It might be easier and faster to just edit wp-config.php and change the table prefix there. Look for the line that starts $table_prefix=. AS to how that happened, check with your host and install a plugin like WordFence to scan your site for possible hacks.
Thread Starter
anonymized-14293447
(@anonymized-14293447)
sure my Wordfence is active but it didn’t detect anything suspicious… I shall look into config.php
Thread Starter
anonymized-14293447
(@anonymized-14293447)
I do have $table_prefix = 'WNnzqXKm_';
Can I just change it and it will apply, or what?
Then your site should be working. Is it?
Thread Starter
anonymized-14293447
(@anonymized-14293447)
the site works because the table prefix in config.php corresponds to the ones I can see in mySQL, but because the hacker has changed both.
How do I change that prefix? I guess I cannot just change that line, the database will break.
Hi @arsenalemusica
Sorry for the trouble. You should change the “wp-config.php” file permission to 644 or 640. Because if it’s already hacked when Wordfence couldn’t detect anything, it might be hacked sooner or later. So first change the file permission. If are not sure how to do this, you may follow this article.
Thread Starter
anonymized-14293447
(@anonymized-14293447)
ok, file permission changed, what next?
Thread Starter
anonymized-14293447
(@anonymized-14293447)
Could it be that this was created by myself? I just discovered that from my WHM > WordPressToolkit I have a security option to “change default database table prefix”, that says “this security measure changes the database table name prefix to something different than the default wp_ prefix”. It could be that I have checked that option at some point I don’t remember. I mean, I think it’s very hard to hack config.php if it’s outside public_html directory, and if the database prefix is consistent then maybe that new prefix WNnzqXKm_ was created by WPToolkit. It looks like a safely generated code, not like a hacked injection, doesn’t it?
