Change WordPress table prefix to avoid SQL injection attacks

WordPress uses a table prefix for each installation in case you want/need to have more than one WordPress in the same database. It uses “wp_” by default but is encouraged to use other string to add another security layer against SQL injections attacks.

wordpress table prefix

If you are already using the default prefix and want to change it this are the steps you’ll have to take:

1.- Change the value of $table_prefix in wp-config.php:

$table_prefix  = 'myprefix_';

2.- Change al table names to use that prefix.
3.- Run those SQL querys using your prefix to update the users permission:

UPDATE myprefix_usermeta SET meta_key = REPLACE(meta_key, 'wp_', 'myprefix_');
UPDATE myprefix_options SET option_name = 'myprefix_user_roles' WHERE option_name = 'wp_user_roles';

If the second query doesn’t work use this one instead:

UPDATE myprefix_options SET option_name = 'myprefix_user_roles' WHERE option_name = 'wp_user_roles' AND blog_id = 0;

It’s important to change those user permissions because otherwise you’ll get an error while loging in like this:

You don’t have sufficient permissions to access this page.

You might also like

Delete WordPress old revisions
WordPress stores revisions of the posts, pages, etc. while you write them. Without even knowing you may...

Using dbDelta with WordPress to create and alter tables
dbDelta is used in WordPress to create and update tables in the database and you will usually use it...

Remove a WordPress action in child theme
If you want to remove a WordPress action that was added in the parent theme like this:function...

Exit maintenance mode in WordPress when an update fails
To exit maintenance mode in WordPress when an update fails is as easy as deleting the .maintenance file...

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.