Getting Back Missing Images on My Websites After Enabling htaccess Hotlink Protection

Enabling hotlinking protection via cpanel or htaccess may not only protect your images from external sites but also from your other sites which you shared on the same host as well. This means you may find images which you yourself uploaded to your other sites missing.

This post was first & originally published at

I discovered this firsthand when I experimented with hotlinking protection a few weeks ago. All of my sites except this (my primary site) lost all their images.

I, at first, did not know it was due to the hotlinking protection but when I found out that all the sites’ htaccess files got modified at the same time that I enabled hotlinking protection, there’s no doubt about its cause. Each site sharing my hosting got their htaccess modified, except for the primary site’s.

How the Images Got Missing

Turns out the cPanel automatically created or modified the htaccess file in all sites sharing my hosting account. If you have your primary site called, say,, and you have other domain names sharing the same host, say –


– lunarpages, or your webhost actually sees all these as follows:

  • (your primary domain)

[note]That is, whether it’s actually a subdomain or an independent domain name, they’re all seen as subdomains to your primary site as far as lunarpages (or your hosting provider) is concerned.[/note]

Part of the htaccess entries generated, thus, would look like so:

htaccess hotlink missing images

Thus, all the above sites except for and the legitimate subdomain,, will experience missing images.

The actual URL which the browsers recognize as, for instance, is not included in the list; so, it is seen as an external site and is denied hotlinking rights.

How to Bring the Images Back

There are 2 obvious ways to remedy this glitch.

  • Deactivate hotlinking protection

If you’re the kind who gives up immediately and think that hotlinking protection is more of a headache than a benefit, then just dramatically and with flourish say “To hell with hotlinking protection!”, and then disable it from your cpanel.

  • Edit the htaccess files

Obviously, all you need to do is change the lines like

change htaccess hotlink from


change htaccess hotlink to

Sure enough, after I edited each site’s htaccess files right on the cpanel’s file manager, the sites images came back like nothing unusual happened to them.

One thing I noted when I checked the htaccess for each site is that they all have the same htaccess file content except that all wordpress sites has this at the beginning

wordpress htaccess

while non wp sites just have

non-wordpress htaccess

So, you shouldn’t panic the next time you find your images vanishing from your sites after you enabled hotlink protection in your sites now that you know how to bring the images back with a few tweaks in the htaccess file.

Securing WordPress Against Botnets Hacking Attempts Worldwide On WordPress Sites

I too received a couple of emails from 2 different hosting providers I use, one of which is lunarpages, informing me of a recent onslaught of hacking attempts focused on wordpress websites all over the world now, and how to secure wordpress better. Although this is no new thing as these hacking attempts happen year round, there just seemed to be a surge these days and they’re centered on wp sites.

securing wordpress

If you used wordpress, chances are, you have email in your inbox telling you of this ongoing attack.

Anyway, they all advised everyone to be vigilant and not to take security for granted. If you’ve been hacked before, you’ll know what I mean.

Yes, I once ignored this kind of advise before, resting on an innocent thought that no one would have any reason to hack my site. That only the big sites are being actively attacked. No way Jose. We aren’t dealing with little insecure would be hackers here. What’s making all these attacks are bots… software that automates all hacking actions and attempts. Thus they can work 24/7, no rest at all. And more importantly, they don’t differentiate between big wbsites or small insignificant one-page sites. They devour everything in their path like a hungry lion that’s been genetically engineered to behave both like a lion and a hyena.

Lunarpages did notspecify how they handled the attacks but Fatcow revealed that they choked traffic to the login pages. The attack was temporarily stumped. The downside to this however is that legitimate wordpress owners’ IP may have been blocked as well from accessing their dashboards at least during the first 3 days starting Thursday.

What we can do

While hosting providers levelled up their security fences, we as webmasters are left with the responsibility of setting up the first line of defense.

  • We are advised to change our passwords every 90 days. And not just any password. We should employ strong passwords that are not listed among the passwords being feed to hacking bots in their nefarious attempts.
  • password protect your login page. This effectively adds an extra layer of protection for your websites agains these hacking bots.

