Fragen Sie sich, wie Sie das Präfix der WordPress-Datenbank für Ihre Website ändern können?
Das Ändern des Datenbankpräfixes kann die Daten Ihrer Website vor SQL-Injections und anderen Angriffen von Online-Hackern schützen. Dies kann ein wichtiger Schritt zur Verbesserung der WordPress-Sicherheit sein.
In diesem Tutorial zeigen wir Ihnen, wie Sie das Präfix der WordPress-Datenbank ändern können, um die Sicherheit zu verbessern.
Warum sollten Sie das WordPress-Datenbankpräfix ändern?
Die WordPress-Datenbank ist so etwas wie das Gehirn Ihrer gesamten WordPress-Website, denn alle Informationen und Dateien werden dort gespeichert.
Dies macht die Datenbank zu einem beliebten Ziel für Hacker. Spammer und Hacker können automatisierte Codes für SQL-Injections ausführen und in Ihre WordPress-Datenbank eindringen.
Leider vergessen viele Leute bei der Installation von WordPress, das Datenbankpräfix zu ändern. Das macht es für Hacker einfacher, einen Massenangriff zu planen, indem sie auf das Standardpräfix wp_ abzielen.
Der einfachste Weg, Ihre WordPress-Datenbank zu schützen, ist die Änderung des Datenbank-Präfixes, was bei einer neu eingerichteten Website wirklich einfach zu machen ist.
Es bedarf einiger zusätzlicher Schritte, um das WordPress-Datenbankpräfix für Ihre etablierte Website richtig zu ändern, ohne sie völlig durcheinander zu bringen. In diesem Sinne zeigen wir Ihnen, wie Sie Ihr WordPress-Datenbankpräfix ändern und Ihre WordPress-Sicherheit verbessern können.
Video-Anleitung
Wenn Ihnen das Video nicht gefällt oder Sie weitere Anweisungen benötigen, lesen Sie einfach weiter.
Ändern des WordPress-Datenbank-Präfixes
Wir empfehlen Ihnen, eine Sicherungskopie Ihrer WordPress-Datenbank zu erstellen, bevor Sie die in dieser Anleitung vorgeschlagenen Maßnahmen durchführen. Es ist auch wichtig, tägliche Backups Ihrer WordPress-Website mit einem Plugin wie Duplicator zu erstellen.
Wir empfehlen außerdem, dass Sie Ihre Besucher auf eine temporäre Wartungsseite umleiten, während Sie das Datenbankpräfix ändern. Andernfalls könnten Sie bei den Besuchern Ihrer Website ein schlechtes Benutzererlebnis verursachen.
Ändern des Tabellenpräfixes in wp-config.php
Zunächst müssen Sie sich mit FTP oder der Dateimanager-App in Ihrem WordPress-Hosting-Konto mit Ihrer Website verbinden.
Anschließend müssen Sie die Datei wp-config.php öffnen, die sich in Ihrem WordPress-Stammverzeichnis befindet. Hier können Sie die Zeile mit dem Tabellenpräfix von wp_ in etwas anderes ändern, z. B. wp_a123456_
Die Zeile würde also wie folgt aussehen:
$table_prefix = 'wp_a123456_';
Hinweis: Sie können das Tabellenpräfix nur mit Zahlen, Buchstaben und Unterstrichen ändern.
Alle Datenbanktabellennamen ändern
Als Nächstes müssen Sie eine Verbindung zu Ihrer Datenbank mit dem Tool phpMyAdmin herstellen. Wenn Ihr Hoster das cPanel-Dashboard verwendet, können Sie phpMyAdmin dort leicht finden.
Es gibt insgesamt 11 Standard-WordPress-Tabellen, so dass es mühsam wäre, sie manuell zu ändern.
Klicken Sie stattdessen oben auf die Registerkarte „SQL“.
Dann können Sie die folgende SQL-Abfrage eingeben:
RENAME table `wp_commentmeta` TO `wp_a123456_commentmeta`;
RENAME table `wp_comments` TO `wp_a123456_comments`;
RENAME table `wp_links` TO `wp_a123456_links`;
RENAME table `wp_options` TO `wp_a123456_options`;
RENAME table `wp_postmeta` TO `wp_a123456_postmeta`;
RENAME table `wp_posts` TO `wp_a123456_posts`;
RENAME table `wp_terms` TO `wp_a123456_terms`;
RENAME table `wp_termmeta` TO `wp_a123456_termmeta`;
RENAME table `wp_term_relationships` TO `wp_a123456_term_relationships`;
RENAME table `wp_term_taxonomy` TO `wp_a123456_term_taxonomy`;
RENAME table `wp_usermeta` TO `wp_a123456_usermeta`;
RENAME table `wp_users` TO `wp_a123456_users`;
Denken Sie daran, den Datenbankpräfix in denjenigen zu ändern, den Sie bei der Bearbeitung der Datei wp-config.php gewählt haben.
