サイトのWordPressデータベース接頭辞を変更する方法をお探しですか?
データベースの接頭辞を変更することで、SQLインジェクションやオンラインハッカーからのその他の攻撃からサイトのデータを保護することができます。WordPressのセキュリティを向上させるための重要なステップとなります。
このチュートリアルでは、WordPressデータベースの接頭辞を変更してセキュリティを向上させる方法を紹介します。
なぜWordPressのデータベース接頭辞を変更する必要があるのか?
WordPress データベースは、WordPress サイト全体の頭脳のようなものです。
このため、データベースはハッカーの格好の標的になる。スパマーやハッカーはSQLインジェクションの自動コードを実行し、WordPressのデータベースに侵入することができる。
残念なことに、WordPressをインストールする際にデータベースの接頭辞を変更するのを忘れてしまう人が多い。このため、ハッカーは初期設定の接頭辞wp_を標的にした集団攻撃を計画しやすくなる。
WordPressのデータベースを保護する最も簡単な方法は、データベースのプレフィックスを変更することです。
WordPressのデータベース接頭辞を変更するには、サイトを完全に混乱させることなく、適切に変更する必要があります。ここでは、WordPressのデータベース接頭辞を変更し、WordPressのセキュリティを向上させる方法をご紹介します。
動画チュートリアル
動画が気に入らなかったり、もっと説明が必要な場合は、そのまま読み進めてください。
WordPressデータベースの接頭辞を変更する方法
このチュートリアルで提案されていることを行う前に、WordPressデータベースをバックアップすることをお勧めします。また、Duplicatorのようなプラグインを使用して、WordPressサイトのバックアップを毎日取っておくことも重要です。
また、データベースのプレフィックスを変更する間、訪問者を一時的なメンテナンスページにリダイレクトすることをお勧めします。そうしないと、サイト訪問者に悪いユーザーエクスペリエンスを与える可能性があります。
wp-config.phpでテーブル接頭辞を変更する方法
まず、FTPまたはWordPressホスティングアカウントのファイルマネージャーアプリを使用してサイトに接続する必要があります。
WordPressのルート・ディレクトリにあるwp-config.phpファイルを開きます。ここで、テーブル接頭辞の行をwp_から次のように変更しますwp_a123456_
つまり、ラインは次のようになる:
$table_prefix = 'wp_a123456_';
注: テーブル接頭辞は、数字、アルファベット、アンダースコアでのみ変更できます。
データベースのテーブル名をすべて変更する
次に、phpMyAdminツールを使ってデータベースに接続する必要があります。ホスティングサービスがcPanelダッシュボードを使用している場合、phpMyAdminを簡単に見つけることができます。
WordPressの初期設定は全部で11テーブルあるので、手動で変更するのは面倒だ。
代わりに、上部にある「SQL」タブをクリックしてください。
そして、以下のSQLクエリーを入力する:
RENAME table `wp_commentmeta` TO `wp_a123456_commentmeta`;
RENAME table `wp_comments` TO `wp_a123456_comments`;
RENAME table `wp_links` TO `wp_a123456_links`;
RENAME table `wp_options` TO `wp_a123456_options`;
RENAME table `wp_postmeta` TO `wp_a123456_postmeta`;
RENAME table `wp_posts` TO `wp_a123456_posts`;
RENAME table `wp_terms` TO `wp_a123456_terms`;
RENAME table `wp_termmeta` TO `wp_a123456_termmeta`;
RENAME table `wp_term_relationships` TO `wp_a123456_term_relationships`;
RENAME table `wp_term_taxonomy` TO `wp_a123456_term_taxonomy`;
RENAME table `wp_usermeta` TO `wp_a123456_usermeta`;
RENAME table `wp_users` TO `wp_a123456_users`;
データベースの接頭辞は、wp-config.phpファイルを編集する際に選んだものに変更することを忘れないでください。
また、WordPressデータベースに独自のテーブルを追加する他のプラグインのために行を追加する必要があるかもしれません。このアイデアは、すべてのテーブル接頭辞を好きなものに変更するというものです。
オプション設定表
次に、wp_をプレフィックスとして使用している他のフィールドをオプションテーブルで検索し、置き換える必要があります。
プロセスをスピードアップするには、このクエリーを使うことができる:
SELECT * FROM `wp_a123456_options` WHERE `option_name` LIKE '%wp_%'
これは多くの結果を返すので、これらの行とその接頭辞を変更するために、ひとつひとつ調べていく必要がある。
ユーザーメタ・テーブル
次に、プレフィックスとしてwp_を使用しているすべてのフィールドをusermetaで検索し、置換する必要があります。
このSQLクエリーを使うことができます:
SELECT * FROM `wp_a123456_usermeta` WHERE `meta_key` LIKE '%wp_%'
エントリーの数は、サイトで使用しているWordPressプラグインの数によって異なる場合があります。wp_ がついているものはすべて新しい接頭辞に変更してください。
これでサイトをテストする準備ができました。上記のステップを踏んでいれば、すべて問題なく動作しているはずです。
念のため、データベースの新規バックアップを取ることをお勧めします。
この投稿が WordPress データベースの接頭辞を変更する方法のお役に立てば幸いです。WordPress データベースを最適化する方法や、WordPress データベースプラグインのエキスパートによるベストセレクションもぜひご覧ください。
Syed Balkhi
Hey WPBeginner readers,
Did you know you can win exciting prizes by commenting on WPBeginner?
