68 Responses

1. Jeremy

   November 14th, 2007 at 7:29 am

   1

   Awesome post Sherif.

   Keep it up.

2. Fitz

   November 15th, 2007 at 12:36 am

   2

   Great post! I was having problems with Table Prefix changer and your method worked the first try.

   Thanks!

3. sherif

   November 15th, 2007 at 11:45 pm

   3

   Thanks. I think it is safer to take the manual approach, because if you have an issue you would know where you stopped at.
   I think using the plugin is riskier because if for any reason it stopped immaturely, you would not know what you have to clean.

4. Kaka

   November 24th, 2007 at 5:26 pm

   4

   ahem, this’s a nice post, but there’s something bugs? and/or problem in wp table prefix changer plugin. Some guys has reported if they can’t change their wp_prefix and always get error message: “Your User which is used to access your Wordpress Tables/Database, hasn’t enough rights (is missing ALTER-right) to alter your Tablestructure.”

   actually, I had the exact same problem as them, and your method requires many time to do so, why? ’cause i’ve a bunch plugins which has been installed on my own blog, and of course it using wp_ prefix too, one of these are firestat.

   but, i am successfully changing the default prefix (wp_) using my own method, see below:

   01. backup your wordpress database (i’m using phpmyadmin) to an *.sql file.

   02. open that *.sql file (make another copy first) using text editor, then find and replace all “wp_” prefix to “something_”.

   03. now, drop all tables of your wordpress databases (don’t drop the database )

   04. import the *.sql file which has been edited before into your wordpress databases.

   05. and lastly, edit your wp-config.php file and change the $table_prefix = ‘wp_’; to $table_prefix = ’something_’;

   06. in my case, all plugins will be deactivaed automatically, so login to your blog admin panel, then activated your all plugin.

   07. done !

   yep, it work perfectly for me.. !

5. Sherif

   November 25th, 2007 at 10:08 am

   5

   Great idea, thanks for your comment.
   Yup, your steps will work, however I think your approach is more risky, because the owner has to completely empty and rebuild all the tables in the database.

6. WP 2.3.1 Tables Which Must Be Renamed | Aufklarung Journal

   December 9th, 2007 at 8:25 pm

   6

   [...] A wordpress folks, Sherif Elsisi, has explained steps is done it, you can check on his blog here: tdot-blog.com/wordpress/6-simple-steps-to-change-your-table-prefix-in-wordpress. But Sherif totally like Blogsecurity.net team, just described the wordpress primary tables that [...]

7. Rey

   March 2nd, 2008 at 4:26 pm

   7

   Great post brother. This helped me out of a serious bind.

   Rey’s last blog post..Color Me Bad: Painting Again

8. Protect Your Neck: Securing Your Wordpress Blog | Rey's A Point

   March 2nd, 2008 at 5:01 pm

   8

   [...] your site just because they know you have the default info installed. This site here has the best instructions yet if you can’t get it to be changed [...]

9. 9 SEO Security Tips for Wordpress to avoid being banned in Google | Antezeta Web Marketing

   May 13th, 2008 at 3:40 pm

   9

   [...] table names. There are several table prefix plugins which will do this for you, or you can follow manual instructions. Do note you may have problems with badly written plugins if they have hard-coded the table prefix [...]

10. 9 Suggerimenti per migliorare la sicurezza di Wordpress ed evitare una penale da Google | Antezeta Web Marketing

    May 14th, 2008 at 9:29 am

    10

    [...] per definire il prefisso delle tabelle che faranno questo per te, oppure è possibile seguire le istruzioni manuali. È da notare che si possono avere problemi con le estensioni (plugin) scritte male se non [...]

11. » Blogging Tip: Is Your Blog Secure? Blog Marketing Journal

    June 13th, 2008 at 6:25 pm

    11

    [...] is very good six step guide to changing your table prefix at t-dot blog – simply follow the instructions carefully and you will safeguard your database tables. There is [...]

12. Typolight

    September 6th, 2008 at 10:32 am

    12

    Thanks, your nice post that helped me alot.

