Understanding the Default WordPress .htaccess

When maintaining a WordPress site you may find yourself attempting things that normally would work and find that they have unexpected results. This is usually due to how WordPress’ default .htaccess rules manipulate the configurations and provide ‘pretty permalinks’.

This article is directly applicable to WordPress on an Apache based server. For WordPress Multi-site or other web servers (Nginx, IIS, etc) please review the official WordPress documentation as rules and configurations may differ.

The Default Rules

The default WordPress .htaccess rules are responsible for how WordPress is able to support ‘pretty permalinks’. Without these rules in place, WordPress permalinks would not resolve correctly. This feature allows your URLs to look much cleaner and more readable without over complicating or cluttering your website’s files structure.

The default rules look as follows:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

To break down what these rules are defining we’ll start at the top and work our way down.
  • First, you see a comment as indicated by the hashtag; this symbol `#` is used to denote a comment in .htaccess files.
  • Next you see an opening brace for Apache’s internal “IfModule” function; this specifies that the contained rules should only be used with the “mod_rewrite” module for Apache.
  • The Rewrite module is enabled.
  • The RewriteBase is declared; this defines the ‘root’ folder that should be applied to rewrite rules.
  • The next line is the first rewrite rule, this rule defines that if an “index.php” file is specifically called then no rewrite is needed.
  • The next two lines are both defining rewrite conditions; these conditions are specifying that if no file or folder can be found at the given URL the next rule should be applied.
  • Finally, the last rewrite rule before the close brace is for the “IfModule”. This rule will only be applied if no file or folder can be found for the URL. If that occurs, the request will be passed to WordPress before providing the client a response.

While this breakdown may be enough of an explanation for some, this is still a very complex chain of rules. The rules are best described and summarized as this: “If Apache itself cannot find the file or folder requested then the request should be dealt with by WordPress directly.”

An interesting result of this is that technically all WordPress pages are a 404 result in the context of Apache and only until PHP and WordPress receive the request can any content be resolved for a response.

Tips for Custom Rules

There usually is not a consistent cause for issues experienced when dealing with .htaccess rules on a WordPress site. As the cause can fluctuate from site to site, and even rule to rule, it’s hard to provide an extensive explanation for the issues. It is also important to note that plugins and themes can also affect how certain rules are managed as well.

A common rule that causes odd behaviour and provides mixed results usually relates to allowing access based on specific IP address. These rules usually look like:

<Files wp-login.php>
Order deny,allow
Deny from all
Allow from 198.11.109.98 localhost
</Files>

The rule above will deny all IPs access to wp-login.php unless the IP is listed in the ‘Allow from’ line. While it should work by default, occasionally this can cause issues. If it does, the usual fix is to define the error documents. This would look like:

ErrorDocument 401 default
ErrorDocument 403 default
<Files wp-login.php>
Order deny,allow
Deny from all
Allow from 198.101.159.98 localhost
</Files>

Having these error documents defined explicitly will ensure that when an unapproved IP attempts to access the page they are rejected and are sent a proper error page.

As there are various issues that can come up and each has their own solution, we simply cannot cover them all here. If you believe you are experiencing configuration issues related to those rules mentioned here feel free to contact our Heroic Support®.

How To Restore Managed WordPress Backups

Pre-Flight Check

  • This article applies specifically to Liquid Web’s Managed WordPress servers.
  • Restoring a site from backup will completely overwrite all of its existing content (both the files and the database). If you are not completely certain that the existing files will no longer be needed, you may wish to back up the database and download the database backup and site files locally using SFTP with a client such as FileZilla.

Managed WordPress sites installed via the Sites tab in Manage automatically are backed up each day, with the server retaining the 10 most recent backups. You can easily restore any site from an available backup in the Sites dashboard in Manage.

Step #1: Open the site in the Sites dashboard

Click on the [+] next to the domain name to expand the window, then select the desired restore point from the Automatic Backups section.

Select A Restore Point

Step #2: Restore the Site

  1. After clicking on the radio button next to the desired restore point, click the Restore button to restore the site. A confirmation window will pop up to remind you that you will be overwriting the existing site with the contents of the backup. Any changes made to the site since the chosen backup was made (comments, posts, etc.) will be completely overwritten and can not be recovered. If you wish to proceed with restoring the site, click the Restore WordPress Domain button.
    If you are not completely certain that the existing files will no longer be needed, you may wish to back up the database and download the database backup and site files locally using SFTP with a client such as FileZilla.

