Fragen Sie sich, wie Sie das Präfix der WordPress-Datenbank für Ihre Website ändern können?
Das Ändern des Datenbankpräfixes kann die Daten Ihrer Website vor SQL-Injections und anderen Angriffen von Online-Hackern schützen. Dies kann ein wichtiger Schritt zur Verbesserung der WordPress-Sicherheit sein.
In diesem Tutorial zeigen wir Ihnen, wie Sie das Präfix der WordPress-Datenbank ändern können, um die Sicherheit zu verbessern.
Warum sollten Sie das WordPress-Datenbankpräfix ändern?
Die WordPress-Datenbank ist so etwas wie das Gehirn Ihrer gesamten WordPress-Website, denn alle Informationen und Dateien werden dort gespeichert.
Dies macht die Datenbank zu einem beliebten Ziel für Hacker. Spammer und Hacker können automatisierte Codes für SQL-Injections ausführen und in Ihre WordPress-Datenbank eindringen.
Leider vergessen viele Leute bei der Installation von WordPress, das Datenbankpräfix zu ändern. Das macht es für Hacker einfacher, einen Massenangriff zu planen, indem sie auf das Standardpräfix wp_ abzielen.
Der einfachste Weg, Ihre WordPress-Datenbank zu schützen, ist die Änderung des Datenbank-Präfixes, was bei einer neu eingerichteten Website wirklich einfach zu machen ist.
Es bedarf einiger zusätzlicher Schritte, um das WordPress-Datenbankpräfix für Ihre etablierte Website richtig zu ändern, ohne sie völlig durcheinander zu bringen. In diesem Sinne zeigen wir Ihnen, wie Sie Ihr WordPress-Datenbankpräfix ändern und Ihre WordPress-Sicherheit verbessern können.
Video-Anleitung
Wenn Ihnen das Video nicht gefällt oder Sie weitere Anweisungen benötigen, lesen Sie einfach weiter.
Ändern des WordPress-Datenbank-Präfixes
Wir empfehlen Ihnen, eine Sicherungskopie Ihrer WordPress-Datenbank zu erstellen, bevor Sie die in dieser Anleitung vorgeschlagenen Maßnahmen durchführen. Es ist auch wichtig, tägliche Backups Ihrer WordPress-Website mit einem Plugin wie Duplicator zu erstellen.
Wir empfehlen außerdem, dass Sie Ihre Besucher auf eine temporäre Wartungsseite umleiten, während Sie das Datenbankpräfix ändern. Andernfalls könnten Sie bei den Besuchern Ihrer Website ein schlechtes Benutzererlebnis verursachen.
Ändern des Tabellenpräfixes in wp-config.php
Zunächst müssen Sie sich mit FTP oder der Dateimanager-App in Ihrem WordPress-Hosting-Konto mit Ihrer Website verbinden.
Anschließend müssen Sie die Datei wp-config.php öffnen, die sich in Ihrem WordPress-Stammverzeichnis befindet. Hier können Sie die Zeile mit dem Tabellenpräfix von wp_ in etwas anderes ändern, z. B. wp_a123456_
Die Zeile würde also wie folgt aussehen:
$table_prefix = 'wp_a123456_';
Hinweis: Sie können das Tabellenpräfix nur mit Zahlen, Buchstaben und Unterstrichen ändern.
Alle Datenbanktabellennamen ändern
Als Nächstes müssen Sie eine Verbindung zu Ihrer Datenbank mit dem Tool phpMyAdmin herstellen. Wenn Ihr Hoster das cPanel-Dashboard verwendet, können Sie phpMyAdmin dort leicht finden.
Es gibt insgesamt 11 Standard-WordPress-Tabellen, so dass es mühsam wäre, sie manuell zu ändern.
Klicken Sie stattdessen oben auf die Registerkarte „SQL“.
Dann können Sie die folgende SQL-Abfrage eingeben:
RENAME table `wp_commentmeta` TO `wp_a123456_commentmeta`;
RENAME table `wp_comments` TO `wp_a123456_comments`;
RENAME table `wp_links` TO `wp_a123456_links`;
RENAME table `wp_options` TO `wp_a123456_options`;
RENAME table `wp_postmeta` TO `wp_a123456_postmeta`;
RENAME table `wp_posts` TO `wp_a123456_posts`;
RENAME table `wp_terms` TO `wp_a123456_terms`;
RENAME table `wp_termmeta` TO `wp_a123456_termmeta`;
RENAME table `wp_term_relationships` TO `wp_a123456_term_relationships`;
RENAME table `wp_term_taxonomy` TO `wp_a123456_term_taxonomy`;
RENAME table `wp_usermeta` TO `wp_a123456_usermeta`;
RENAME table `wp_users` TO `wp_a123456_users`;
Denken Sie daran, den Datenbankpräfix in denjenigen zu ändern, den Sie bei der Bearbeitung der Datei wp-config.php gewählt haben.