Möglicherweise müssen Sie auch Zeilen für andere Plugins hinzufügen, die ihre eigenen Tabellen in der WordPress-Datenbank hinzufügen. Die Idee ist, dass Sie alle Tabellenpräfixe in das von Ihnen gewünschte ändern.
Die Optionstabelle
Anschließend müssen wir die Optionstabelle nach anderen Feldern durchsuchen, die wp_ als Präfix verwenden, damit wir sie ersetzen können.
Um den Prozess zu beschleunigen, können Sie diese Abfrage verwenden:
SELECT * FROM `wp_a123456_options` WHERE `option_name` LIKE '%wp_%'
Dies führt zu einer Vielzahl von Ergebnissen, die Sie nacheinander durchgehen müssen, um die Zeilen und ihre Präfixe zu ändern.
UserMeta-Tabelle
Als nächstes müssen wir usermeta nach allen Feldern durchsuchen, die wp_ als Präfix verwenden, damit wir es ersetzen können.
Dazu können Sie diese SQL-Abfrage verwenden:
SELECT * FROM `wp_a123456_usermeta` WHERE `meta_key` LIKE '%wp_%'
Die Anzahl der Einträge kann variieren, je nachdem, wie viele WordPress-Plugins Sie auf Ihrer Website verwenden. Ändern Sie einfach alles, was wp_ hat, in das neue Präfix.
Jetzt können Sie Ihre Website testen. Wenn Sie die oben genannten Schritte befolgt haben, sollte alles gut funktionieren.
Wir empfehlen, sicherheitshalber ein neues Backup Ihrer Datenbank zu erstellen.
Wir hoffen, dass dieser Artikel Ihnen geholfen hat zu erfahren, wie Sie das Präfix der WordPress-Datenbank ändern können. Vielleicht interessieren Sie sich auch für unseren Leitfaden zur Optimierung Ihrer WordPress-Datenbank und unsere Expertenauswahl der besten WordPress-Datenbank-Plugins.
mohadese esmaeeli
Hello. Changing the prefix of WordPress tables is very, very important because this prefix is the default, and most people don’t change it, making it susceptible to testing by any hacker. So, it makes sense to alter it, and I recommend this to all my friends. If we change the prefix during the WordPress installation, it’s much better. However, even after installation, it is possible to change the table prefix.
Ka Khaliq
Hi there,
I’m referring to this article to update my WordPress website database prefix.
I have a confusion about updating the Options and Usermeta tables. Upon running the respective SQL queries, the results obtained, also contains some rows something like transient_wp_cloudflare OR dismissed_wp_pointers OR tlwp_feedback_data OR wpseo_social etc.
So do I need to update such rows too where wp_ is present in the middle/end OR do I just need to update rows that has the wp_ prefix at the start like wp_page_for_privacy_policy etc.
I understand that by prefix means, something at the start but still want to solve this confusion.
WPBeginner Support
No, you would want to leave those tables as they are as those are used by plugins and other tools that are looking for those specific titles.
Admin
Eka
you save my time, thanks alot bro.
i do test password and the problem has been detect
thanks !
WPBeginner Support
Glad our guide was helpful
Admin
Barry Richardson
A plugin developer told me that you cannot have a Wordpress blog without a database prefix. This is very confusing because I have had an active Wordpress blog for 5 years – and it has no database prefix. So, can you have a Wordpress site without a database prefix?
WPBeginner Support
WordPress has a database prefix by default without you needing to make any changes, this is a way to customize the prefix.
Admin
Emily
Hi there, I was following another tutorial to look at the database files and noticed mine have names like „wphy_users“ … is this possibly an extension of the thing described here, just without the _ before?
Look forward to your reply!
WPBeginner Support
Correct, from the sound of it your database was created with a different prefix
Admin
Izzy
Hi, I changed my table prefix names ia while a go. I found out there where some new maps added with the old name + the main folder (database I think) also has the old name. Now I also found out my folders already HAD a different name than the standard „wp“ prefix name, so the change wasn’t even needed in the first place. The only thing now is that half of the tables has 1 certain name and the other ones have another name. Because everything works fine now I don’t want to change things again, but my only question now is: is it a problem that the tables have different names? Do they all need to be named the same, or does it not matter?
