Haluk Karamete | 13 Jun 04:06 2015


I installed 2 WordPress sites but pointed the 2nd WordPress install to the
1st one's database. Since I used a different table prefix for the 2nd one,
everything works.

This results that  I got 2 set of WordPress tables in the same database
while the 2nd one uses just a different wpdb prefix.

The question is...

How can I use the get_posts() ( or WP_Query for that matter) to query to
1st WordPress's posts from the 2nd one?

Is there an argument that I can pass to the get_posts or to WP_query to
tell the WP to use a different prefix than the current installs
wpdb->prefix default?

Ideally, this ios what I'm looking for;

$args = array(
'db_prefix' => 'xyz',
'posts_per_page' => -1,

Is there something like the 'db_prefix' above ?
Luke Bryan | 13 Jun 00:37 2015


Greetings all,

I had noticed something odd in the documentation for wp_get_image_editor -
while it says "This function is the main function that you use when you
want to edit an image by url", the example doesn't give a url as the
parameter. Why is a url expected instead of a local file path?

It seems odd that it expects url and fetches them, as local file is more
efficient and less likely to be blocked. Any specific reason it is built
this way?

Best regards,
Stephen Rider | 5 Jun 00:37 2015

Customize Uploads directory?

Hi —

There used to be a simple setting within the Admin to change the uploads directory, but it’s gone in
current versions of WP.  So how are we supposed to do this, officially?

I see that there’s a constant that can be set, but that method appears to be frowned upon by TPtB.


Stephen Rider

wp-hackers <at> striderweb.com

wp-hackers mailing list
wp-hackers <at> lists.automattic.com
Chris Rudzki | 4 Jun 21:49 2015

Re: wp-hackers Digest, Vol 125, Issue 1

You can also whitelist, or increase the threshold, on Automattic ranges 
if you like:


> wp-hackers-request <at> lists.automattic.com 
> <mailto:wp-hackers-request <at> lists.automattic.com>
> June 2, 2015 at 8:00 AM
> Send wp-hackers mailing list submissions to
> wp-hackers <at> lists.automattic.com
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.automattic.com/mailman/listinfo/wp-hackers
> or, via email, send a message with subject or body 'help' to
> wp-hackers-request <at> lists.automattic.com
> You can reach the person managing the list at
> wp-hackers-owner <at> lists.automattic.com
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of wp-hackers digest..."
> Today's Topics:
> 1. XML-RPC POST attack (Pavel Hejn)
> 2. Re: XML-RPC POST attack (Or Wilder)
> 3. Re: XML-RPC POST attack (Michael Van Winkle)
(Continue reading)

Pavel Hejn | 1 Jun 19:20 2015



I found many ideas how to protect website from XML-RPC attacks (POST hits).
They suggest .htaccess protection, using filter, delete file, use special security plugin, ban IP 
address, etc.
But I want to use this protocol on my website and wanted to ask if there is any way to protect 
XML-RPC from Ddos attacks directly on server side (Apache)?
I am searching for something which can be usable for many different websites on one server.
I do not want to allow only specific IP address, etc.
Do you have any working solution?

Thank you very much for ideas!

Frank Bueltge | 20 May 17:08 2015

Customizer Return URL

Hello at all.

I work on examples to use the customizer as standard control for different
customization topics on front end. But I can't find a solution to change
the return url, the close icon/button on the customizer.

In the source was asked for a var $return. But how is it possible to change
this? Maybe a reader can help me.

From the Core, wp-admin/customize.php:

wp_reset_vars( array( 'url', 'return' ) );
$url = wp_unslash( $url );
$url = wp_validate_redirect( $url, home_url( '/' ) );
if ( $return ) {
    $return = wp_unslash( $return );
    $return = wp_validate_redirect( $return );
if ( ! $return ) {

I init the customizer via a menu item below Appearance menu item. I set the
url on add the menu with the hook 'admin_menu' and filter the link to set a
new url, my custom url. The url was set via the code below.