Möglicherweise müssen Sie auch Zeilen für andere Plugins hinzufügen, die ihre eigenen Tabellen in der WordPress-Datenbank hinzufügen. Die Idee ist, dass Sie alle Tabellenpräfixe in das von Ihnen gewünschte ändern.
Die Optionstabelle
Anschließend müssen wir die Optionstabelle
nach anderen Feldern durchsuchen, die wp_ als Präfix verwenden, damit wir sie ersetzen können.
Um den Prozess zu beschleunigen, können Sie diese Abfrage verwenden:
SELECT * FROM `wp_a123456_options` WHERE `option_name` LIKE '%wp_%'
Dies führt zu einer Vielzahl von Ergebnissen, die Sie nacheinander durchgehen müssen, um die Zeilen und ihre Präfixe zu ändern.
UserMeta-Tabelle
Als nächstes müssen wir usermeta
nach allen Feldern durchsuchen, die wp_ als Präfix verwenden, damit wir es ersetzen können.
Dazu können Sie diese SQL-Abfrage verwenden:
SELECT * FROM `wp_a123456_usermeta` WHERE `meta_key` LIKE '%wp_%'
Die Anzahl der Einträge kann variieren, je nachdem, wie viele WordPress-Plugins Sie auf Ihrer Website verwenden. Ändern Sie einfach alles, was wp_ hat, in das neue Präfix.
Jetzt können Sie Ihre Website testen. Wenn Sie die oben genannten Schritte befolgt haben, sollte alles gut funktionieren.
Wir empfehlen, sicherheitshalber ein neues Backup Ihrer Datenbank zu erstellen.
Wir hoffen, dass dieser Artikel Ihnen geholfen hat zu erfahren, wie Sie das Präfix der WordPress-Datenbank ändern können. Vielleicht interessieren Sie sich auch für unseren Leitfaden zur Optimierung Ihrer WordPress-Datenbank und unsere Expertenauswahl der besten WordPress-Datenbank-Plugins.
Dave van Hoorn
Update the SQL for renaming the prefixes please. WordPress adds the ‚wp_termmeta‘ table now. It’s included in the SQL below.
RENAME table `wp_commentmeta` TO `wp_yoursitename_commentmeta`;
RENAME table `wp_comments` TO `wp_yoursitename_comments`;
RENAME table `wp_links` TO `wp_yoursitename_links`;
RENAME table `wp_options` TO `wp_yoursitename_options`;
RENAME table `wp_postmeta` TO `wp_yoursitename_postmeta`;
RENAME table `wp_posts` TO `wp_yoursitename_posts`;
RENAME table `wp_termmeta` TO `wp_yoursitename_termmeta`;
RENAME table `wp_terms` TO `wp_yoursitename_terms`;
RENAME table `wp_term_relationships` TO `wp_yoursitename_term_relationships`;
RENAME table `wp_term_taxonomy` TO `wp_yoursitename_term_taxonomy`;
RENAME table `wp_usermeta` TO `wp_yoursitename_usermeta`;
RENAME table `wp_users` TO `wp_yoursitename_users`;
Prabhudatta Sahoo
When I am renaming my tables in the database all the images in the gallery are going away, I do not understand the reason. Could anyone please help me fixing this issue?
Terry Thorson
This issue will occur if you do not update the serialized data strings (used for your gallery images) correctly in the database. A good way to do this is to use the plugin WP Migrate DB. There is an excellent tutorial for this on Lynda.com (although be sure to use the same prefix for your target database as your source database).
I learned this the hard way. Trying to start afresh, I discovered my backup was faulty as well. Luckily my webhost had an older backup I could use to restart my migration. WP Migrate DB did the trick.
Cameron Jones
I can’t find any fields in the _usermeta or _options tables that would require updating. Unless they are specifically referencing a table, they shouldn’t need to be updated. It’s a table prefix, not a variable prefix.
