May 24, 2018 by Paul G. | Ask Paulie Anything

Will Shield support renaming WordPress DB Prefix? [Ask Paulie Anything #8]

Shield Logo

The main topic we’re going to discuss in this Episode 8 of Ask Paulie Anything, something you’ve probably heard of but you still don’t know much about, is “Renaming WordPress Database Prefix in the matter of security”.

I’m also going to answer the following questions:

  • What is the WordPress Database Prefix?
  • Is renaming the WordPress Database Prefix good security practice?
  • Will Shield support renaming the WordPress Database Prefix?
  • Does changing WordPress Database Prefix increase your security?
  • Does Shield modify core WordPress files? Is that a good practice?

[0:26] – What Is The WordPress Database Prefix?

What I’m referring to is, there is the setting within the WordPress config file referring to the prefix that the database tables should use when WordPress creates tables. There are a lot of reasons for having this, but basically, all WordPress tables in the WordPress Database are prefixed with this set of letters.

This helps separate those tables as belonging to a particular WordPress installation.

There has been a lot of talk, for a long time, about renaming the prefix from the default which is wp_ as a security measure.

[1:00] – Is Renaming The Prefix Good Security Practice?

There are still plugins, and many people who like to think that renaming the db prefix is good security practice. But, there’s nothing secure about renaming the WordPress prefix. Nothing.

Because, if someone’s already attacked your website and gained the access, a very simple SQL query will that tell them what your Prefix is.

Once they’re inside, they’ll know what the prefix is. So, there’s no point changing it.

The point is:

Changing your WordPress Database Prefix does nothing to secure your website whatsoever.

[1:31] – Will Shield Support Renaming The WordPress Database Prefix?

Shield will not be including renaming the WordPress database Prefix functionality because there’s absolutely no reason to do so.

But isn’t it a little bit like “security through obscurity”?

Yes, but that’s not really security.

“Security through obscurity” helps to slow things down and just makes things a little bit more frustrating for the attacker.

It doesn’t secure your website and should not be relied upon as a security mechanism.

Does changing WordPress Database Prefix increase your security?

No, it doesn’t.

In fact, it’ll likely cause you problems, especially if it’s done via a WordPress plugin because the plugin needs the WordPress to load.

If the WordPress plugin is, in a given page load,

  • attempting to rename the prefix
  • change your WordPress config file
  • rename on your tables

and it runs into any sort of trouble whatsoever, your website is likely going to be “toasted” (unless you know what you’re doing to revert it).

That gets me back to another point.

[2:23] – Does Shield Modify Core WordPress Files? Is That A Good Practice?

From the moment we’ve released Shield Security, our main principle was to never modify any core files, or any core WordPress hosting files. That includes the .htaccess and wp-config files.

Because, as I said, for WordPress plugins to change those, they require a valid WordPress load to work.

If there’re changes in the .htaccess or in the wp-config file that breaks your WordPress, the security plugin, can’t then revert those changes itself. It can’t fix any mistakes that are made, because WordPress itself can’t load.

Shield does not modify any WordPress core files and it certainly does not add or modify the php.ini files, which some security plugins do.

Generally, there are far too many WordPress plugins, especially security plugins, that leave their crap lying around your website when you uninstall and remove the plugin.

Shield doesn’t do any of that.

So, back to the point:

Be careful when you hear what people’re say is good security practice.

Just because 1 plugin does 1 thing, it doesn’t mean that:

a) it’s good security practice; and

b) that all other security plugins (including Shield) should have to do that to make it a good security plugin.

We choose our functionality very carefully.

Thank You! Comments, Questions?

If you have any questions about this topic, feel free to leave a comment somewhere below the video – wherever you’re watching it. 🙂

If you have your own question, feel free to use the link below.

Ask Your Own Question Here.

And, of course, you’re always welcome to “Like” or share this video on Facebook, or, if you want to know what next helpful videos we’re preparing for you, subscribe to our YouTube channel. 🙂

Hello dear reader!

If you want to level-up your WordPress security with ShieldPRO, click to get started today. (risk-free, with our no-quibble 14-day satisfaction promise!)

You'll get all PRO features, including AI Malware Scanning, WP Config File Protection, Plugin and Theme File Guard, import/export, exclusive customer support, and much, much more.

We'd be honoured to have you as a member, and look forward to serving you during your journey towards powerful, WordPress security.

Try ShieldPRO Today →

ShieldPRO Testimonials
@birdev's Gravatar @birdev

Great support

As a free user, when I encountered a bug with this plugin, I did not have much hope of getting support for it. I nevertheless reported it to the One Dollar Plugin team. To my amazement, I heard back from them within days, and they released a new version of…

@4system's Gravatar @4system

Vielen Dank für dieses hervorragende Plugin

Ich bin sehr zufrieden mit dem Plugin und den vielen Einstellungsmöglichkeiten, mit denen man sich sehr wirkungsvoll vor Angriffen schützen kann.

@kstidham's Gravatar @kstidham

Shield delivers

We used several other security related plugins early on. Shield is perfect for us and our go to plugin for security and has been for 4 or 5 years. It does what it is intended to do and I can always find support from them or peers anytime I have…

@snowme's Gravatar @snowme

Great Plugin and Even Better Support

I had an issue getting the Rename Login setting to work. I posted to their support forums and got immediate and constant responses. They even provided an updated version of the plugin to help with my troubleshooting. In the end it turned out to be an issue with my Apache…

Leave a Comment

Your email address will not be published. Required fields are marked *

Main Sections
Click to access the login or register cheese