    This methods can be done manually or through a wizard (if its available in your cPanel).

    Manually, you can follow the steps outlined on this page.

  • Install wordpress security plugins.

Additionally, if you haven’t installed them yet, then install two very essesntially security plugins for your wordpress site as discussed in this post.

Scarcity Samurai WordPress Plugin 50% Discount Launch

I had the opportunity to test this brand-new Scarcity Samurai wordpress plugin last week in my blog and found that it works exactly just as its authors claimed. I suppose there’s little room for doubt when it comes to products created by the maker of the successful Market Samurai software.

Firstly, the visible feature of the plugin is the countdown counter that you can fix either at the bottom or top of the visible page.

This counter, even when you don’t elaborate about it on the page you put it on, without doubt creates a feeling of urgency in the reader. It is a perfect complement to the scarcity principle which has been effectively used for years by businessmen who understand human psychology. Thus when you imply in your copy to the readers that the price of your product will stay at this low price for, say, only 24 hours, the Scarcity Samurai (SS) countdown counter will reinforce this reminder and invoke the innate ‘fear of being left out’ in the reader. And you can bet he’ll take action quickly, often favorably.

scarcity samurai screenshot

The plugin also gives you the option to redirect to another page once the countdown is over. You can check out a test page I quickly drafted up when I tested this plugin. This test page utilizes the ‘evergreen scarcity‘* type of counter as opposed to the really one-time counter. And be sure to wait until the counter runs out so you can see its redirect action. Click here to check it out.

Scarcity Samurai is Not Just a Counter

Here’s where most, if not all other counter plugins are left in the dust by Scarcity Samurai.

SS can be configured to synched with your autoresponder so that as it counts down to a specific day, it can fire up a series of mails to be sent to your subscribers at specific intervals up to the end of the countdown.

At the moment, the Samurai team says it works with Aweber. The next update would probably make it work with the other autoresponders soon. Speaking of updates, I hope they ‘ll also give users the option to choose the size of the counter bar.

So, check it out now. I hear they’ll be offering huge discounts for a limited time. The video on this page will tell you more about this awesome Scarcity Samurai wordpress plugin.

*Evergreen Scarcity – is a counter that triggers everytime a user visits a page.
Fixed Date – a counter that has a specific lifespan.
And both these have either multi-page or single page campaign types.

Learning jQuery Free Online

I loved HTML at first sight. Then I realized its limitations and started learning PHP. And then, just recently I fancied learning jQuery and found some free resources online.

how to learn jquery free onlineWhen I say I learned PHP, I do not necessarily mean I mastered it. I learned just enough to be able to amuse myself as I tweaked my themes and played around with the innards of some plugins in my blog.

Now that I am embarking on learning jQuery, it goes without saying that I may not necessarily be aiming for mastery. Maybe, just enough to be dangerous when I find myself in the midst of jQuery code.

Some folks say that I must learn javascript before starting on jQuery. But leave it to my non-conformist nature to just go ahead anyway and dive into jQuery without benefit of a javascript background. Maybe I’m wrong but I have this understanding that jQuery is supposed to help make me jump ahead with javascript coding without starting from ground zero.

learning jquery online for free

I landed on a resource website called which offers free online courses like Web Fundamentals, jQuery, Javascript, Python, Ruby, APIs, etc.

I’m now almost done with part 2 of the jQuery Course. That means Parts 3 to 6 are still waiting for me to be devoured soon (if the motivation holds up). In part 2, I’ve learned about functions, selectors and some functional jQuery coding.

If you’re expecting passive learning here, you’d be surprised. You can’t effectively go ahead with the next chapters without typing in the proper codes in the jQuery code box. Kind of reminds me of my Trigonometry class instructor back in high school who has this nasty habit of giving us a short quiz after every lecture session. And here at codecademy, if you make erroneous codes, you’ll be reprimanded with an ‘Oops, you need to insert…’ remark. Well, they were not joking when they said ‘Interactive’!

