Thesis 1.8.4 Makes WordPress Multisite More Flexible (and Other Fixes)

by Chris Pearson · 47 comments

Remember when we released Thesis 1.8.3 and made your site even faster? That was fun.

In that same version, we also introduced official WP Network/Multisite compatibility to the cheers and adoration of millions. That was fun, too, but there were still a few wrinkles with Multisite that we had to iron out.

Today, I’m delighted to bring you Thesis 1.8.4, which contains the best WordPress Multisite support in the business coupled with other tweaks that will make your Thesis site smarter and more flexible than ever before.

Oh, and for all you designers and developers out there, our resident all-star, Matt Gross, has thrown together a killer starter template that you can use as the basis for your next great Thesis skin or child theme.

But before we get to that goodness, let’s take a look at what’s new in Thesis 1.8.4:

The Thesis Master Control and Enhanced Multisite Support

When you’re running a Multisite environment, it’s really nice to be able to modify the designs of all the sites on your network from a single location.

Let’s say, for instance, that you’d like to modify the footer attribution on every site in your network. Sounds like it should be simple, right?

With traditional WordPress themes—and especially ones that rely solely on child themes (instead of custom folders, the way Thesis does)—this is not only annoyingly difficult, but it is literally impossible to accomplish by only editing a single file.

With the new Thesis Master Control, edits like the one above are simple and can be accomplished from a single custom_functions.php file that governs all the sites on your Thesis-enhanced WordPress Network.

This gives you unlimited power over your entire Multisite environment. It’s why we call it the Thesis Master Control, and I dunno how the heck you can run a Multisite without it.

(In fact, I use a very similar master control to run this site, I run everything—even my store—off this thing.)

Also, Thesis is now completely backwards-compatible with Multisite, so even if you haven’t upgraded your WordPress in eons, you can still rock the Thesis Master Control.

Smarter Custom File Editor and Other Bug Fixes

Thanks to a complete rewrite, the Thesis custom file editor now offers better performance. In addition, it now has complete awareness of the Multisite environment, and users can only edit the custom.css files that are relevant to them.

Finally, we made quite a few other minor adjustments and bug fixes. Thanks to your feedback, this is probably the most thorough round of bug-squashing we’ve ever enjoyed. (Well, Matt enjoyed it. He’s something of a masochist.)

Thesis Skin and Child Theme Starter Templates

There’s no denying it—I’m an organizational freak. Whenever I write code, I’m on a mission to make it as clear and easy to maintain as possible.

And sometimes, on big sites, my custom_functions.php can get a bit out of control. If you’re a developer, you’ve probably run into this situation, too.

Surely there’s a better way to organize this code.

Naturally, there is! Matt has cooked up a couple of starter templates that will help you organize your code better than ever before.

If you’re going to build a custom Thesis site for a client, a killer new skin, or a Thesis child theme, then you need these new starter templates. Check ’em out:

Special Thanks to the DIYthemes Crew

We all owe a very special thanks to the DIYthemes expert support staff and Matt Gross, because they are the reason version 1.8.4 rocks as hard as it does.

They squashed all the bugs and made all the improvements based on feedback from you guys and gals, our awesome users!

Thanks to them, I’ve been able to focus on Thesis 2.0 and the very exciting road ahead.

Download Thesis 1.8.4 Now: If you already own Thesis, click here to download Thesis 1.8.4. If you’re not yet a customer, click here to buy Thesis.

About the Author: Chris Pearson, Thesis creator and DIYthemes founder, is obsessed with optimizing the web and making sure every last detail receives the attention it requires. You should follow him on Twitter here.

If you enjoyed this article, enter your email below to get free updates!


Dave Doolin

Thanks for shortening up the release cycle, Chris. Really helps.

Dan Tudor

I think this is the universe’s way of telling me it’s time for me to delve into child themes. It’s been on the list as “Someday” in my GTD list. Just moved it to “Next”. The quality and the community keep me coming back for more. To everyone on the DIYThemes team, thank you.

Keith James

Hi Dan,
I think you will quite surprised how easy it is to create a child theme. Takes about 10 minutes or so. There are quite a few good tutorials available. This is the one I used . I really think the folks at DIY themes should hire this talented woman. It’s one of the best Thesis resources I’ve found.


Will we be able to update Thesis through the WordPress auto update eventually? Not that it’s a big deal, I’m just a bit spoiled now that WP itself works so nice that way.

