One place for hosting & domains


      How to Fix WordPress Error 404 Not Found

      You’ve likely seen the “Page Not Found” error before. Unfortunately, if you operate a website of any sort (WordPress or not), the day will probably come when you see the message on one of your own pages.

      Fortunately, like many common WordPress errors, 404s are relatively easy to troubleshoot and fix. The solution usually involves restoring your site’s permalink structure — something you can do in just a few minutes.

      In this article, we’ll explain just what a 404 error is and what can cause one on your site. Then we’ll walk you through how to fix it in four simple steps. Let’s get started!

      An Overview of the WordPress 404 Error

      A 404 error, also known as a “Page Not Found” error, indicates that your browser can’t locate the page you’re trying to access. The exact message can look a bit different depending on the browser you’re using, but it will generally always contain either the “404” code or a “page not found” message of some kind.

      Websites can also create their own custom 404 pages.

      A custom 404 error page.

      Seeing this notification (or any other error message) when you’re trying to access your site can be frustrating. While there is a chance that your post has actually gone missing, the vast majority of the time, there’s a more benign cause.

      Some common reasons that WordPress posts might return 404 errors include:

      • A mistyped URL. It could simply be attributed to a typo in the URL. This is the most common cause.
      • An issue with your Domain Name System (DNS) settings. If you’ve recently updated any of your DNS information and you’re seeing this error, it could be because the changes haven’t propagated fully. It can take up to 48 hours for this process to complete.
      • Problems with the permalink structure of your site. Permalink problems can be caused by a missing, broken, or corrupted .htaccess file. Compatibility issues with WordPress components such as plugins and themes could also be the culprit.

      Regardless of the cause, this error prevents access to your site, so it needs to be resolved as quickly as possible. We’ll look at troubleshooting and resolving the problem shortly.

      Skip the Stress

      Avoid troubleshooting when you sign up for DreamPress. Our friendly WordPress experts are available 24/7 to help solve website problems — big or small.

      Why 404 Errors Matter

      404 errors pose several problems for a website, beyond simply preventing you from accessing pages. First, they create a poor User Experience (UX).

      If there are many of these errors on your site, and they aren’t resolved quickly, they could eventually turn users away. In the worst-case scenario, those visitors could land on a competing website instead, costing you business.

      404 errors can also hurt your Search Engine Optimization (SEO). Search engine crawlers won’t index a page that returns a 404 because they think it doesn’t exist.

      What to Do Before Troubleshooting the WordPress 404 Error

      Before changing your permalink settings or .htaccess file, it’s a smart idea to create a backup of your website and database. This way, if you accidentally make something worse, you can easily restore your site to a functioning state.

      If your website is hosted with DreamPress, backups couldn’t be easier. DreamPress automatically backs up your entire site every day, so you always have a fresh copy to access. You can also create a manual backup with just a few clicks.

      How to Fix WordPress Posts Returning 404 Error (In 4 Steps)

      With a fresh backup of your site in hand, it’s time to get to work. You’ll want to follow these steps in order and check if the error has been resolved after each one.

      Step 1: Reset Your WordPress Permalinks

      The first step to try is resetting your permalinks. Head to your WordPress dashboard and navigate to Settings > Permalinks.

      The WordPress Permalink Settings page.

      From here, just click on Save Changes. That’s right — you don’t actually need to edit anything. Clicking that button will update the permalink settings even if you don’t make any changes. This is important because it also refreshes the rewrite rules used for “pretty permalinks.”

      With this done, go ahead and reload the pages you were trying to access. If everything works, you’re all done. If you still get a 404 error, head to the next step.

      Step 2: Restore Your .htaccess File

      If resetting your permalinks didn’t work, the next strategy is restoring your .htaccess file. This controls how WordPress interacts with the server and how it generates permalinks for your pages. Restoring it to the default settings can fix sudden 404 errors.

      To restore the .htaccess file, you’ll first need a way to access it. If you’re using DreamPress hosting, you can use the built-in file manager found in the DreamHost control panel. Most other web hosts offer a similar feature, or you can use a Secure File Transfer Protocol (SFTP) client such as FileZilla. We have detailed instructions for connecting via SFTP if you need help.

      For this example, we’ll use the DreamHost file manager. Head to your DreamHost panel and navigate to WordPress > Managed WordPress in the sidebar.

      The DreamPress domain settings page.

      Find the domain you’re having trouble with and click on the blue Manage button. On the next page, make sure the Details tab is selected at the top, and then click on Manage Files.

      The DreamHost file manager.

      This will open the file manager in a new tab. Locate and click on the folder that corresponds to your domain name. You’ll find the .htaccess file in this directory (it’s the same one that contains items such as wp-content).

      The location of the .htaccess file in the WordPress root folder.

      Next, click on the file name and select Edit from the list of options. You can copy the current contents of the file and paste them somewhere for safekeeping. For now, you’ll want to replace the contents with the following:

      # BEGIN WordPress
      <IfModule mod_rewrite.c>
      RewriteEngine On
      RewriteBase /
      RewriteRule ^index.php$ - [L]
      RewriteCond %{REQUEST_FILENAME} !-f
      RewriteCond %{REQUEST_FILENAME} !-d
      RewriteRule . /index.php [L]
      # END WordPress

      This is the default .htaccess file for WordPress. When you’ve pasted this in, go ahead and save the file.

      Restoring this file will also reset the permalink settings for your WordPress site. Therefore, if you’re using a custom permalink structure (or have changed it at all from the default), you’ll need to restore that setting too.

      To do so, head back to your WordPress dashboard and navigate to Settings > Permalinks (just like Step 1 above). You can change it to whatever you were using before and then save it.

      Finally, refresh your website and attempt to load the pages that were returning 404 errors. If everything works now, congratulations! If not, proceed to the next step.

