After you make a few changes in your WordPress content or your design, you may notice that nothing has changed.

A number of common factors can cause this behavior, such as: browser caching, server-side caching, caching plugins, and making changes in the incorrect location in the file system.

The Browser Cache

Sometimes when you first visit a web page, it takes a while to load. But then the next page you visit within that site doesn’t take quite so long. This is because – in an effort to be helpful – your web browser stores the web page information on your computer. In the future, the web browser reloads the web page data from your computer, not from the actual site. The place where this web page data is stored is called the cache. The cache is an essential way to optimize your web browsing experience.

Sometimes a problem can arise when you make a small change to your site, and the browser doesn’t recognize it as a significant change. Since the browser hasn’t registered your adjustment as an actual change, it opts to reload the exact same page that you previously looked at. The solution in this case is to clear or empty your browser’s cache.

Clearing the Browser Cache

Normally, to see the changes on your page, you click the Refresh button on the browser toolbar or press the F5 key on your keyboard. In many cases, this simply reloads the page without clearing the browser’s cache. Here are some techniques to wipe clean the browser’s cache, so that you will see the changes when your page reloads.

The way you clear the browser cache depends on the particular browser you are using. Here is how you clear the cache on a few common browsers:

• Chrome – How to delete your Chrome cache, history, and other browser data
• Safari – Clear your browsing history in Safari on Mac
• Firefox – How to clear the Firefox cache
• Internet Explorer – How to delete the contents of the Temporary Internet Files folder
• Microsoft Edge – View and delete browser history in Microsoft Edge
• Opera – How to clear the Opera cache

In addition to clearing the cache, each browser may have a way of stopping or minimizing the caching of web pages. Using this technique will definitely slow down your web page viewing, and it isn’t a perfect solution, because some caching may still occur. However, in a small way it does still help. Check your internet browser’s help files for specifics on how to turn off the cache feature.

Server-side Caching

Be aware that some web hosting services use caching plugins on the backend without letting the user know explicitly. You may be able to turn this off via your webhost’s configuration panel. Just to be sure, you can ask a webhost support member if any caching plugins are used, and request to have them turned off if needed.

This situation may also occur if you are using a managed WordPress hosting plan. Many managed WordPress hosting plans use server-side caching. If you are using a managed WordPress service from your hosting provider and you are seeing this issue, you may want to see if they have an option to manually flush the cache. In many cases, your changes will immediately show up after flushing the cache.

If you are using a caching HTTP reverse proxy such as Varnish on your web server, edits to your files may not appear right away. Edits may become visible after some length of time when the cached version expires. You many need to tune your caching system in order to eliminate this issue.

A WordPress Cache Plugin

Some WordPress plugins also add cache functionality to your WordPress site. This helps your site load faster, because WordPress can retrieve the pages of your blog from the cache instead of generating them all over again.

Any good cache plugin will clear the cache when a post, page, or comment is published. However, if you make other changes (e.g. to your theme), the cache may not be cleared and the old version will still appear. In this case, check the plugin’s instructions to find out how to clear its cache.

Note that WordPress does not come with a cache by default, so the above would only apply if you installed a cache plugin yourself.

Check Your Source

Sometimes even the very best web page designers, developers, and programmers make a mistake. It’s the little details that can mess things up. Let’s look at some of the most commonly overlooked details that happen when you aren’t paying attention.

Check the Address

Is the name and folder for the file you “fixed” the same as the one you are viewing? Look at the following two addresses (URLs).

• wordpress/wp-content/themes/yourtheme/style.css
• test/wordpress/wp-content/themes/yourtheme/style.css

In this case, you can probably see the difference, but when viewed in an address bar or in a text editor, you might miss the word test that specifies a specific folder location.

Pay very close attention to the difference between style1.css and stylel.css if you are using different style names, too. The first filename is style followed by the digit one, while the second filename is style followed by a lowercase L. If you are working with different but similar files, make sure you give them distinctive names like style-red.css and style-800.css so you can clearly see the difference.

Check the Template

If you’re editing a template, are you sure that the page you’re viewing is being generated from that template? Remember that many templates contain very similar text. For example, a post header may appear on a single post page, an index page, a search page, or an archive page, to name a few.

See Template Hierarchy if you’re having trouble figuring out which template is in use.

Check Your Upload

When you make a change to a file, it is often on your computer’s hard drive, and you have to upload the file to your host server in order to view it on the internet. Did you actually upload it? Did you put it in the right folder? Is it really there? When overwriting the exact same file, it doesn’t always do a complete overwrite, so consider deleting the original from the host server and then uploading a new version, to make sure that the correct file is there in its entirety.

Test Yourself

Let’s say that: 
a) You’re working with the correct file, and 
b) It’s in the right place with the right name, but you still can’t see the changes you’ve made.

At this point, it’s time to complete the following steps:

1. Make a backup of the file you are working on and check that the backup is in a safe place.
2. Make a big change (such as setting the background in your style.css as #ff0000 or even red).
3. View the changed web page in your browser. Make sure you clear the cache, to be sure you have the new version.
4. If nothing changes, delete the file (and only that file) from the server and try to view the file again. If nothing continues to change, you and WordPress are looking at completely different files. It’s time to get out your detective hat and start figuring out what is happening and where your files went.
5. Check your URL settings in your options panel and also in the database. If this issue still continues to be unsolvable, make a post about it on the WordPress Forum, and let the experts step in to help.

How do I install WordPress?

Under most circumstances, installing WordPress is a very simple process and takes less than five minutes to complete. Many web hosts offer tools to automatically install WordPress for you. If you prefer a manual installation you can take a look at the Installation Guide.

How do I find a good host for my WordPress website?

Any host that supports the requirements for WordPress can be used for hosting your website. If you’re not sure if your host can run WordPress the best thing to do would be to contact them and ask if they meet the requirements for running WordPress. You can find a list with some good hosts here.

How do I install using cPanel / cPanel X?

If you want to perform a manual installation using cPanel you can follow the guide on using cPanel.

How do I configure the wp-config.php file?

