EN 
FR 
ES 
The version 2.17.0 of WPMasterToolKit is available.
On the program for this update: a long-awaited new module for performing searches and replacements in the WordPress database, improvements to the Essentials Shortcodespractical developments in e-mail address obfuscation, enhanced security to prevent user enumeration, and a major patch for the .htaccess to avoid certain permalink and REST API access problems.
In this article, we take a look at everything that's changed in this version.
The big addition in v2.17.0: Search Replace in database
The main new feature of this release is the arrival of the Search Replace in database.
When you work on a WordPress site, there are many situations where you need to replace a value in the database:
- migration to a new domain name
- URL correction after a change of environment
- e-mail address replacement
- content cleansing
- updating configuration strings
- repeated modifications in several tables
The problem is that a simple "search / replace" in SQL is not always sufficient, and can even be risky.
Why it's tricky on WordPress
On WordPress, a lot of data is stored in the form of serialized data. This applies in particular to certain options, metadata and plugin settings.
In this context, conventional SQL replacement can break the data structure. The reason is simple: serialization relies in particular on the exact length of strings. If you modify a value without correctly reconstructing the structure, you can render the data invalid.
It is precisely to avoid this kind of problem that the Search Replace in database has been designed.
A tool designed for WordPress
The aim was not to add a simple "find and replace" button in the administration.
The idea was to offer a tool adapted to the reality of WordPresswith a safer, clearer processing logic.
The module allows you to :
- define a search value
- indicate a replacement value
- select the tables to be processed
- adjust batch sizes
- choose whether or not to include columns
guid - run a simulation before actual execution
- view an overview of detected changes
Simulation mode for greater peace of mind
One of the highlights of this module is the dry run.
In concrete terms, you can run a full simulation to see what would be modified, without writing anything to the database.
This is particularly useful for :
- check that the search is targeting the right hits
- avoid too large a replacement
- estimate the real impact before execution
- securing a migration or maintenance operation
With this type of functionality, being able to test before writing really changes the user experience.
A visual overview of the changes
The module doesn't just return a simple counter.
It also displays a preview of detected changes with :
- the table concerned
- line identifier
- the affected column
- a visual extract of the before/after content
This choice improves readability and makes it much easier to validate that the replacement is acting exactly where it should.
Batch processing for larger databases
Another important point is that the treatment is in stages.
Instead of launching a potentially cumbersome global operation, the module divides execution into batches. This reduces the risk of timeouts and makes it easier to adapt to limited hosting or larger databases.
The Max Page Size allows you to adjust the treatment size if necessary.
Useful precautions on GUIDs and siteurl
Some WordPress columns or options are more sensitive than others.
This is particularly true of guidwhich do not always need to be replaced automatically. The module therefore ignores them by default, while leaving the possibility of including them for advanced users.
The same logic applies to siteurlA specific management system designed to limit risks during replacement operations.
Free and Pro versions
The module is available free of charge, but the Pro version unlocks more advanced uses.
In Pro, you can take advantage of :
- several search/replacement pairs in a single operation
- using regular expressions
- a more detailed overview of the changes
Clearly, the free version already covers many needs, while the Pro version is aimed more at migration, advanced maintenance or mass processing.
Essentials Shortcodes: ACF support for easier data recovery
Version 2.17.0 also enhances the Essentials Shortcodes Pro side.
Until now, shortcodes have relied on classic WordPress functions such as get_post_meta(), get_term_meta(), get_user_meta() or get_option().
It is now possible to activate the use of ACF get_field() thanks to a new attribute acf="1".
What this means in concrete terms
This new feature makes it easier to retrieve ACF fields in shortcodes for :
- publications
- the terms
- the users
- options
For example, this type of call can now be used more easily:
[wpmtk_aes_post key="my_acf_field" acf="1"]
or for an ACF option :
[wpmtk_aes_option name="my_acf_option" acf="1"]
This is a very practical enhancement for sites that rely heavily on Advanced Custom Fields.
A clearer interface in the generator
The module's interface has also been adjusted to reflect this new feature:
- added checkboxes to use
get_field() - examples updated in the integrated documentation
- simplified placeholders in certain generator fields
As a result, the module becomes more flexible and consistent for users who manipulate both native WordPress meta and ACF fields.