Every month, our top blog commenters will win HUGE rewards, including premium WordPress plugin licenses and cash prizes.
You can get more details about the contest from here.
Start sharing your thoughts below to stand a chance to win!
mohadese esmaeeli
Hello. Changing the prefix of WordPress tables is very, very important because this prefix is the default, and most people don’t change it, making it susceptible to testing by any hacker. So, it makes sense to alter it, and I recommend this to all my friends. If we change the prefix during the WordPress installation, it’s much better. However, even after installation, it is possible to change the table prefix.
Ka Khaliq
Hi there,
I’m referring to this article to update my WordPress website database prefix.
I have a confusion about updating the Options and Usermeta tables. Upon running the respective SQL queries, the results obtained, also contains some rows something like transient_wp_cloudflare OR dismissed_wp_pointers OR tlwp_feedback_data OR wpseo_social etc.
So do I need to update such rows too where wp_ is present in the middle/end OR do I just need to update rows that has the wp_ prefix at the start like wp_page_for_privacy_policy etc.
I understand that by prefix means, something at the start but still want to solve this confusion.
WPBeginner Support
No, you would want to leave those tables as they are as those are used by plugins and other tools that are looking for those specific titles.
管理者
Eka
you save my time, thanks alot bro.
i do test password and the problem has been detect
thanks !
WPBeginner Support
Glad our guide was helpful
管理者
Barry Richardson
A plugin developer told me that you cannot have a WordPress blog without a database prefix. This is very confusing because I have had an active WordPress blog for 5 years – and it has no database prefix. So, can you have a WordPress site without a database prefix?
WPBeginner Support
WordPress has a database prefix by default without you needing to make any changes, this is a way to customize the prefix.
管理者
Emily
Hi there, I was following another tutorial to look at the database files and noticed mine have names like “wphy_users” … is this possibly an extension of the thing described here, just without the _ before?
Look forward to your reply!
WPBeginner Support
Correct, from the sound of it your database was created with a different prefix
管理者
Izzy
Hi, I changed my table prefix names ia while a go. I found out there where some new maps added with the old name + the main folder (database I think) also has the old name. Now I also found out my folders already HAD a different name than the standard “wp” prefix name, so the change wasn’t even needed in the first place. The only thing now is that half of the tables has 1 certain name and the other ones have another name. Because everything works fine now I don’t want to change things again, but my only question now is: is it a problem that the tables have different names? Do they all need to be named the same, or does it not matter?
WPBeginner Support
The extra tables may have been created by a plugin, we would recommend your site using the same prefix for all of your content.
管理者
Akhilesh
I am multi domain hosting. at the time of installation of WP what have to put in table prefix (as wp_ written by default.)??
Please suggest me as early as possible…
WPBeginner Support
You would choose what you want the prefix to be if you’re changing your site’s database prefix
管理者
Mainak Ghosh
After changing database prefix i am getting “Sorry, you are not allowed to access this page” this error when i visit WordPress admin dashboard.