13. Chris

    March 1st, 2009 at 8:37 am

    13

    Hi,

    Good post. I want to do this but I’m a bit hesitant as I have the eCommerce plugin installed and it’s got a ton of its own tables. They all start with wp_ as well – are you aware if these types of plugins use the table prefix setting in the options/config files mentioned above?

    Thanks!

14. Sherif

    March 1st, 2009 at 11:02 am

    14

    Hi Chris

    No guaranty, however any well written plugin should use the setting from the config files.
    You can either try to uninstall the plugin and then after the change re-install it, or just check with the plugin author about it first.
    Of course, don’t forget to take a good backup before starting any change.
    Regards.

15. Chris

    March 2nd, 2009 at 5:57 am

    15

    Fair comments – thanks Sherif!

16. Mark

    March 5th, 2009 at 5:39 am

    16

    Awesome post!!

    The auto option didn’t work and I did NOT want to do this manually.

    YOU made it sooooo simple. Just follow the steps and you’ll be successful.

    Thanks so much.

17. brenda

    March 10th, 2009 at 6:49 pm

    17

    I am so appreciative of this short tutorial. Someone told me change my tables and admin username but was not exactly sure how to do it. I found your site and followed your six steps.

    thank you for the wonderful work~!

18. Sherif

    March 12th, 2009 at 7:14 am

    18

    Thank you for taking a look and your comment, if you have any other questions, please let me know.

19. Security Check - WordPress table prefix change adds more security | Blog Design Studio

    May 21st, 2009 at 6:11 am

    19

    [...] a. Manual way of changing – Sherif has posted a wonderful and detailed tutorial that allows you to change the table prefix in 6 simple steps. [...]

20. vg

    June 21st, 2009 at 12:17 am

    20

    Thanks! This is a great info, I’ve successfully changed my db from wp_

    

21. Miguel Guerreiro

    June 21st, 2009 at 10:39 am

    21

    Thanks, really easy tutorial. Well done.

22. 8 Top Tips for Wordpress Theme development » James Whittaker

    June 26th, 2009 at 11:04 am

    22

    [...] this guide, I managed to change the database tables. However I could not log into the admin interface. To get [...]

23. mark edwards

    July 3rd, 2009 at 4:06 pm

    23

    used this and all works apart from my categories and tag cloud any ideas ?

    mark edwards’s last blog post..How Can Increase In Interest Rates Of Banks Contain Inflation?

24. Sherif

    July 5th, 2009 at 9:03 am

    24

    Hi Mark
    Try to change your theme to the default theme. If you don’t have the issue then the problem is in your theme.
    Otherwise make sure you don’t miss any of the changes in editing the options table and the usermeta table.
    I just tried it with a wordpress 2.8 installation and it worked with me.
    Good luck.
    Sherif

25. Increase Security in WordPress

    July 17th, 2009 at 5:20 pm

    25

    [...] http://tdot-blog.com/wordpress/6-simple-steps-to-change-your-table-prefix-in-wordpress [...]

26. Chris

    August 14th, 2009 at 2:41 am

    26

    Hi Sherif. Thanks for the good info.

    Can I just change the $table_prefix = ‘wp_’; in wp-config.php since I have not yet run the wp installer? Or do I also need to manually make the changes described in #3-5 on the link above?

    I’m hoping that since I haven’t yet run the installer, I can make the change in the config file and it will automatically create the new db tables with the specified prefix.

27. Sherif

    August 14th, 2009 at 7:34 am

    27

    Chris
    You are right, you can just change the prefix in the wp_config file before installing, and WordPress will take care of the rest.

    I wrote this post for those who already installed WordPress with the default prefix.

    Good luck.

28. D. Roberts

    September 2nd, 2009 at 9:47 am

    28

    Thank you! I luckily caught some php injected into my site and deleted it before it was used maliciously. Even saw the person come back to try to execute it and end up with file not found errors. They are blacklisted now and I used this tutorial to help lock it down to hopefully prevent this from happening in the future. Works like a charm! THANKS!

29. Sherif

    September 7th, 2009 at 9:51 pm

    29

    Thanks for writing. It helps to check the logs daily when you suspect something went wrong.
    I am glad to be of help.

