Make WordPress Core

#47512 closed enhancement (wontfix)

Added default unique prefix to database

Reported by: jweston Owned by:
Milestone: Priority: normal
Severity: trivial Version:
Component: Security Keywords: close
Focuses: Cc:


Used 'uniqid()` in "setup-config.php" to generate a unique wp_ prefix in the installation. This is only affecting the default setup form, so I don't believe this should have a major effect on any other functionality.

Attachments (2)

#47512.diff (1.0 KB) - added by jweston 22 months ago.
#47512.2.diff (1.1 KB) - added by jweston 22 months ago.
Made modification more in line with WP coding standards

Download all attachments as: .zip

Change History (6)

22 months ago

22 months ago

Made modification more in line with WP coding standards

#1 @anonymized_6443559
22 months ago

I have to ask...why?

You listed the component as "security" but this would have no impact on security. The prefix is not secret and can be found out. In fact as far as I know the only reason they have a customizable prefix is to allow running multiple WordPress installs from one database.

All that to say I would not expect this to be added.

#2 @Presskopp
22 months ago

  • Keywords close added

This is no security improvement, see for example


#3 @jweston
22 months ago

Thanks for the WordFence article, looks like I misunderstood the purpose of unique prefixes. Would resolving this as "invalid" be the correct way to close this ticket?

Last edited 22 months ago by jweston (previous) (diff)

#4 @johnbillion
22 months ago

  • Milestone Awaiting Review deleted
  • Resolution set to wontfix
  • Status changed from new to closed
  • Version trunk deleted

I'm surprised that Wordfence article glosses over blind SQL injection, because that's the main reason for advocating for changing the table prefix (other than its intended use of supporting multiple sites in one database).

That said, the general consensus is that this is security by obscurity and doesn't offer much real world protection.

Thanks anyway for the suggestion @jweston!

Note: See TracTickets for help on using tickets.