      Step 3: Disable All of Your WordPress Plugins and Theme

      If you’ve reset your permalinks and .htaccess file, but you’re still seeing 404 errors on your site, the next step is to check your plugins and theme. Plugins, in particular, can sometimes have bugs or compatibility issues that prevent a site from loading.

      Let’s start there. The basic idea is to disable them one by one and then check your website. If the error persists, turn it back on and move to the next one.

      To get started, head to your WordPress dashboard and navigate to Plugins > Installed Plugins.

      The ‘deactivate’ button on the WordPress plugin settings page.

      Locate and click on the Deactivate button below the first plugin. You can see that active plugins are shaded blue, while those that are off are white (as you can see with Akismet in the screenshot above). Now, refresh your site and see if the 404 error is still occurring.

      If you get the error message, head back to the plugins screen, re-activate the plugin you just tried, and move to the next one in the list. If you find one that resolves the issue, you can check for updates that may resolve the problem or find an alternative with similar functionality.

      If none of the plugins prove to be the issue, it’s time to try changing your theme. Head to Appearance > Themes.

      The WordPress theme manager.

      Your currently-active theme is marked as such. Hover over one of the others and click on Activate. Then refresh your site and try to access the problematic page again.

      Note that changing your theme can alter your site significantly. So if you find that your theme is the issue, you may need to spend some time finding one that provides a similar look and features.

      Step 4: Set Up a 301 Redirect for Moved or Renamed Content

      This one is a bit of a bonus step. If you do actually have content that’s been moved or renamed and thus doesn’t exist anymore at the URL you were using previously, you’ll want to set up some 301 redirects to point that old URL to the new one.

      The easiest way to do this is with a WordPress plugin such as Redirection.

      The Redirection WordPress plugin for managing 30 redirects.

      This tool will enable you to quickly set up the redirects you need. Plus, it’s free and user-friendly.

      How to Create Your Own “Error 404 Not Found” Page

      If you want to set up your own custom 404 error page, you can do so relatively easily. The process involves adding one line to the .htaccess file to point the error to a specific page and then creating that page. We have full instructions for setting up a custom error page to walk you through the process.

      Take Your WordPress Website to the Next Level

      Whether you need help navigating the WordPress dashboard, creating a custom 404 error page, or choosing a caching plugin, we can help! Subscribe to our monthly digest so you never miss an article.

      Tools to Help You Monitor 404 Errors Moving Forward

      Finally, if you want to keep an eye out for 404 errors in the future, you can use a few handy tools. The Google Search Console will show you crawl errors that the Google bots have come across as they index your site. This is a simple way to see all the issues Google is encountering.

      You can also enter your URL into a specialized tool such as the Broken Link Checker, which will scan your entire site for broken links and let you know if it finds a 404 page.

      The Broken Link Checker tool for finding 404 errors on your website.

      It’s free and easy to use. You can simply input your domain and then click on Check Site.

      Ready to Find That Missing WordPress Post?

      A 404 error can be frustrating — especially when it happens on your own site. These messages cause problems with SEO and ruin your site’s UX. Fortunately, they’re not too difficult to resolve.

      Fixing 404 pages generally involves restoring your site’s permalink structure and setting up redirects for any posts that are actually gone. You can then use tools such as Google Search Console to monitor your site for future 404s.

      If you want to spend less time dealing with errors, consider switching to DreamPress, our managed WordPress hosting service. We’ll take care of all the troubleshooting for you, so you can focus on what matters!

      Source link

      How To Use WP-CLI v2 to Manage Your WordPress Site from the Command Line

      The author selected the Free Software Foundation to receive a donation as part of the Write for DOnations program.


      WP-CLI is a command-line tool for WordPress development and administrative tasks. It provides several commands that you can use to manage your WordPress website without needing to log in to the dashboard and navigate through the pages.

      Using WP-CLI to manage your WordPress installation over the conventional interface process helps to speed up your workflow. For many aspects of your website, you can also use WP-CLI in Bash scripts to automate tasks that are tedious or take a long time to perform.

      In this tutorial, you’ll use many of the features of WP-CLI and discover how it can fit into your workflow. You’ll cover common operations such as managing plugins and themes, creating content, working with the database, and updating WordPress. The capabilities of WP-CLI go beyond this tutorial; however, you’ll be able to transfer the skills from this tutorial to work with the more common options of other WP-CLI features.


      To follow this tutorial, you’ll need a secure WordPress installation. If you need to set up WordPress, you can follow these tutorials for your chosen server distribution:

      Note: It’s also possible to install WordPress with WP-CLI if you don’t have an existing setup, but we won’t be covering that aspect in this article.

      Step 1 — Installing WP-CLI

      In this step, you’ll install the latest version of the WP-CLI tool on your server. The tool is packaged in a Phar file, which is a packaging format for PHP applications that makes app deployment and distribution convenient.

      You can download the Phar file for WP-CLI through curl:

      • curl -O

      Once you have downloaded the file, run the following command to verify that it is working:

      You will receive the following output:


      OS: Linux 5.4.0-51-generic #56-Ubuntu SMP Mon Oct 5 14:28:49 UTC 2020 x86_64 Shell: /bin/bash PHP binary: /usr/bin/php7.4 PHP version: 7.4.3 php.ini used: /etc/php/7.4/cli/php.ini WP-CLI root dir: phar://wp-cli.phar/vendor/wp-cli/wp-cli WP-CLI vendor dir: phar://wp-cli.phar/vendor WP_CLI phar path: /home/ayo WP-CLI packages dir: WP-CLI global config: WP-CLI project config: WP-CLI version: 2.4.0

      Next, make the file executable with the following command:

      At this point, you can execute the wp-cli.phar file directly to access the WP-CLI tool. To make it available globally on the system, move it to your /usr/local/bin/ directory and rename it to wp. This ensures that you can access WP-CLI from any directory by entering the wp command at the start of a prompt:

      • sudo mv wp-cli.phar /usr/local/bin/wp

      Now, you will be able to issue the following command to check the installed version of WP-CLI:


      WP-CLI 2.4.0

      In this step, you installed WP-CLI on your server. You can check out alternative installation methods in the documentation. In subsequent sections, you’ll explore the tasks you can accomplish through the WP-CLI interface.