Though, I’m yet at the early stages of the online course, I know that the entire online course wouldn’t make me a jQuery wizard afterwards as it doesn’t really cover everything. That’s why, this early I have started gathering other resources to complement my learning.

I have, for instance, the following digital info files in my jQuery folder:

  • Head First jQuery
  • jQuery Cookbook
  • jQuery Succinctly
  • jQuery Documentation PDF
  • jQuery & jQuery UI Documentation

Youtube is in no shortage of jQuery tutorials too. There’s this channel called LittleWebHut which also offers lots of video tutorials, e.g. HTML, Inkscape, etc.

Why Learn jQuery?

Take a look at this site. Click on ‘News/Events’, and then click on the links at the left side of the page. I just love Ajax!

Or, take a peek at Click on one of the direction arrows on the picture frame on the upper right of the page. If you like the effect, click it again and again until your forefingers get sore.

But then again, those are just some effects that can be seen immediately on the surface. JQuery can do lots more and takes off where HTML (or PHP) stops.

HTML and PHP just aren’t enough especially when you want to keep up with the Joneses in the webworld. Interactivity is the in thing now and, I supppose, will remain that way forever.

Some guy in a forum said that he traipsed away from javascript when he found out that some users intentionally disable javascript in their browsers. On closer inspection, I learned that those paranoid users actually constitute only around 2% of all users in the US. Other countries have even lower statistics than that. What’s up with these guys? Do they prefer page load waiting time over ajax?

And why the heck would I worry about the preferences of 2% of US readers? Wait, a yahoo page says that 6,000,000 readers compose the 2% of users among 300,000,000 readers who visit their site each month. Ok, that’s one humongous lot of readers.

Well then, when I become the greatest jQuery programmer in the world soon, maybe I’ll just have to design my websites so that javascript-phobic users can still get satisfaction from my sites. But surely, the rest will get the best experience in their browsing when javascript is enabled, like the way I am awed at masterfully designed sites with expert use of proper javascript.

jQuery Badges
Here are the badges I’ve earned so far @ codecademy

VIDEO: JavaScript & jQuery Tutorial for Beginners

Internal Server Error Hits My Blog

I thought my troubles were over but a few hours after I completed my blog troubleshooting for its crawling dashboard, an even worse headache came up. It must have happened around January 27, 2013. On opening, this is what appeared on the page.

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.

Apache/2.2.22 (Unix) mod_ssl/2… Server at Port 80

I’ve once seen this notice before on my blog a long time ago, but I remembered it went away and the blog returned to normal after I refreshed it a few minutes after.

So, after seeing that’s it’s not planning on fading away, I accessed my cPanel to do some snooping around.

Cannot Allocate Memory

I found something like these in the ‘Last 300 Error Log Messages’:

[Sun Jan 27 04:17:41 2013] [error] [client ###.###.##.###] (12)Cannot allocate memory: couldn’t create child process: /opt/suphp/sbin/suphp for /home/moraldecom/public_html/index.php, referer:

[Sun Jan 27 04:16:47 2013] [error] [client ###.###.###.##] (12)Cannot allocate memory: couldn’t create child process: /opt/suphp/sbin/suphp for /home/moraldecom/public_html/index.php

…and so on…

As I still could not make heads or tails of such information, I decided to contact Lunarpages Support. This was my second time to call support. The first time was when my blog got hacked sometime in January 2010 (See What I Did After My Blog Got Hacked). Support was promtly able to help me retrieve my blog back from the hacker’s clutches.

Support replied back saying:

During our routine monitoring of the server where your account is located on, we have found one of your WordPress installations causing severe issues in regards to load on the server, which is also preventing backups from taking place as expected on your entire server. As a result, we were forced to disable your main index.php file, while you can address this issue and resolve it.

running aground during internal server error

And they showed me some SQL query strings which, although I’ve a background in this subject, failed to register in my brain. Support explained that those are queries that are in a locked state and that these are waiting for the first query to finish (which was ‘copying to a temp table’). Because of this the size of the database has ballooned into something really heavy such that all processes are just about to ground to a halt. Well, it finally got grounded the way the cutting-edge tech monstrous minesweeper USS Guardian got grounded somewhere in the reefs in the Philippines. Now, I guess these locked state queries were actually what was causing my WP dashboard to crawl ever so slowly which I blogged about very recently. Lunarpages suggested that the culprit is a specific plugin which I will have to find out and disable immediately. But which plugin?