WPBeginner Support
The extra tables may have been created by a plugin, we would recommend your site using the same prefix for all of your content.
Admin
Akhilesh
I am multi domain hosting. at the time of installation of WP what have to put in table prefix (as wp_ written by default.)??
Please suggest me as early as possible…
WPBeginner Support
You would choose what you want the prefix to be if you’re changing your site’s database prefix
Admin
Mainak Ghosh
After changing database prefix i am getting „Sorry, you are not allowed to access this page“ this error when i visit WordPress admin dashboard.
WPBeginner Support
You may want to ensure you updated all of the links in your tables and you may want to check your wp-config file for another location. To see if it is more than one error you could enable wp debug: https://www.wpbeginner.com/wp-tutorials/how-to-set-up-wordpress-error-logs-in-wp-config/
Admin
Kid Max
Hi, I’m using wordpess multisite. I want to use home site’s database prefix and folder for media attachment for all of subsite including home site. Any idea?
WPBeginner Support
You could upload your images to the home site’s media library and embed the images on your subsites to do something like that.
Admin
Kid Max
I know about that, but featured images not support for that, so I want to use home site’s media database prefix for all site.
WPBeginner Support
Sadly, at the moment we don’t have a recommended method for that.
Mike
I tried it and then I couldn’t login. Probably because I have a security plugin.
If I disable and delete all my plugins and just leave my installation with the core WP, and then I make the change, would that probably eliminate the need to change anything in usermeta or the options tables? i.e. Would that probably be the safest way to make the table change and not break anything.
Then, I’ll just re-install my plugins.
Mishel
According to this article, Changing the WordPress table prefix does absolutely nothing to enhance the site security.
Even if we have changed the table prefix, a hacker can find the table prefix by running this code:
SELECT DISTINCT SUBSTRING(`TABLE_NAME` FROM 1 FOR ( LENGTH(`TABLE_NAME`)-8 ) )
2
FROM information_schema.TABLES WHERE
3
`TABLE_NAME` LIKE ‚%postmeta‘;
WPBeginner Support
Hi Mishel,
We don’t agree with that. Every security step that obscures something can be uncovered by a experienced hacker. These steps just add a difficulty layer to make your overall security harder to crack. Changing table prefix certainly has no downside to it and if it can block some automated and obvious hacking attempts, then its totally worth it.
Admin
Sayeed
Yes I agree.
Daniel
Just what I was looking for. Thanks.
Mehdi
The queries in both wp_options and wp_usermeta return datas that is contained wp should I rename them too?
ex: wpseo_title, _yoast_wpseo_
rado
I made really silly mistake, in my wp-config file i assign the variable $table-prefix without the underscore at the end. Something like „wp_12345“, it should be „wp_12345_“.
Molly
this broke my files, none of my files are accessible on the local or live sites, thankfully this is all learning and a test site, but what went wrong?
Josch
Works fine, thank you very much! Except: I get the following warning in the backend after changing prefix. Tried it two times:
Warning: Cannot modify header information – headers already sent by (output started at /myurl/wp-config.php:1) in /myurl/wp-includes/option.php on line 837
Warning: Cannot modify header information – headers already sent by (output started at /myurl/wp-config.php:1) in /myurl/wp-includes/option.php on line 838
Can you help me?
WPBeginner Support
Hi Josch,
This error can be caused by an empty space or an extra line at the end of wp-config.php file. Deleting it can solve the issue.
Admin
Mehdi
Hi, thank you for your article. I have a question about that. If you have some plugins which are installed in your wordpress, is this method that you mentioned above the same? or maybe we need to other things to complete this step?
I appreciate if you guide me about that because I have more than 20 install plugin in my wordpress sit.
Thank you for your help
Asterix
Won’t I have issues when updating plugins etc in the future?
I tried to use iThemes Security built in advanced features for this, but got the error: An „invalid format“ error prevented the request from completing as expected. The format of data returned could not be recognized. This could be due to a plugin/theme conflict or a server configuration issue.
So I am not sure if I dare to do this manually either…
Joe
Hello Team
thanks for sharing this.
All steps went well except for the last one: UserMeta Table.
MySql doesn’t let me change the prefix for it.
That’s the error message I get:
#1054 – Unknown column ‚wp_new_usermeta.umeta_id‘ in ‚where clause‘
Please, any advise?
Many thanks,
Joe
Shivam Pandey
How to change the database prefix while installing WordPress.