WPBeginner Support
You may want to ensure you updated all of the links in your tables and you may want to check your wp-config file for another location. To see if it is more than one error you could enable wp debug: https://www.wpbeginner.com/wp-tutorials/how-to-set-up-wordpress-error-logs-in-wp-config/
管理者
Kid Max
Hi, I’m using wordpess multisite. I want to use home site’s database prefix and folder for media attachment for all of subsite including home site. Any idea?
WPBeginner Support
You could upload your images to the home site’s media library and embed the images on your subsites to do something like that.
管理者
Kid Max
I know about that, but featured images not support for that, so I want to use home site’s media database prefix for all site.
WPBeginner Support
Sadly, at the moment we don’t have a recommended method for that.
Mike
I tried it and then I couldn’t login. Probably because I have a security plugin.
If I disable and delete all my plugins and just leave my installation with the core WP, and then I make the change, would that probably eliminate the need to change anything in usermeta or the options tables? i.e. Would that probably be the safest way to make the table change and not break anything.
Then, I’ll just re-install my plugins.
Mishel
According to this article, Changing the WordPress table prefix does absolutely nothing to enhance the site security.
Even if we have changed the table prefix, a hacker can find the table prefix by running this code:
SELECT DISTINCT SUBSTRING(`TABLE_NAME` FROM 1 FOR ( LENGTH(`TABLE_NAME`)-8 ) )
2
FROM information_schema.TABLES WHERE
3
`TABLE_NAME` LIKE ‘%postmeta’;
WPBeginner Support
Hi Mishel,
We don’t agree with that. Every security step that obscures something can be uncovered by a experienced hacker. These steps just add a difficulty layer to make your overall security harder to crack. Changing table prefix certainly has no downside to it and if it can block some automated and obvious hacking attempts, then its totally worth it.
管理者
Sayeed
Yes I agree.
Daniel
Just what I was looking for. Thanks.
Mehdi
The queries in both wp_options and wp_usermeta return datas that is contained wp should I rename them too?
ex: wpseo_title, _yoast_wpseo_
rado
I made really silly mistake, in my wp-config file i assign the variable $table-prefix without the underscore at the end. Something like “wp_12345”, it should be “wp_12345_”.
Molly
this broke my files, none of my files are accessible on the local or live sites, thankfully this is all learning and a test site, but what went wrong?
Josch
Works fine, thank you very much! Except: I get the following warning in the backend after changing prefix. Tried it two times:
Warning: Cannot modify header information – headers already sent by (output started at /myurl/wp-config.php:1) in /myurl/wp-includes/option.php on line 837
Warning: Cannot modify header information – headers already sent by (output started at /myurl/wp-config.php:1) in /myurl/wp-includes/option.php on line 838
Can you help me?
WPBeginner Support
Hi Josch,
This error can be caused by an empty space or an extra line at the end of wp-config.php file. Deleting it can solve the issue.
管理者
Mehdi
Hi, thank you for your article. I have a question about that. If you have some plugins which are installed in your wordpress, is this method that you mentioned above the same? or maybe we need to other things to complete this step?
I appreciate if you guide me about that because I have more than 20 install plugin in my wordpress sit.
Thank you for your help
Asterix
Won’t I have issues when updating plugins etc in the future?
I tried to use iThemes Security built in advanced features for this, but got the error: An “invalid format” error prevented the request from completing as expected. The format of data returned could not be recognized. This could be due to a plugin/theme conflict or a server configuration issue.
So I am not sure if I dare to do this manually either…
Joe
Hello Team
thanks for sharing this.
All steps went well except for the last one: UserMeta Table.
MySql doesn’t let me change the prefix for it.
That’s the error message I get:
#1054 – Unknown column ‘wp_new_usermeta.umeta_id’ in ‘where clause’
Please, any advise?
Many thanks,
Joe
Shivam Pandey
How to change the database prefix while installing WordPress.
Vipul Parekh
There’s an option it asked to enter db prefix while installation. so you can give prefix whatever you wish to!!
Tom B.
Is it necessary to still include the”wp_” as part of the new prefix I want to create? Can I just use any alpha numeric string to reduce the chance of any type of hack?
Thanks,
Tom
WPBeginner Support
Yes, you can use alpha-numeric string.
管理者
Chad Mowery
Nice article. I think the query on the Options and UserMeta table will throw off less savvy individuals. Not sure how but it would help if you could provide more detail on those steps.