// Create specific url for login view
$login_url = wp_login_url();
$url = add_query_arg(
   urlencode( $login_url ),
   admin_url( 'customize.php' )
(Continue reading)

MikeD | 20 May 16:55 2015

Re: wp-hackers Digest, Vol 124, Issue 4

Sorry for the list reply, forgot to disable digest before posting.

> There isn't really a "history" to this, and there certainly wasn't a
> design decision. It's just how it is. Shortcodes weren't introduced
> until version 2.5, four years after version 1.0.
> Along with root-relative URLs, this gets brought up from time to time,
> for example https://core.trac.wordpress.org/ticket/11394. There's not
> much benefit to an img shortcode over an img tag, and there are
> downsides such as (as you pointed out) additional database queries.
> John

Thanks for the track link.

I disagree about the potential benefits. First, if a theme change is done and the sizes for medium or large
change, all images in past posts would be automatically updated after regeneration, all else being
equal. Huge timesaver when required.

Second, when the responsive img stuff like srcset becomes a thing, it would be very easy to apply it
retroactively, assuming the shortcode also has a hook.

Thanks for the clarification though!
MikeD | 19 May 22:25 2015

Why are <img> tags inserted into posts?

I'm wondering why an actual HTML <img> link is embedded into a post when inserting an image, as opposed to a
shortcode such as

[img id=123 size='medium' alt='alt']

or something similar that would make site-wide changes to image sizes etc easier. Is it just the DB hit or was
there some other reason? I'd love to read the history of this if it exists somewhere.
Haluk Karamete | 11 May 19:48 2015

sharing the same `terms` and `term_taxonomy` tables across multiple WordPress sites


I do know that 2 WordPress sites could share the same user base. Constants
such as `CUSTOM_USER_TABLE` and  `CUSTOM_USER_META_TABLE` pave the way
towards that goal.

What I'm wondering if a similar concept could be extended so that those
sites can also share the same terms and term_taxonomy table?
Luke Bryan | 8 May 03:39 2015

Archive versions

Greetings all,

I noticed something odd when checking the archive page
"None of these are safe to use, except the *latest* in the 4.2 series,
which is actively maintained."

However, you'll notice that there's 4.1.5, 4.0.5, etc. It looks like the
security update the other day is applied to all the major Wordpress
versions that support auto-update?

Why does it say "None of these are safe"? Has this statement just not been
updated since auto-updates for most major versions was implemented?

Best regards,
J.D. Grimes | 5 May 16:45 2015

Plugin DB tables on multisite

Hi hackers,

I'm building a feature for a plugin where some items are going to be stored in a database table. These items
have metadata, but I haven't decided whether that will be stored in a separate table or just serialized in a
column. The main point is that we'll have a table of items, and it will be supporting multisite.

There are two ways (maybe more?) that I could create the database schema:

I could have one global table for the entire network, with a site_id column which would be used to associate
each item with a particular site (kind of like the user or usermeta tables). Or, 
I could create a separate table for each site (like the posts tables).

I'm wondering if anyone has any advice to offer as to which of these options I should choose.

Other things to keep in mind:
There might be as many as 100 items per-site, maybe more rarely, but usually less.
The items are strictly associated with a specific site, and don't presently need to be read by other sites
(though perhaps there is a small chance that could change in the future). However, when the plugin is
network-active, there is support for network-wide items, too.
Though the plugin supports network-activation, I suppose if I use separate tables for each site I could
create them lazily on-the-fly, instead of all at once when the plugin is network activated.
The tables that the plugin currently uses are already designed like #1 above, though some of them actually
do need to be queryable across sites, so it is a slightly different case.
I've briefly considered making these items a post type, and so they'd just be stored in the post tables.
However, I'm not sure how well that will work. The main problem I see is that there would be no support for
network-wide items.

Any thoughts?

(Continue reading)