30. Radu

    September 8th, 2009 at 8:14 am

    30

    I did exaclty as you suggested here my website is working but I can’t login.
    I get this: “You do not have sufficient permissions to access this page.”

    What should I do?

31. Sherif

    September 8th, 2009 at 10:16 pm

    31

    Hi Radu
    The changes highlighted here have nothing to do with logging in. Maybe you forgot to update the users table or the options table.
    If you can’t figure it out, then I would recommend you to restore the backup.
    Regards.
    Sherif

32. Russ

    September 16th, 2009 at 4:00 am

    32

    Thanks for going into clear and simple detail in this post Sherif.
    It’s a fact that hackers can via SQL injections compromise your database if they know your prefixes. Therefore the standard “WP_ ” prefix is an easy one to work over and there must be hundreds of thousands (millions?) of WP installs using Fantastico.
    Having said that, I think that Fantastico is great and with latter and more improved versions of WP platform coming out (i.e the latest 2.8.4) that are incorporating more and more internal security then it will make things progressively safer.
    For me,.. the changing if the DB table prefixes as you’ve indicated, and then saving your DB and attendant WP files prior to an admin panel “one-click” upgrade is adequate security. I think that there’s currently a bit too much hype and scare tactics being used as a means of enticing relative WP novices into using propriety install systems and memberships in order to build lists and customers.
    Cheers to you Sherif and all your readers.
    Russ

33. Sherif

    September 20th, 2009 at 12:00 am

    33

    Russ
    I agree and thanks for writing.
    Regards.
    Sherif

34. Matt

    October 29th, 2009 at 6:20 am

    34

    Thank you very much! That was easy. I’d much rather do it manually if possible than add another plugin.

35. Paul

    November 10th, 2009 at 6:32 pm

    35

    I have Wordpress version 2.8.5 installed. When I changed the table prefix in the wp-config, it updated the database table names for me automatically. Is this some kinda accident, or have they fixed the problem in the latest version of Wordpress?!

    Thanks for the great post by the way, was very clear and easy to follow.

36. Sherif

    November 13th, 2009 at 8:10 pm

    36

    Hi Paul
    I think this is by accident, wordpress will never create tables for you unless you install it, maybe you installed by mistake.
    Regards.

37. 9 suggerimenti per migliorare la sicurezza di WordPress | Web Design

    November 14th, 2009 at 12:04 pm

    37

    [...] per definire il prefisso delle tabelle che faranno questo per te, oppure è possibile seguire le istruzioni manuali. Nota che si possono avere problemi con le estensioni (plugin) scritti male se non si riconosce il [...]

38. Peter

    November 23rd, 2009 at 7:02 pm

    38

    Hi Sherif – thanks for this, and the poststeps, often missing in other documents. I was apprehensive using the plugin and am happy this works as displayed (designed). I also had other tables and options in tables with the prefix, that worked well after the rename. Thanks.
    Peter

39. Sabuj Kundu aka manchumahara

    December 30th, 2009 at 6:08 am

    39

    same thing can be done using this table prefix wordpress plugin http://blogsecurity.net/projects/prefix-changer.zip

    thank you for your blog post too

40. medulin

    January 7th, 2010 at 5:58 pm

    40

    The wp security scan plugin can also do the job, but on most servers it does not work properly, so i think best way is to follow your recommodation.

41. How To Secure Wordpress Blog - An Exclusive Place for Developers and Designers

    January 30th, 2010 at 4:22 am

    41

    [...] something different, and leaving it as the default leaves you open to SQL injection attacks. Learn how to change your default WP database prefix in 6 easy steps here. 3. Your Wordpress version is hidden 4. That Wordpress database errors are turned off. Most web [...]

42. 20+ Ways to Harden and Secure Your WordPress Blog | HighTechDad Blog

    January 31st, 2010 at 2:56 am

    42

    [...] tried) is SEOEgghead’s “WordPress Table Prefix Rename Plugin“. There are some manual steps available as [...]

43. itsjeremy

    April 1st, 2010 at 12:08 pm

    43

    Excellent and easy to follow… I had missed a row in the last step, but now I’ve found it with your easy 6 steps to renaming

    Thanks!!!

44. philip

    April 2nd, 2010 at 3:33 am

    44

    first, thanks for the guide. I did all of the above, but #4 baffles me. I don’t have a “wp_user_roles” in “wp_options”. I’m running wp 2.9.2. Is this something to worry about?

45. Sherif

    April 2nd, 2010 at 8:13 am

    45

    Don’t worry about it. I will need to update my post and remove wp_user_roles. Thanks for pointing out.

46. philip

    April 2nd, 2010 at 1:10 pm

    46

    thanks for the quick reply, sherif. i also noticed the presence of “_wp_” as a prefix in the former “wp_postmeta”. Does this require changing? Examples found are _wp_attachment_metadata, _wp_page_template, _wp_attached_file, etc.

47. Sherif

    April 2nd, 2010 at 11:52 pm

    47

    Hi, Leave all the _wp_ … as is they are used in the software for passing values stored in the database. He we only need to change the wp_ not _wp_…
    Regards.

48. Flere wordpress i en database « Iren sin fantastiske WordPress blogg

    April 8th, 2010 at 9:19 am

    48

    [...] Det er mulig å forandre prefiks i etterkant av installasjon, men jeg anbefaler ingen som ikke føler seg trygg på installasjon og databaser, å gjøre dette. [...]

49. How-to: Secure Your WordPress Blog | janhenrik dot com

    April 28th, 2010 at 5:49 pm

    49

    [...] and that unneeded features are disabled (such as accepting remote TCP connections). Here’s a great article on how to run these SQL queries if you’re interested in getting your hands [...]

50. MP

    May 11th, 2010 at 2:15 am

    50

    Hi, thanks for posting this.

    I followed the instructions for steps 1,2,3, & 5 since I’m using Wordpress version 2.9.2. I disregarded step 4 as mentioned in comment #44.

    After making the wp_ change to my database table, my blog did appear to function properly. However, I was not able to login into the blog’s admin dashboard at http://www.mydomain.com/wp-admin/wp-login.php. After attempt to login, the page appeared to direct me to http://www.mydomain.com/wp-admin/profile.php and message “You do not have sufficient permissions to access this page.” appeared. My table prefix is wp_XXXXXX_ and I just changed wp_ to XXX. Any thoughts to why I wouldn’t be able to login? Was I suspose to disable plugins prior to changing wp_ ?

    After I changed the database tables back to the original setting, I was able to login into my blog again. Thanks for any insight.

51. Sherif

    May 11th, 2010 at 10:31 pm

    51

    Hi,
    Thanks for writing. I know you can get the permissions message when you try to access the wp_admin screen, and it is usually due to setup issues. In this case, it could be that you missed to change a data name wp_usermeta table. Try to take a careful look at all the records that you want to change. They might be more depending on your installation. Since you were able to log in after reverting the changes back, I am almost sure that you might have missed an item in either step 4 or 5.
    Regards.

52. MP

    May 15th, 2010 at 5:13 pm

    52

    Hi Sherif,

    You are correct. I did miss a step in step 4. The “wp_user_roles” in “wp_options” had to be edited. Comment #44 in this thread was incorrect. “wp_user_roles” was on page four in the “browse” menu which they may have missed. I am using WP 2.9.2 also. The instructions you provided are correct in all stages on the process you outlined. For those who are reading the comments, the instructions are correct all the way through. Thanks again for sharing this!

53. Hardening WordPress

    May 24th, 2010 at 1:51 pm

    53

    [...] it is a good idea to change the prefix to something else, just to make it more difficult to execute an attack against your database. The process can be a [...]

54. Erich Riesenberg

    June 1st, 2010 at 1:04 pm

    54

    Thank you, this appears to have worked for me.

    Had many more wp_ records to change in meta_key perhaps because of plug ins.

    Thank you.