    Confirm the Restore

  2. The restoration process will begin, and you will see a banner at the top of the page alerting you that the process is under way. The time it will take to complete depends entirely on the size of the site directory and database.

    Restore Complete

 

Using WP-CLI With Your Managed WordPress Site

Using the Command Line Tools

Liquid Web’s Managed WordPress servers come with a pre-installed set of command-line tools designed to simplify common site maintenance tasks. WP-CLI (WordPress Command Line Interface) can be accessed via SSH, and allows you to do nearly anything that can be done from within the WordPress admin interface.

Among many other things, WP-CLI can be used to:

  • create and modify users and their roles
  • install and activate or deactivate plugins
  • perform basic database maintenance tasks
  • manage cron jobs
  • manage rewrite rules

For the full list of commands, visit the official documentation.

WP-CLI always should be run as the site owner, and always should be run from within the site’s installation directory. For the following examples, I have connected to the server via SSH using the WordPress admin credentials for examplewordpresssite.com, verified my current working directory with the command “pwd”, and then changed directory into the site’s document root with the command “cd”, running “pwd” once again to confirm that I am in the document root.

[examplesiteuser@wphost]# pwd
/home/examplesiteuser/
[examplesiteuser@wphost]# cd public_html
[examplesiteuser@wphost ~/public_html]# pwd
/home/examplesiteuser/public_html

Create a New User and Assign a Role

In this example, we’re going to create a new user named “sample”, assign them the role of Editor on the site, and email them their credentials (a randomly-generated password will be assigned automatically, and the email is sent to their specified address with a link to reset it.):

wp user create sample sample@examplewordpresssite.com --role=editor --send-email

Breaking down this command:

  • wp invokes WP-CLI
  • user create creates the new user
  • sample is the name we chose for the new user
  • sample@examplewordpresssite.com is the new user’s email address
  • –role=editor assigns the role of Editor to the new user
  • –send-email instructs WordPress to email the user’s credentials, and a link to change their password, to the new user’s email address

Install and Activate a Plugin

Here we’re going to download, install, and activate the Meta Slider plugin from wordpress.org.

While we know the name of the plugin, the plugin’s actual file name may be different, so we first will run a search to find out, using the command:

[examplesiteuser@wphost ~/public_html]# wp plugin search metaslider

Running that command tells us that the plugin’s name is “ml-slider”:

[examplesiteuser@wphost ~/public_html]# wp plugin search metaslider
Success: Showing 4 of 4 plugins.
+----------------------------+----------------------------+--------+
| name | slug | rating |
+----------------------------+----------------------------+--------+
| Meta Slider | ml-slider | 96 |
| ThreeWP Broadcast | threewp-broadcast | 94 |
| EWWW Image Optimizer | ewww-image-optimizer | 90 |
| EWWW Image Optimizer Cloud | ewww-image-optimizer-cloud | 90 |
+----------------------------+----------------------------+--------+
[examplesiteuser@wphost ~/public_html]#

Now that we know the file name of the Meta Slider plugin, we can download, install and activate ml-slider with the following command:

wp plugin install ml-slider --activate

Running that code generates the following output:

[examplesiteuser@wphost ~/public_html]# wp plugin install ml-slider --activate
Installing Meta Slider (3.3.6)
Downloading install package from https://downloads.wordpress.org/plugin/ml-slider.3.3.6.zip...
Unpacking the package...
Installing the plugin...
Plugin installed successfully.
Success: Translations updates are not needed for the 'English (US)' locale.
Activating 'ml-slider'...
Success: Plugin 'ml-slider' activated.
[examplesiteuser@wphost ~/public_html]#

The “Success” messages tell us that ml-slider was installed and activated.

Database Operations

WP-CLI has a number of basic database management features built right in.

Back Up A Database

One particularly useful WP-CLI command allows you to easily back up the WordPress database:

wp db export

Running that command will export the site’s database to an sql file in the current working directory. If you do not specify a name for the file, the exported database file will be the database name with a “.sql” extension, and any existing file with that name will be overwritten. Because we are backing up the database and don’t want this file to overwrite any previous versions, we will be specifying a file name (which must end in .sql).