Which Plugin is the Culprit?

After poring back over the SQL gibberish in the log, I found the table name in the string that goes like “INSERT INTO wp_blc_synch(container_id, container_type, synched)”.

The ‘blc’ part stood out to me and I only knew of one plugin that has such initials in my arsenal: Broken Link Checker!

So, without wasting another breathe I crept inside my dashboard and disabled it without second thought. And for good measure, I also disabled all plugins related to comments inasmuch as the SQL queries also reflected the term ‘comment’ specifically “comment_approved = ‘1’”.

Hereunder thus are the list of plugins I had to disable:

  • Broken Link Checker
  • CommentLuv
  • WP Captcha Free
  • LuciasLinkLove
  • WordPress Thread Comment
  • Akismet

Which Plugin Uses the wp_blc_sync Table?

Later, after a little digging into the innards of the Broken Link Checker plugin, I found that indeed it owns the wp_blc_synch table. What I couldn’t understand is how it got to mess up my database when it had been working silently and flawlessly for more than 2 years under the hood of my blog.

[ Update: I found from this webpage that that the broken link checker plugin is one of the plugins among several that they disallow because it overwhelms the server with HTTP requests. ]

Thus, having acquired a certain degree of certainty with regard to the culprit plugin, I re-activated Akismet, CommentLuv, and WP Captcha Free. I didn’t think I need to re-activate WordPress Thread Comment inasmuch as wordpress has this feature natively anyway.

Then, I went back to the cPanel and accessed phpMyAdmin where I deleted the offending bloated table.

With this back-wrenching job done, I reported back to Support about my good deeds and asked them to enable back my main index file. This time however, after not getting a reply after 12 hours, I took the liberty of re-enabling my main index file myself. I just can’t wait to re-activate my blog especially after I received Google’s message about their bot not being able to access my site. You don’t want to keep the big G waiting, do you?


Have you had this harrowing experience before? Getting an ‘Internal Server Error’ glaring back at you is not a funny experience. I’m sure the cause would not always be some wayward plugin. What caused yours?


Warning: Cannot modify header information – headers already sent SOLVED!

I realized just recently that I no longer get that error that has plagued me for a long long time:

Warning: Cannot modify header information – headers already sent by (output started at /home/moraldecom/public_html/wp-includes/post-template.php:##) in /home/moraldecom/public_html/wp-includes/pluggable.php on line ###

Everytime I hit the ‘publish’ button upon completing a new post, or I hit the ‘update’ button after finishing an edit job on a published post, the dashboard page goes blank and just reflect the title of the post and the warning above. Inspite of that, the post gets published anyway. And repeated checks on the post-template.php and pluggable.php files don’t seem to reveal any problem.

Several wordpress updates later, the problem still persisted. The disabling of the broken link checker and the deletion of the database table I mentioned above in this post seemed to have solved the problem.

WP Dashboard Crawling So Slow – Solved

This week, my wordpress dashboard for this blog was really slow that I wasn’t able to upload even a single post. My patience is already short as it is but this really put it to the test. And I failed miserably.

The first time it happened, I was lucky to be able to get into the ‘New Post’ window and type in my content. But when it came time to insert an image into the post, it took forever until I finally just closed it, blaming my internet connection for the snail pace. I thought the weather, which was rather glum at the time, must have an effect on our internet speed.

After a couple of days, I tried it again and got the same stubborn response. Besides firing up to check on my internet speed, watching a youtube video is usually my quick and sure method to see if my internet speed is crawling or not. I tried that and noticed that the speed was cool enough. There was no buffering necessary while I re-watched Rhod Gilbert’s rant about his luggage experience in an Australian airport.

