It has come to our attention that some users have been leaving this script on their servers despite advice to the contrary. Due to the very real dangers, it can present when used that way, we now ask that you complete a form where we make sure you’re aware of these risks in order to receive the download link. Do also carefully read the installation instructions below.
Please check your spam folder for the download link before you email us for support. If you are still experiencing problems, email us politely with your query.
Download the script from the link you received by email, and install it to a secret folder with an obfuscated name. Your server should also not be set to provide directory lists.
Do not install Search Replace DB to the root folder or you risk all sorts of potential problems. Just don’t. It must run in its own folder.
If you are in any doubt whatsoever about how to use this standalone script, then please consider getting an expert in. It’s a really powerful bit of code that if used badly can damage your install beyond repair. If you want help, get in somebody like us, for example, or any of the other great guys listed over at CodePoet.
The code is supplied under the GPL V3 and is fully open source. Do be aware that this means people can change this code and offer it up, and that other versions may be worse… or better. It is code for developers, by developers, and you should only use code from sources you trust.
Please beware of adverts below that offer a download button, but adverts do allow us to partly cover the cost of running this project.
Where do I install the unzipped files?
In a directory on your webserver. It can be an httpauth protected folder if it’s a public facing webserver.
I heard this script is insecure. Is it really?
Yes – it’s a development tool, not something you should be putting on production servers. If you do put it on a production server be really careful. We’re trying to work out ways of protecting users further, because it turns out that this tool is being recommended by webhosts around the world, but too often to quite naive users who don’t really understand the risks.
I get an error 2: Class __PHP_Incomplete_Class has no unserializer
This is a common error and generally comes up with users of Yoast plugins, but also some others. It’s something we’re aware of. In the vast majority of cases everything is fine. You could try running the script from a different PHP install – there is no reason why you can’t have a pipe to a production database and connect to it from your workstation, for example. A little more detail is on our github repository.
- Support for continuous integration through Travis CI
- Ability to do multiple search-replaces
- Ability to exclude tables
- Remove specific loaders for WP
- No longer automatically populate DB fields, this was causing security issues for users leaving the script on their site
- Script now checks whether the correct version of PHP is used
- Script checks if necessary modules are installed
- Script checks if the connection is secure and gives a warning otherwise
- Bug fixes
- UI Tweaks
- Password is not mandatory in CLI
- Version 3.1.0 (Web UI and CLI versions) tested against PHP 7.0.6 and functioned correctly.
- Version 2.1.0 confirmed to not work with PHP 7.0.6 but is kept for use on older servers.
- Safety checks to prevent deletion when installed incorrectly. However, you should still take care when dealing with files on your server.
- Port number option in both the GUI and CLI. Use –port nnn to set a non-default MySQL port.
- Fixed Drupal bootstrap behaviour. Start up of script uses Drupal data as guide, no longer relies on a full successful Drupal initialisation before script will allow you to proceed.
- Driver selection improved so that PDO will be attempted first if PDO+mysql is available, with mysqli being used as a fallback. This fixes ‘driver not found’ errors
- Removed mysql_ functions and replaced with mysqli_.
- Improved JS preview overlay for dry runs. This means that the right pane will always show the most accurate data possible. If serialised strings are present, highlights are not displayed.
- Major overhaul
- Multibyte string replacements
- UI completely redesigned
- Removed all links from script until ‘delete’ has been clicked to avoid security risk from our access logs
- Search replace functionality moved to it’s own separate class
- Replacements done table by table to avoid timeouts
- Convert tables to InnoDB
- Convert tables to utf8_unicode_ci
- Use PDO if available
- Preview/view changes
- Optionally use preg_replace()
- Scripts bootstraps WordPress/Drupal to avoid issues with unknown serialised objects/classes
- Added marketing stuff to deleted screen (sorry but we’re running a business!)
Version 2.2.0 (never formally released but patched into v3.0.0):
- Added remove script patch from David Anderson (wordshell.net)
- Added ability to replace strings with nothing
- Copy changes
- Added code to recursive_unserialize_replace to deal with objects not just arrays. This was submitted by Tina Matter.
- ToDo: Test object handling. Not sure how it will cope with object in the db created with classes that don’t exist in anything but the base PHP.
- If you need this version, it’s here. And it’s even more dangerous than the newer versions. So you know, be careful.
For changes prior to v2.2.0 please refer to index.php where you will find a complete changelog. You can also browse the project on github.
We’d love to get contributions, bug reports and more on the Search Replace DB github repository. Please come on over – you’ll be more than welcome but you will need to request access by emailing [email protected]