      Step 2 — Configuring WordPress Plugins

      It can be tedious to install and manage WordPress plugins through the admin user interface. It’s possible to offload such tasks to WP-CLI to make the process much faster. In this section you will learn to install, update, and delete plugins on a WordPress site through the command line.

      Before you proceed, make sure you are in the directory of your WordPress installation:

      Remember to change the highlighted directory name to the directory that contains your WordPress installation. This might be your domain name, if you followed the prerequisite tutorials.

      Listing Current Plugins

      You can list the currently installed plugins on a WordPress site with the following command:

      It displays a list of plugin names along with their status, version, and an indication of an available update.


      +---------+----------+-----------+---------+ | name | status | update | version | +---------+----------+-----------+---------+ | akismet | inactive | available | 4.1.7 | | hello | inactive | none | 1.7.2 | +---------+----------+-----------+---------+

      Searching for Plugins

      You can search for plugins through the search bar on the WordPress plugin repository page or you can use the following command for quicker access:

      Once you run this command, you will receive a list of the top 10 plugins that match the search term (as of early 2021). The expected output for the seo query is:


      Success: Showing 10 of 4278 plugins. +------------------------------------------------------------+---------------------+--------+ | name | slug | rating | +------------------------------------------------------------+---------------------+--------+ | Yoast SEO | wordpress-seo | 98 | | All in One SEO | all-in-one-seo-pack | 92 | | Rank Math &#8211; SEO Plugin for WordPress | seo-by-rank-math | 98 | | The SEO Framework | autodescription | 98 | | SEOPress, on-site SEO | wp-seopress | 98 | | Slim SEO &#8211; Fast &amp; Automated WordPress SEO Plugin | slim-seo | 92 | | W3 Total Cache | w3-total-cache | 88 | | LiteSpeed Cache | litespeed-cache | 98 | | SEO 2021 by Squirrly (Smart Strategy) | squirrly-seo | 92 | | WP-Optimize &#8211; Clean, Compress, Cache. | wp-optimize | 96 | +------------------------------------------------------------+---------------------+--------+

      You can go to the next page by using the --page flag:

      • wp plugin search seo --page=2

      Take note of the value in the slug column. You’ll use this value to install or update the plugin on the command line.

      Installing Plugins

      You can install one or more plugins by using the wp plugin install command. You find the name of the plugin you want to install (in the slug column) and pass it as an argument to wp plugin install. You can also find the name of the plugin in the URL of the plugin page.

      Plugin name in URL

      • wp plugin install jetpack wordpress-seo gutenberg

      The output indicates the progress and completion of the installation of each of the plugins:


      Installing Jetpack – WP Security, Backup, Speed, & Growth (9.3.1) Downloading installation package from Unpacking the package... Installing the plugin... Plugin installed successfully. Installing Yoast SEO (15.6.2) Downloading installation package from Unpacking the package... Installing the plugin... Plugin installed successfully. Installing Gutenberg (9.8.1) Downloading installation package from Unpacking the package... Installing the plugin... Plugin installed successfully. Success: Installed 3 of 3 plugins.

      You can run the wp plugin list command again to confirm that you’ve installed the plugins successfully:


      +---------------+----------+-----------+---------+ | name | status | update | version | +---------------+----------+-----------+---------+ | akismet | inactive | available | 4.1.7 | | gutenberg | inactive | none | 9.8.1 | | hello | inactive | none | 1.7.2 | | jetpack | inactive | none | 9.3.1 | | wordpress-seo | inactive | none | 15.6.2 | +---------------+----------+-----------+---------+

      If you want to install a plugin from a remote source other than the WordPress plugin repository, you can pass the zip file’s URL as an argument to wp plugin install. This can be helpful for installing custom or premium plugins. For example, the following command will install the file hosted on Make sure to replace the highlighted URL with a link to the plugin zip file before running the command:

      • wp plugin install

      To install an older version of a plugin in the WordPress repository, specify the desired plugin version through the --version flag:

      • wp plugin install jetpack --version=8.0

      Activating and Deactivating Plugins

      You can install and activate plugins in one go by appending the --activate flag to wp plugin install:

      • wp plugin install redirection --activate


      Installing Redirection (5.0) Downloading installation package from Using cached file '/home/ayo/.wp-cli/cache/plugin/'... Unpacking the package... Installing the plugin... Plugin installed successfully. Activating 'redirection'... Warning: Plugin 'redirection' is already active. Success: Installed 1 of 1 plugins.

      To activate or deactivate one or more plugins, use the wp plugin activate and wp plugin deactivate commands respectively:

      • wp plugin activate jetpack gutenberg
      • wp plugin deactivate jetpack gutenberg

      Or you can use the --all flag to activate or deactivate all plugins at once. This is useful if you want to debug a problem in your WordPress installation:

      • wp plugin activate --all
      • wp plugin deactivate --all

      Updating Plugins

      You can update plugins through the wp plugin update command. You can choose to update a set of plugins or all of them at once by appending the --all flag. For example, to update the akismet plugin, you can run the following command:

      You would receive output similar to:


      Enabling Maintenance mode... Downloading update from Unpacking the update... Installing the latest version... Removing the old version of the plugin... Plugin updated successfully. Disabling Maintenance mode... +---------+-------------+-------------+---------+ | name | old_version | new_version | status | +---------+-------------+-------------+---------+ | akismet | 4.1.7 | 4.1.8 | Updated | +---------+-------------+-------------+---------+ Success: Updated 1 of 1 plugins.