The wp-config.php file is one of the most important files of your website. It’s located in the root of your WordPress installation and contains most of the website’s configuration details. Editing this file can be done in any plain-text editor. Usually this isn’t necessary unless you’re installing WordPress manually.
See also:

• Editing wp-config.php

What are the requirements for installing WordPress?

The current requirements for running WordPress can be found on the requirements page at WordPress.org.

How do I get WordPress to use my language?

If you want to change the language that WordPress is using, you can select your preferred language in the Administration Screen. To do this you can go the Settings > General, and choose your preferred language from Site Language dropdown menu.

Do I need to create a database?

Yes. WordPress requires access to a MySQL or MariaDB database to store information. So you’ll need a database.
You should create a new database if:

1. You have not already created one on the server
2. Your generous host offers you more than one database, and you wish to have a separate database for the website you are setting up.

It is not essential to create a new database for each WordPress installation.

• If you are using the same database for multiple WordPress installations, take care to edit the wp-config.php file ensuring that each installation has a unique database prefix.
• If you are setting up a new database for a new website, edit wp-config.php, and be sure to get the database name, and other details correct.

See also:

• Installation, Detailed Instructions

Why is my website showing a 403 Error?

If the following (or similar) message appears after uploading your website a couple of things can be happening:

You are not authorized to view this page. You might not have permission to view this directory or page using the credentials you supplied. If you believe you should be able to view this directory or page, please try to contact the Web site by using any e-mail address or phone number that may be listed on the personal.fredsmith.com home page. You can click Search to look for information on the Internet. HTTP Error 403 – Forbidden

If your account is hosted on a Apache based server the following things can be happening:

• server permissions aren’t allowing the request from being executed
• your index.php isn’t configured to be an allowed directory index
• the underlying filesystem isn’t allowing Apache access to the files requested

If you have checked all these settings and everything seems to be set up correctly you’d best contact your hosting provider for support.

Can I rename the WordPress folder?

If you have not already installed WordPress, you can rename the folder with the WordPress files, before, or even after uploading the files.

If you have WordPress installed already, and you want to rename the folder, login to your website as an administrator and change the following settings in Settings > General:

• WordPress Address (URL):
• Site Address (URL):

Once you have done this, you can rename the directory or folder with the WordPress files in it.

See also:

• Moving WordPress

Why is my upload directory “C:apachehtdocswordpress”?

When you specified the upload path, you used backslashes.

Use forward slashes “/” to specify the path to the directory.

Can I install WordPress on Windows Server?

Yes you can! As long as you have PHP installed you shouldn’t have any trouble getting started with WordPress. Both Apache and Microsoft IIS are capable of serving your WordPress website.

Advanced Installation

How do I install WordPress with the files in different directories?

This also answers the questions:

• How can I have my blog in one folder but my index at root?
• How can I have people see my blog at www.example.com but keep all the files in www.example.com/wordpress?
• How do I install WordPress in a different directory than where the index.php resides?

See also:

• Giving WordPress Its Own Directory
• Moving WordPress

How can I hide my blog from people?

Whether you are testing a new version of WordPress, setting up a new blog or have some other reason to limit access, the following information may help you keep unwanted visitors out.

Apache

There is no guaranteed way to do this. You can use the .htaccess file (which also contains your permalink code) to check for certain IP addresses and prevent them from viewing your site. This will only stop the IP address, not the person, so if they have access to an allowed IP address, they can get to your page. One tutorial for this is located at Clockwatchers.com

An .htaccess file can also be used to prevent others from “hot-linking” to your images (bandwidth theft) or to set up a password protected blog.

Apache Basic Authentication

To require a password to access your site using .htaccess and .htpasswd.

Tools that help you create the files necessary to password protect your site: Htpasswd generator, htaccess Tools and Clockwatchers.com .htaccess And .htpasswd Tools

Note: When your site is accessed the password is encoded weakly using Base64 and can be easily intercepted and decoded.

Search Engines: Spiders and Bots

Search Engines will index your site and cache your content. If you do not want this to happen, you can go to the Settings > Reading from Administration Screen, and Click Check the ‘Discourage search engines from indexing this site’ box to ask search engines not to index this site.
Note: It is up to search engines to honor your request.
You may use a file called robots.txt. More details can be found at Affilorama.com and elsewhere on the web.

How can I solve login problems?

See also:

• Login Trouble

How can I get WordPress working when I’m behind a reverse proxy?

In some setups, it’s necessary to use something other than the HTTP_HOST header to generate URLs. Reverse proxies take the original request and send it to one of a group of servers. To do so, it overwrites the HTTP_HOST with the internal server’s domain. When that domain is not publicly accessible, at best your images might not load correctly, at worst, you’ll be stuck in a redirect loop. To fix this, figure out which header has the right domain name and add a line to your wp-config.php file that overwrites HTTP_HOST with the correct hostname.

If you need to use SERVER_NAME, add this line to wp-config.php:

$_SERVER['HTTP_HOST'] = $_SERVER['SERVER_NAME'];

If you need to use HTTP_X_FORWARDED_HOST, add this line to wp-config.php:

$_SERVER['HTTP_HOST'] = $_SERVER['HTTP_X_FORWARDED_HOST'];

FTP

How do I FTP?

See also:

• Using FileZilla and FTP Clients

How do I use FileZilla?

See also:

• Using FileZilla

How do I upload the files and folders?

See also:

• Using FileZilla

How do I CHMOD files?

See also:

• Changing File Permissions

MySQL or MariaDB

Do I really need MySQL/MariaDB?

Yes. You certainly need the MySQL or MariaDB database servers to power your WordPress blog. In fact, WordPress only supports the MySQL and MariaDB database servers.
See also:

• Requirements for WordPress

Can I use a database other than MySQL/MariaDB?

No. Other databases are not supported at the moment.

There are several other excellent database storage engines, such as PostgreSQL and SQLite that WordPress is interested in supporting in the future. Supporting multiple databases is trickier than it sounds and is not under active development, although there are plenty of architectural discussions about the best approach to take. Approaches for increasing the number of supported databases are discussed at Using Alternative Databases.

Why does WordPress use MySQL/MariaDB?