Vipul Parekh
There’s an option it asked to enter db prefix while installation. so you can give prefix whatever you wish to!!
Tom B.
Is it necessary to still include the“wp_“ as part of the new prefix I want to create? Can I just use any alpha numeric string to reduce the chance of any type of hack?
Thanks,
Tom
WPBeginner Support
Yes, you can use alpha-numeric string.
Admin
Chad Mowery
Nice article. I think the query on the Options and UserMeta table will throw off less savvy individuals. Not sure how but it would help if you could provide more detail on those steps.
I followed the guide and have successfully changed my DB table prefix!
blade
This does not add really any kind of security.
If I can inject SQL, I can query against information_schema.tables and get info about tables, whatever fancy prefix you put in front of names
thomas
very true. a good htaaccess will block sql injections too. on top of that, my wordpress install only gives full database access to very select users by assigning those credentials based on certain things gathered long before a db connection. everybody else gets the very very basic access.
i also stopped most hacking attempts cold by hiding the wpzlogin.php and further password protecting access to wp admin in cpanel. it takes a login just to get to the wp login page.
John
@Shivi
This is all you need to do to change table.prefix ? even when live?
shivi
Hi , Nice article ! Thought of simplifying replacing table prefix.
In Phpmyadmin once u select the database, you can see the list of tables.
1. Enable the checkbox check all
2. select Replace table prefix in the dropdown ‚with selected‘
3. Enter the existing prefix in from option: ‚wp_‘ as mentioned in the article.
4. Enter the new prefix in to option: ‚wp_a123456_‘ as mentioned in the article.
5. Click submit
This helps to change table prefix for all tables including that of the plugin.
You can check these articles if you need support on dehack your site
john
So…. @SHIVI
All I need to do, to change the table.prefix is go into my config.file change the prefix and then proceed to your steps 1-5 and the table.prefix will be changed everywhere (plugins etc..)
And that’s it?
Dana Nourie
Sweet! This was great.
Matt Boden
You’ll still need to manually update the prefix on the options and usermeta tables.
Fahim
Should i run Sql for every table? i mean i have 15 table. or only change two tables you described will fix the problem.
WPBeginner Support
All tables. You would want to change table prefix from all your existing WordPress tables.
Admin
Alph
Hi guys,
Thanks for these instructions. They helped me resolve my uppercase issues.
As a beginner, some guidance as to the how to change the table names manually would have been appreciated. I would have felt more comfortable doing it that way.
Also, for a beginner like me, some instruction on how to make the changes in the Options and Usermeta tables would been helpful.
Thanks again. Could not have done it without you!
Chris A
Thanks for the instruction. I needed to remove an UPPER case letter from a prefix and this showed that exact records I needed to touch!
TIP: with phpMyAdmin you can check all records at the bottom and select ‚replace table prefix‘ this will bring up a standard replace box with ‚from‘ and ‚to‘ values.
It will also save a lot of typing in step one – especially if it’s a large database.
Prabhakar
You made it !
Thanks
Igor
Hi guys,
when I made these changes it don’t give me to sign in as current user but it tells me to install wordpress again…
Igor
WPBeginner Support
This usually happens when the database you connected to is empty. Please recheck your database name.
Admin
Alan P
wp_termmeta is missing from the list of tables to rename.
WPBeginner Support
Thank you for notifying us. We have updated the article.
Admin
Rick
My SQl DB have no table prefix so got error sometimes on wordpress Wpconfig.php without $table_prefix = “;.
how to add table prefix,
when i try to add in config file and rename all table with same prefix
and login in to wp got error „you don’t have permission to access“
Sameer Panda
Worked as a charm, thanks for sharing.
Dave van Hoorn
Update the SQL for renaming the prefixes please. WordPress adds the ‚wp_termmeta‘ table now. It’s included in the SQL below.
RENAME table `wp_commentmeta` TO `wp_yoursitename_commentmeta`;
RENAME table `wp_comments` TO `wp_yoursitename_comments`;
RENAME table `wp_links` TO `wp_yoursitename_links`;
RENAME table `wp_options` TO `wp_yoursitename_options`;
RENAME table `wp_postmeta` TO `wp_yoursitename_postmeta`;
RENAME table `wp_posts` TO `wp_yoursitename_posts`;
RENAME table `wp_termmeta` TO `wp_yoursitename_termmeta`;
RENAME table `wp_terms` TO `wp_yoursitename_terms`;
RENAME table `wp_term_relationships` TO `wp_yoursitename_term_relationships`;
RENAME table `wp_term_taxonomy` TO `wp_yoursitename_term_taxonomy`;
RENAME table `wp_usermeta` TO `wp_yoursitename_usermeta`;
RENAME table `wp_users` TO `wp_yoursitename_users`;
Prabhudatta Sahoo
When I am renaming my tables in the database all the images in the gallery are going away, I do not understand the reason. Could anyone please help me fixing this issue?
