1. Change the database pre-fix in the configuration file.

While you’re adding in your MySQL database information in the wp-config.php file, why not take one more step to make it more difficult for hackers to screw with your site?

Look for the line of code that says, “$table_prefix = wp_’;”. Then, change the “wp” to something else. It can be a random selection of letters and numbers. For example, you could change it to “d83Vwp.”

When WordPress creates your database, it creates a bunch of tables with the “wp_” prefix. What you did with this step is change that so hackers won’t know what your database tables are called.

This step can also be used to install more than one WordPress website using the same MySQL database.

What if you already installed WordPress with the standard prefix?
You can still go in and change the prefix, but it is a tricky operation and you should backup your database before doing it. You really should know what you’re doing, or hire someone who does.

Delete the “admin” user

All WordPress websites start off with the administrative user being called “admin”. So, all a hacker has to do is guess what your password is! To prevent this from happening, create a new user with administrative level permissions, log in as that user and delete the “admin” user.