Top Nav

Archive | WordPress

Find TimThumb Versions

Versions of the TimThumb script prior to 1.34 have a serious security vulnerability. Here’s a one liner to find the versions of all TimThumb installs on a server:


Discourage HTTPS On WordPress

Recently we had a WordPress site where that used HTTPS (SSL) on the login/admin areas. But we wanted to discourage HTTPS for non-admin URL. Here are the rewrite rules that ended up using in a .htaccess file:


Find All WordPress Instances On A Server

Here’s a handy one-liner to find all instances of WordPress on a server as well as their version numbers:

This is not original, I found it here.


WordPress URL Rewrites On Plesk 10 Windows

We needed to get URL rewrites working on a Plesk 10 Windows server for a client wanting friendly URLs in WordPress. Turned out to be pretty easy ….

1. Make sure the Microsoft IIS URL Rewrite 2 extension is installed. You can find it here:

2. Create a web.config file in the folder where you have WordPress installed with the following:


WordPress Development Sites

Had a conversation with a client yesterday about how best to develop a new WordPress stie before the domain name was pointing to the server. This might be the case if you’re building a new site while the domain is still pointing to the old site.

If the new site has to be publicly available then the only real solution is to develop on a subdomain or alternate domain. So in Plesk or CPanel create the target domain like “”. Then create an alias domain like “” or “”. Now you’ll install wordpress and do the development on the alias domain. When you’re ready to go live you can point the final name in DNS to the new server.

But there’s are several possible issues that you’ll see when you go live:

  1. WordPress stores the domain name of the site at installation in the wp_options table under the “home” and “siteurl” keys. You’ll need to update these rows to the new domain.
  2. Sometimes a theme will contain an absolute url reference. This should not be the case but sometimes mistakes happen when your building a custom theme. So make sure you search/replace the theme folders for the new name.
  3. WordPress may contain domain name references embedded in the database. I usually do a two multi step process where I
    1. dump the entire database to a sql file
    2. Plus I dump the wp_options table to another sql file
    3. Then I search/replace the new domain into the full dump and load it to the server.
    4. finally I manually edit the wp_options dump to fix url references and load it to the database

Why the multi-step process to fix up the database? WordPress widgets like to store serialzed PHP strings to the wp_options table. These strings can not be changed with a simple search and replace because the include string length information. So to when I manually fix the wp_options dump file, I have to adjust the string lengths in addition to the domain names. Overall this is a real pain is there are many widgets.  So far I don’t know a good work around for these issues.

If the new development site does not need to be public then a much easier solution is to use a hosts file on your workstation. Start by creating the domain in Plesk or Cpanel. Note the IP address assigned to the site.

Now following the instructions in the articles here:

RP Knowledgebase Migration Category

Add a hosts file entry mapping the domain name to the assigned IP address similar to this:

Now your web browser will go to the new site instead of the old site. You can install WordPress and do your development on “” and you don’t need to worry about changing anything when the site goes live.

There is just one catch, if you want to install plugins or updates from within WordPress then you’ll need to edit the wp-config.php file and add the following line:

This change gives WordPress and explicit address for it’s FTP connection instead of using DNS so it will be able to install upgrades.