How to Disable Magic Quotes on WordPress?

12 minutes read

To disable magic quotes on WordPress, follow these steps:

  1. Access your website's root directory using an FTP client or through your hosting provider's file manager.
  2. Look for the wp-config.php file in the root directory and download it to your local computer.
  3. Open the wp-config.php file using a text editor.
  4. Locate the line that says /* That's all, stop editing! Happy publishing. */.
  5. Add the following code above that line:
1
2
3
4
5
if (get_magic_quotes_gpc()) {
    $_GET = stripslashes_deep($_GET);
    $_POST = stripslashes_deep($_POST);
    $_COOKIE = stripslashes_deep($_COOKIE);
}


  1. Save the changes to the wp-config.php file.
  2. Upload the modified wp-config.php file back to the root directory of your website, replacing the existing file if prompted.
  3. Magic quotes will now be disabled on your WordPress site.


Note: It's important to backup your wp-config.php file before making any changes, as incorrect modifications can break your website.

Best WordPress Books of April 2024

1
WordPress: The Missing Manual: The Book That Should Have Been in the Box

Rating is 5 out of 5

WordPress: The Missing Manual: The Book That Should Have Been in the Box

2
WordPress All-in-One For Dummies (For Dummies (Computer/Tech))

Rating is 4.9 out of 5

WordPress All-in-One For Dummies (For Dummies (Computer/Tech))

3
WordPress Explained: Your Step-by-Step Guide to WordPress (2020 Edition)

Rating is 4.7 out of 5

WordPress Explained: Your Step-by-Step Guide to WordPress (2020 Edition)

4
Professional WordPress: Design and Development

Rating is 4.5 out of 5

Professional WordPress: Design and Development

5
WordPress Plugin Development Cookbook: Create powerful plugins to extend the world's most popular CMS, 2nd Edition

Rating is 4.4 out of 5

WordPress Plugin Development Cookbook: Create powerful plugins to extend the world's most popular CMS, 2nd Edition

6
WordPress 5 Complete: Build beautiful and feature-rich websites from scratch, 7th Edition

Rating is 4.3 out of 5

WordPress 5 Complete: Build beautiful and feature-rich websites from scratch, 7th Edition

7
Building Web Apps with WordPress: WordPress as an Application Framework

Rating is 4.2 out of 5

Building Web Apps with WordPress: WordPress as an Application Framework

8
WordPress for Beginners 2020: A Visual Step-by-Step Guide to Mastering WordPress (Webmaster Series)

Rating is 4 out of 5

WordPress for Beginners 2020: A Visual Step-by-Step Guide to Mastering WordPress (Webmaster Series)


How to disable magic quotes functionality in a specific WordPress theme?

To disable the magic quotes functionality in a specific WordPress theme, you can follow these steps:

  1. Access your WordPress site's files via FTP or cPanel File Manager.
  2. Locate the theme's root folder by navigating to "wp-content/themes/theme-name". Replace "theme-name" with the actual name of your theme.
  3. Inside the theme's folder, look for the functions.php file. This file typically controls the theme's functionality.
  4. Open the functions.php file in a text editor.
  5. Add the following code at the top of the functions.php file, before any other code:
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
if (get_magic_quotes_gpc()) {
    function disable_magic_quotes_gpc()
    {
        $_POST = array_map('stripslashes_deep', $_POST);
        $_GET = array_map('stripslashes_deep', $_GET);
        $_COOKIE = array_map('stripslashes_deep', $_COOKIE);
        $_REQUEST = array_map('stripslashes_deep', $_REQUEST);
    }
    disable_magic_quotes_gpc();

    function stripslashes_deep($value)
    {
        $value = is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value);
        return $value;
    }
}


  1. Save the functions.php file and upload it back to the theme's folder, replacing the existing file.
  2. Clear any website cache if you are using a caching plugin.


This code snippet will check if magic quotes are enabled and, if so, it will remove the escaping slashes from the $_POST, $_GET, $_COOKIE, and $_REQUEST arrays using the stripslashes() function.


Remember, magic quotes have been deprecated since PHP 5.3 and removed from PHP 5.4 onward, so disabling them in your theme is recommended to avoid any potential conflicts or unexpected behavior.


How to disable magic quotes for specific pages or posts in WordPress?

To disable magic quotes for specific pages or posts in WordPress, you can add the following code snippets to the functions.php file of your theme or in a custom plugin:

  1. Open the functions.php file of your activated theme or create a custom plugin.
  2. Add the following code at the beginning of the file:
1
2
3
4
5
6
7
8
function disable_magic_quotes() {
    if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) {
        $_POST = stripslashes_deep($_POST);
        $_GET = stripslashes_deep($_GET);
        $_COOKIE = stripslashes_deep($_COOKIE);
    }
}
add_action('init', 'disable_magic_quotes');


  1. Save the file.


This code checks if magic quotes are enabled and if so, it removes the extra slashes from POST, GET, and COOKIE superglobals.


