Many developers suggest changing the prefix of WordPress tables to improve security. They believe that changing the default table prefix (wp_) of WordPress tables can make SQL injection difficult.
Changing the default table prefix is a waste of time
Personally, I don’t believe that changing the table prefix can improve security. If a hacker gains access to your database through SQL injection, the attacker essentially gains the same level of access to your database that your own WordPress website has. Thus the attacker can run the following code to find the prefix of your tables.
SELECT DISTINCT SUBSTRING(TABLE_NAME FROM 1 FOR ( LENGTH(TABLE_NAME)-5 ) ) FROM information_schema.TABLES WHERE TABLE_NAME LIKE '%posts';
This code will come up with the prefix of your WordPress posts table. You can try this code with a local WordPress installation.
SQL injection – What is it?
SQL Injection type of attack is when SQL commands are entered into a form field on your web page, which has not been properly filtered by the developer, resulting in access to the database.
Secure your site against SQL injection
Rather than changing the default table prefix, which is a complete waste of time, focus on these 12 ways to secure your WordPress site.