The directions below will provide simple instructions on changing the prefix to your WordPress blog’s MySQL database from wp_ to whatever you choose. Its a good idea to change this prefix to prevent zero-day SQL injection attacks from being performed against your WordPress installation since your database tables will be known to everyone if you use the default prefix. So follow the below directions to make the change that should only cause minimal downtime if the steps are followed properly.
- MySQL Database Backup:Use the CLI or backup your database from phpMyAdmin. If using phpMyAdmin use the export feature to export a SQL version of your database and download it to the PC you are working on. Your backup should be something similar to mydb_DATE.sql.
- Backup MySQL Database Backup:Make sure to first copy a backup of the database backup so you should now have two files named something like mydb_DATE.sql and mydb_DATE.sql.bak.
- Replace wp_ Table Prefix:Now open the .sql file in a text editor that has a find and replace capability. Use this to search and replace wp_ with whatever prefix you want to change to. Depending on how big your database is will depend on how long this will take and how many replacements will be made.
- Drop Tables:Drop all of the tables currently in your database. This can be done through phpMyAdmin as well by clicking on the database, then clicking the “Check All” link at at the bottom of the page, choose the Drop action, and then confirm dropping all of the tables which will be plus or minus 30 MySQL database tables.
- Zip Modified Database Backup:Use a compression application to zip, gzip, or bzip the modified database backup. Compressing this file will make it much smaller to upload as many servers have a Max PHP Upload setting.
- Import Modified MySQL Backup: Now click on the Import tab in the top of phpMyAdmin which will accept zip, gzip, bzip, or regular SQL files. Click the Browse button and navigate to the compressed modified database backup. Click the go button to begin the backup. This may take awhile as it not only has to upload the file but it also has to process all of the SQL statements.
- Modify WP Config File:Now open the wp-config.php file (located in the WordPress root directory) and change the $table_prefix value from wp_ to whatever you modified the prefix to in step 3.
- Verify and Test:You should now be able to login and test your WordPress blog. One thing to verify is that all plugins are working properly as there is always the chance that modifying the table prefix caused an issue where you may have to deactivate and/or activate only the plugin.
Again it is extremely important to make this modification from the default WordPress table prefix to prevent possible zero-day SQL injection attacks. These zero-day SQL injection vulnerabilities are attacks that have yet to be discovered and would leave your blog open to attack until a patch is written and then installed on your WordPress installation.Tags: attack, Blog, mysql, phpMyAdmin, security, sql, SQL injection, table prefix, WordPress, zero-day