Changing the Table Prefix

Since the default table prefix is well known, changing it is also a good step toward protecting your site from basic SQL injection attacks. If you installed WordPress with your host's one-click installer (like Fantastico), you might not have had a choice about the prefix; otherwise, the prefix is an option you chose when you filled in your database username and password (Figure 2-5).

Changing it after the fact requires you to modify the MySQL tables directly. How to accomplish this depends on what sort of database access your host allows you. I'll demonstrate using PHPMyAdmin, the most popular interface. If you don't have easy access to your database, you can try changing the prefix with the WP Security Scan plugin.

For each table in the database, click either the Browse or Structure icon, then choose Operations from the row of tabs across the top of the screen. You'll see a screen like Figure 11-14. In the Table Options group, you'll see a field where you can rename the table. Replace 'wp' with your new prefix and press the Go button.

Figure 11-14. Renaming a database table

Once you've changed the tables, you'll need to update wp-config.php to reflect the change. The relevant portion of the configuration file is shown in Listing 11-5.

Listing 11-5. The database prefix option in wp-config.php /**

* WordPress Database Table prefix.

* You can have multiple installations in one database if you give each a unique

* prefix. Only numbers, letters, and underscores please!

Changing the table prefix will not protect you from a determined hacker; it's basically security through obscurity. It will stop some SQL injection scripts that rely on the ubiquity of standard WordPress installations. Making yours just a little bit different from everyone else's helps. However, you should be prepared to restore your database from a clean backup if something does go wrong.

0 0

Post a comment