So, I went back to the dashboard and clicked on ‘Posts > All Posts’. Leaving it at its pleasure, it bidded its time until it finally opened up the page. But it displayed not a single post. It said there were no posts. Must have timed out.

very slow wordpress dashboard

I played around with the other dashboard features. I tried updating a plugin. It crawled again in its effort to process the command, finally displaying the notice “Briefly unavailable for scheduled maintenance. Check back in a minute”. But I remembered having encountered this same notice a couple of days back too. Is it possible for Lunarpages to do maintenance work again in a span of 2 days? Not likely.

briefly unavailable image

Some forum poster suggested that usually its a case of a problematic plugin that causes this sluggishness. I recall that in the past couple of weeks I have updated a few plugins. Perhaps it’s one of those updates that’s causing this trouble.

This means deactivating each plugin and checking if the dashboard now works fine. The thing is I have quite a few plugins installed and if deactivating one plugin requires me to wait 5 minutes while it leisurely bide its time deactivating, it would take forever to do them all.

I tried checking them all and hitting ‘deactivate’. Didn’t work. After crawling like a snail, it just displayed the blog’s home page, instead of the wp dashboard. Going back to the dashboard, it now displayed 0 posts, 0 pages, etc. It just got crazier.

So, that left me with one last option.

Slow Dashboard Caused by Plugin conflict

There’s only one way to disable the plugins without straining my patience too much. And that’s through the cPanel.

Quickest Way to Deactivate All WordPress Plugins

In the cPanel, I accessed the phpMyAdmin, and picked the name of the database for I clicked on the ‘wp_options’ table and searched for the ‘active_plugins’ entry under the ‘option_name’ column. To easily find the ‘active_plugins’ entry, click on the ‘option_name’ column header to re-order the entries under it alphabetically if it’s not yet ordered that way. In my case, the ‘active_plugins’ entry is the first entry.

Then I clicked on the ‘Edit’ (with the pencil icon) link to edit the entry. Then I deleted the data in that entry which looked like so:

a:2:{i:0;s:15:”add-meta-tags/add-meta-tags.php”;i:2;s:17:”broken-link-checker/broken-link-checker.php”;and so on…;}[/note]

From what I’ve learned in the research, deleting this entry from the database is the quickest way to deactivate all plugins in your wordpress blog without going through the wp dashboard. Just to be safe, I cut and pasted the data into a notepad and saved it, as suggested.

Then I clicked ‘Go’ to save the changes I made.

Back at the dashboard, I noticed that things worked much much quicker now. I definitely like this better. But, of course, my blog wouldn’t look and work at its best without the plugins. I shudder at the thought of what those relentless hackers’robots must be doing now that my WP Firewall and Limit Login plugins are not active.

Thus, one by one I reactivated each plugin, testing the dashboard’s health after each reactivation. It was arduous but not as patience draining now that the dashboard is running normally.

In the process of reactivating the plugins, I decided to not reactivate a few plugins as I don’t really need them that much.

And because of that I never got to find out which of the remaining plugins is the culprit. Well, if I got time and feels like going on an adventure some time in the future, I just might do it.

And that’s how I solved the very slow affliction of my wordpress dashboard.

Update: Looks like the Broken Link Checker is one candidate for culprit of the week. I tried activating it and the dashboard did the sleepy walk again. I interrupted it by closing the browser. Maybe it’s the culprit, or it’s just a browser glitch. I’ve had enough stress for today, maybe I’ll give it a try another time.

Does Browser Steal a Page’s Google Rank and Position? logoJust very recently, I stumbled on this site called by way of a Google serp where it ranked for content that was mine.

Around the first week of January this year, I posted an article containing the lyrics and chords of my daughter’s recent favorite song on I, of course, googled beforehand to see if there had been any pages already published containing the chords and found none. That precisely was what prompted me to find the chords myself on my guitar and then post it on my blogs with the intent of helping those poor dads out there whose princesses might have tasked them to get the chords of the song.

After the first week, Google’s serp for this phrase remained the same. That is, it still presented sites that don’t have any guitar chords or even at least music notes about the song. In other words, if you’re really looking for the chords of the song, the results that Google was returning were all useless.

