Last updated on April 21st, 2016 by Editorial Staff

Are you looking to do a mass search and replace in WordPress? Whether you want to find and replace a specific text, URL, or an image, you can easily do so by using a find and replace WordPress plugin or a simple SQL query. In this article, we will show you how to find and replace text in your WordPress database.

When You May Need Find & Replace for WordPress Database?

Let’s suppose that you have added specific text or URL to a number of your posts. You don’t know which posts you have added that text to, but you do know that there are a lot of them.

Now you can manually search your site and edit every single post one by one. That’s going to take time and has a high chance of you missing some occurrences.

Using a single command to automatically find and replace will do the same thing but much quicker and efficiently.

There is one downside to it though. If you made a mistake, then you will not be able to undo it. Once you replace the text, it is gone. You will need to carefully type the text you are looking for and the text you want to replace it with.

Having said that, let’s see how you can easily find and replace text in your WordPress database.

Getting Started

As we mentioned earlier that the changes you make to your database will not be reversible. You need to take every precaution to make sure that you don’t lose data.

First you need to create a WordPress database backup. You can do that by using a WordPress backup plugin. Alternatively, you can also create a database backup using phpMyAdmin.

After creating the backup of your WordPress database, you can move on to run your find and replace commands.

Running Find and Replace with a WordPress plugin

If you are not familiar with code and don’t want to write a custom SQL query, then there is an easy to use find and replace WordPress plugin called Better Search Replace.

It allows you to run search and replace commands from inside your WordPress admin area. We have a detailed guide on how to search and replace in WordPress with Better Search Replace plugin.

Running Find & Replace MySQL Query with phpMyAdmin

You can also use phpMyAdmin to find and replace text from your WordPress database.

First you need to login to cPanel dashboard of your WordPress hosting. Scroll down to the database section and then click on phpMyAdmin.

The screenshot above is showing the cPanel dashboard on BlueHost. Your cPanel dashboard may look slightly different.

This will launch phpMyAdmin where you will need to click on your WordPress database name and then click on SQL.

You will need to enter your SQL query in this format:

update TABLE_NAME set FIELD_NAME

replace(FIELD_NAME, 'Text to find', 'text to replace with');

For example, if you wanted to search for text in a WordPress post’s content, then you would write your query like this:

update wp_posts set post_content

replace(post_content,'Text to find','text to replace with');

Click on the ‘Go’ button to continue.

PhpMyAdmin will run your SQL query and upon success it will show the number of rows affected by the query.

You can now visit your WordPress site to see your changes in action.

We hope this article helped you learn how to find and replace text with one click in your WordPress database. You may also want to see our beginner’s guide on WordPress database management with phpMyAdmin.

The post How to find and replace text with one click in your WordPress database appeared first on CVTF Studios.net.

The post Fortinet SSH Backdoor Found In Firewalls appeared first on CVTF Studios.net.

Like most commands on Linux, SSH can be used with input/output redirection via |Unix Pipe. SSH can be used with this pipeline too. The basic concept here is understanding how the Unix pipeline works.
When you understand the way pipes work, you can get seriously creative. This article covers what happens when you combine Unix pipes and SSH. It should be noted that since Unix pipes can be just about anything, there are no doubt going to be commands not on this list would also be useful.

Understanding the Unix Pipeline

Pipes on Unix (and by extension, Linux) are used to chain programs together and make them work together. For example, using cat, you can show the contents of a file, but if you used a pipe, you could chain the cat command to the more command to make the file easier to read through.

cat file1 | more

The basic idea here is this: program1 fileX | program2. It’s not just limited to one file and two programs, though. Piping can get about as advanced as you need it to be with as many modifiers as you can think of.

Note: Some types of pipes can be done without using the |. Some may use > instead.

The post How to Use SSH Pipes on Linux appeared first on CVTF Studios.net.

The post WordPress 4.2.4 Security and Maintenance Release appeared first on CVTF Studios.net.

Few days ago, we ran into an issue where a user’s site got hacked and their admin account was deleted from the database. This locked them out of their site without any other entry. We went in to the phpMyAdmin and created a new admin user to grant them access. In this article, we will show you a step by step guide on how to create an admin user in WordPress Database via MySQL.

Note: You should always make a backup of your database before performing any MySQL edits. This tutorial requires basic understanding of how phpMyAdmin works.

First, you need to login to phpMyAdmin and locate your WordPress database.

Once inside phpMyAdmin;

Once you are in, we will be making changes to the wp_users and wp_usermeta tables. Lets go ahead and click on wp_users table.

phpMyAdmin wp_users table

We need to insert our new admin user’s information, so click on the Insert tab like it shows in the image above. In the insert form, add the following:

ID – pick a number (in our example, we will use the number 4).
user_login – insert the username you want to use to access the WordPress Dashboard.
user_pass – add a password for this username. Make sure to select MD5 in the functions menu (Refer to the screenshot below).
user_nicename – put a nickname or something else that you would like to refer yourself as.
user_email – add the email you want to associate with this account.
user_url – this would be the url to your website.
user_registered – select the date/time for when this user is registered.
user_status – set this to 0.
display_name – put the name you like to display for this user on the site (it can be your user_nicename value as well).
Click on the Go Button

The post Adding an Admin User to the WordPress Database via MySQL appeared first on CVTF Studios.net.