      Deleting plugins

      To delete WordPress plugins, you can use the wp plugin delete command. You can specify one or more plugins to delete like the following:

      • wp plugin delete redirection

      Your output will confirm the deletion:


      Deleted 'redirection' plugin. Success: Deleted 1 of 1 plugins.

      You can also delete all the installed plugins in one go by appending the --all flag instead of specifying the plugin names one after the other:

      In this step, you’ve used WP-CLI to manage the plugins on your WordPress website. It’s much faster to perform actions compared to clicking through the admin dashboard. In the next section, you’ll leverage WP-CLI for installing and managing WordPress themes.

      Step 3 — Configuring Themes

      The process of managing themes through WP-CLI is almost identical to the way you can use it to manage plugins. In this section, you’ll source and apply new themes to a WordPress website through the wp theme subcommand.

      First, check what themes you currently have installed on the website:

      You’ll receive a list of the installed themes:


      +-----------------+----------+-----------+---------+ | name | status | update | version | +-----------------+----------+-----------+---------+ | twentynineteen | inactive | available | 1.8 | | twentytwenty | inactive | none | 1.6 | | twentytwentyone | active | available | 1.0 | +-----------------+----------+-----------+---------+

      There are three themes currently installed and the active one is twentytwentyone. If you want to find something with more features, you can try a search like the following:

      The output shows there are 832 themes that match the color search term:


      Success: Showing 10 of 832 themes. +---------------------+---------------------+--------+ | name | slug | rating | +---------------------+---------------------+--------+ | Color | color | 0 | | All Colors | all-colors | 100 | | Color Blog | color-blog | 98 | | Color Block | color-block | 0 | | X Blog color | x-blog-color | 0 | | Multicolor Business | multicolor-business | 0 | | ColorNews | colornews | 100 | | Colorist | colorist | 100 | | ColorMag | colormag | 98 | | MultiColors | multicolors | 74 | +---------------------+---------------------+--------+

      You can page through the results using the --page flag. For this example, just go ahead and install the ColorMag theme since it has a pretty good rating. The --activate flag activates the theme immediately:

      • wp theme install colormag --activate

      The output will confirm the installation:


      Installing ColorMag (2.0.4) Downloading installation package from Unpacking the package... Installing the theme... Theme installed successfully. Activating 'colormag'... Success: Switched to 'ColorMag' theme. Success: Installed 1 of 1 themes.

      If you visit your website, you’ll find that the ColorMag theme was applied successfully.

      ColorMag theme

      The output from the wp theme list command notes that there is an update available for both the twentynineteen and twentytwentyone themes. You can update them both using the following command:

      You’ll receive output similar to the following:


      Downloading update from Unpacking the update... Installing the latest version... Removing the old version of the theme... Theme updated successfully. Downloading update from Unpacking the update... Installing the latest version... Removing the old version of the theme... Theme updated successfully. +-----------------+-------------+-------------+---------+ | name | old_version | new_version | status | +-----------------+-------------+-------------+---------+ | twentynineteen | 1.8 | 1.9 | Updated | | twentytwentyone | 1.0 | 1.1 | Updated | +-----------------+-------------+-------------+---------+ Success: Updated 2 of 2 themes.

      The wp theme command offers many subcommands that can help you achieve tasks like getting the details of a theme, checking if a particular theme is installed, or even deleting one or more themes. You can explore all of the options by prepending help before the subcommand, as in wp help theme or wp help theme install.

      Now that you can manage themes through WP-CLI, you’ll review the options that the tool provides for managing WordPress content.

      Step 4 — Creating Posts and Pages

      WP-CLI provides several ways to manage content through the command line. It can be more comfortable to write posts in the terminal if you’re familiar with a command-line editor like nano or vim.

      You can browse the list of posts on the site with:

      You’ll receive a list of posts:


      +----+--------------+-------------+---------------------+-------------+ | ID | post_title | post_name | post_date | post_status | +----+--------------+-------------+---------------------+-------------+ | 1 | Hello world! | hello-world | 2021-01-24 12:32:06 | publish | +----+--------------+-------------+---------------------+-------------+

      The output shows one published post with the title of Hello world! and an ID of 1. To delete this post, use the wp post delete command and pass it the post ID:

      Your output will confirm the post’s deletion:


      Success: Trashed post 1.

      To create a new post, run the following command:

      • wp post create --post_status=publish --post_title="Sample post created with WP-CLI" --edit

      This command uses the --post_status flag to set the status of the post. Setting it to publish ensures that the post is published immediately after running the command. If you want to create a draft instead, set the --post_status flag to draft. The --post_title flag is how you can specify the title of the post, while --edit causes the post body to be opened in the default system editor (vim). You can find out the other flags that you can use in conjunction with the create subcommand by typing wp help post create in your terminal.

      Once the vim editor is open, press the i key to enter INSERT mode then enter the content of the post into the editor. Once you’re done editing the post, exit the vim editor by pressing the ESC button then type :wq and press ENTER. You will receive the following output after exiting vim:


      Success: Created post 6.

      If you enter the wp post list command again, you will find the post you just created. You can also check the frontend of the website.

      WP-CLI post

      Instead of writing the post on the command line, it’s also possible to import the post content from a text file. First, you need to create the file. For example:

      Next, open the file in a command-line editor to add or edit your content:

      Once you’re through with the edits, save and close the file by pressing CTRL-X followed by Y to save. You can import the contents of that file as a WordPress post by using the following command. All you need to do is specify the path to the file after the create subcommand. For the example file here, you would run:

      • wp post create ./content.txt --post_title="Sample Post Created with WP-CLI" --post_status=publish

      If you want to create a page instead of a post, append the --post_type flag and set it to page:

      • wp post create --post_title="A simple page" --post_status=draft --post_type=page

      Generating Posts or Pages

      WP-CLI also provides an option to cleanly generate posts and pages with dummy data. This is useful if you need custom data to quickly test a theme or plugin that you are developing. The following command is to generate posts. If you don’t include additional flags, it will generate 100 posts by default.