MySQL and MariaDB are extremely fast. It is also the most widely available database server in the world. Open-source and free, MySQL and MariaDB are supported by thousands of low-cost Linux (and Windows!) hosts, which means a very low barrier to entry for anyone wanting to start a WordPress (or database-driven) website. MySQL’s documentation is useful, cogent and thorough. (Note: it may be intimidating if you are new to all this.) Add to all that the fact that users are able to directly manipulate MySQL and MariaDB with phpMyAdmin, developed expressly for that purpose, and it is obvious that MySQL and MariaDB are the best choice.

PHP

What is phpMyAdmin?

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL/MariaDB over the Web.

See also:

• phpMyAdmin

Do I need to know PHP to use WordPress ?

No. The only time you would modify your WordPress blog with PHP would be when integrating some of the plugins. In most cases clear instructions are given within a text file that accompanies the plugin. Other than that, you will not be changing any of the PHP files.

Will WordPress run in PHP Safe Mode?

Most definitely! There are no known issues with any version of WordPress when PHP is running in Safe Mode.

Do I really need PHP?

Yes. You certainly need PHP to power your WordPress blog. PHP is the scripting language that drives all of WordPress, and without PHP, your server will not be able to interpret the pages that create your weblog. For supported PHP version, refer Requirements for WordPress.

How do I find out which version of PHP I have?

To get information about your server, you can use the phpinfo() function. This will also give you information about your Apache and PHP version and mod_rewrite.

See also:

• Finding Server Info

Importing

How can I import posts from my current weblog which uses a different blogging tool such as b2, Movable Type MT, Blogger, etc.?

See also:

• Importing Content

Suffering a hack can be one of the more frustrating experiences you’ll have on your online journey. Like most things however, taking a pragmatic approach can help you maintain your sanity. While also moving beyond the issues with as little impact as possible.

A hack is a very ambiguous term, which in it of itself will provide little insights into what exactly happened. To ensure you get the help you need via the forums, be sure to understand the specific symptoms that lead you to believe you’ve been hacked. These are otherwise known as Indicators of Compromise (IoC).

A couple of IoC’s that are clear indicators of a hack include:

• Website is blacklisted by Google, Bing, etc..
• Host has disabled your website
• Website has been flagged for distributing malware
• Readers complaining that their desktop AV’s are flagging your site
• Contacted that your website is being used to attack other sites
• Notice behavior that was not authorized (i.e., creation of new users, etc…)
• You can visibly see that your site has been hacked when you open it in the browser

Not all hacks are created equal, so when engaging in the forums please keep this in mind. If you can better understand the symptoms the teams will be better equipped to provide help.

Below you will find a series of steps that are designed to help you start working through the post-hack process. They are not all encompassing as it would be impractical to account for every scenario, but they are designed to help you think through the process.

Some steps to take

Stay calm.

When addressing a security issue, as a website owner, you’re likely experiencing an undue amount of stress. It’s often the most vulnerable you have found yourself since being on line and it’s contrary to what every one told you, “Hey, WordPress is Easy!!”

The good news is that all is not lost! Yes, you might lose some money. Yes, you might take a hit against your brand. Yes, you will recover from this.

So, yes, take a step back and compose yourself. Doing so will allow you to more effectively take control of the situation and allow you to recover your online presence.

Document.

The first actionable step you should take post-compromise is documentation. Take a moment to document what you’re experiencing, and if possible times. A couple of things you want to keep in mind:

• What are you seeing that leads you to believe you are hacked?
• What time did you notice this issue? What timezone?
• What actions have you taken recently? Was a new plugin installed? Did you make a change to a theme? Modify a widget?

You are creating the baseline for what is recognized as an incident report. Whether you are planning to perform the incident response yourself, or engage a professional organization, this document will prove invaluable over time.

Recommend taking a moment to annotate details of your host environment as well. It will be required at some point during the incident response process.

Scan your website.

When scanning your website you have a few different ways to do this, you can use external remote scanners or application level scanners. Each are designed to look and report on different things. No one solution is the best approach, but together you improve your odds greatly.

Application Based Scanners (Plugins):

• Quttera
• GOTMLS
• WordFence
• Sucuri

Remote Based Scanners (Crawlers):

• VirusTotal
• Sitecheck

There are also a number of other related security plugins available in the WP repo. The ones annotated above have been around a long time and have strong communities behind each of them.

Scan your local environment.

In addition to scanning your website, you should start scanning your local environment. In many instances, the source of the attack / infection begins on your local box (i.e., notebook, desktop, etc…). Attackers are running trojans locally that allow them to sniff login access information to things like FTP and /wp-admin that allow them to log in as the site owner.

Make sure you run a full anti-virus/malware scan on your local machine. Some viruses are good at detecting AV software and hiding from them. So maybe try a different one. This advice extends to both Windows, OS X and Linux machines.

Check with your hosting provider.

The hack may have affected more than just your site, especially if you are using shared hosting. It is worth checking with your hosting provider in case they are taking steps or need to. Your hosting provider might also be able to confirm if a hack is an actual hack or a loss of service, for example.

One very serious implication of a hack these days is around Email blacklisting. This seems to be happening more and more. As websites are abused to send out SPAM emails, Email Blacklist authorities are flagging the website IP’s and those IP’s are often associated with the same server being used for email. The best thing you can do is look at Email providers like Google Apps when it comes to your business needs.

Be Mindful of Website Blacklists.

Google Blacklist issues can be detrimental to your brand. They currently blacklist somewhere in the neighborhood of 9,500 to 10,000 websites a day. This number grows daily. There are various forms of warnings, from large splash pages warning users to stay away, to more subtle warnings that pop up in your Search Engine Result Pages (SERPs).

Although Google is one of the more prominent ones, there are a number of other blacklist entities like Bing, Yahoo and a wide range of Desktop AntiVirus applications. Understand that your clients / website visitors may leverage any number of tools and any one of them could be causing the issue.

It’s recommended that you register your site with the various online webmaster consoles like:

• Google Search Console
• Bing Webmaster
• Yandex Webmaster
• Norton Webmaster

Improve your Access Controls.

