Meetup Recap: 7/16/2015

Let me start off by thanking you for bearing with me tonight in the absence of Ben and Andy. Hopefully you were able to take something helpful out of our discussions. For your reference, here are a couple of the things that we talked about along with some of the resources.

Changing the table prefix in wp-config.php

The question was posed as to how to change the table prefix from the default ‘wp_’ (after installation) and why it’s recommended?

First we showed an example of what the prefix actually does, which is to change the default name of the tables that WordPress uses to store data for our website. There are 11 tables that are created when WordPress is installed; they are named wp_posts, wp_meta, wp_users, etc. We can change this by simply changing the table prefix property located in the wp-config.php file. A common practice is to append a random string onto the end of the default ‘wp_’. For example: ‘wp_rsxjs5_’ (Note: Don’t forget to add the trailing underscore after the random string.) When this is done WordPress will go through the installation process and create the tables: wp_rsxjs5_posts, wp_rsxjs5_meta, wp_rsxjs5_users, etc. (Note Squared???: rsxjs5 is only an example. Come up with your own random string!)

So why is this important?

The popularity of WordPress as a platform opens it up to a lot of attention from hackers who attempt to exploit flawed security. Although security is generally pretty good with WordPress, security flaws are occasionally identified within various plugins and themes. When this happens it may be possible for bots to attempt SQL injection into your database. This means that they can insert an admin user into the users table and then login and have their way with your site; including locking you out of your own site (Diabolical!). Adding the prefix can make this more difficult and less likely to happen.

What if I didn’t change the table prefix when I installed WordPress, can I change it?

The answer is yes, there are a number of ways that this can be accomplished. As we demonstrated in the Meetup, simply changing the name of the prefix in the wp-config file won’t accomplish that goal. Doing this will actually trigger a new install of WordPress and add the tables to your database, which will make the process much more difficult (DON’T DO THAT!).

One way that you can change the table names is by using a database management tool like PHPMyAdmin. This option would require you to go into the database and explicitly change the name of tables by adding the prefix. You would then be able to go into your wp-config file and change the prefix to have your site work. Obviously this requires a certain level of skill and comfort with manipulating the database, which brings me to the much easier (and safer) second recommendation. You can install the iThemes Security plugin (formerly Better-WP-Security) and let it do the dirty work for you. With millions of downloads and more than 600,000 active installs, this free plugin is one of the most popular in the WordPress repository. The plugin will evaluate your site and identify this and other security vulnerabilities. It will then help you make the changes necessary to make your site more secure and help you sleep better at night. You can get the plugin here:

I hope this helps. If you have any questions please feel free to contact me directly

Other resources that we discussed were:


Database Search and Replace Tool: