Till this time we’ve covered the basics of security measures that one should take to secure their blogs. Today we are going to take slightly advanced approach and will try to ensure that automatic bots will not be able to gain access to your blog easily as we’ll change the table structure of the blog. Don’t worry if it sounds scary to you; we’ll ensure that you’ll be able to do it pretty easily as there are various tools available for the same.

While installation of WordPress, we come across a value called Table Prefix, in Wp-config.php file. By default, this value is “wp_” and most of the bloggers tend to leave the default value over there. This is where, automated bots can easily start attacking as they already know the major structure of the whole database.

There can be two approach for this particular problem -

1. Changing the table prefix before installation – This is a no brainer! If you are doing manual installation, you just need to change the table prefix from “wp_” to anything else (e.g. wp12_ , wp_1_ – in short just about anything), in wp-config.php file.

2. Changing the table prefix after installations – There are many bloggers who tend to install WordPress through automated scripts like Fantastico or through one-click installers. Those scripts don’t allow you to change the table prefix and thus the only resort in that case is to play around with phpMyAdmin and by running sql queries. There is an automated way as well.

a. Manual way of changing – Sherif has posted a wonderful and detailed tutorial that allows you to change the table prefix in 6 simple steps.

b. Automatic way of changing – Fortunately, there are plugins available to automate this 6 step process and you may use them to make your life even simpler. Blog Security has already released a plugin that automates the things for you. WP-Security scan plugin also allows you to do the same work.

***Words of Caution*** – Don’t forget to make backup of your database.

I told you! It only sounds scary, however it isn’t that difficult to play around with WordPress and little advanced tools. Now you know that why I advocate for WordPress!


7 Comment

Featured Designs

Parent Society

Parent Society

Marijuana Maps

Marijuana Maps

Cake Journal

Cake Journal

CopyKat Recipes

CopyKat Recipes

Jessica Denay

Jessica Denay

Keith Ferrazzi

Keith Ferrazzi

Rennaissance Yoga

Rennaissance Yoga

Brink Zone

Brink Zone

Illustrious Author

Illustrious Author

Boca Care

Boca Care

KingsCast

Kingscast

Notecook

Note Cook

My Business Musings

My Business Musings

7 Responses so far | Have Your Say!

  1. If we change the table prefix the security will be improved but if we are using some plugins like Wp-backup that rely on default tables then those plugins will not work. May be we have to then change the code of the plugin to match the new table prefix so we should be careful about upgrading plugins directly from dashboard instead we should download the new version of the plugin and then change the code to reflect the new table prefix. Correct me if i got something wrong?

  2. Thanks for writing. I think that the table prefix change is the best security defense among all security measures you can take.

    Shivaranjan, my wp-backup works and any plugin should work as it pick the prefix automatically.
    If you have issues, let me know. I can find my backup plugin and share it with you.

    Regards.

  3. @shivaranjan – Thanks for taking up this point. I wasn’t even sure about it. I think Sherif’s point is right and should fix up things.

    @sherif – why don’t you share the plugin with us, I will definitely write about it :)

  4. Thanks for the great post. I’d like to change the table prefix and I take Sherif’s point that future plugins should automatically find the new prefix, but my question is what happens to all the existing plugins – do that auto update or need re-installing to pick up the new prefix? Many Thanks.

    • John most of the plugins will work, however it’ll make more sense if you can create the clone of your wordpress setup and test it. I would never suggest you to do it on production environment directly. Normally most of the plugins just take the setting as you change the database.

Trackbacks/Pingbacks