Loading up the new Thesis today. Thank you Chris and Crew. 🙂


Thanks a lot for rolling it out.

Will be upgrading all sites soon 🙂

Danny Cruz

Oh nice! I wasn’t expecting another update until 2.0. Very good. I’m going to go look at those starter templates. I have a full redesign in mind, to get certain things on my site(s) just the way I want them. But I’m going to wait until 2.0 for that.

Keith Jones

Upgraded, only one issue so far, one item from menu went missing.

I had to go Appearance – Menus then select Primary Menu and save. That brought it back.



I don´t understand the difference between child theme and skin. Can someone explain?
Till today, i have edited the custom.css and custom_functions.php to give my Thesis Website, or the website for a client, a unique design. Is this way of designing called Skin or Child Theme?

And how do we do the design in the future?

I also don´t understand the Templates above. Why do we need this?
I am really confused.

Chris Pearson

Kirsten, Thesis skins and child themes are similar in what they do for your site—they allow you to make customizations—but they are different in their implementations.

Using custom.css and custom_functions.php is the “skin” way of doing things, and it’s what we recommend for most users.

Some developers prefer to release child themes, simply because they’re a little easier for users to install (they can be uploaded from the WordPress dashboard without the need for an FTP client).

Because of this, we’ve chosen to accommodate child themes as best we can, but as I said above, we recommend skins for most people.

As far as the templates are concerned, you likely won’t need them unless you’re a serious developer. They’re merely intended to be a consistent, efficient starting point for people who build Thesis sites for clients and people who build Thesis skins and/or child themes.

Of course, if you prefer, you can simply stick with custom.css and custom_functions.php and continue to work with Thesis that way.


PS – Your timing with the child theme and skin starter template is funny. This was something I wanted to do last year. I even bought a book about WP theme creation. I read half way but got busy and now it’s playing with the dust bunnies. But, I would like to get back into it. I think it would make updates and twitches to my theme much simpler between updates to Thesis and WordPress. I love the KISS plan.

Lisa Firke

Looks spiffy! Especially pleased with the starter templates–hope to use those with clients SOON.

Thanks for the awesome.


I just went through some training on building child themes, I was wondering how I could use thesis with them. This just adds an extra level of awesome.



Install was a snap! Looking forward to using it!


Nice! Really looking forward to understanding and developing with your Framework Chis! One thing that I will say that buying Thesis has the Upper hand on is that you and your Team allow and focus in on Helping Your User Base “Customize” Thesis which is something that as of lately on the Genesis Forums ends up with you getting Stonewalled for even basic stuff.
Personally, I think that your approach towards that specifically creates a much more productive and involved community. So with that said I amm looking forward to working with Thesis and providing a cross comparison between The Thesis & Genesis Frameworks when I am in the position to do the review naturally.

Cheers Chris : )\


I’ve enabled multisite so I could check out “Thesis Master Control” but I’m not seeing it nor any extra files in custom file editor. Am I missing the concept? 😉


Mark — Thesis by default comes with a folder custom-sample. In a single install of WP with Thesis it will tell you to change that to custom. In a network install it will create another folder with the name custom-ID (where ID is the blog ID). If you leave the original folder as custom-sample it will continue to do nothing, but if you change it to “custom” and put stuff in the custom_functions.php file it will apply that stuff to all the sites on the network.

This could be quite handy for things like tracking scripts: Google analytics gives you the option of tracking subdomains with the same tracking script. And other handy things I’m sure, perhaps a consistent custom footer message, or you could add a network-wide navigation to all the sites on the network… stuff like that.

Note that it only applies the custom_functions.php to the network sites, not the custom.css, but you could wp_enqueue_style from custom_functions.php if you did want to use some CSS across the network.


i can’t wait.. setup it now..


Chris Aitken

Chris — I just updated to 1.8.3 on a bunch of my sites last week … they aren’t running on multisite (maybe they should be?) — does this release bring new things (whether bug fixes or new functionality) to those of us running Thesis on single site installations?

Thanks, Chris


I am curious for an answer to this one too..

Chris Pearson

Chris, although 1.8.4 mostly targets Multisite, it also contains an upgraded Custom File Editor as well as various minor fixes. In most cases, these new fixes are not mission-critical to single site installations.

Usman Latif

Wow.. another update. This seems to be intended toward multisite. Does it have anything for the single site version?

Feels good to have regular updates from Thesis.


I’m wondering the same thing. Is it worth installing on single site or should I just let my site be?

