By default all of the WordPress database tables will start with wp_
(e.g. wp_users
, wp_posts
, etc.). Because this is the default value, you’ll often hear the tables referred to (and written about) using the wp_
prefix.
A Different Prefix
This wp_
prefix is set in wp-config.php with the following code.
/**
* WordPress Database Table prefix.
*
* You can have multiple installations in one database if you give each
* a unique prefix. Only numbers, letters, and underscores please!
*/
$table_prefix = 'wp_';
Do Not Change the Prefix on an Existing Site
If you have a WordPress site and you change the value of $table_prefix
, WordPress will no longer be able to find your existing database tables and will assume this is a new installation. (You can fix this by changing your $table_prefix
back to the correct value).
It is possible to modify your database and change all of your table names to match the new prefix you want to use, but that is beyond the scope of this article.
Should You Use an Alternate Database Prefix?
Changing the database prefix does add some additional security if your site ends up with code that has an SQL injection vulnerability (see XKCD Little Bobby Tables Comic). Code that introduces an SQL injection vulnerability would most likely come from a poorly written WordPress plugin or theme. As with many security decisions there is a tradeoff between convenience and security. I have seen many WordPress site owners struggle when working with their database because they have a modified database table prefix.
If you’re comfortable working with databases, then it is probably worth your time to modify your database prefix. If working with databases is still relatively new to you, I would keep the default WordPress database prefix wp_
.
Leave a Reply