You will often hear folks talking about updating things like Passwords. Yes, this is a very important piece, but it’s one small piece in a much larger problem. We need improve our overall posture when it comes to access control. This means using Complex, Long and Unique passwords for starters. The best recommendation is to use a Password Generator like those found in apps like 1Password and LastPass.

Remember that this includes changing all access points. When we say access points we mean things like FTP / SFTP, WP-ADMIN, CPANEL (or any other administrator panel you use with your host) and MYSQL.

This also extends beyond your user, and must include all users that have access to the environment.

It is also recommended to consider using some form of Two Factor / Multi-Factor authentication system. In it’s most basic form, it introduces, and requires, a second form of authentication when logging into your WordPress instance.

Some of the plugins available to assist you with this include:

• Rublon
• Duo

Reset all Access.

Once you identify a hack, one of the first steps you will want to do is lock things down so that you can minimize any additional changes. The first place to start is with your users. You can do this by forcing a global password reset for all users, especially administrators.

Here is a plugin that can assist with this step:

• iThemes Security

You also want to clear any users that might be actively logged into WordPress. You do this by updating the secret keys in wp-config. You will need to create a new set here: the WordPress key generator. Take those values then overwrite the values in your wp-config.php file with the new ones. This will force anyone that might still be logged in off.

Create a Backup.

You hopefully have a backup of your website, but if you don’t, this will be a good time to create one. Backups are a critical piece of your continuation of operations, and should be something you actively plan for moving forward. You should also ask your host what their policy is as it pertains to backups. If you do have a backup, you should be able to perform a restore and skill right into the forensics work.

Side note: It’s important you keep regular backups of your database and files. If this ever happens again.

Regardless, before you move into the next phase of cleaning, it is recommended you take one more snapshot of the environment. Even if it’s infected, depending on the type of hack, the impacts can cause a lot of issues and in the event of catastrophic failure you’ll at least have that bad copy to reference.

Find and remove the hack.

This will be the most daunting part of the entire process. Finding and removing the hack. The exact steps you take will be dictated by a number of factors, including, but not limited to, the symptoms provided above. How you approach the problem will be determined by your own technical aptitude working with websites and web servers.

To help in the process though, we’ve included a number of different resources that should help you in the process:

• Did Your WordPress Site Get Hacked?
• How to Clean Your Hacked Install
• How To Clean a Hacked WordPress Site
• How to Cope With a Hacked Site
• Four Malware Infections
• How to Clean a WordPress Hack

It might be tempting to purge everything and start over. In some cases that’s possible, but in many instances it’s just not possible. What you can do however is reinstall certain elements of the site with little regard to impacting the core of your website. You always want to make sure you reinstall the same version of software your website is using, if you choose an older or newer one you’re likely to kill your website. When reinstalling, be sure not to use the reinstall options in your WP-ADMIN. Use your FTP / SFTP application to drag and drop the versions. This will prove much more effective in the long run as those installers often only overwrite existing files, and hacks often introduce new files… You can replace the following directories safely:

• /wp-admin
• /wp-includes

From there, it’s recommended that you be more diligent in updating and replacing files as you move through wp-content as it contains your theme and plugin files.

The one file you will definitely want to look at is your .htaccess file. It’s one of the more common files, regardless of the type of infection, that is most often updated and used for nefarious activities. This file is often located at the root of your installation folder, but can also be embedded within several other directories on the same installation.

Regardless of the type of infection, there are will be some common files you will want to keep an eye on during your remediation process. They include:

• index.php
• header.php
• footer.php
• function.php

If modified, these files can usually adversely affect all page requests, making them high targets for bad actors.

Leverage the Community

We often forget but we’re a community based platform, this means that if you’re in trouble someone in the community is likely to give a lending hand. A very good place to start if you’re strapped for cash or just looking for a helping hand is the WordPress.org Hacked or Malware forum.

Update!

Once you are clean, you should update your WordPress installation to the latest software. Older versions are more prone to hacks than newer versions.

Change the passwords again!

Remember, you need to change the passwords for your site after making sure your site is clean. So if you only changed them when you discovered the hack, change them again now. Again remembering to use Complex, Long and Unique passwords.

You may consider to change the database user account and password. When you changed them, do not forget enhancing them to wp-config.php file.

Forensics.

Forensics is the process of understanding what happened. How did the attackers get in? The goal is to understand the attack vector a bad actor used to ensure they’re unable to abuse it again. In many instances, it’s very difficult for website owners to perform this type of analysis due to lack of technical knowledge and / or available data. If you do have the metadata required, then there are tools like like OSSEC and splunk that can help you synthesize the data.

Secure your site.

Now that you have successfully recovered your site, secure it by implementing some (if not all) of the recommended security measures.

Can’t Log Into WordPress Admin Panel

There are times that a bad actor will hijack your administrator account[s]. This is not a reason to panic, there are a few different things you can do to regain control of your account. You can follow these steps to reset your password

Tools like phpMyAdmin and Adminer are often made available via your hosting provider. They allow you to log into your database directly, bypassing your Administration Screen and resetting your user in the users table wp_users.

If you don’t want to mess with password hashes or can’t figure it out, simply update your email and go back to Login Screen, click forgot password, and wait for the email.

Using version control?

If you are using version control, it can be very handy to quickly identify what has changed and to rollback to a previous version of the website. From the terminal or command line you can compare your files with the versions stored in the official WordPress repository.

$ svn diff .

Or compare a specific file:

$ svn diff /path/to/filename

Other Resources

• Hacked WordPress Backdoors (OttoPress)
• WordPress Security – Cutting Through the BS (Sucuri)
• Security Posts (Perishable Press)

Also refer Common WordPress Errors for the most common WordPress errors experienced by WordPress users such as

• The White Screen
• Internal Server Error
• Error Establishing Database Connection
• Failed Auto-Upgrade
• Connection Timed Out
• Maintenance Mode Following Upgrade
• PHP errors or MySQL DB errors

How to deactivate all plugins when not able to access the administrative menus?

Sometimes it may be necessary to deactivate all plugins, but you can’t access the Administration Screens to do so. One of two methods are available to deactivate all plugins.