Terry Thorson
This issue will occur if you do not update the serialized data strings (used for your gallery images) correctly in the database. A good way to do this is to use the plugin WP Migrate DB. There is an excellent tutorial for this on Lynda.com (although be sure to use the same prefix for your target database as your source database).
I learned this the hard way. Trying to start afresh, I discovered my backup was faulty as well. Luckily my webhost had an older backup I could use to restart my migration. WP Migrate DB did the trick.
Cameron Jones
I can’t find any fields in the _usermeta or _options tables that would require updating. Unless they are specifically referencing a table, they shouldn’t need to be updated. It’s a table prefix, not a variable prefix.
Cameron Jones
Actually, I stand corrected. There are a couple that will be part of a default WordPress install:
In prefix_options
prefix_user_roles
In prefix_usermeta
prefix_capabilities
prefix_user_level
prefix_dashboard_quick_press_last_post_id
prefix_user-settings
prefix_user-settings-time
You should be careful regarding updating any other fields. Plugins may either use the defined prefix or `wp_` as a prefix. Always make a backup and test on a dev or staging environment.
kapil
hi,
i have a query. assume that i have changed all my prefix from wp_something to some other name. these changes will be done to the existing fields in the database only. but wont the codes in my wordpress .php files remain the same??? so next time for any new user registration or some other registration, the entities will again be saved as wp_something as the main code in the .php files remains unchanged… ???
thanks….
tech
UPDATE `wp_a123456_options` SET `option_name`=REPLACE(`option_name`,’wp_’,’wp_a123456_’) WHERE `option_name` LIKE ‘%wp_%’;
UPDATE `wp_a123456_usermeta` SET `meta_key`=REPLACE(`meta_key`,’wp_’,’wp_a123456_’) WHERE `meta_key` LIKE ‘%wp_%’;
I do changes but after doing this i again run following query it shows prefix not changed
SELECT * FROM `wp_a123456_options` WHERE `option_name` LIKE ‚%wp_%‘
Wiem
Thank you for the queries
Nathan WHite
This post and the responses to the comments leaves out a very important component. Does the table need to begin with wp_ ?
Coming upon another discussion in wordpress.org indicated that it indeed did not need to. It would have helped me if this question was answered by the moderator.
Also, dismissed_wp_pointers questions were not clearly answered. I changed mine.
Clare Wood
Hi guys,
I followed these steps, now when I try to see the back-end or front-end of my site I get this:
ERROR: $table_prefix in wp-config.php can only contain numbers, letters, and underscores.
I’m positive I only have lowercase letters and an underscore as my table prefix.
Any ideas? The site is on localhost.
Cheers.
Paul
Fantastic and logically prepared article on Wp security.
Thomas
Thanx a bunch! I tried to restore my old database, but to no avail. Then I figured out that my new database prefix was different from old. Made all that you recommended and vuala!
Divyesh
Thanks a Lot!!!
It worked like a charm
Nikhil
I am getting this error…….“You do not have sufficient permissions to access this page“ after implementing above procedure…..how to solve it?????
Saz
These instructions have been followed but now role assignment for new users has disappeared…
Tom
Thanks for a great tips .
I have a question.
Do I need to change „wp_ ….“ used in post_meta table as well?
johnny
or this plugin http://wordpress.org/plugins/db-prefix-change/
savagemike
For the wp_options and wp_usermeta tables, why not dump the database and use sed to replace „wp_“ with the new prefix? Example:
sed -i ’s/wp_/wp_1234/g‘ > filename.sql
Then, simply import the modified dump. Easier and faster than changing cells one-by-one.
gcreator
Attacker can simple use ‚%wp_%‘
I mean that is not fully secure at all…
because he knows the table names that wordpress generates he can simply use ‚_%users‘ for wp_anything_users OR ‚_%posts‘ for ‚wp_anything_posts‘ ..etc…
Jim
gcreator…
For 99% of the attacks against WP databases, the skiddies are using pre-built tools and default settings. This gets you out of their crosshairs.
if you are under focused attack then yeah, simple obfuscation will only slow them down, not completely protect you.
javed
thanks a lot