      You can change the number of posts generated by using the --count flag:

      • wp post generate --count=20

      If you want to generate pages instead of posts, append the --post_type flag and set it to page:

      • wp post generate --count=20 --post_type=page

      You can also use the wp help post generate to see other available options that can help you get your desired result.

      WordPress Revisions

      It is not uncommon for older sites to have tens or hundreds of revisions on their main pages due to years of editing and updating content. Revisions can be helpful in case you need to revert back to a previous version of your content, but they can also hurt the performance if there are too many. You can clean up all the post revisions in the WordPress database by executing the following command:

      • wp post delete $(wp post list --post_type="revision" --format=ids) --force

      The command enclosed in the parenthesis is evaluated first and it will produce the ids of all the post revisions that are present passing them to the delete subcommand. The --force flag is necessary because posts of type 'revision' do not support being sent to trash.

      Step 5 — Managing Your Database

      One of the most useful features of WP-CLI is its ability to interact with the MySQL database. For example, if you need an interactive session, you can enter a MySQL prompt with the following command:

      You can then use the MySQL shell as you normally would and, once you are through with your tasks, exit the shell by typing exit.

      For one-off queries, you can use the wp db query command by passing a valid SQL query as an argument to the command. For example, to list all the registered users in the WordPress database, you could run:

      • wp db query "SELECT user_login,ID FROM wp_users;"

      You will be presented with an output similar to the following:


      +------------+----+ | user_login | ID | +------------+----+ | admin | 1 | +------------+----+

      With wp db query you can run any one-off SQL query for the WordPress database.

      Backing Up and Restoring

      WP-CLI also allows you to back up your WordPress database. Running this following command will place a SQL dump file in the current directory. This file contains your entire WordPress database including your posts, pages, user accounts, menus, and so on:

      Once the file is produced, you can move it to a different location for safekeeping:


      Success: Exported to 'wordpress-2021-01-25-25618e7.sql'.

      You can also import a SQL dump file into your database through the wp db import command. This is useful when you are migrating a WordPress website from one location to another.

      Searching and Replacing

      Another common operation you can perform with WP-CLI is a find-and-replace operation. You can make a dry run first to find out how many instances it would modify. The first string is the search component while the second is the replacement:

      • wp search-replace --dry-run '' ''

      After running this, your output would be similar to the following:


      Success: 10 replacements to be made.

      Once you are sure you want to proceed, remove the --dry-run flag from the previous command:

      • wp search-replace '' ''

      In this step, you’ve reviewed several database operations that you can perform using WP-CLI. You can also complete other operations, such as optimizing the database, viewing database tables, deleting a database, or resetting one. You can explore the other options under the wp db subcommand by typing wp help db in your terminal.

      Step 6 — Updating WordPress

      You can update the core WordPress file with WP-CLI. You can examine the current version of WordPress that you have installed by running:



      You can check for updates through the wp core check-update command. If your version is not the latest, this will produce an output similar to the following:


      +---------+-------------+-----------------------------------------------------------------------+ | version | update_type | package_url | +---------+-------------+-----------------------------------------------------------------------+ | 5.6.1 | minor | | +---------+-------------+-----------------------------------------------------------------------+

      If an update is available, you can install it with:


      Updating to version 5.6.1 (en_US)... PHP Warning: Declaration of WP_CLICoreCoreUpgrader::download_package($package, $check_signatures = true) should be compatible with WP_Upgrader::download_package($package, $check_signatures = false, $hook_extra = Array) in phar:///usr/local/bin/wp/vendor/wp-cli/core-command/src/WP_CLI/Core/CoreUpgrader.php on line 30 Warning: Declaration of WP_CLICoreCoreUpgrader::download_package($package, $check_signatures = true) should be compatible with WP_Upgrader::download_package($package, $check_signatures = false, $hook_extra = Array) in phar:///usr/local/bin/wp/vendor/wp-cli/core-command/src/WP_CLI/Core/CoreUpgrader.php on line 30 Downloading update from Unpacking the update... Success: WordPress updated successfully.

      You can also update to a specific version by setting the --version flag to the version number. If you want to revert to an older version, you also need to add the --force flag, but this isn’t recommended:

      • wp core update --version=5.6
      • wp core update --version=5.0 --force

      In this final step, you updated your version of WordPress with WP-CLI.


      For WordPress developers and adminstrator’s working on the command line, WP-CLI is a great addition to the toolbox. In this tutorial, we covered several of the more common tasks that you can perform through the command line.

      WP-CLI has many more commands and options that you can familiarize yourself with to achieve even more on the command line without the web interface. Use wp help <command> to find out all the things you can do with a specific subcommand. There are also many community tools that extend WP-CLI with even more features.

      For more tutorials on WordPress, check out our WordPress topic page.

      Source link

      10 Smart Ways to Effectively Secure Your WordPress Website

      You’ve worked hard to create your website and likely spent a ton of time and effort maintaining it. Your site may even be vital to your livelihood — you need those sweet, dollar, dollar bills to keep your business afloat.

      And that, friends, is why making your website as secure as possible is vitally important.

      So let’s get real about security. 

      WordPress is an excellent, secure platform out of the box, but there’s more you can (and should!) do to keep your site safe from creepsters with malicious intent. Many of these security enhancements are easy to implement and can be performed manually in mere minutes. Others simply require installing a particular plugin.

      In this article, I’ll guide you through 10 different strategies for upping the defenses on your WordPress fortress. But first, let’s go a little more into the weeds on why website security should matter to you.

      Securing a WordPress Site? Partner with DreamHost

      Leave migrating your site, installing WordPress, managing security and updates, and optimizing server performance to us. Now you can focus on what matters most: growing your website.