[examplesiteuser@wphost ~/public_html]# wp db export mydatabase_01042016.sql
Success: Exported to mydatabase_01042016.sql

You always should back up the WordPress database prior to making any significant changes. It takes only a moment and ensures that you will have a restore point in case your changes don’t quite go as planned.

Restore A Database

You can quickly restore a database from an sql file with:

wp db import

Simply supply the file name of the database to restore, and the specified sql file will overwrite the existing database:

[examplesiteuser@wphost ~/public_html]# wp db import mydatabase_01042016.sql
Success: Imported from mydatabase_01042016.sql

Note that importing a database will completely overwrite the existing database. Do not import a database unless you are certain that you have no further use for the existing database or its contents. If in doubt, back up the current version with a unique file name before restoring.

Search and Replace in the Database

WP-CLI includes an advanced search and replace that can be used for delicate operations on database tables. This feature commonly is used to update references to the site name when taking a development site into production.

In this example, we’re going to change the name of the user we created earlier, “sample”, to “example” using the command “wp search-replace”. Note that we’ve already backed up the database above using “wp db export”.

And because we’re changing a username, we’ll also specify that we want only to include the wp_users and wp_usermeta tables in the search and replace, so that the word “sample” doesn’t get replaced with “example” in posts or anywhere else it may crop up:

wp search-replace 'sample' 'example' wp_users wp_usermeta

Breaking down that command:

  • wp invokes WP-CLI
  • search-replace searches for the specified string and replaces it in the specified tables
  • ’sample’ is the string we’re searching for (the old text). The search string needs to be enclosed in quotes.
  • ’example’ is the string we’re replacing the old text with. The string needs to be enclosed in quotes.
  • wp_users wp_usermeta are the specific tables to which we are restricting the search and replace. You can list as many table names as necessary, separating them with a space. If no table name is specified, the search and replace will be performed on the entire database. Performing a search and replace on the entire database is a potentially dangerous operation and should be done only if you are absolutely certain of the results and even then, only after backing up the existing database with a unique name.

 

Note: Do not attempt to run a search and replace (or any other database-altering procedure) without first backing up the database with a unique file name. Even the simplest search and replace has the potential to cause a great deal of damage, or even take the site down (consider the result if we had replaced the word “sample” with “example” in every table in the database for a product sample giveaway site). Always manually take a database backup with a unique file name before running search-replace.

Manage Cron Jobs

WP-CLI can be used to display scheduled cron jobs, run them manually, or even add new ones.

For instance:

wp cron event list

returns a list of all scheduled WordPress crons.

You also may choose to run a listed WordPress cron immediately:

wp cron event run wp_scheduled_delete

executes the wp_scheduled_delete cron event right away, instead of at its normally scheduled time.

Manage Rewrite Rules

WP-CLI gives you the ability to see current rewrite rules as well as change the rewrite structure:

wp rewrite list

displays all current rules.

You also can change the rewrite structure using default WordPress variables. To make your rewrites display the month number first, followed by the year and the name of the post, you would use:

wp rewrite structure '/%monthnum%/%year%/%postname%'

Multisite WordPress Installations

Nearly all the WP-CLI commands can be used the same way on multisite installs as well, so long as you specify the site in the command. This is done by specifying the URL (in the format: –url=domainname.com) in the command.

For example, the command to list scheduled crons for examplewordpresssite.com on multisite would become:

wp cron event list --url=examplewordpresssite.com

Get Involved!

There is a great deal more that can be accomplished with WP-CLI, including the ability to write your own commands and share them with the WP-CLI community.

To get started, check out the Github page and the list of current community commands.
 
 

How To Connect To Your Managed WordPress Site Using SFTP

Pre-Flight Check

  • SSH File Transfer Protocol (SFTP) is the most secure way to upload files to your Managed WordPress site.
  • This article is intended specifically for connecting to a Managed WordPress site using the free, cross-platform FTP client FileZilla, but the connection details should apply to any FTP client.

Step #1: Enter the Connection Details

  1. FTP/SFTP connection details are included in the “Welcome to your new WordPress site” email that was automatically sent to you upon adding the site in the Sites section of your Manage dashboard. In case you don’t have that handy, you will use:
    • Host: The domain name or IP address of the site
    • Username: The WordPress admin username created when adding the site
    • Password: The password you assigned to the WordPress admin user when adding the site
    • Port: 22 (Port 21 can be used for a standard FTP connection, but it is not recommended. SFTP should be used for maximum security. All connection details other than the port number are the same either way.)
  2. In FileZilla, enter the host, username, password, and port into the Quick Connect toolbar and press the Quickconnect button.

