We have been talking about strategies for securing your WordPress blog from possible intruders trying to access your files. In case you missed them, here are the first two posts in this series:

• Post 1 (showcasing a great security plugin)
• Post 2 (How To Change Your Username)

Of course nothing is full-proof; all you can do is make things difficult for someone with ill intentions. The idea though is to create multiple layers of road blocks and speed bumps which will make hacking your system a pain which hopefully encourages them to move on rather than spending all day on your site.

Today I’d like to show you how to customize your database some which WordPress uses for its files. This is known as security through obscurity. It’s one of those “speed bumps” as opposed to a “road block”, I guess.

By default, when you install WordPress it creates a list of tables in your database which store such things as your posts, account users, information for plugins, etc. The default table prefix is wp_ which is easily identifiable to a would-be intruder. But what if you changed your prefix to zzyy_?

The intruder would have no idea what zzyy_ was.

So with that in mind, let’s walk through changing your WordPress database’s default table prefixes together. In my last post, a few of you mentioned how working with your database was a scary thing - and you’re right! It is.

Here’s my suggestion. If you know how, create a new install of WordPress on your account which uses its own database. Then write one or two dummy posts and follow along with this tutorial. As with the last post in this series, you can open a demo eVentureBiz web hosting account for practice and follow along in real time.

Using the Ilfilosofo WordPress Database Backup Plugin (or your back up plugin of choice) you can easily back up your database.

At this point you should have a zip file downloaded. This is your database. First make a copy of the file and then unzip one of them so you can edit the text file.

If you’re using Windows, just use WordPad to open the file (right click on the text file, choose Open With, and choose WordPad). For some reason, Microsoft Word wasn’t working right for me. If you’re using a Mac, I’m sure any text editor will do so long as it has a find and replace function.

Now that your text file is open, find all the wp_ references and replace it with your new prefix. In this example, we are using zzyy_ to replace wp_. Once replaced all, save and close.

Ok, the easy part is done. Now the scary part - editing your database. Again, remember you can test this on a test blog first.

4a) Log into your web hosting control panel and navigate to and click on the MySQL Databases Icon.

4b) Click the database your WordPress files are on and open it, then login to your database. In this example we are using phpMyAdmin as that’s what comes with eVentureBiz web hosting accounts.

4c) Open your database by clicking Databases.

4d) Click on the database again that WordPress is using.

5a) Click Check All to select all your database tables and then choose the Drop selection from the drop down box. After you select drop it will ask you if you’re sure. Say Yes.

6a) Click on the SQL tab at the top.

6b) Click Browse and navigate to the folder on your computer where you edited and saved your database file you downloaded, then upload it. Click on Go once you’ve browsed and are pointing to the file.

Once uploaded, you should see a message saying that your SQL query has been executed successfully; let’s check for ourselves. Click on Structure to verify your files have been uploaded ok.

If however you get an error message, go back to the Browse button and upload your back up copy of your original database. This should put everything back as it was.

If all went well, you should now see your new tables with the new prefix, zzyy_

Ok, we’re almost done. One more step to complete.

Now you need to edit your wp-config.php file and tell WordPress about the new changes in your database.

8a) Open your File Manager within your web hosting control panel and browse to the directory your WordPress installation is in and find the file wp-config.php. If you’re using eVentureBiz web hosting, you can edit this file as shown in the picture below.

If you host with another company, there should be a way for you to edit this file right from your hosting account. Otherwise, download it using FTP, edit it, and then upload it back.

8b) Find this line:

$table_prefix = ‘wp_’; // Only numbers, letters, and underscores please!

and replace the wp_ with your new zzyy_ table prefix (or whatever prefix you used).

$table_prefix = ‘zzyy_’; // Only numbers, letters, and underscores please!

Phew, John wipes the sweat from his forehead, it’s done. That stung a little but now we’re just one more step ahead in being protected.

I suggest for your prefix of choice, treat it like a password. Instead of zzyy_, try mixing numbers and letters (not too long). Maybe something like ToV42_ or something.

I know it sucks, but I should again add that these tutorials are given with you understanding this blog’s disclaimer.

If this post stung a little never fear, Friday I have a great suggestion for you to help better protect your blog which is both powerful and easy to do. So make sure you’re signed up for blog updates, click here to subscribe by either email or RSS. I only bite on Thursdays, after lunch.