If you haven’t already heard, the latest version of WordPress has been released. It includes a number of changes including one security fix (vulnerability for people to see your draft posts), and my favorite new addition — support for a custom database error page. The error page (db-error.php) will be displayed when WordPress has a problem connecting to your database, instead of cryptic and embarrassing php coded and WordPress branded error message.
Typically if you’ve wanted to have a custom error page you needed to edit the
/wp-includes/functions.php files. This isn’t difficult to do but it’s editing the core WordPress files which typically get overwritten the next time you upgrade your instance of WordPress. I’ve actually done this for my blog so it’s been a pain when it comes time to upgrade but in my opinion it’s worth the trouble. Now with this new db-error.php addition, it will save me the hassle!
After upgrading to the latest version of 2.32, I discovered that the db-error.php page isn’t included. You need to create a db-error.php file and then create the appropriate html code and place it in the wp-content directory such that its location will be
wp-content/db-error.php. I’m not sure why it’s not in your themes folder instead since it can easily get misplaced and each theme should have it’s own version (so you can style it accordingly). Quick Online Tips and 5ThirtyOne both provide simple db-error.php templates you can use for your blog. Like both posts mention, I’d also make sure to include your blog’s css so it’s branded and more professional-looking.
Here is a list of most of the changes in detail:
is_admin() to ensure that it is only true for admin pages thereby protecting against exposing draft posts
wp-mail.php to escape the error messages when displaying them to avoid a possible XSS attack
metaWeblog.getRecentPosts to users with rights to edit a post
wp.getAuthors xmlrpc method to reduce the information exposed and add a capabilites check
validate_file() to improve its traversal attempt detection when running on windows
So if you haven’t already, it’s a good idea to upgrade to this latest version of WordPress 2.32. Make sure to backup your database, wp-config.php and theme files before you do just to be safe. It’s also smart to make sure all your plugins are going to be compatible with this newer WordPress version. Since it’s only a small upgrade it most likely won’t be a problem. I wish WordPress would tell you which files actually need to be updated instead of expecting you to download and overwrite all files. They should do this for at least the small upgrades like this. Not only is it a waste of download and upload bandwidth, but it takes time and potentially brings your blog down during the maintenance.
Ready to super charge your blog? Check out our partners professional premium WordPress themes!