    FileZilla QuickConnect

Step #2: Security Settings

If your site does not yet have its free standard SSL certificate installed, you will need to click OK to accept the “Unknown host key” message and proceed with the connection. The connection still will be secure, but will be encrypted using the server’s self-signed certificate. When you’re ready to get your site’s free standard SSL certificate ordered and installed, please contact Heroic Support®.

Unknown Host Key

Step #3: Upload Files

Once connected via SFTP, you will be able to securely transfer files to and from the server. You initially will connect to your account’s home directory (/home/username/), and will need to navigate to the appropriate directory for the content you are uploading. In FileZilla, you can paste the desired path directly into the Remote site field. For reference:

  • Document root: /home/username/public_html
  • Plugins: /home/username/public_html/wp-content/plugins
  • Themes: /home/username/public_html/wp-content/themes
  • Uploads: /home/username/public_html/wp-content/uploads

File locations
 
 

Adding Sites To Your Managed WordPress Server

Pre-Flight Check

  • This article applies specifically to Liquid Web’s Managed WordPress servers.
    We will be adding a WordPress site directly through the Manage interface, the preferred method for Managed WordPress servers.

Step #1: Open the Server Dashboard

  1. Log into your Manage dashboard and click the [+] button to the left of your Managed WordPress server’s name to expand the dashboard.

    Open the Dashboard

  2. Click on the Sites button in your dashboard to launch the WordPress Sites view.

    Click on Sites

Step #2: Add A Site

  1. To add a site, click the Install a WordPress Site button, fill out the requested information, and then click Add Site to add the new site.

    Add a Site

    • Domain Name is the domain name you want to add to the server. If the domain name is using Liquid Web nameservers, a free SSL certificate will be ordered and installed on the domain, and WordPress will be configured to use the https protocol on the site. If the domain name is pointed elsewhere, an SSL can be added later.
    • Username is the WordPress admin user. The username specified here will be used to log into both WordPress and the site’s cPanel account. It must be 16 characters or fewer.
    • Email is the contact information for the site.
    • Password is the credential which will be used to log into both WordPress and cPanel. It should be a strong password, and can contain upper- and lower-case letters, numbers, and basic special characters such as underscores.
    • Verify Password requires you to enter the password again, and will alert you if it does not match what was entered on the Password field.
    • Automatic Updates allows you to choose between automatically updating WordPress itself (Core), WordPress and its plugins (Core and Plugins), or disabling automatic updates altogether (None). It is recommended to at least enable automatic updates for WordPress itself.
  2. The site now will be listed in your Sites dashboard, where you can change update preferences or install a free standard SSL on the domain.

Step #3: Review Settings

Once you return to the Sites dashboard in Manage, you’ll now see your new WordPress site listed in the WordPress Sites section. Click on the [+] next to the domain name to expand the view and configure options for the site.

Review Settings

  • Automatic Updates: You can choose to have the WordPress core or the WordPress core and all plugins updated automatically, or you can disable update Automatic Updates altogether. Simply click the Update button after making any changes to the selected option.
  • Automatic Backups: The WordPress installation automatically will be backed up on a daily basis, and 10 of the daily backups will be retained. Beginning on the 11th day, the oldest backup automatically will be deleted when a new one is created. You will see a list of each backup listed under Automatic Backups once the first backup has been taken.
  • Install Free Signed SSL: Automatic SSL installation is possible only when the site’s domain name is registered and pointed to Liquid Web’s nameservers. If the domain is new or using other nameservers, you can click Install Free Signed SSL to get an SSL certificate for the domain ordered and installed at no charge.
  • Note that Managed WordPress Hosting includes a free standard domain SSL certificate covering the domain name of each WordPress site you add to the server. The server itself is protected by a self-signed SSL certificate to encrypt cPanel, mail, and ftp connections. If you would like to purchase a third-party verified SSL certificate to cover core services on your server, you can find instructions for ordering and installing an SSL certificate for your hostname at Install an SSL certificate on a Domain using cPanel, and you’ll find a guide to installing the certificate at Installing Service SSLs in cPanel. Should you need any assistance purchasing or installing an SSL certificate for the hostname, please feel free to contact a Heroic Support® technician.
  • Delete WordPress Site: The Delete WordPress Site button will completely remove the site and its associated cPanel account, and all data associated with the site immediately will be removed from the server. That data will not be recoverable, so it’s imperative that you confirm that you have a local backup of the site files before deleting any site.
  • Any local backups taken would be stored on the server; these types of backups would be deleted along with the rest of the files in the account if you were to delete the site. It is recommended that any such backups be downloaded to your local computer before you delete a site. Storm® backups, if you elected to configure them during server setup or enabled them later via the Backup tab in your Manage dashboard, do contain a full image of the server and would not be deleted by removing the account; however, restoring an individual file or site from a full-server backup is not a drag-and-drop process and can require significantly more time than restoring from a local backup.