Cameron Jones
Actually, I stand corrected. There are a couple that will be part of a default WordPress install:
In prefix_options
prefix_user_roles
In prefix_usermeta
prefix_capabilities
prefix_user_level
prefix_dashboard_quick_press_last_post_id
prefix_user-settings
prefix_user-settings-time
You should be careful regarding updating any other fields. Plugins may either use the defined prefix or `wp_` as a prefix. Always make a backup and test on a dev or staging environment.
kapil
hi,
i have a query. assume that i have changed all my prefix from wp_something to some other name. these changes will be done to the existing fields in the database only. but wont the codes in my wordpress .php files remain the same??? so next time for any new user registration or some other registration, the entities will again be saved as wp_something as the main code in the .php files remains unchanged… ???
thanks….
tech
UPDATE `wp_a123456_options` SET `option_name`=REPLACE(`option_name`,’wp_’,’wp_a123456_’) WHERE `option_name` LIKE ‘%wp_%’;
UPDATE `wp_a123456_usermeta` SET `meta_key`=REPLACE(`meta_key`,’wp_’,’wp_a123456_’) WHERE `meta_key` LIKE ‘%wp_%’;
I do changes but after doing this i again run following query it shows prefix not changed
SELECT * FROM `wp_a123456_options` WHERE `option_name` LIKE ‚%wp_%‘
Wiem
Thank you for the queries
Nathan WHite
This post and the responses to the comments leaves out a very important component. Does the table need to begin with wp_ ?
Coming upon another discussion in wordpress.org indicated that it indeed did not need to. It would have helped me if this question was answered by the moderator.
Also, dismissed_wp_pointers questions were not clearly answered. I changed mine.
Clare Wood
Hi guys,
I followed these steps, now when I try to see the back-end or front-end of my site I get this:
ERROR: $table_prefix in wp-config.php can only contain numbers, letters, and underscores.
I’m positive I only have lowercase letters and an underscore as my table prefix.
Any ideas? The site is on localhost.
Cheers.
Paul
Fantastic and logically prepared article on Wp security.
Thomas
Thanx a bunch! I tried to restore my old database, but to no avail. Then I figured out that my new database prefix was different from old. Made all that you recommended and vuala!
Divyesh
Thanks a Lot!!!
It worked like a charm
Nikhil
I am getting this error…….“You do not have sufficient permissions to access this page“ after implementing above procedure…..how to solve it?????
Saz
These instructions have been followed but now role assignment for new users has disappeared…
Tom
Thanks for a great tips .
I have a question.
Do I need to change „wp_ ….“ used in post_meta table as well?
johnny
or this plugin http://wordpress.org/plugins/db-prefix-change/
savagemike
For the wp_options and wp_usermeta tables, why not dump the database and use sed to replace „wp_“ with the new prefix? Example:
sed -i ’s/wp_/wp_1234/g‘ > filename.sql
Then, simply import the modified dump. Easier and faster than changing cells one-by-one.
gcreator
Attacker can simple use ‚%wp_%‘
I mean that is not fully secure at all…
because he knows the table names that wordpress generates he can simply use ‚_%users‘ for wp_anything_users OR ‚_%posts‘ for ‚wp_anything_posts‘ ..etc…
Jim
gcreator…
For 99% of the attacks against WP databases, the skiddies are using pre-built tools and default settings. This gets you out of their crosshairs.
if you are under focused attack then yeah, simple obfuscation will only slow them down, not completely protect you.
javed
thanks a lot
gabe
I got syntax error when following this (my version of SQL is 5.5.x).
I had success after referring to the SQL manual. Needed to leave the quotes out of the query:
[WRONG] RENAME table ‚wp_links‘ TO ‚wp_xx_links‘;
[RIGHT] RENAME TABLE wp_links TO wp_xx_links;
RosellaBird
Thanks! That saved me a lot of time I had the same error too
Sepster
You were using „standard“ quotes ‚. The correct syntax to identify object names in mySql is to use „backquotes“ ` (ie the key in the top left of a standard-US keyboard, left of the number 1)
Marcello Nuccio
The problem is that you are using the wrong quotes. You must use the backtick character around table names, not the apostrophe. In SQL, the apostrophe is used to delimit strings.
Karen
I have changed the prefixes of a new install and then built a whole new site! I suddenly realised that I might not be able to update wordpress as normal from the admin panel..
Does changing the prefixes affect being able to update wordpress as normal???
Pablo
Nice.
