Last updated on April 21st, 2016 by Editorial Staff

Are you looking to do a mass search and replace in WordPress? Whether you want to find and replace a specific text, URL, or an image, you can easily do so by using a find and replace WordPress plugin or a simple SQL query. In this article, we will show you how to find and replace text in your WordPress database.

When You May Need Find & Replace for WordPress Database?

Let’s suppose that you have added specific text or URL to a number of your posts. You don’t know which posts you have added that text to, but you do know that there are a lot of them.

Now you can manually search your site and edit every single post one by one. That’s going to take time and has a high chance of you missing some occurrences.

Using a single command to automatically find and replace will do the same thing but much quicker and efficiently.

There is one downside to it though. If you made a mistake, then you will not be able to undo it. Once you replace the text, it is gone. You will need to carefully type the text you are looking for and the text you want to replace it with.

Having said that, let’s see how you can easily find and replace text in your WordPress database.

Getting Started

As we mentioned earlier that the changes you make to your database will not be reversible. You need to take every precaution to make sure that you don’t lose data.

First you need to create a WordPress database backup. You can do that by using a WordPress backup plugin. Alternatively, you can also create a database backup using phpMyAdmin.

After creating the backup of your WordPress database, you can move on to run your find and replace commands.

Running Find and Replace with a WordPress plugin

If you are not familiar with code and don’t want to write a custom SQL query, then there is an easy to use find and replace WordPress plugin called Better Search Replace.

It allows you to run search and replace commands from inside your WordPress admin area. We have a detailed guide on how to search and replace in WordPress with Better Search Replace plugin.

Running Find & Replace MySQL Query with phpMyAdmin

You can also use phpMyAdmin to find and replace text from your WordPress database.

First you need to login to cPanel dashboard of your WordPress hosting. Scroll down to the database section and then click on phpMyAdmin.

The screenshot above is showing the cPanel dashboard on BlueHost. Your cPanel dashboard may look slightly different.

This will launch phpMyAdmin where you will need to click on your WordPress database name and then click on SQL.

You will need to enter your SQL query in this format:

update TABLE_NAME set FIELD_NAME

replace(FIELD_NAME, 'Text to find', 'text to replace with');

For example, if you wanted to search for text in a WordPress post’s content, then you would write your query like this:

update wp_posts set post_content

replace(post_content,'Text to find','text to replace with');

Click on the ‘Go’ button to continue.

PhpMyAdmin will run your SQL query and upon success it will show the number of rows affected by the query.

You can now visit your WordPress site to see your changes in action.

We hope this article helped you learn how to find and replace text with one click in your WordPress database. You may also want to see our beginner’s guide on WordPress database management with phpMyAdmin.

The post How to find and replace text with one click in your WordPress database appeared first on CVTF Studios.net.

The post Fortinet SSH Backdoor Found In Firewalls appeared first on CVTF Studios.net.

Like most commands on Linux, SSH can be used with input/output redirection via |Unix Pipe. SSH can be used with this pipeline too. The basic concept here is understanding how the Unix pipeline works.
When you understand the way pipes work, you can get seriously creative. This article covers what happens when you combine Unix pipes and SSH. It should be noted that since Unix pipes can be just about anything, there are no doubt going to be commands not on this list would also be useful.

Understanding the Unix Pipeline

Pipes on Unix (and by extension, Linux) are used to chain programs together and make them work together. For example, using cat, you can show the contents of a file, but if you used a pipe, you could chain the cat command to the more command to make the file easier to read through.

cat file1 | more

The basic idea here is this: program1 fileX | program2. It’s not just limited to one file and two programs, though. Piping can get about as advanced as you need it to be with as many modifiers as you can think of.

Note: Some types of pipes can be done without using the |. Some may use > instead.

The post How to Use SSH Pipes on Linux appeared first on CVTF Studios.net.

The post WordPress 4.2.4 Security and Maintenance Release appeared first on CVTF Studios.net.

Few days ago, we ran into an issue where a user’s site got hacked and their admin account was deleted from the database. This locked them out of their site without any other entry. We went in to the phpMyAdmin and created a new admin user to grant them access. In this article, we will show you a step by step guide on how to create an admin user in WordPress Database via MySQL.

Note: You should always make a backup of your database before performing any MySQL edits. This tutorial requires basic understanding of how phpMyAdmin works.

First, you need to login to phpMyAdmin and locate your WordPress database.

Once inside phpMyAdmin;

Once you are in, we will be making changes to the wp_users and wp_usermeta tables. Lets go ahead and click on wp_users table.

phpMyAdmin wp_users table

We need to insert our new admin user’s information, so click on the Insert tab like it shows in the image above. In the insert form, add the following:

ID – pick a number (in our example, we will use the number 4).
user_login – insert the username you want to use to access the WordPress Dashboard.
user_pass – add a password for this username. Make sure to select MD5 in the functions menu (Refer to the screenshot below).
user_nicename – put a nickname or something else that you would like to refer yourself as.
user_email – add the email you want to associate with this account.
user_url – this would be the url to your website.
user_registered – select the date/time for when this user is registered.
user_status – set this to 0.
display_name – put the name you like to display for this user on the site (it can be your user_nicename value as well).
Click on the Go Button

The post Adding an Admin User to the WordPress Database via MySQL appeared first on CVTF Studios.net.