55. David Merrick

    June 19th, 2010 at 3:50 am

    55

    Thanks for posting this–it worked really well for me on Wordpress 2.9.2. I ran into a problem after, however, when logging in and seeing a “You do not have sufficient permissions to access this page” error. After trying several different solutions, the one here http://www.neoegm.com/tech/wordpress/how-to-fix-the-you-do-not-have-sufficient-permissions-to-access-this-page-message-in-wordpress/ finally fixed it for me. For anyone who has the same problem, check out that site first!

56. PI-GREZZO

    June 24th, 2010 at 3:21 am

    56

    [...] La guida è una rivisitazione in Italiano della guida originale in Inglese scritta da Tdot-Blog. [...]

57. Sherif

    June 24th, 2010 at 6:23 am

    57

    Thank you David, I am glad you go it working.

58. Well, that sucked… — Creativity Included

    June 26th, 2010 at 2:24 am

    58

    [...] By default, WordPress installs database tables with a wp_ prefix. This is another very bad thing, because it means the hackers can find their way around your database easliy. I used Strong Password to generate a random string for a prefix – it’sway harder to guess, which is what you want. On new installs, just change the prefix in the wp-config file before you install WordPress. For existing installs, follow this tutorial. [...]

59. Igor Lebedev

    June 28th, 2010 at 6:37 am

    59

    This was some great piece of information. You saved me a few hours fo database work. Thank you very much!

60. Ines

    June 30th, 2010 at 12:51 pm

    60

    Thanks for your clear and useful explanation.
    Simply resolving.
    Thank so much.

61. WordPress Security Lockdown | Digging into WordPress

    July 12th, 2010 at 5:05 pm

    61

    [...] Do that before running the install script and WordPress takes care of the prefix naming automagically when it creates the database. Going forward, there is no reason not to change default prefixes for all future WordPress installs. For existing sites, you can do it the hard way using a plugin or doing it manually. [...]

62. Jessi Hance

    July 12th, 2010 at 10:24 pm

    62

    Thank you so much! I just followed this process and it worked great. I’m running WordPress 3.0.

    By the way, since there were a lot of values to change in my usermeta table, I made it easier for myself by first using phpMyAdmin’s search tool to find all the rows with meta_key like wp_% (the percent symbol is a wildcard). Then I edited those rows all at once. Much quicker and easier.

63. Sherif

    July 18th, 2010 at 10:56 am

    63

    Thank you Jessi for the tip.
    I was unaware of the search function in phpMyAdmin, I guess because I always type the query I wanted phpMyAdmin. This is a great tip. Thank you for bringing that up.

64. drew

    July 19th, 2010 at 4:59 pm

    64

    Thanks for taking the time.

    I have one problem though. After following the first 2 steps, the rest of the steps seem to be done as I followed the rest of the directions. When I changed $table_prefix = ‘wp_’; to have a new name, it changed all the file names you mentioned.
    My problem is I’ve lost my posts and pages. Everything seems to be reset. Are these directions only for someone who hasn’t started posting?

    Thanks – Drew

65. Sherif

    July 19th, 2010 at 8:12 pm

    65

    Hi Drew,
    Thanks for visiting my blog. No, these steps are if you already had posts. I don’t think you should lose any data, unless you mistakenly deleted data from the database.
    You should see an error message if in step 5 you missed updating some wp_ entries. Double check step 5 and if you still have issues, I’ll be happy to take a look at your setup, if you contact me through the contact form.
    Otherwise you can restore you site from the backup and start all over again.
    Good luck.

66. links for 2010-07-21 | Andy McIlwain @ andymci.com

    July 21st, 2010 at 8:07 pm

    66

    [...]   6 Simple Steps to Change Your Table Prefix in WordPress Beef up your WP security by changing the table prefix. Simple way to play it safe! (tags: wordpress security mysql sql table prefix hack cms tutorials) [...]

67. Nina

    July 24th, 2010 at 8:58 pm

    67

    I just completed these steps with Wordpress 3.0 and it was successful. Thank you for sharing!

68. 13 Steps To A Better Wordpress Install — BlogTempo

    August 1st, 2010 at 8:27 pm

    68

    [...] It is possible to change the table database prefix long after you have installed WordPress, but it takes a little more effort. Info on doing this can be found at the Tdot Blog [...]