In contrast, both and put my content in number 1 at the first page. And if you check all the entries on first page, it is only right that my page gets the top post because it’s the only one that really contains the chords to the song ‘look how high we can fly’. Gets SERP for My Content

Second week was a surprise because google finally returned my content at number 7. But the surprise is that is was not my link. Instead it was that of

image for look how high we can fly serp

Clicking on it brought me to their site where my page is indeed reflected but its top part contains a thick bar that says ‘Feedreader Browser’ and partly hid my header image.

framed version of look how high  we can fly moralde

Here’s more. When I click on some internal links within my blog, e.g. a link to another article, it does bring me to that article but is still framed within It even has a bar at the foot of the browser that points you to related links, their related links.

I found however that if I right-click on a link and choose to open the link on a new window, or new tab, it breaks free of the frame trap. (This gave me the idea to insert a link on my hijacked content pointing to itself but opening on a new window.)

Google Glitch?

So, what is this, Google? Does this mean you’re finding my content as the duplicate content and feedreader’s the original? If this is the case, then it’s safe to conclude that Google’s robots are still stupid inspite of the ‘intelligent’ tweaks Google has made on their algorithms. The Penguin and the Panda are not after all really above board.

Or, knowing that is PR 9, with an Alexa ranking of 10551, Google is probably willing to turn a blind eye on scraped duplicate content over such respectable PR ranks.

Other folks online claim that has stolen even their pages’ ranks. Is that possible?

On the bright side, someone chirped that finding your pages which contain internal links within which is PR9┬áis not that bad considering the backlinks you get from such a high PR site. Make sure though to have your links open in a new window e.g. target=”_blank”.

With that, and at this stage in the life of my blog, I think I’m cool with the status of my blog post within

How about you? If your content ranks in Google but within the frame of, what would you do?

NOTE: This is in no way a competitive keyword. This just happened to be the keyword for the content from my blog that’s now ranking for


Short un-related video

Complete Solution for Undefined Function curl_init Error

I tried activating a script on a test wordpress blog hosted on localhost to see how the script works and I was met with this error:

Call to undefined function curl_init()

Naturally, I fired up Google and searched for solutions. If you try searching Google using the phrase “call to undefined function curl_init()“, you’ll notice the first page filled with pages containing the exact phrase. You’ll also notice that not a single one of these pages gave a complete solution to your problem.

The most helpful suggestion you’ll get is about uncommenting from your php.ini the line that contains this: “extension=php_curl.dll“. But this alone won’t necessarily solve your problem.

I realized that I had to use another search phrase if I ever expect to find the answer that would work. I finally tried “mowes portable curl”. I use MoWeS Portable in my localhost server. Had I used Wamp, I’d have phrased it thus: “Wamp curl”. I finally got lucky with this phrase as I got myself into a page* that provided the following solution which, as far as I’m concerned, is complete. It straightened things out, got rid of the errors, and got the script working.

The Complete Solution

Requirement: Full PHP package. (SE versions do not work!)

  1. Stop your Apache server.
  2. Open your php.ini file. Uncomment the line “;extension=php_curl.dll” so that it becomes “extension=php_curl.dll” (this means you just remove the semicolon character “;”) and then save the file. My php.ini is located in D:\mowes_portable\php5. If you use XAMP or WAMP, etc., just locate the php.ini somewhere inside these directories. Check this page to see suggestions regarding where php.ini is in your webhost server.
  3. Find the following files from the same php5 directory.
    • ssleay32.dll
    • libeay32.dll
  4. Copy both of these files to the apache2\bin directory.
  5. Start Apache

If you are not just working with your localhost server, meaning you’re using your webhost’s server and you meet the undefined function curl_init() error, and you cringe at making changes to your php files, you may have to contact your webhost’s admin and ask that their curl functionality be enabled.

*You can check out the source of my solution here.