Posted May 7, 2015 by Samuel Sidler. Filed under Releases, Security.

The post WordPress 4.2.2 Security and Maintenance Release appeared first on CVTF Studios.net.

This morning we reported on an XSS vulnerability in WordPress 4.2, 4.1.2, 4.1.1, and 3.9.3, which allows an attacker to compromise a site via its comments. The security team quickly patched the vulnerability and released 4.2.1 within hours of being notified.

WordPress’ official statement on the security issue:

The WordPress team was made aware of a XSS issue a few hours ago that we will release an update for shortly. It is a core issue, but the number of sites vulnerable is much smaller than you may think because the vast majority of WordPress-powered sites run Akismet, which blocks this attack. When the fix is tested and ready in the coming hours WordPress users will receive an auto-update and should be safe and protected even if they don’t use Akismet.

That auto-update is now being rolled out to sites where updates have not been disabled. If you are unsure of whether or not your site can perform automatic background updates, Gary Pendergast linked to the Background Update Tester plugin in the security release. This is a core-supported plugin that will check your site for background update compatibility and explain any issues.

Since Akismet is active on more than a million websites, the number of affected users that were not protected is much smaller than it might have been otherwise.

WordPress 4.2.1 is a critical security release for a widely publicized vulnerability that you do not want to ignore. Users are advised to update immediately. The background update may already have hit your site. If not, you can update manually by navigating to Dashboard → Updates.

The post WordPress 4.2.1 released new patch appeared first on CVTF Studios.net.

WordPress Security Alert – WP Super cache

Security firm Sucuri revealed on their blog this week that they had uncovered a persistent cross-site scripting vulnerability in the popular WordPress plugin WP Super Cache. The effects of this vulnerability can be severe as an attacker can potentially insert malicious code into WordPress pages without your knowledge. Anyone who has experienced this type of attack due to a plugin security flaw knows how difficult and time consuming remediation can be.

Cypress North

WP Super Cache is deployed across all of the WordPress sites we host in our data center, and for good reason. The excellent plugin dramatically boosts the performance of WordPress sites while simultaneously reducing load on the web servers. The code for this plugin is mature and stable, rarely requiring updates. That’s part of the reason why it’s trusted by over 7 million websites. It’s popularity makes this security flaw a big concern for site owners.

Cypress North

The update process is quick and easy so you should take the time to log in and click the update now link as soon as you’re able. If you’re fortunate enough to maintain your sites under a multi-site install you’ll be able to take care of this issue in one shot. Otherwise, like us, you’re stuck logging into each installation and manually updating each site like we spent all yesterday doing.

According to the blog post by Marc-Alexandre Montpas:

Using this vulnerability, an attacker using a carefully crafted query could insert malicious scripts to the plugin’s cached file listing page. As this page requires a valid nonce in order to be displayed, a successful exploitation would require the site’s administrator to have a look at that particular section, manually.

The nonce requirement lowers the odds of the backdoor taking effect since the cached page gets purged periodically, but still, better safe than sorry. The scale of the vulnerable sites makes exploitation an inevitable event. Do your part to protect the web and get updating.

The post WordPress Security Alert appeared first on CVTF Studios.net.

The post WordPress 4.0.1 Security Release appeared first on CVTF Studios.net.

WordPress Security Alert: New Zero-Day Vulnerability Discovered in TimThumb Script

Security vulnerabilities have plagued the TimThumb script for years. It is most commonly used in cropping, zooming and resizing images in WordPress themes. After the large scale attacks launched against the script a few years ago, one might think that theme and plugin developers would be less likely to continue building with it. However, this is not the case and many websites are again in danger, according to the exploit disclosure issued today.

TimThumb 2.8.13 has a vulnerability with its “Webshot” feature that, when enabled, allows attackers to execute commands on a remote website. At this time there is no patch. Security experts at Sucuri break down the threat as follows: “With a simple command, an attacker can create, remove and modify any files on your server.”

Although the Webshot feature should be disabled by default, Sucuri recommends that you check your timthumb file to make sure it’s disabled. Search for “WEBSHOT_ENABLED” and verify that it’s set to “false,” as shown below:

define (‘WEBSHOT_ENABLED’, false);

This vulnerability affects many WordPress themes, plugins, and third party components. According to the disclosure, all themes from Themify utilize this script, as well as several plugins, including WordPress Gallery Plugin and the IGIT Posts Slider Widget.

It’s important to recognize that your theme or plugin may also use this script, even if it’s not listed in the disclosure. If you’ve ever lost an entire weekend fixing client sites that fell victim to TimThumb exploits, then you know that disabling the WebShot option is probably a good idea. This is a simple thing that you can do now to prevent your sites from getting hacked.

Who is Sarah Gooding

Sarah Gooding is an Editorial Ninja at Audrey Capital. When not writing about WordPress, she enjoys baking, knitting, judging beer competitions and spending time with her Italian Greyhound.

The post New Zero-Day Vulnerability Discovered in TimThumb Script appeared first on CVTF Studios.net.