      Why Taking Steps to Secure Your WordPress Site Is Vital

      If you’re looking to create a secure site (an obvious “no duh”), choosing WordPress as your platform is an excellent way to start. It’s not only a flexible, powerful platform for building websites — it’s also remarkably secure out of the box.

      That’s because WordPress developers care about security and are dedicated to “hardening” the core platform as much as possible. Plus, they frequently release security-focused updates and patches, which will be automatically downloaded and installed on your site. This means your site will be well-equipped to deal with any new threats that pop up.

      Of course, no platform can be 100% secure. Hackers are hard at work trying to find their way into even the most well-protected sites (if only they’d use their powers for good, amirite?) And since WordPress powers more than 30% of the web, it’s popular enough to be a constant target

      It should go without saying, but if baddies do manage to break into your site, they can cause a lot of damage.

      For example, they can steal or otherwise compromise sensitive information, install malware, make changes to your site to suit their needs, or even bring it down entirely. This is harmful to both you and your users, and if you’re running a business,  it can mean lost customers and revenue.

      Not good at all.

      It’s vitally important to take additional steps to secure your WordPress website. You’ll want to put just as much time and effort into this endeavor as you spent designing your site in the first place (if not more). Fortunately for you, dear reader, there are lots of simple, quick ways to improve your site’s security, as well as some more complex techniques you may want to employ. 

      10 Smart Ways to Effectively Secure Your WordPress Website

      Hopefully, I’ve convinced you about the importance of maintaining a secure WordPress website. If not, I’m going to have to re-enroll in Persuasive Writing 101. Please don’t make me do that. 

      Glad you’re convinced (wink, wink)

      Throughout the rest of this article, I’ll introduce 10 handy strategies for making your site safer and reducing the chances of it being compromised. Plus, I’ll point you in the right direction to get started with each technique.

      You don’t have to implement every suggestion on this list — although you certainly can — but the more steps you take to secure your site, the lower your chances will be of encountering a disaster down the road.

      1. Use a Quality Host

      You can think of your web host as your website’s street on the Internet — it’s the place where your site “lives.” 

      Like a good school district matters to your kid’s future (so they say; I turned out fine), the quality of your website’s home base counts in a lot of big ways.

      A solid hosting provider can impact how well your site performs, how reliable it is, how large it can grow, and even how highly it ranks in search engines. The best hosts offer many useful features, excellent support, and a service tailored to your chosen platform.

      As you’ve probably already guessed, your web host can also have a significant impact on your site’s security. There are several security benefits to choosing a solid hosting service, including:

      • A quality host will constantly update its service, software, and tools to respond to the latest threats and eliminate potential security breaches.
      • Web hosts often offer various targeted security features, such as SSL/TLS certificates and DDoS protection. You should also get access to a Web Application Firewall (WAF), which will help monitor and block serious threats to your site.
      • Your web host will most likely provide a way to back up your site (in some cases, even carrying it out for you), so if you’re hacked, you can easily revert to a stable, previous version.
      • If your host offers reliable, 24/7 support, you’ll always have someone to help you out if you do run into a security-related issue.

      This list should give you a good starting point to work from when looking for a host for your new site, or even if you’re thinking about changing hosts. You’ll want to find one that offers all of the features and functionality you’ll need, plus has a reputation for reliability and excellent performance.

      DreamPress is WordPress-specific hosting that’s fast, reliable, scalable, and, of course, secure. DreamPress includes a pre-installed SSL/TSL certificate and provides a dedicated WAF designed with rules built to protect WordPress sites and block hacking attempts. You’ll also get automated backups, 24/7 support from WordPress experts, and Jetpack Premium — a plugin that can add many additional security features to your site — at no additional cost.

      With DreamPress, you’ll be able to rest easy knowing that your site is protected. Our hosting service even takes care of many of the following security-enhancing steps for you — although we still encourage you to read on to learn what extra measures you can take.  

      After all, safety first, kids!

      Get More with DreamPress

      DreamPress Plus and Pro users get access to Jetpack Professional (and 200+ premium WordPress themes) at no added cost!

      2. Switch Your Site to HTTPS

      Let’s talk more about an SSL/TLS certificate. This enables you to switch your site to HyperText Transfer Protocol Secure (HTTPS) — a more secure version of HTTP. These are important security concepts to understand but simple to grasp even if you’ve never heard of them before.

      HTTP is the protocol that transfers data between your website and any browser trying to access it. When a visitor clicks on your home page, all of your content, media, and website code are sent through this protocol to the visitor’s location. 

      While this is necessary, of course, it does introduce some potential security issues. Baddies can try to intercept the data while it is in transit and use it for their own nefarious purposes.

      HTTPS solves this problem! It does the same thing as HTTP but also encrypts your site’s data while it’s traveling from one point to another, so it can’t be easily accessed. 

      Initially, HTTPS was used mainly for sites handling sensitive customer information, such as credit card details. However, it’s becoming increasingly common for all sites, and big names such as WordPress and Google have been pushing for its widespread implementation

      To switch your site over to HTTPS, you’ll first need an SSL/TLS certificate. This communicates to browsers that your site is legitimate and its data is properly encrypted. You can also get one for free from certain sites, such as Let’s Encrypt.

      A quality host will typically provide an SSL/TLS certificate as part o your hosting package. In fact, at DreamHost, we offer Let’s Encrypt certificates for free with all of our hosting plans!

      Once you have an SSL/TLS certificate installed on your site, you’ll simply need to implement HTTPS. Your host may take care of this for you, although it’s also fairly easy to do yourself. If you’ve chosen to go with DreamPress, the stretch limo of hosting, your site will be created using HTTPS from the start. Roll out!

      3. Create Secure Login Credentials

      This one is a “no s***, Sherlock” suggestion, but folks, it’s really important to select your login credentials carefully. Like really, really important! 

      Why? This makes it harder for a sketchy weirdo to break into your site. You probably have plenty of experience choosing strong usernames and passwords for other accounts across the web — doing the same for your WordPress website is a big deal.