Chris Pearson

Usman and Jay, if you’re running single site installations, you don’t have to upgrade. If your site is fine with 1.8.3 and you’d prefer not to upgrade, that should be ok.


“The Thesis Master Control and Enhanced Multisite Support”
Okay, that is pretty awesome 🙂 I guess I might be moving my site back from child themes to custom folders.

Also, Thesis is now completely backwards-compatible with Multisite, so even if you haven’t upgraded your WordPress in eons, you can still rock the Thesis Master Control.

Heh, or if you stay on top of upgrades, but just started your multisite a long time ago…

Previously I was using child themes on multisite because it was a lot easier than manually making extra custom folder… that is now moot. The only other reason I see for using a child theme with Thesis now is if you want to create new page templates. Is there any other reason anyone can think of?

Steve Crossland

Just upgraded. No issues. Keep up the progress.

Puneet Sahalot

Awesome! WPMU + Thesis is a lot better now.
Next thing I wish is one-click update from WP-admin. It’s not so easy for a lot of people to upgrade it via FTP.



I’ll chew on this till I can get my hands on v2..

Amy K.

My site crashed as I was trying to editing custom_functions.php file in version 1.8. Now I can’t log on. Called my web host (bluehost) and they told me it was a theme issue. My theme is paid for and everything. Do you know what could be causing the problem?

Chris Pearson

Amy, in all likelihood, you had a syntax error when you edited your custom_functions.php file. In cases like this, you’ll need FTP access to your site, and you’ll have to manually fix the syntax error in your custom_functions.php file.

This is a basic procedure that is absolutely possible (and routine) with Bluehost.


Very nice. Just set up an MU site and started to think about template custom files that I could roll out to each new site.

This solves the problem.

Keep up the good work.


I am having one problem with Thesis 1.8.4…
After installing latest version of thesis, I activated the theme and it worked well.
The problem is, now if I activate other WordPress theme for my site then it shows WordPress error. It doesn’t even go upon refresh but if i go back in my browser using back button and if open that theme page again then i can see that my new theme other than thesis has been activated. Same thing happens with any of other WordPress theme. I removed thesis to check it out weather it is concern to thesis or not, and I got so. Theme page worked well without thesis and again after re-installation of thesis 1.8.4 problem was same.

Kindly check it out with your system too so that problem can be figured out. May be it could be problem with my installation too.

One more thing, what if I want to download thesis version 1.8.3 back as I have removed it from my disk after release of thesis 1.8.4…
So is there any type of archive page for thesis users to download previous version of thesis??



I am currently running Thesis version 1.8.2 on several sites. Today, my host informed me that it updated my all of my TimThumb files to the latest 2.0 version. They have done so of course because of the recent security issue/vulnerability regarding older versions of TimThumb. It is my understanding that Thesis is not subject to this vulnerability, as it uses a modified version of TimThumb, and does not accept remotely hosted URLs as parameters. However, I am concerned that updating to Thesis 1.8.4 will put back in place the older version of TimThumb and cause my host to flag my sites as vulnerable once again. Does anyone know if Thesis version 1.8.4 is sporting the newer version of TimThumb (2.0)? If not, what is the best way to update to Thesis 1.8.4 and then TimThumb 2.0 and are there plans to include TimThumb 2.0 in the future versions of Thesis? Thanks!

Chris Pearson

Wendy, many hosts are running roughshod over TimThumb scripts out in the wild, without actually checking to see if the vulnerabilities exist in the scripts they’re targeting.

In Thesis’ case, the included TimThumb script is a modified version of 1.09, which does not contain the security vulnerability. Thesis 1.8.4 is still using a version of 1.09 that has been modified to work with WordPress in both a regular and a multisite environment.

Unfortunately, when hosts automatically upgrade the TimThumb script in Thesis, they unknowingly wreck specific functionality that we built into the script to make it work better with WordPress.

Once again, however, the TimThumb script included in Thesis does not contain the security vulnerability that many hosts have been targeting.

Finally, I’m hoping that TimThumb won’t even be a part of Thesis 2.0. We’ve wasted a ton of time and energy “defending” something that wasn’t even an actual problem (simply because hosts didn’t do their homework), and I’m not inclined to go down this same path in the future.

Bruce Z.