Use phpMyAdmin to deactivate all plugins.

1. In the table wp_options, under the option_name column (field) find the active_plugins row
2. Change the option_value field to: a:0:{}

Or reset your plugins folder via FTP or the file manager provided in your host’s control panel. This method preserves plugin options but requires plugins be manually reactivated.

1. Via FTP or your host’s file manager, navigate to the wp-contents folder (directory)
2. Via FTP or your host’s file manager, rename the folder “plugins” to “plugins.hold”
3. Login to your WordPress administration plugins page (/wp-admin/plugins.php) – this will disable any plugin that is “missing”.
4. Via FTP or your host’s file manager, rename “plugins.hold” back to “plugins”

How to clear the “Briefly unavailable for scheduled maintenance” message after doing automatic upgrade?

As part of the automatic upgrade WordPress places a file named .maintenance in the blog base folder (folder that contains the wp-admin folder). If that file exists, then vistors will see the message Briefly unavailable for scheduled maintenance. Check back in a minute.

To stop that message from being displayed to vistors, just delete the .maintenance file. The automatic upgrade should be executed again, just in case it failed.

An update was just released, so why does my blog not recognize the update is available?

When an update is released, notification of that release is displayed at the top administration screens saying WordPress x.x.x is available! Please update now. Not every blog will see that message at the same time. Your blog is programmed to check for updates every 12 hours, but the timing of that check is purely random. So if your blog just checked for updates minutes before an update was released, you won’t see the update message until your blog checks for updates 12 hours later.

If you want your blog to check right now for updates, you can delete the update_core option name record in your wp_options table. Note that plugins and themes each have their own check and update cycle, controlled by the records update_plugins and update_themes, in wp_options.

Relevant discussion thread:

• https://wordpress.org/support/topic/242485

Why did I lose custom changes to the WordPress Default Theme during the last automatic upgrade?

A core upgrade copies all the new files from the distribution over the old ones, so if you changed existing files in the WordPress default theme (e.g. wp-content/themes/twentysixteen/style.css), those changes got overwritten with the new version of that file.

Please note, a core upgrade goes through a list of “old files”, as defined in wp-admin/includes/update-core.php, and deletes those files. Any files not on the list, and not in the distribution, are preserved.

Remember, that before upgrades, whether automatic or manual, both the WordPress Files and database should be backed-up as explained in WordPress Backups.

A better way to modify the default theme is by using a child theme. It’s a little more work to set up, but worth the effort because your customizations will be safe when the main theme is updated.

How do you repair a MySQL database table?

Every once in a while, it may be necessary to repair one or more MySQL database tables. According to the How to Repair MyISAM Tables at dev.mysql.com there are a number of reasons to repair a table including errors such as “tbl_name.frm is locked against change”, “Can’t find file tbl_name.MYI (Errcode: nnn)”, “Unexpected end of file”, “Record file is crashed”, or “Got error nnn from table handler”.

Here are the steps to repair a table in a MySQL database using phpMyAdmin:

1. Login to hosting account.
2. Login to phpMyAdmin.
3. Choose the affected database. If you only have one database, it should choose it by default so you don’t need to do anything.
4. In the main panel, you should see a list of your database tables. Check the boxes by the tables that need repair.
5. At the bottom of the window just below the list of tables, there is a drop down menu. Choose “Repair Table”

Remember, that it is advisable to have a current backup of your database at all times. See also WordPress Backups

How do I empty a database table?

Refer Emptying a Database Table

Emailed passwords are not being received

Description: When users try to register with your blog or change their passwords by entering their username and/or email, WordPress indicates that their password has been emailed to them, but it is never received.

Reason and Solutions: WordPress uses the standard PHP mail() function, which uses sendmail. No account information is needed. This is not generally a problem if you are using a hosting service, but if you are using your own box and do not have an SMTP server, the mail will never send. If you are using a *NIX box, you should have either postfix or sendmail on your machine; you will just need to set them up (search the Internet for how-to’s). If you do not want to go through setting up a complete mail server on your *NIX box you may find msmtp useful — it provides “A secure, effective and simple way of getting mail off a system to your mail hub”. On a Windows machine, try a sendmail emulator like Glob SendMail.

More help can be found on this thread of the WordPress Support Forums: https://wordpress.org/support/topic.php?id=24981.

Windows Host Server Specific: Check your “Relay” settings on the SMTP Virtual Server. Grant access to 127.0.0.1 . Then in your php.inifile, set the SMTP setting to the same IP address. Also set smtp_port to 25.

Ensure Proper Return Address is Used: By default, the WordPress mailer fills in the From: field with wordpress@yourdomain.com and the From: name as WordPress.

This is fine if this is a valid e-mail address. For example, if your real e-mail is wordpress@yourdomain.com, your host should pass the email on for delivery. It will probably send your mail as long as yourdomain.com is setup to send and receive mail, even if wordpress is not a valid mail box. But if you set you real email as the From: address and it’s something like wpgod@gmail.com, the mail may not send because gmail.com is not a domain handled by the mail server.

Treated as Spam: Your email message may have been routed to a spam folder or even worse, simply discarded as malicious. There are a couple measures you can use to convince recipient’s mail servers that your message is legitimate and should be delivered as addressed.

SPF: (Sender Policy Framework) This is the most common anti-spam measure used. If you are on a hosted system, there is a good chance your host has set this up for the mail server you are using. Have WordPress email you and check the message headers for evidence that the message passed the SPF check. You can get a message sent by following the Forgot Password link on the login page. To keep your old password, do not follow the link in the message.
If your system email failed the SPF check, you can set up the credentials if you have access to your DNS records and your mail server’s domain belongs to you. Check the return path of the email your system sent. If the mail server listed there has your domain name, you can set up SPF credentials. There are several how-tos on the Internet.

DKIM: (Domain Key Identified Mail) This system is also used. You can use both SPF and DKIM in the same message. Again, just as with SPF, you can check if your receiving mailserver verified your host’s domain key by examining the mail header. There is a fair chance no signature key was provided, indicating your host chose to not use this protocol. Also as with SPF, if you can edit your DNS records and the mail server belongs to your domain, you can set up DKIM credentials yourself. Some how-tos exist if you search the Internet.

