Welcome to the Treehouse Community

The Treehouse Community is a meeting place for developers, designers, and programmers of all backgrounds and skill levels to get support. Collaborate here on code errors or bugs that you need feedback on, or asking for an extra set of eyes on your latest project. Join thousands of Treehouse students and alumni in the community today. (Note: Only Treehouse students can comment or ask questions, but non-students are welcome to browse our conversations.)

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and a supportive community. Start your free trial today.

WordPress Installing WordPress Locally Installing WordPress Locally The WordPress Setup Wizard

Changing the WP table prefix does nothing for security?

Here's an interesting article that says changing the WP table prefix does nothing for security. I'm not sure if it still applies today as the post is from 2016.

https://www.wordfence.com/blog/2016/12/wordpress-table-prefix/

The basic idea is that hackers can use a simple SQL query to find the table prefix anyway after the injection attack anyway. Is the article accurate?

1 Answer

The only thing it could protect against is if there is a weak setup already and it's an automated script checking against the wp_ prefix and it doesn't run any SQL to check what the prefix is.