You can use this as well:
UPDATE `wp_a123456_options` SET `option_name`=REPLACE(`option_name`,’wp_‘,’wp_a123456_‘) WHERE `option_name` LIKE ‚%wp_%‘;
UPDATE `wp_a123456_usermeta` SET `meta_key`=REPLACE(`meta_key`,’wp_‘,’wp_a123456_‘) WHERE `meta_key` LIKE ‚%wp_%‘;
Haary
Please answer “ How to create a plugin for take a backup of speific table in wordpress database?“ in the stackoverflow
Haary
It is a nice tutorial. Please see the link http://stackoverflow.com/questions/21546786/how-to-create-a-plugin-for-take-a-backup-of-speific-table-in-wordpress-database
David Appleby
Very nice guide thanks.
Andrew Rickards
Thanks for the useful info. I just tried changing my DB prefix and everything seems to have worked perfectly.
John
Thank you for doing the work to inform us on this topic. I have zero experience with WordPress, mySQL and PHP, so your help is greatly appreciated. A couple of questions:
You have a graphic right below the words „There are a total of 11…“, with SQL circled. Am I supposed to check all the checkboxes?
In the section titled „The Options Table“, which I’m getting to next, you say „This will return a lot of results, and you need to go one by one to change these lines.“ How is this done (or will it be perfectly obvious)?
WPBeginner Support
John, you need to click on the SQL which will open a Text Area, copy and paste the query given below the circled screenshot into SQL textarea and click Go button.
When updating options table you will run another SQL query to search for fields which have wp_ in them and replace those fields with your new database prefix. The query will return a number of rows you need to click on the Edit button next to each row to edit it and manually replace wp_ with your new database prefix.
Admin
Iftekhar
Dear writer, I have tested this in my local server. I am having problem to get access in my admin panel after changing table prefix. I have found „dismissed_wp_pointers“ this in my database. Do I need to change it also?
Thanks in advance
WPBeginner Support
No we don’t think you need to change that.
Admin
Iftekhar
Problem solved :). Actually I forgot to change option table. Thanks for reply.
AMSGATOR
`dismissed_wp_pointers` shows up when querying SELECT * FROM `wp_a123456_usermeta` WHERE `meta_key` LIKE ‚%wp_%‘
So I changed it since this says to change all the wp_ to the new prefix. I hope it doesn’t break anything.
Kobbe
Is this tutorial for an already installed blog…? Please kindly brief me on how to do this on a FRESH installations.
AMSGATOR
If you have already installed WordPress (regardless of how much you published) and you want to change the prefix then follow this tutorial.
blurped
Great guide, works like a charm. One question- why did you leave ‚wp_‘ in the new prefix? Seems like a whole lot of effort to change your table prefixes but still leave that fragment in there. Just remove it completely or replace it with something else more random (like ‚eh_‘ or whatever)
yerom
Well, everything is just fine… But when i’m go back to my site, it makes me the 5 minutes install again…
I think i missed something.
Anyone had the same issue ?
Tks !
WPBeginner Support
Check your wp-config.php file, it seems like you forgot to update
$table_prefix
value.Admin
ideal ismail
hi Admin,
Regarding the naming convention for the table prefix, „Note: You can only change it to numbers, letters, and underscores. Feel free to mix uppercase and lowercase.“
this is not true. You CAN’T use uppercase as it will wreak havoc with your database entries. i personally encountered this and the solution is to restrict to using numbers, underscores and lowercase letters.
many other people have encountered this. a quick google search gave me the following:
http://wordpress.org/support/topic/case-sensitive-wp_table_prefix?replies=1
http://stackoverflow.com/questions/9827164/wordpress-keeps-redirecting-to-install-php-after-migration
http://esdev.net/wordpress-error-you-do-not-have-sufficient-permissions-to-access-this-page/#.Ui_pHtJkMwB
hope that helps.
Editorial Staff
Updated the article.
Admin
Steve
Couldn’t you just back everything up,
export the DB to a DBbackup.sql file
open it with a text editor.
do a global search and replace and replace wp_ with mynewprefix_
Save the file,
drop all the tables in the DB
and import the new DBbackup.sql?
Editorial Staff
You could do that
Admin
Steve
Update – The global search and replace works. However, it might work too good. One of the side effects is that it returns all of your widgets to the default (fresh install) state.
Luckily – it returns them to the “inactive section” so you don’t have to completely re-do them. My lesson learned was to take a screen shot of the dashboard (before) so it’s easier to remember where you had them all.