Why can’t I see my posts? All I see is Sorry, no posts match your criteria?

Clearing your browser cache and cookies may resolve this problem. See also I Make Changes and Nothing Happens

How do I solve the Headers already sent warning problem?

Description: You got a warning message on your browser that says:

Warning: Cannot modify header information - headers already sent by
(output started at

Reason and Solution:

It is usually because there are spaces, new lines, or other stuff before an opening <?php tag or after a closing ?> tag, typically in wp-config.php. This can also happen in other edited PHP files that are not theme templates, so please check the error message, as it will list the specific file name where the error occurred (see “Interpreting the Error Message” below). Replacing the faulty file with one from your most recent backup or one from a fresh WordPress download is your best bet, but if neither of those are an option, please follow the steps below.

Just because you cannot see anything does not mean that PHP sees the same.

1. Download the file mentioned in the error message via FTP or the file manager provided in your host’s control panel.
2. Open that file in a plain text editor (NOT Microsoft Word or similar. Notepad or BBEdit are fine).
3. Check that the very first characters are with no blank lines or spaces after it.
4. Before saving, or use the Save as dialog, ensure the file encoding is not UTF-8 BOM but plain UTF-8 or any without the BOM suffix.

To be sure about the end of the file, do this:

1. Place the cursor between the ? and >
2. Now press the DELETE key on your computer Note to MAC users: The “DELETE” key on a PC deletes characters to the right of the cursor. That is the key noted here.
3. Keep that key pressed
4. For at least 15 seconds
5. Now type > and
6. save without pressing any other key at all.
7. If you press another key, you will bring the problem back.
8. DO NOT PUT CODE IN UNNECESSARY CODE BLOCKS, PUT THEM IN A SINGLE PHP BLOCK.

Wrong:

<?php some code; ?> <?php some other codes; ?> 

Correct:

<?php code; some other code; ?> 

Upload the file back to your server after editing and saving the file.

Note: Also check the encoding of the file. If the file is encoded as UTF-8 with BOM, the BOM is seen as a character which starts the output.

Interpreting the Error Message:

If the error message states: Warning: Cannot modify header information - headers already sent by (output started at /path/blog/wp-config.php:34) in /path/blog/wp-login.php on line 42, then the problem is at line #34 of wp-config.php, not line #42 of wp-login.php. In this scenario, line #42 of wp-login.php is the victim. It is being affected by the excess whitespace at line #34 of wp-config.php.

If the error message states: Warning: Cannot modify header information - headers already sent by (output started at /path/wp-admin/admin-header.php:8) in /path/wp-admin/post.php on line 569, then the problem is at line #8 of admin-header.php, not line #569 of post.php. In this scenario, line #569 of post.php is the victim. It is being affected by the excess whitespace at line #8 of admin-header.php.

Why doesn’t my “Publish” or “Save Draft” button work?

To resolve this and similar issues, disable your plugins one at a time until you find the source of the issue. Generally, this will be due to two or more plugins trying to use the same resources (for example, JQuery or other Java-based tools).

In addition, it could be that there is a problem with your browser. A common resolution is to empty the browser’s cache. Please consult the documentation for your preferred browser to learn how to do this.

How to fix 404 error when using Pretty Permalinks?

If an error 404 occurs when using the Pretty Permalink choices such as Day and Name in Administration > Settings > Settings_Permalinks_Screen it could be a result of the mod_rewrite module not being activated/installed. The solution is to activate mod_rewrite for the Apache web-server. Check the apache\conf\httpd.conf file for the line # LoadModule rewrite_module modules/mod_rewrite.so
and delete the # in front of the line. Then stop Apache and start it again. Note: you may have to ask your host to activate mod_rewrite.

See also Using Permalinks. Relevant discussion thread is https://wordpress.org/support/topic/234726

Why isn’t the admin user listed as an author when editing posts?

Not sure why this problem happens, but here’s a couple of things to try one of these two solutions.

This usually fixes the problem:

1. Create new admin user (e.g. newadmin) with Administrator Role
2. Login as ‘newadmin’
3. Degrade the old ‘admin’ user to Role of Subscriber and Save
4. Promote the old ‘admin’ back to Administrator Role and Save
5. Login as the old ‘admin’

If that doesn’t work, try:

1. Create a new admin user (e.g. newadmin) with Administrator Role
2. Login as ‘newadmin’
3. Delete the old ‘admin’ user and assign any posts to ‘newadmin’
4. Create ‘admin’ user with Administrator Role
5. Login as ‘admin’
6. Delete ‘newadmin’ user and assign posts to ‘admin’

Why is the wrong author name displayed for a post on a blog?

This problem is usually solved by the same solution as is presented in the question right before this one:
Why isn’t the admin user listed as an author when editing posts?

How do I find more help?

There are various resources that will help you find more help with WordPress, in addition to these FAQ.

• Troubleshooting
• Finding WordPress Help
• Using the Support Forums
• Resources and Technical Articles about WordPress
• Installation Problems

Important: Please note that this is not a support page. If you seek help with your specific problem, please refer to the Support forums.

Can my posts have URL instead of /index.php?p=76?

See:

• Using Permalinks

How long is the release cycle of WordPress?

A major release of WordPress happens every 6 months or so. Suggest and vote on ideas for future releases at the WordPress Extend Ideas site.

Also refer WordPress Versions for the chronologically listed versions of WordPress along with the Change Log information on new features and improvements in each version. There are the future releases and links to their respective milestones in the bug tracker.

How do I turn on Permalinks, and what do I do about the errors?

See:

• Using Permalinks

What are Roles for and what permissions do different Roles have?

See:

• Roles and Capabilities

Why can’t I delete the uncategorized Category?

Deleting a category does not delete the posts in that category. Instead, posts that were only assigned to the deleted category are set to the uncategorized category. Also, all Pages are assigned the uncategorized Category.

The uncategorized category cannot be deleted, however you can specify your default categories for posts on the Settings – Writing screen of the Administration Screens.

Why is there no Page Template option when writing or editing a Page?