Obfuscate Email Addresses: more control over display and links
The module Obfuscate Email Addresses also evolves in this version.
The aim of this module remains the same: to protect e-mail addresses from bots, while keeping them readable for human visitors.
With 2.17.0, two new options have been added to the shortcode.
New option rtl="no"
The module used rendering based on visual inversion logic to complicate automated reading by robots.
In certain contexts, however, this behavior could be detrimental to the user experience. To meet this need, a new rtl="no" allows you to disable right-to-left rendering when it's not required.
This is useful when the visual rendering needs to remain more natural or legible, depending on the site design.
New option mailto="yes"
Another new feature is the ability to generate a protected clickable link with mailto="yes".
Operation is based on deferred decoding via a data-email and a script executed on click. The idea is to avoid exposing the e-mail address directly in a link. mailto: immediately readable by robots.
This keeps the product practical for the visitor, while adding a layer of protection.
Example shortcode
The module description has been updated with an enriched example:
[wpm_obfuscate email="example@email.com" display="newline" rtl="no" mailto="yes"]
Security: strengthening the Prevent User Enumeration module
Safety has also been improved in this version.
The module Prevent User Enumeration has been strengthened to better block certain bypass attempts on the REST API.
The problem corrected
REST URL control could be bypassed by using uppercase letters in the URI.
The applied fix now normalizes the URL to lower case before verification, preventing this type of variation from bypassing the protection.
It's a discreet but important improvement. It's details like these that often make the difference between theoretical protection and truly robust protection.
Critical correction to the .htaccess end of 404 on /wp-json/ and broken permalinks
Among the most important fixes in this release, there is also an improvement in the management of the .htaccess.
What could have happened before
During certain updates or modifications, the .htaccess could pose a problem:
- rules not managed by the plugin could be overwritten
- the WordPress rewrite block was not always resynchronized correctly
- this could lead to errors 404 on
/wp-json/ - some permalinks could stop working properly
What's new in 2.17.0
The patch brings two major improvements:
- the rules
.htaccessnot linked to the plugin are now preserved - WordPress rewrite rules are resynchronized after modifications when necessary
In practical terms, this reduces the risk of breaking access to the REST API or permalink system on Apache environments.
This is the kind of fix that doesn't necessarily show up in the interface, but has a real impact in production.
A real-world version
This v2.17.0 illustrates the logic behind WPMasterToolKit.
The idea is not just to pile on options, but to add modules that are actually useful in everyday WordPress life:
- integrated maintenance tools
- field-oriented improvements
- technical safeguards when a feature can be risky
- concrete corrections to problems affecting real sites
The new module Search Replace in database is probably the best example of this. It's typically the kind of tool you often end up installing via a dedicated extension. Integrating it directly into WPMasterToolKit allows you to centralize more useful actions in a single plugin.
Changelog for version 2.17.0
Update
- Pro Module: Essentials Shortcodes
- added permalink support in shortcodes
[wpmtk_post_meta]and[wpmtk_term_meta] - ACF support added via
get_field()in[wpmtk_post_meta]and[wpmtk_term_meta]
- added permalink support in shortcodes
- Module: Obfuscate Email Addresses
- option added
rtlto disable right-to-left rendering when necessary - add an option
mailtoprotected with click-deferred decoding
- option added
Add
- Module: Search Replace in database
Security
- Module: Prevent User Enumeration
- blocking URI variants using uppercase letters
Fix
- preserving the rules
.htaccessnot linked to the plugin - resynchronization of WordPress rewrite block after update
- Apache 404 error prevention on
/wp-json/ - fixed problems with broken permalinks
Conclusion
With WPMasterToolKit 2.17.0This is a useful, technical and very practical update.
The new module Search Replace in database brings real convenience to WordPress maintenance and migration operations. Improvements to Essentials Shortcodes make the module more interesting for ACF users. Developments in e-mail obfuscation offer greater flexibility. And security and .htaccess reinforce the plugin's overall reliability.
In short, a release that doesn't try to make noise for nothing, but adds real tools and fixes real problems.
