Well, it turns out that the majority of exploits we've seen against WordPress-based web sites (this one and those for clients) have a very simple signature — they attempt SQL injection attacks with the assumption that the table prefix is set to "wp_." So why not just change the prefix?
Now this is nothing new, and other people have written it up or made plugins. But they require that one make the changes manually and/or live. Our version does the following in 2 easy steps with a button-click for each —
1. Creates a duplicate set of tables with the same structure/schema.
1a. Copies a coherent version of the old tables to the new tables.
1b. Makes a few changes to the data in the new tables with regard to the new table names.
(all the while showing all executed queries to keep you informed).
2. Swaps to the newly-created set of tables.
To be added in a future version — Lock tables to prevent any (obscure) race-conditions during step 1.
It should not result in any problems; but if it does blow up for whatever reason, your old tables are still there as they were. And that's a good thing.
0. Install and activate plugin.
1. Make a backup of everything (just in case).
2. Click "Generate New Tables."
3. Click "Change $table_prefix," and follow directions to manually modify wp-config.php if applicable.