The database table prefix is not a security feature
February 3, 2015There’s a common believe that changing the wp_ prefix of your WordPress database tables will protect your website. Turns out that’s just a myth.
The WordPress community is large enough to develop its own myths. One of them is about the database table prefix, the variable $table_prefix that you set in your wp-config.php. It goes like this:
“Change the default prefix to something that is hard to guess. That will protect your website against attackers.”
Well … no. That’s nonsense. Security theater. A waste of time.
Thomas Scholz further explains why in this article.