Ahsan
Hey after changing table prefix and table name from mysql when i refresh the website it says website has a redirect loop, what should i do?
Andrew
leave the database changes to the professionals…………..
GReg
Update the prefix definition in config.php
Katie
Tried to do this on a multisite database install… totally failed. I seemed to put all the queries in correctly, but I got errors and at the end of all the steps my site was just redirecting itself indefinitely…
Mike
I did these changes as instructed but now I can’t get to my admin page.
Mark Pescatrice
Well after about 30 minutes of sweating bullets, I was able to do this. I made one tiny typo on wp-config.php. but otherwise it went smoothly. I did use Duplicator to create a backup before starting all of this.
I recommend users to do the following additional steps:
Before starting, put a dummy index.html in the root folder of your WP install, and renaming index.php to index.php.tmp (or something similar). After making a tiny typo in the wp-config.php file, I found myself at the WP install page.
After you are done, rename index.php.tmp to index.php and remove or rename the index.html page.
Thanks for the great article. I’m curious to see how the changes will affect the spam count.
Mark Pescatrice
Al Lemieux
In terms of process, do I make these security changes locally first? Or do I make them on Wordpress?
Editorial Staff
You make them on WordPress.
Admin
Dana Nourie
After changing the table prefixes, I can log in and all the content is there, but I’m not getting the admin interface. Any idea what I should check?
Thank you!
Dana
Dana Nourie
Nevermind, I had to change entries in the options table.
Corey
What about things like this? Do we need to change the wp in this, or only when it starts with wp?
dismissed_wp_pointers
Editorial Staff
You should be able to change it to whatever you like.
Admin
ana
I am confussed about ‚ _site_transient_timeout_wporg_theme_feature_list ‚ these, do I have to change wp here as well? and if yes then plz give an example.
AMSGATOR
You should only have to change it if wp is followed by an underscore (i.e., wp_)
Eric
Awesome information security for wp anti thief..But is there any free plugin or software to automate these processes?
Editorial Staff
Don’t think there is.
Admin
Yann
Thanks for the tutorial.
Here a plugin to automate these processes : http://wordpress.org/extend/plugins/wp-security-scan/
Daniel Garneau
All In One WP Security plugin has a Database Security option for editing the prefix of an existing WordPress database. I have been using the plugin for several months now, but I have not used this feature yet.
Orion
just tried this out, everything changed according to your instructions, hopefully this keeps the russians out….for a while at least.. Thank you for posting.
Benno
Thanks, worked great on my new blog!
Debra
I must be a total idiot because I sure can sort this out. Can’t even find the wp database. Geez this is frustrating
Editorial Staff
Which web hosting service are you using?
Admin
Scott Semple
Successfully changed the database prefixes, but now I can’t sign in?
My ##_capabilities in ##_usermeta is for an admin: a:1:{s:13:“administrator“;s:1:“1″;}
Thoughts on why I still can’t sign in? Thanks!
Editorial Staff
It loads the website properly, but you can’t sign in? What error does it say… Incorrect password? or incorrect username?
Admin
mckenzie
thanks so much! i searched all over the internet and you are the only blog entry to get this right on the spot!!
rawalbaig
Please Help me I’m not able to process the last two steps For „The Option Table“ I’m Here http://imageshack.us/photo/my-images/819/img00.png
& ‚“UserMeta Table“ Here http://imageshack.us/photo/my-images/84/img002o.png
What to do next I’m not able to login my wordpress account
TrentJessee
Excellent security post, and well written. What would you charge to do this service for people? Thanks!
http://trentjessee.com
WesHopper
@wpbeginner @WesHopper
wpbeginner
@WesHopper You just manually change it. Because the number vary based on the plugins you have.
Keith Davis
Hi Admin
Good clear instructions but I’ve never had the confidence to attempt a database prefix change – just in case!
You boys provide some great stuff – much appreciated.
Leonco
Very interesting security steps…
But surely there has to be a security plugin that addresses
the issue of preventing hacking.
João
There are several plugins that do this, but the truth is that it’s always good to know how to do this yourself.
For example I had an (apparently) buggy plugin change my WordPress database prefix just now, and i was locked out of my own WP installation.
This simple guide showed me how to undo the damage.
Vivek Parmar
Thanks a lot for sharing this. it is essential to secure WordPress first before posting any content your blog.