Step #4: Access Your New Site

Once you’ve added the site, an email will automatically be sent to the address on file for your account. The “Welcome to your new WordPress site” email contains:

  • the WordPress site’s login URL
  • the site’s IP address (for adding or updating the domain’s DNS record)
  • instructions for obtaining your free SSL certificate (if it was not able to be installed automatically)
  • SFTP connection information

Once you have made any necessary DNS changes and they have had time to propagate, you should see a standard WordPress installation at the site’s URL. You then can log in and start working with your Managed WordPress site.

How To Deploy A Managed WordPress Server

Step #1: Create the Server

  1. If you’re not already a Liquid Web customer, you’ll want to start from our Managed WordPress product page, and select a plan that meets your needs. If you have an existing Liquid Web account, log into Manage and click the Create button in the top left, then click on Managed WordPress.

    Create menu

  2. The Create a Managed WordPress Server page allows you to select your server options, with a sidebar reflecting the monthly and estimated prorated costs. The totals will update as you make your selections.

    Create Server

    • Choose Server Type allows you to select your zone, server size and image.
    • Bandwidth allows you to configure your outgoing bandwidth options. 5 TB of monthly transfer is included at no extra charge, and incoming bandwidth is free.
    • Daily Backups allows you to configure automated Storm® backup options, from $0.12 per GB per month. The Pay per Gig option allows you to specify how many daily backups to retain at that price, and the Quota Pricing option allows you to purchase a set amount of space for backups, retaining as many backups as can fit in that space and rotating them out as needed. Note that backups are not retained more than 90 days, regardless of the amount of space purchased.

    Hostname and Password

    • Hostname and Password allows you to choose the server name and a root password for the server.
      • The server’s hostname should be a subdomain of a domain name you control. Once the server is created, you will need to add a DNS “A” record pointing to the hostname; that will need to be done at the domain’s registrar and created in the main domain’s DNS zone file. In this case, we would need to add an A record for wphost.example.com to example.com’s authoritative DNS zone file once the server is created and an IP is assigned to it.
      • Please select only a strong password. It can contain upper- and lower-case letters, numbers, and special characters. If you choose, you also can set up access with an SSH key previously stored in your Manage dashboard.
    • IP Addresses lets you choose any additional IP addresses for the server. One is included, and additional IP addresses (up to the number shown next to Available Slots Remaining) can be added now at a cost of $1 per month per additional IP address. If you have an IP pool associated with your account in the zone you chose, you also can add addresses from the pool. If you need more IP addresses than the IP Addresses section will allow, they will need to be requested via support ticket after the server has been created.
    • Once you have reviewed your choices, verified the estimated monthly and pro-rated costs, and read the billing terms at the bottom of the page, click the Create Server button.
    • You will be presented with a popup window to confirm your selection.

    Confirm selection

    • Clicking the Create Server button here will create the server and charge the card on file.

    Notification

    • You will be returned to your Manage dashboard, where you can monitor the server’s creation.

    Server Creating

    • Once complete, you will see the server’s status listed as Running in your Manage dashboard. You’ll also receive an email following activation which contains the server name, IP address, and login credentials for the server. While you will add WordPress sites directly from your Manage Dashboard, each WordPress site also has access to its own cPanel for the configuration and management of email, databases, cron jobs, statistics, and more.The Create a Managed WordPress Server page allows you to select your server options, with a sidebar reflecting the monthly and estimated prorated costs. The totals will update as you make your selections.

