHERE `meta_key` LIKE '%wp_%';
Replace all instances with your new prefix. Results vary by plugins installed.
Test your site thoroughly. If everything works, create a fresh database backup for safety.