WordPress 3.5 Removes Video Embeds and HTML Tags On Scheduled Posts

em {color: green}

It happened with a couple of posts I published after updating to WordPress 3.5. When posts are scheduled, wordpress strips the Youtube embeds and html tags.

In my “Chords and Lyrics: Look How High We Can Fly” post for instance, the preview worked fine and so I scheduled it for release the next day. Lo, and behold, the youtube video I embedded was not there. And my style tags were gone too, such that the text between those tags were reflected on the blog post itself. I sometimes insert some additional style tags on specific posts because, in this case, I had to make all the guitar chords italic and red.

When this happens, I had to get back and edit the posts. Everything’s fine as long as you publish a post immediately, or you just edit an existing published post.

I did a quick test on my localhost server to make sure and indeed, the videos are gone. Div tags don’t seem to be affected, as well as other basic tags like ‘strong’ and ’em’. Style tags however, as I’ve said earlier, are stripped off leaving the text between them visible, e.g. p {color: red;}.

I’m pretty sure it’s not a theme issue as I’ve also heard a few other webmasters complaining about the same thing.

And one more thing, under the revisions section, there is one in there which does not reflect an author, as in

7 January, 2013 @ 23:30 by admin
6 January, 2013 @ 0:24 by
6 January, 2013 @ 0:08 by admin

What gives?

Have the geniuses at the wordpress camp known about this issue? Will this issue be resolved in the next update? I sure hope so.

Note: If you see this at the start of the post:

em {color: green}

and if you don’t see the video above this note, then, as this post was scheduled, the issue is still unresolved.

Removing Encrypted Footer Links from WP Theme

eval base64 _ decode gzuncompress base64 _ decode

I got interested in a particular wordpress theme that I plan on using for a possible future site I’d be creating. This one’s a free wordress theme and it has encrypted footer links which can not be removed via my superficial PHP knowledge.

I don’t mind footer links that link back to the author’s site which deals with wordpress themes. But I don’t agree with footer links that link back, to, say, sistosomiasis dot com, or to a car spare parts site.

I also know that inasmuch as I’m using a theme that someone else spent time and effort to create and allowed it to be used freely, the author deserves some form of credit and the user should at least leave these footer links unchanged. I’ve done just that to most of my wp sites, it being the least I could do to thank the theme authors.

There are times however where you just don’t want any links in the footer and you want to remove it by deleting that from the footer file. As far as I know, it isn’t illegal or against GPL licensing restrictions. Encrypting these footer codes just makes it difficult to remove, but it can be removed without damage to the theme.

The theme I editted did not put the footer links in the footer.php file. Clever, eh? It instead put it in the functions.php file. Then, the author encrypted the whole functions.php file in some kind of base64 encoding scheme.

Thus, the functions file looked like so…

< ? php $TEQR51RDA5BVCYFTC477J437F77880VC2="eJnNyAdkBsQSISCtB0bQd n0DQERAlNyAdkBABzxyEsQSISCttCK//r37GZwzeQe7qsutGJJ1r3UtDP Lb83...and a lot moreJgibberish...P/ABzxyEM=";eval(base64 _decode(gzuncompress(base64_decode($TEQR51RDA5BVCYFTC477J 437F77880VC2)))) ; ? >

And if you just deleted all those gibberish, it would mess up the theme and render it unusable.

So, to make a long story short, I found this site that helps decode these gibberish into something more familiar and thus edittable.


Usually, the files are encrypted not just once but several times. That’s what I found in the theme I used above. After running it through the decoder, its output was still an encrypted form of the file. Thus, I had to run it several times before the final human-readable version came out.

Yuhooo! But of course, I felt kinda awful and felt like I’ve cheated on the author who, like I’ve said earlier, had spent time and effort in creating a theme and given it away for anyone to use. Well, there’s the author’s link in the innards of the theme (the one where you see the theme name, the author, the author’s link, tags, etc.) and these are read by the spiders anyway. So, I think the least I could do is to keep that as is.

To avoid carrying the author’s links altogether, the only other option (besides buying a theme, maybe) is to learn to create your own wp theme. Here’s a video tutorial on how to do it.