WordPress Security Alert – WP Super cache

Security firm Sucuri revealed on their blog this week that they had uncovered a persistent cross-site scripting vulnerability in the popular WordPress plugin WP Super Cache. The effects of this vulnerability can be severe as an attacker can potentially insert malicious code into WordPress pages without your knowledge. Anyone who has experienced this type of attack due to a plugin security flaw knows how difficult and time consuming remediation can be.

Cypress North

WP Super Cache is deployed across all of the WordPress sites we host in our data center, and for good reason. The excellent plugin dramatically boosts the performance of WordPress sites while simultaneously reducing load on the web servers. The code for this plugin is mature and stable, rarely requiring updates. That’s part of the reason why it’s trusted by over 7 million websites. It’s popularity makes this security flaw a big concern for site owners.

Cypress North

The update process is quick and easy so you should take the time to log in and click the update now link as soon as you’re able. If you’re fortunate enough to maintain your sites under a multi-site install you’ll be able to take care of this issue in one shot. Otherwise, like us, you’re stuck logging into each installation and manually updating each site like we spent all yesterday doing.

According to the blog post by Marc-Alexandre Montpas:

Using this vulnerability, an attacker using a carefully crafted query could insert malicious scripts to the plugin’s cached file listing page. As this page requires a valid nonce in order to be displayed, a successful exploitation would require the site’s administrator to have a look at that particular section, manually.

The nonce requirement lowers the odds of the backdoor taking effect since the cached page gets purged periodically, but still, better safe than sorry. The scale of the vulnerable sites makes exploitation an inevitable event. Do your part to protect the web and get updating.

The post WordPress Security Alert appeared first on CVTF Studios.net.

The post WordPress 4.0.1 Security Release appeared first on CVTF Studios.net.

WordPress Security Alert: New Zero-Day Vulnerability Discovered in TimThumb Script

Security vulnerabilities have plagued the TimThumb script for years. It is most commonly used in cropping, zooming and resizing images in WordPress themes. After the large scale attacks launched against the script a few years ago, one might think that theme and plugin developers would be less likely to continue building with it. However, this is not the case and many websites are again in danger, according to the exploit disclosure issued today.

TimThumb 2.8.13 has a vulnerability with its “Webshot” feature that, when enabled, allows attackers to execute commands on a remote website. At this time there is no patch. Security experts at Sucuri break down the threat as follows: “With a simple command, an attacker can create, remove and modify any files on your server.”

Although the Webshot feature should be disabled by default, Sucuri recommends that you check your timthumb file to make sure it’s disabled. Search for “WEBSHOT_ENABLED” and verify that it’s set to “false,” as shown below:

define (‘WEBSHOT_ENABLED’, false);

This vulnerability affects many WordPress themes, plugins, and third party components. According to the disclosure, all themes from Themify utilize this script, as well as several plugins, including WordPress Gallery Plugin and the IGIT Posts Slider Widget.

It’s important to recognize that your theme or plugin may also use this script, even if it’s not listed in the disclosure. If you’ve ever lost an entire weekend fixing client sites that fell victim to TimThumb exploits, then you know that disabling the WebShot option is probably a good idea. This is a simple thing that you can do now to prevent your sites from getting hacked.

Who is Sarah Gooding

Sarah Gooding is an Editorial Ninja at Audrey Capital. When not writing about WordPress, she enjoys baking, knitting, judging beer competitions and spending time with her Italian Greyhound.

The post New Zero-Day Vulnerability Discovered in TimThumb Script appeared first on CVTF Studios.net.

Upgrade to 3.8.14.4 of WP eCommerce immediately if you use this plugin. Please spread the word because with almost 3 million downloads this is a very popular plugin.

Details on our blog…

​

The post Web Security Issues appeared first on CVTF Studios.net.

With Chrome version 39 which is in the process of being released (see footnote), Google has started issuing warnings if a website is using a certificate that has a signature algorithm that uses the older and less secure SHA1.

To find out which signature algorithm your secure website is using, in Chrome click on the green lock in the location bar. Then click on ‘connection’, then click on ‘certificate information’. You should see something like the image below. Note the ‘Signature algorithm’ is SHA-256 which is one of the SHA2 hashing functions. If you see SHA-1, you need to immediately reissue your certificate using SHA-2 and install the new version.

So what does it look like in the new version of Chrome when you’re using SHA-1? This is taken from a well known website that has not upgraded yet. Notice the lock with the warning triangle in the location bar. This is the main indication for a site visitor that something is awry. If you then click on the lock it has a further warning with explanation.

If you do have a website that is using SHA-1, don’t panic. Just sign into GoDaddy or whoever your SSL issuer is. Then go to manage your certificates and they’ll have an option there to reissue your certificate. You’ll need to resubmit your certificate signing request (CSR) but you can just resubmit your old CSR and it will work fine.

Then make sure that you’ve selected SHA-2 or SHA-256 or another SHA-2 compatible function. Then reissue the certificate. In GoDaddy’s case it takes about a minute for them to approve your request. If you have an EV certificate it may take longer.

Please share this with other site administrators to make sure that their customers aren’t getting warnings when visiting those all-important secure pages.

Footnote: Chrome 39 has officially been pushed into the “Stable” channel which is the release channel. It will be pushed out via auto-update to millions of customers in the coming days. The demo above was done with Chrome 40 beta, but what the user sees is identical.

The post How to upgrade to SSL certificates from SHA1 to SHA2 appeared first on CVTF Studios.net.