I followed the guide and have successfully changed my DB table prefix!
blade
This does not add really any kind of security.
If I can inject SQL, I can query against information_schema.tables and get info about tables, whatever fancy prefix you put in front of names
thomas
very true. a good htaaccess will block sql injections too. on top of that, my wordpress install only gives full database access to very select users by assigning those credentials based on certain things gathered long before a db connection. everybody else gets the very very basic access.
i also stopped most hacking attempts cold by hiding the wpzlogin.php and further password protecting access to wp admin in cpanel. it takes a login just to get to the wp login page.
John
@Shivi
This is all you need to do to change table.prefix ? even when live?
shivi
Hi , Nice article ! Thought of simplifying replacing table prefix.
In Phpmyadmin once u select the database, you can see the list of tables.
1. Enable the checkbox check all
2. select Replace table prefix in the dropdown ‘with selected’
3. Enter the existing prefix in from option: ‘wp_’ as mentioned in the article.
4. Enter the new prefix in to option: ‘wp_a123456_’ as mentioned in the article.
5. Click submit
This helps to change table prefix for all tables including that of the plugin.
You can check these articles if you need support on dehack your site
john
So…. @SHIVI
All I need to do, to change the table.prefix is go into my config.file change the prefix and then proceed to your steps 1-5 and the table.prefix will be changed everywhere (plugins etc..)
And that’s it?
Dana Nourie
Sweet! This was great.
Matt Boden
You’ll still need to manually update the prefix on the options and usermeta tables.
Fahim
Should i run Sql for every table? i mean i have 15 table. or only change two tables you described will fix the problem.
WPBeginner Support
All tables. You would want to change table prefix from all your existing WordPress tables.
管理者
Alph
Hi guys,
Thanks for these instructions. They helped me resolve my uppercase issues.
As a beginner, some guidance as to the how to change the table names manually would have been appreciated. I would have felt more comfortable doing it that way.
Also, for a beginner like me, some instruction on how to make the changes in the Options and Usermeta tables would been helpful.
Thanks again. Could not have done it without you!
Chris A
Thanks for the instruction. I needed to remove an UPPER case letter from a prefix and this showed that exact records I needed to touch!
TIP: with phpMyAdmin you can check all records at the bottom and select ‘replace table prefix’ this will bring up a standard replace box with ‘from’ and ‘to’ values.
It will also save a lot of typing in step one – especially if it’s a large database.
Prabhakar
You made it !
Thanks
Igor
Hi guys,
when I made these changes it don’t give me to sign in as current user but it tells me to install wordpress again…
Igor
WPBeginner Support
This usually happens when the database you connected to is empty. Please recheck your database name.
管理者
Alan P
wp_termmeta is missing from the list of tables to rename.
WPBeginner Support
Thank you for notifying us. We have updated the article.
管理者
Rick
My SQl DB have no table prefix so got error sometimes on wordpress Wpconfig.php without $table_prefix = ”;.
how to add table prefix,
when i try to add in config file and rename all table with same prefix
and login in to wp got error “you don’t have permission to access”
Sameer Panda
Worked as a charm, thanks for sharing.
Dave van Hoorn
Update the SQL for renaming the prefixes please. WordPress adds the ‘wp_termmeta’ table now. It’s included in the SQL below.
RENAME table `wp_commentmeta` TO `wp_yoursitename_commentmeta`;
RENAME table `wp_comments` TO `wp_yoursitename_comments`;
RENAME table `wp_links` TO `wp_yoursitename_links`;
RENAME table `wp_options` TO `wp_yoursitename_options`;
RENAME table `wp_postmeta` TO `wp_yoursitename_postmeta`;
RENAME table `wp_posts` TO `wp_yoursitename_posts`;
RENAME table `wp_termmeta` TO `wp_yoursitename_termmeta`;
RENAME table `wp_terms` TO `wp_yoursitename_terms`;
RENAME table `wp_term_relationships` TO `wp_yoursitename_term_relationships`;
RENAME table `wp_term_taxonomy` TO `wp_yoursitename_term_taxonomy`;
RENAME table `wp_usermeta` TO `wp_yoursitename_usermeta`;
RENAME table `wp_users` TO `wp_yoursitename_users`;
Prabhudatta Sahoo
When I am renaming my tables in the database all the images in the gallery are going away, I do not understand the reason. Could anyone please help me fixing this issue?