If there is no Page Template option when writing or editing a Page it may because there is no template file with the proper structure. For the Page Template box to be available to assign to a Page there must be a least one template file in your theme that has a structure at the beginning of the template file that looks like this:

<?php
/*
Template Name: My Custom Page
*/
?>

Create a new PHP file with any name under the theme directory and put above codes into the file. You will see the Page Template box appears that includes “My Custom Page” option in the Page Edit Screen. For more detail about Custom Page Template, refer Page Templates.

How do I determine a Post, Page, Category, Tag, or User ID?

Sometimes it is necessary to know the ID of a particular Post, Page, Category, Tag, or User. To determine that ID, use one of these method:

• Look in your browser status bar for the ID:
  1. Visit the related list table screen in your Administration Screen. For instance in the case of Posts visit Posts->All Posts, for Pages visit Pages->All Pages, and for Categories visit Posts->Categories.
  2. Now hover your mouse over the ‘item’ you need the ID. In the case of Pages, hover over that particular Page’s title in the Title column and for Categories hover over the Categories Name in the Name column.
  3. Look at the status bar (at the bottom of your browser) and the you will find at the end of the line something like “post=123” or “tag_ID=67”. In these cases, 123 is the Page ID, and 67 is the Category ID.

Configuration

How can I change how the date and / or time is displayed?

See:

• Formatting Date and Time

How can I control comments people make?

See:

• Comment Moderation

What do the Discussion Options mean?

See:

• Discussion Screen

How do I install plugins?

See:

• Managing Plugins

Why are all the comments being moderated?

Go to the Settings > Discussion screen and make sure that Comment must be manually approved is unchecked. With that option selected, all comments are sent to the moderation queue to await approval.
Make sure that Hold a comment in the queue if it contains x or more links. is not blank and contains a number higher than zero. If this value is blank or zero, all comments containing links will be moderated.
If the option mentioned above is unchecked, the link moderation value is higher than zero, and you still have this problem, then upgrade the comment spam plugins you have installed. If this continues to be a problem, deactivate the comment spam plugins one by one to determine the culprit and contact the plugin author for help.

How do I disable comments?

First, uncheck Allow people to post comments on new articles on the Settings > Discussion screen. This will only disable comments on future posts.
Next, to completely disable comments, you will have to edit each past post and uncheck Allow Comments from the Edit Post screen. Use Bulk Edit to disable multiple posts at once.

1. In the Posts_Screen, check the checkbox in the Table’s title to select all Posts in a given table.
2. From Bulk Actions box, select Edit and click Apply.
3. In the Bulk Edit Screen, select Do not allow option from Comments box
4. Click Update.

Alternatively, you could run below MySQL query from the command line on a shell account or using phpMyAdmin, or through a wp-cli wp db query:

UPDATE wp_posts SET comment_status = 'closed';

If your goal is to permanently remove comments, then follow the next steps. This is the example of Twenty Fifteen theme customization.

1. Create a Child Themes of Twenty Fifteen theme.
2. Copy twentyfifteen_entry_meta() function from parent’s inc/template-tags.php to child theme’s functions.php.
3. Comment out the if block that contains comments-link.

function twentyfifteen_entry_meta() {
    if ( is_sticky() && is_home() && ! is_paged() ) {
        :
    }

    // if ( ! is_single() && ! post_password_required() && ( comments_open() || get_comments_number() ) ) {
    //  echo '';
    //  /* translators: %s: post title */
    //  comments_popup_link( sprintf( __( 'Leave a comment on %s', 'twentyfifteen' ), get_the_title() ) );
    //  echo '';
    // }
}

It removes the number of comments or “Leave a comment” message from bottom of each post.

1. Newly create comments.php under the Child Theme’s directory without any contents. It removes the comment area of exsiting posts.
2. Activate the Child Teheme.

How do I disable trackbacks and pingbacks?

First, uncheck Allow link notifications from other blogs (pingbacks and trackbacks) on new articles on the Settings > Discussion screen. This will only disable trackbacks and pingbacks on future posts.
Next, to completely disable trackbacks and pingbacks, you will have to edit each past post and uncheck Allow trackbacks and pingbacks on this page from the Edit Post screen. Use Bulk Edit to disable multiple posts at once. See also above image.

1. In the Posts_Screen, check the checkbox in the Table’s title to select all Posts in a given table.
2. From Bulk Actions box, select Edit and click Apply.
3. In the Bulk Edit Screen, select Do not allow option from Pings box.
4. Click Update.

Alternatively, you could run this MySQL query from the command line on a shell account or using phpMyAdmin, or through a wp-cli wp db query:

UPDATE wp_posts SET ping_status = 'closed';

How do I change the site admin name?

To change your Admin Name, in the Administration Screens, choose the Users->Your Profile menu. Make your changes there. However, you are not able to change the username from within the Administration screen. In order to do this you must directly edit the MySQL database, however this is not recommended as your username is not often seen by other users.

See:

• Users Your Profile Screen

How do I find the absolute path I need for uploading images?

1. Open the below page from your Browser

http://(site URL)/wp-admin/options.php

1. Refer upload_url_path option value.
   If the value is blank, then the directory wp-content/upload is the default destination to save.

Which files do I change to alter the way my blog looks?

See:

• Theme Development Handbook

How do I upload images?

See:

• Inserting Media into Posts and Pages

Can I change the “Error establishing database connection” message to something more descriptive?

Just simply create a file to reside at wp-content/db-error.php, and in that file put the message you want displayed to users when WordPress determines the database connection is not available. That file will be used in place of “Error establishing database connection” message. You could even use the db-error.php to redirect users elsewhere. Here’s an example for db-error.php:

<?php
<pre>echo '<h2> This site is currently experiencing a problem with the database server.</h2>  Press your browser Reload button to try again!';
?>

Modifying

Can I change the Smilies?

See:

• Using Smilies

How do I edit files?

See:

• Editing Files

What is The Loop?

See:

• The Loop and The Loop in Action

How can I change the URL-structure for my posts?

See:

• Using Permalinks

How can I change URL-structure for my posts on a Windows server?

