The majority of reported WordPress database security attacks were performed by exploiting SQL Injection vulnerabilities. By renaming the WordPress database table prefixes you are increasing the security of your WordPress blog and website from zero day SQL injections attacks.
By default, during installation, WordPress creates the database with all of the tables prefixed with “wp_”. There are 11 tables created in the default installation procedure, and all of them will prefixed with wp_: The WordPress community is large enough to develop its own myths. One of them is about the database table prefix, the variable $table_prefix that you set in your wp-config.php. It goes like this:
If you Change the default prefix to something that is hard to guess. And you think that will protect your website against hacker.
Fine …Oh no…. That’s nonsense idea. Security theater. A waste of time. You know, Why?
The only situation in which someone could make use of the prefix is when hacker has access to your database. We are not talking about access to the file system – in that case the hacker could just read the wp-config.php.
Now let’s say someone has already an open connection to your database, and your prefix is not wp_. Now the hacker can just find all WordPress table prefixes with a simple query for existing known WordPress tables. Let’s take postmeta.
A query on information_schema.TABLES will now reveal all prefixes in use by the current database user:
SELECT DISTINCT SUBSTRING(`TABLE_NAME` FROM 1 FOR ( LENGTH(`TABLE_NAME`)-8 ) ) FROM information_schema.TABLES WHERE `TABLE_NAME` LIKE '%postmeta';
It doesn’t matter what the prefix is. mgat82g_0u6_dts_ is as safe as wp_. So why you thinking to change this prefix? Anyway, you can manually change your WordPress database table prefixes but that’s not an important issue for security.