Terry Thorson
This issue will occur if you do not update the serialized data strings (used for your gallery images) correctly in the database. A good way to do this is to use the plugin WP Migrate DB. There is an excellent tutorial for this on Lynda.com (although be sure to use the same prefix for your target database as your source database).
I learned this the hard way. Trying to start afresh, I discovered my backup was faulty as well. Luckily my webhost had an older backup I could use to restart my migration. WP Migrate DB did the trick.
Cameron Jones
I can’t find any fields in the _usermeta or _options tables that would require updating. Unless they are specifically referencing a table, they shouldn’t need to be updated. It’s a table prefix, not a variable prefix.
Cameron Jones
Actually, I stand corrected. There are a couple that will be part of a default WordPress install:
In prefix_options
prefix_user_roles
In prefix_usermeta
prefix_capabilities
prefix_user_level
prefix_dashboard_quick_press_last_post_id
prefix_user-settings
prefix_user-settings-time
You should be careful regarding updating any other fields. Plugins may either use the defined prefix or `wp_` as a prefix. Always make a backup and test on a dev or staging environment.
kapil
hi,
i have a query. assume that i have changed all my prefix from wp_something to some other name. these changes will be done to the existing fields in the database only. but wont the codes in my wordpress .php files remain the same??? so next time for any new user registration or some other registration, the entities will again be saved as wp_something as the main code in the .php files remains unchanged… ???
thanks….
tech
UPDATE `wp_a123456_options` SET `option_name`=REPLACE(`option_name`,’wp_’,’wp_a123456_’) WHERE `option_name` LIKE ‘%wp_%’;
UPDATE `wp_a123456_usermeta` SET `meta_key`=REPLACE(`meta_key`,’wp_’,’wp_a123456_’) WHERE `meta_key` LIKE ‘%wp_%’;
I do changes but after doing this i again run following query it shows prefix not changed
SELECT * FROM `wp_a123456_options` WHERE `option_name` LIKE ‘%wp_%’
Wiem
Thank you for the queries
Nathan WHite
This post and the responses to the comments leaves out a very important component. Does the table need to begin with wp_ ?
Coming upon another discussion in wordpress.org indicated that it indeed did not need to. It would have helped me if this question was answered by the moderator.
Also, dismissed_wp_pointers questions were not clearly answered. I changed mine.
Clare Wood
Hi guys,
I followed these steps, now when I try to see the back-end or front-end of my site I get this:
ERROR: $table_prefix in wp-config.php can only contain numbers, letters, and underscores.
I’m positive I only have lowercase letters and an underscore as my table prefix.
Any ideas? The site is on localhost.
Cheers.
Paul
Fantastic and logically prepared article on Wp security.
Thomas
Thanx a bunch! I tried to restore my old database, but to no avail. Then I figured out that my new database prefix was different from old. Made all that you recommended and vuala!
Divyesh
Thanks a Lot!!!
It worked like a charm
Nikhil
I am getting this error…….”You do not have sufficient permissions to access this page” after implementing above procedure…..how to solve it?????
Saz
These instructions have been followed but now role assignment for new users has disappeared…
Tom
Thanks for a great tips .
I have a question.
Do I need to change “wp_ ….” used in post_meta table as well?
johnny
or this plugin http://wordpress.org/plugins/db-prefix-change/
savagemike
For the wp_options and wp_usermeta tables, why not dump the database and use sed to replace “wp_” with the new prefix? Example:
sed -i ‘s/wp_/wp_1234/g’ > filename.sql
Then, simply import the modified dump. Easier and faster than changing cells one-by-one.
gcreator
Attacker can simple use ‘%wp_%’
I mean that is not fully secure at all…
because he knows the table names that wordpress generates he can simply use ‘_%users’ for wp_anything_users OR ‘_%posts’ for ‘wp_anything_posts’ ..etc…
Jim
gcreator…
For 99% of the attacks against WP databases, the skiddies are using pre-built tools and default settings. This gets you out of their crosshairs.
if you are under focused attack then yeah, simple obfuscation will only slow them down, not completely protect you.
javed
thanks a lot