Just got a notice today (March 15) from Bluehost about the thumb.php file that may be a potential backend into a site. It’s found under themes/thesis_18/lib/scripts/thumb.php

From Bluehost:
“Any timthumb.php file below version 1.35, but above version 1.09 is considered vulnerable, unless patched. To prevent being compromised, we advise you update all instances of timthumb.php to version 2.0, or patch the existing vulnerable files.”

I downloaded 1.84 and it appears the thumb.php is version 1.09. Should we just replace it with this file ?

Does DIYThemes have a fix specific to our theme or should we just replace the file from the google link?


Bruce Z.

Chris Pearson

Bruce, please see my reply to Wendy above.

For clarity, there is no need to upgrade/modify/worry about the TimThumb script included in Thesis. It is not vulnerable.


Wow, these are some awesome new features! Thanks a lot for constantly keeping Thesis on top of things, I couldn’t be more happy with my choice of it.


Can you make a statement with regard to Thesis 1.84 and Zero Day Vulnerability? For that matter, can you comment wrt to versions 1.7. The other day, a client of mine running on Bluehost got notified their 1.7 version was found to have an exploitable timthumb.php file on their account. So they inquired and first thing I did was upgrade them to 1.84. They have now received the same notice about 1.84. Among other things, it reads as follows:

The timthumb.php file is a script commonly used in WordPress’s (and other software’s) themes and plugins to resize images. The exploit allows an attacker to arbitrarily upload and create files and/or folders on your account, which can then be used for a number of malicious tasks, including but not limited to defacement, browser high-jacking and infection, data harvesting and more. After a site has been exploited, it may lead to becoming labeled a “Malicious Website” by Google or other security authorities.

Any timthumb.php file below version 1.35, but above version 1.09 is considered vulnerable, unless patched. To prevent being compromised, we advise you update all instances of timthumb.php to version 2.0, or patch the existing vulnerable files. Note that patching the files requires more in-depth knowledge of the PHP scripting language.

The updated version of timthumb.php can be found here:

The infected files are located here:

CLIENT SITE/wp-content/themes/thesis_184/lib/scripts/thumb.php
CLIENT SITE/wp-content/themes/thesis_17/lib/scripts/thumb.php

Can you advise on Thesis themes current vulnerability to this situation as well as advise when it will be patched in Thesis?

BTW: this looks like it’s been reported before, per @Bruce above – and considering it goes back at least to a 1.7 vulnerability to an exploit uncovered in mid ‘2011, we figure you have an answer at the ready. That said though, I could not find anything on the DIYthemes support site or blog, and hence the question here.


Chris Pearson

Darrin, please see my reply to Wendy above for clarification on the TimThumb script in Thesis.

The short version is that there is no vulnerability you need to worry about, and there is nothing to patch. The security vulnerability that existed in TimThumb is not—and has never been—present in any version of Thesis.

Robert Schrader

Hi. So I made attempted to upgrade to Thesis 1.8.4 using your instructions — and my site (and all the Thesis menus) went to all plain text. Any ideas? I reverted back to 1.8.2 in the meantime.

Chris Pearson

Robert, please see the forums with this. It’s likely a permissions issue that has come up a few times before, so our experts will be able to fix you up in no time.

Robert Schrader


To be frank, the forums are filled with so many hundreds of threads on this topic — most of which further direct members to other threads, which may or may not even answer their original questions — that I’m offended you ask me to do this. Please answer my question directly.


Looks like I am missing out on updates.. Why don’t I get updates on new releases in my mailbox or thesis admin panel?

Shaun Snapp

There does not seem to be documentation that updates the document of how to initiate multisite in 1.8.2 which is here… Can anyone respond with where the documentation is for 1.8.4 because I am stuck and having problems with the functions.php file. I would have posted this in the support area, but could not find the new post button.

Gaurav Dhiman

Hello thesis team…
will you please add support for featured images?

so far the only set back..

Mason Disick

I am currently using 1.8.3 version, anyone here can tell me how to upgrade to 1.8.4 version? I love Thesis theme.

Ash Nallawalla

The answer is the same with each upgrade, although I agree if customers were emailed about upgrades and sent a link to the download page and the upgrade instructions:

Bookmark this page:


Hello! It looks like I’m getting closer to running 1.8.5 for multisite, but I’m still a bit confused. At the moment I seem to have a custom folder for all three of my sites. With Master Control, I was hoping that I wouldn’t have to modify each custom.css & each custom_functions.css file, but it looks like I still need to? When I don’t modify each file, the sites don’t utilize the customization. What am I missing?