See:

• Using Permalinks Without mod rewrite

How do I use WordPress Template Tags to change what is displayed on the blog?

See:

• Template Tags

How do I get All links to open in a new window?

Put this inside the section of your Theme’s template header.php file:

<base target="_blank" />

See:

• Using Themes
• W3 Schools base tag explanation

How can I add an image to my RSS feed?

See:

• Add an image to your RSS 2.0 feed at wordlog.com

If I turn off comments, it says “Comments Off” on the weblog. so how do I remove that?

Depending on your theme, some other message of similar intent may be displayed. The specifics of how to remove this message is theme dependent. You should be able to find the offending text in your theme’s comments.php file. If it’s displayed by a PHP function, comment out the function with slash-asterisks ‘/*‘ and ‘*/‘ (without quotes) on either end of the function:

<?php /* _e( 'Comments are closed.' , 'twentytwelve' ); */ ?>

If it’s simply HTML, comment out the enclosing HTML tags by adding ‘<!-- ‘ and ‘ -->‘ (not including the quotes, note the space after the first and before the last comment symbols):

<!-- <p class="nocomments">Comments are closed.</p> -->

If you decide later to restore the message, you can simply remove the comment symbols.

How do I change what is shown when I password protect a post?

Hook the filters ‘the_title‘ and ‘the_password_form‘. Your filter function is passed exactly what the filter names imply. Use the str_replace() function to search out the offending text and replace it with your preference (or nothing).
Note the ‘the_title‘ filter fires for every single title, not just password protected posts, so you need to use the existence of the post_password property to know whether to apply the string replace function or not.
Some themes may also have additional locations where content needs to be canged. Next example works with Twenty Fifteen Theme.

add_filter('the_title', 'replace_protected', 10, 2);
function replace_protected( $title, $id ) {
    $post = get_post( $id );
    if ( ! empty( $post->post_password ) ) {
        $title = str_replace('Protected:', 'Hidden:', $title);
    }
    return $title;
}
add_filter('the_password_form', 'replace_message');
function replace_message( $form ) {
    return str_replace('This post is password protected. To view it please enter your password below:',
        'Enter you password below to see the surprise:', $form);
}

How can I allow certain HTML tags in my comments?

Use a custom filter in your themes functions.php or plugin:

add_filter('preprocess_comment','fa_allow_tags_in_comments');

function fa_allow_tags_in_comments($data) {
    global $allowedtags;
    $allowedtags['span'] = array('style'=>array());
    $allowedtags['p'] = array();
    return $data;
}

How can I add advanced search ability to WordPress?

See:

• Advanced Contextual Search for WordPress at Weblog Tools Collection

Posts

How do I upload an image and display it in a post?

See:

• Inserting Media into Posts and Pages

What is pingback?

See:

• Introduction to Blogging, Pingbacks

What is trackback?

See:

• Introduction to Blogging, Trackbacks

Where is the permalink to my post?

See:

• Linking Posts, Pages, and Categories

Can I use desktop blogging software?

See:

• Weblog Client

Can I blog by email?

See:

• Post to your blog using email

Spam, Spammers, Comments

What can I do to stop comment spam?

See:

• Combating Comment Spam

More Information on Comment Spam

See:

• Comment Spam

Importing and Exporting

How do I Import a WordPress WXR file when it says it is too large to import?

If a WordPress WXR file, an XML file exported from WordPress, is too large to import, there are several things you might try to overcome that limit.

• Edit php.ini‘. Some hosts may not allow this settings.

memory_limit = 300M
post_max_size = 200M
upload_max_filesize = 100M
max_execution_time = 600

• memory_limit: Maximum amount of memory in bytes that a PHP script is allowed to allocate.

Note: memory_limit should be larger than post_max_size, and post_max_size must be larger than upload_max_filesize.

• Edit .htaccess. Some hosts may not allow this settings.

php_value memory_limit 300M
php_value post_max_size 200M
php_value upload_max_filesize 100M

• Edit wp-config.php

define('WP_MEMORY_LIMIT', '64MB');

See also Increasing memory allocated to PHP.

• In multisite environment, configure following settings
  1. From Network Admin dashboard, select Settings > Network Settings and increase the values of ‘Site upload space’ and ‘Max upload file size’.
  2. From Network Admin dashboard, select Sites > All Sites and click Edit menu under your site. Click Settings tab and incease the value of ‘Site Upload Space Quota’ or leave it blank for network default
• GZip the file. On some hosting services, a gzipped file can be automatically expanded in the background, without WordPress ever knowing the difference. This can allow you to make the file small enough to be fit into the maximum upload size constraints.
  1. On Windows, use 7Zip to create a gz archive out of the WXR file.
  2. On Linux, use the gzip command line.
  3. Make sure that the resulting file has the file extension of “.gz” before uploading it, as this is often necessary.
  4. This is not guaranteed to work, as it highly depends on the hosting configuration. If this fails, then try another method instead.
• Break the WordPress WXR file into smaller pieces by separating the data between posts and pasting the header/footer into each file.

1. Always have the header

<rss version="2.0"
    xmlns:excerpt="https://wordpress.org/export/1.2/excerpt/"
    xmlns:content="http://purl.org/rss/1.0/modules/content/"
    xmlns:wfw="http://wellformedweb.org/CommentAPI/"
    xmlns:dc="http://purl.org/dc/elements/1.1/"
    xmlns:wp="https://wordpress.org/export/1.2/"
>
<channel>
including all info like category, tags, etc to just before the first

2. Always have the footer

</channel>
</rss>

3. In between, add the posts start with end with and check to see whether the XML file you’re creating is less than or equal to 2MB. You’ll get the hang of it.

4. As always, before importing the new XML’s, backup the database of the blog you are importing the XML files to and might as well export XML file of that blog as well for good measure.

See:

• Importing Content
  • Editing wp-config.php
  • Forum discussion on program that helps with splitting the file into pieces

WXR Splitter Utilities:

• WordPress WXR File Splitter utility for Windows
• WordPress WXR File Splitter utility for Mac OS X

How do I import links (blogroll) from another WordPress blog?

See:

Importing Content

Codex FAQ