The typical scenario of any software project is “get it working first, we’ll secure it later”. This is particularly true of Web packages, since it’s not easy in advance to know all of the possible issues you may run into across all of the possible server instances that exist. WordPress has now become enough established that the idea of “hardening” it against attack is starting to become a major focus. One of the easiest ways to start doing this is to eliminate the known database table structure, so it’s harder for hackers to try to inject password searches or other methods of gaining higher privileges on your server or WordPress. In my tutorial on setting up WordPress I try to stress that you should always change the generic database prefix “wp_” to something completely random to help accomplish this. Unfortunately many people missed this step, or set up their WordPress using an installer program that does not allow this change.
All is not lost though. I have recently discovered a plugin that might help. The folks over at BlogSecurity.net have developed a plugin for WordPress that is designed to alter this prefix. WP Prefix Table Changer gets activated like a regular plugin but will alter things so that you have this vulnerability fixed.
This is a very minor thing to do, but every little security step you can take enhances your overall stability and makes you less of a target.