      When you create your site, you’ll be given the opportunity to create a login username and password. The username will default to admin, although you can change it if you’d like (and probably should). But since there are various ways for people to find out what your WordPress username is, you can stick with the default option if you want to. 

      Your password, however, is crucially important, and you’ll want to choose a strong one. There’s recently been a U-turn of sorts on how to choose a strong password, with a recommendation of a simple four-word phrase trumping the classic mixture of random letters, numbers, and symbols. It’s a method that has been popular in some circles for a while.

      If all the talk of choosing a password makes your head spin, we recommend sticking with WordPress’ own password generator as it automatically generates an (almost) ironclad password directly within the WordPress back end. Just be sure to record your credentials somewhere safe, like an encrypted password manager, so you don’t forget them.

      If you’ve already created your site and chose less-than-ideal login credentials initially, you can still change them without too much trouble. You can alter your username by creating a new user, giving it the administrator role and attributing all your content to it, and then deleting your original account.

      As for your password, you can simply go to Users > All Users from your WordPress admin dashboard, click on your username and enter a new password on the Edit User screen.

      4. Enable a Web Application Firewall

      You’re probably familiar with the concept of a firewall — a program that helps to block all sorts of unwanted attacks. Most likely, you have some kind of firewall on your computer. A Web Application Firewall (WAF) is simply a firewall designed specifically for websites. It can protect servers, specific websites, or entire groups of sites.

      A WAF on your WordPress site will function as a barrier between your website and the rest of the web. A firewall monitors incoming activity, detects attacks, malware, and other unwanted events, and blocks anything it considers a risk. #winning

      If you’ve opted for our DreamPress package, you can relax; you won’t need an additional firewall. DreamPress includes a built-in WAF that will monitor your site for threats and block malicious users and programs from gaining access. No action required on your part.

      DreamHost also offers DreamShield, our in-house malware scanning service. When you enable DreamShield on your hosting account, we’ll scan your site weekly for malicious code. If we find anything suspicious, you’ll be notified immediately via email.

      Protect Your Website with DreamShield

      For just $3/month, our premium security add-on scans your site weekly to ensure it is free of malicious code.

      5. Implement Two-Factor Authentication

      Before we move on, there’s one more technique to address: two-factor authentication (which also goes by two-step authentication and a variety of other, similar names). The term refers to the two-step process you’ll need to follow when logging into your site. This takes a little more time on your end but goes a long way towards keeping hackers out.

      Two-factor authentication involves using a smartphone or other device to verify your login. First, you’ll visit your WordPress site and enter your username and password as usual. A unique code will then be sent to your mobile device, which you’ll need to provide to complete logging in. This enables you to prove your identity by showing you have access to something solely yours — such as a particular phone or tablet.

      As with many WordPress features, two-factor authentication is easy to add with a dedicated plugin. Two Factor Authentication is a solid choice — it’s created by reliable developers, compatible with Google Authenticator, and will enable you to add this functionality to your site without fuss.

      Another choice is the Two-Factor plugin, which is well known for its reliability and was built mainly by core WordPress developers. As with any plugin in this category, the learning curve is a little steep, but it will get the job done and is very secure. If you’re willing to spend a little money, you can also check out Jetpack’s Clef-like premium solution.

      Whatever route you choose, make sure to plan ahead with your team if relevant, since you’ll need to gather their phone numbers and other information to get started. With that, your login page is now secured and ready to go.

      6. Add New Plugins and Themes Carefully (And Update Them Often)

      The ready availability of themes and plugins is one of the best things about using WordPress. With these handy tools, you can make your site look just right and add nearly any feature or functionality you can think of. 

      Not all plugins and themes are created equally, though.

      Developers who aren’t careful or don’t have the right level of experience can create plugins that are unreliable or insecure — or, just downright sucky. They might use poor coding practices that leave holes hackers can easily exploit or unknowingly interfere with crucial functionality.

      This all means you need to be very careful about the themes and plugins you choose to add to your site. Each one should be vetted to ensure it’s a solid option that won’t hurt your site or cause problems. There are many elements to keep in mind, but the following advice will help you select quality tools:

      • Check user ratings and reviews to learn whether other people have had a good experience with the plugin or theme in question.
      • Take a look at how recently the plugin or theme has been updated. If it’s been longer than six months, chances are it isn’t as secure as it could be.
      • Install new plugins and themes one at a time, so if anything goes wrong, you’ll know what the cause was. Also, be sure to back up your site before adding anything to it.
      • Get your plugins and themes from trustworthy sources, such as the Theme and Plugin Directories, ThemeForest and CodeCanyon, and reliable developer websites.

      Finally, your work isn’t done once you’ve installed the plugins and themes you want to your site.

      You’ll also need to keep them up to date to ensure they work well together and are secured against the latest threats. Fortunately, this is quite easy — you’ll simply need to go to your WordPress dashboard, look for the red notifications telling you there are themes and/or plugins with available updates, and click on update now next to each one.

      You can also update your plugins in a batch by selecting all of them and then hitting the update button, either here or in the WordPress panel. This is a quicker option, but keep in mind, updating all of them at once could make it more difficult to diagnose any problems that arise as a result of the updates. If you’re making sure to only choose reliable plugins and themes, however, this shouldn’t be a problem.

      Before we move on, it’s worth mentioning that you should also keep WordPress itself up to date. Smaller patches and security updates will be added automatically, but you may need to implement major updates on your own (again, this is very simple to do). This probably goes without saying at this point, but DreamHost handles these updates for you, so you won’t need to worry. 

      Remember: leaving WordPress or any of your themes and plugins out of date is a risk you don’t want to take.

      7. Configure Your File Permissions

      Let’s talk technical for a moment. 

      A lot of the information, data, and content on your WordPress site is stored in a series of folders and files. These are organized into a hierarchical structure, and each one is given a permissions level. The permissions on a WordPress file or folder determine who can view and edit it and may be set to allow access to anyone, only to you, or almost anything in between.

