When developing new WordPress websites we often host the site on a temporary domain. When we are ready to go live we then switch to the live domain. However, a problem occurs with this approach as WordPress remembers the domain it was installed on, and is very reluctant to move.

All of the site links, img src tags, stylesheets and essentially every other object used in the site build, will be directly pathed to (will still point at) the old domain.

The simple answer is to either manually change these settings within the interface and reupload the images. This is very inefficient and not necesary, these URLs can be amended directly within the WordPress database. Correcting these errors manually, however, can be time consuming.

This is the bit where we tell you that we have a faster solution. You simply need to run these four queries against your WordPress database. Remember to replace “olddomain.com” and “newdomain.com” with your existing and new domains.

UPDATE wp_posts SET post_content =
REPLACE(post_content,'www.olddomain.com','www.newdomain.com');

UPDATE wp_posts SET guid =
REPLACE(guid,'www.olddomain.com','www.newdomain.com');

UPDATE wp_postmeta SET meta_value =
REPLACE(meta_value,'www.olddomain.com','www.newdomain.com');

UPDATE wp_options SET option_value =
REPLACE(option_value,'www.olddomain.com','www.newdomain.com');

WordPress is a great product and very secure out of the box, assuming you follow some basic rules and procedures. We will attempt to describe these below.

There are many things that can affect the security of WordPress sites, we have recently experienced a hack attempt at one of our .gov.uk domains. The hack was simply to write a file to the /wp-config/ folder, which happened to be file mode 777 (public writable). In the newest version of WordPress, only one folder needs global write permissions - /wp-content/uploads/.

Fixing this vulnerability is a simple matter of changing the folder permissions of all folders in your WordPress install to mode 755.

find [your path here] -type d -exec chmod 755 {} \;

As for the /wp-content/uploads/ folder – you simply need to set the permissions back to 777 and create an .htaccess file with the following content:

<FilesMatch "\.(php|html|htm|js)">
  Order allow,deny
</FilesMatch>

This will deny access to any uploaded scripts or pages (.php/.html/.htm/.js) minimising the risk of a successful hack.

Other important factors to keep your site safe and sound:

• Keep your password secure
  WordPress can tell you if your password is a strong one, but cannot tell you if it contains dictionary words. Try to make this a mix of numbers and letters.
• Keep WordPress and its plug-ins up to date
  This may sound obvious, but as soon as a vulnerability is found in one plug-in, news spreads fast and your site is at risk. Most plug-in developers will release new versions of their plug-ins once the security hole is found. Keep them updated!
• Make sure you are hosting on a secure server
  You may have a friend down the pub who has a web server, but does he really know how to keep this secure? Find a reputable hosting company to house your website.
• Lastly – KEEP REGULAR BACKUPS!
  It may sound obvious, but having a rollback point of your site files and database is the best way to recover from a hack.

More information and further tips can be found here on the WordPress website:
http://codex.wordpress.org/Hardening_WordPress