Now, you can selectively disable magic quotes for specific pages or posts using the 'init' action hook. Modify the code in the functions.php or custom plugin file as follows:

1
2
3
4
5
6
7
function disable_magic_quotes_specific() {
    // Check if on specific page or post
    if (is_page('page-slug') || is_single('post-slug')) {
        remove_action('init', 'disable_magic_quotes');
    }
}
add_action('init', 'disable_magic_quotes_specific');


Replace 'page-slug' or 'post-slug' with the actual permalink slug of the page or post you want to keep magic quotes enabled for.


Remember, magic quotes is a deprecated feature and you should consider using other methods to handle data sanitization and security in your WordPress installation.


How to disable magic quotes for file uploads in WordPress?

Magic quotes was a feature in older versions of PHP that automatically escaped certain characters in input data. However, it has been removed from newer versions of PHP as it was considered harmful. Therefore, disabling magic quotes for file uploads in WordPress is not necessary if you are using a recent version of PHP.


If you are using an older version of PHP that still has magic quotes enabled, I highly recommend upgrading to the latest stable version of PHP instead of trying to disable magic quotes.


However, if for some reason you cannot upgrade PHP and need to disable magic quotes specifically for file uploads in your WordPress installation, you can do so by adding the following code to your wp-config.php file:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
// Disable Magic Quotes for file uploads
if (get_magic_quotes_gpc()) {
    function fix_magic_quotes_gpc(&$data) {
        if (is_array($data)) {
            foreach ($data as &$value) {
                fix_magic_quotes_gpc($value);
            }
        } else {
            $data = stripslashes($data);
        }
    }
    
    fix_magic_quotes_gpc($_FILES);
}


Ensure that you add this code before the line that says /* That's all, stop editing! Happy blogging. */ in your wp-config.php file.


Again, it is recommended to upgrade PHP to the latest stable version rather than relying on this workaround.

Best WordPress Hosting Providers in 2024

1
Vultr

Rating is 5 out of 5

Vultr

  • Ultra-fast Intel Core
  • High Performance and Cheap Cloud Dedicated Servers
  • 1 click install Wordpress
  • Low Price and High Quality
2
Digital Ocean

Rating is 4.9 out of 5

Digital Ocean

  • Active Digital Community
  • Simple Control Panel
  • Starting from 5$ per month


What are the common WordPress functions affected by magic quotes?

Magic quotes was a feature in older versions of PHP that automatically escaped special characters in input data. This feature has been deprecated since PHP 5.3 and removed entirely in PHP 7. As a result, you generally don't need to worry about magic quotes in modern WordPress installations.


However, in older versions of WordPress that run on outdated PHP versions, some common WordPress functions might have been affected by magic quotes:

  1. addslashes(): Magic quotes might have caused double escaping if applied to data that was already escaped with addslashes().
  2. Database functions: Functions like $wpdb->prepare() used to check if magic quotes were enabled and automatically remove slashes from database inputs. With magic quotes turned off, these functions might not work as expected.
  3. Filesystem functions: Functions such as file_get_contents() or file_put_contents() could be affected if magic quotes were enabled and caused additional escaping or unescaping of file contents.
  4. Form data handling functions: Functions like wp_magic_quotes() and wp_unslash() were used to handle incoming form data and sanitize it by removing magic quotes. These functions might not be needed or work properly in newer versions of WordPress because magic quotes are not a concern anymore.


It's important to note that these issues only apply to outdated versions of WordPress running on outdated versions of PHP. Starting from WordPress 3.0, the minimum PHP version required is 5.2.4, which means magic quotes are not a concern for most current WordPress installations.


What is the impact of magic quotes on WordPress permalink structure?

Magic quotes is a feature that automatically adds slashes to certain characters in data sent to and from the server. However, since PHP 5.4, magic quotes have been deprecated and removed in later versions.


In the context of WordPress permalink structure, magic quotes itself does not have a direct impact. Permalinks in WordPress are handled by the rewrite rules in the .htaccess file. Magic quotes may impact the handling of data passed by forms or URLs, but they do not specifically affect the permalink structure.


It's important to note that since magic quotes have been removed from newer PHP versions, relying on them for any functionality, including permalink structures, is not recommended. It is advisable to keep WordPress and PHP versions up to date and properly handle input data to ensure the security and integrity of the website.

Facebook Twitter LinkedIn Telegram Whatsapp Pocket

Related Posts:

To remove quotes from an SQL query in Laravel, you can use the whereRaw method provided by Laravel's query builder. This method allows you to pass a raw SQL expression without quotes. For example, instead of writing ->where('column_name', 'v...
Jetpack is a popular WordPress plugin developed by Automattic, the same company behind WordPress.com. It offers various features and tools to enhance the functionality and performance of a WordPress website. However, there might be instances where you want to ...
There are times when you need to disable comments on your WordPress site. There are two cases contextual to disabling WordPress comments: Disabling comments for individual posts and pages Disabling comments completely Disabling comments for individual WordPr...