      File permissions are represented by a three-digit number in WordPress, and each digit has a meaning. The first digit stands for an individual user (the site’s owner), the second digit for the group (for example, members of your site), and the third for everyone in the world. The number itself means that the user, group, or world:

      • 0: Has no access to the file.
      • 1: Can only execute the file.
      • 2: Can edit the file.
      • 3: Can edit and execute the file.
      • 4: Can read the file.
      • 5: Can read and execute the file.
      • 6: Can read and edit the file.
      • 7: Can read, edit, and execute the file.

      So if a file is given a permissions level of 640, for example, it means the primary user can read and edit the file, the group can read the file but not edit it, and everyone else cannot access it. This may seem overly complicated, but it’s important to ensure that each person only has the level of access to your site’s files and folders you want them to have.

      WordPress recommends setting folders to a permissions level of 755 and files to 644. You’re pretty safe sticking to these guidelines, although you can set up any combination you’d like. Just remember that it’s best not to give anyone more access than they absolutely need, especially to core files.

      You’ll also want to keep in mind that the ideal permissions settings will depend somewhat on your hosting service, so you may want to find out what your host recommends

      Note: You should be very careful when making changes to your permissions levels — choosing the wrong values (like the dreaded 777) can make your site inaccessible.

      8. Keep the Number of Users on Your Site Low

      If you’re running your WordPress site solo, you don’t need to worry about this step. Just don’t give anyone else an account on your site, and you’ll be the only person who can make changes.

      I call this strategy “With my, by myself.”

      However, many humans like other people and do eventually add more than one user to their website. You may want to let other authors contribute content, or you might need people to help edit that content and manage your site. It’s even likely you’ll find yourself with an entire team of users who’ll regularly access your WordPress site and make their own changes.

      This can be beneficial in many ways and is sometimes even necessary. However, it’s also a potential security risk. 

      The more people you let into your site, the higher the chance that someone will make a fat-finger mistake or that a user will cause problems just to be a putz. For this reason, it’s smart to keep the user count on your site as low as possible while not hampering its ability to grow. In particular, try to limit the number of administrators and other user roles with high privileges.

      Here are a few more suggestions:

      • Limit each user to only what permissions are necessary for them to do their job. Obvs.
      • Encourage users to use strong passwords (remember No. 3?).
      • Try to stick with one administrator, if possible, and a small group of editors.
      • Give users who have left the site or no longer need access the boot.
      • Consider downloading a plugin, such as Members, which provides a user interface for WordPress’ role and capabilities system.

      9. Track Your Admin Area Activity

      If you’ve got multiple users, it can be a good idea to keep tabs on what they’re all doing on the site. Tracking activity in your WordPress admin area will help you spot when other users are doing things they shouldn’t and can indicate whether unauthorized users have gained access. 

      When a weird change has been made or something suspicious installed, you’ll want to be able to find out who was behind the activity. Plugins got you covered.

      Most larger security plugins don’t provide this functionality out of the box, so you’ll want to find a dedicated solution. If you’d like to take a hands-off approach, Simple History lives up to its name by creating a streamlined, easy-to-understand log of important changes and events on your site. 

      For more involved tracking features, you can also check out WP Security Audit Log, which keeps an eye on just about everything that happens on your site and offers many useful, premium add-ons.

      Once you have a suitable plugin installed, it’s a smart idea to check the log periodically for anything out of the ordinary. If something happens on your site that you weren’t expecting or bugs suddenly pop up, look through the most recent activity. 

      10. Back Up Your Site Regularly

      I’d be lying if I said there was a magic solution for protecting your website from all threats. Even if you implement every suggestion on this list, there’s still a chance you may experience a security breach on your site. 

      Hackers are good at what they do. 

      You’ve just got to beat them at their game. A comprehensive security plan means preparing for what you’ll do if the worst happens, even while you’re trying to ensure it never does.

      Backing up your site on a regular basis is the simplest and best way to safeguard it in the event of a disaster. If you have a recent backup handy, you can restore your site to the way it was before it was hacked or otherwise harmed. This will help you fix the issue and move on as quickly as possible.

      Of course, you’ll want to be smart about the way you create and use your backups. The following tips are a good start:

      • Keep more than one backup. A good rule of thumb is to have at least three recent backups on hand at all times since it’s possible your most recent backup could have issues you haven’t yet noticed.
      • Save your backups in multiple external locations, such as cloud storage and physical hard drives.
      • Set up and stick to a consistent backup schedule. The frequency and timing are up to you, although there are plenty of solid recommendations you can follow.

      In addition to your regular backup schedule, it’s always smart to create an extra backup of your site before making any changes to it. So (nudge, nudge) before implementing any of these security-boosting techniques, make sure you have a recent backup ready to go.

      Ready to Tackle WordPress Security Issues?

      Whether you need help navigating the WordPress dashboard, fixing incorrect database credentials, or dealing with a brute force attack, we can help! Subscribe to our monthly digest so you never miss an article.

      WordPress Security: Locking It Up

      True fact: if your website is hacked, you’ll spend hours (even days!) trying to repair the damage. You may permanently lose data or see your personal information compromised — or worse, your clients’ data.

      That’s why you’ve got to put a whole lotta time and energy into making sure that situation never occurs. Otherwise, you’re likely to lose valuable business and income while trying to repair the damage.

      These 10 WordPress security tips should help. Some are simple tweaks. Others affect your entire site, such as switching to HTTPS or adding an SSL certificate. Of course, you’ll also want to make sure your site runs on a secured WordPress host.

      Our DreamPress hosting (with free WordPress migration) is specifically designed for the WordPress environment. Plus, if you ever do encounter a security issue, we’ve got you covered with automatic daily backups, a weekly malware scan, and our support team of WordPress experts!

      Source link