Step #2: Configure DNS Records

Once the server is deployed, you will want to ensure that DNS has been properly configured for the hostname you selected.
If you have not already done so, you may wish to follow our guides to add a DNS record for the hostname and set up Reverse DNS.

Note that Managed WordPress Hosting includes a free standard domain SSL certificate covering the domain name of each WordPress site you add to the server. The server itself is protected by a self-signed SSL certificate to encrypt cPanel, mail, and ftp connections. As such, you may need to accept the security certificate when connecting via cPanel or using secure email. If you would prefer to use a third-party verified SSL certificate to cover core services on your server, you can find instructions for purchasing and installing an SSL certificate for your hostname at Install an SSL certificate on a Domain using cPanel, and you’ll find a guide to installing the certificate at Installing Service SSLs in cPanel. Should you need any assistance, please feel free to contact a Heroic Support® technician who can assist with obtaining and installing an SSL from the vendor of your choice.

 

Getting Started With Managed WordPress

Liquid Web’s Managed WordPress product is a complete WordPress hosting solution, optimized for maximum performance and blazing speed, backed by our Heroic Support®. Liquid Web Managed WordPress servers are designed from the ground up to provide:

Exceptional performance

  • 100% SSD storage to maximize disk I/O
  • HipHop Virtual Machine (HHVM) for unparalleled php execution speeds
  • Memcached to fully leverage caching
  • mod_pagespeed to automatically apply web performance best practices to your Apache installation

Optimal Security

  • Isolated server environments
  • Automated daily backups
  • Automatic WordPress core & plugin updates (configurable)
  • Free domain SSL certificates for each site

Total Control

  • WP-CLI for full control of your sites without the need to log into WordPress itself
  • SSH and SFTP access, plus cPanel for each WordPress site you create
  • Multisite WordPress available on any site
  • Convenient dashboard for deploying new WordPress sites in seconds

Heroic Support®

  • Our Heroic Support® technicians are here 24/7/365 to answer any questions and offer help whenever you need it.
  • Around-the-clock, proactive service monitoring means we start working on any potential issues the moment they are spotted.
  • Most migrations to Managed WordPress are free of charge (some limitations may apply).

This series is designed to serve as a starting point for ordering, deploying, configuring, connecting to and managing your Managed WordPress server. If you need assistance or have any questions, do not hesitate to contact us.

How to Prevent Being Hacked by the Cross-site Scripting Vulnerability in WP Super Cache

The popular WordPress plugin WP Super Cache has been found to have a cross-site scripting (XSS) vulnerability in versions prior to 1.4.4. On sites with outdated versions, it is possible for an attacker to take complete control of the WordPress site. Please note: this vulnerability only affects users which have installed WP Super Cache. However, if you are unsure if you use the plugin or not you should still take precautions to protect your site.

Thankfully, this is vulnerability is simple to address; version 1.4.4, available now, contains a patch.

This tutorial is very similar to our tutorial on updating any WordPress plugin: How To Update a WordPress Plugin

Continue reading “How to Prevent Being Hacked by the Cross-site Scripting Vulnerability in WP Super Cache”

How to Update a WordPress Plugin

Step 1: Login to WordPress as Administrator

Hopefully, you’re already well-versed in logging into your WordPress site as an administrator!

Step 2: Access Updates

If there is an update for a plugin or a theme, then you’ll likely have a number in the top bar and next to Updates as shown below (the number 5). Click on Updates!

How To Update a WordPress Plugin - 01

Step 3: Select All the Plugins

Check the box for Select All:

How To Update a WordPress Plugin - 02

Step 4: Update the Plugins

Click on Update Plugins:

How To Update a WordPress Plugin

And at the end of the update process you should receive something similar to, All updates have been completed.

How To Update a WordPress Plugin

Try a Free Cloud Server.

Trying a new server is a breeze, and it’ll be up and running in only a few minutes...

How to Completely Disable Automatic Background Updates for WordPress

The following process works with all WordPress versions after version 3.7. Alas, turning off Automatic Background Updates is strongly discouraged.

Again, turning off Automatic Background Updates is STRONGLY DISCOURAGED. Doing so means that WordPress will not automatically update whenever a new minor release or updated translation files are available. Perhaps try adding automatic updating for WordPress Core instead: Enabling Automatic Background Updates for WordPressCore

Continue reading “How to Completely Disable Automatic Background Updates for WordPress”