Tag Archives: Wordpress

WordPress 3.5.2: Maintenance and Security Release

WordPress has recently released its latest update: WordPress 3.5.2 version. This is a security release for all previous versions. According to WordPress.org, the security fixes include:

  • Blocking server-side request forgery attacks, which could potentially enable an attacker to gain access to a site.
  • Disallow contributors from improperly publishing posts or reassigning the post’s authorship.
  • An update to the SWFUpload external library to fix cross-site scripting vulnerabilities.
  • Prevention of a denial of service attack, affecting sites using password-protected posts.
  • An update to an external TinyMCE library to fix a cross-site scripting vulnerability.
  • Multiple fixes for cross-site scripting.
  • Avoid disclosing a full file path when a upload fails.

To update, log in to your WordPress dashboard and the update button is listed on top of the browser. To learn more about the update, please read this blog post from WordPress.org

Tweaking your WordPress Theme (Part 3)

In this post, we will discuss the remaining 3 tips on tweaking your WordPress theme

Changing the Sidebar

The sidebar is the narrow vertical column placed either on the right or left-hand side of on your theme, and often jam-packed with lots of information to provide navigation for the visitor. The list of navigation item often includes Categories, Pages, Archives, Search, Recent Posts and Recent Comments.

The information displayed in the sidebar is controlled by the theme’s sidebar.php file.

Take a look at the file and you might see:

<?php wp_list_pages(‘title_li=<h2>Pages</h2>’); ?>

The Categories list might look like:

<li id=”categories”><?php _e(‘Categories:’); ?>

<ul>

<?php wp_list_cats(); ?>

</ul>

</li>

You can change the sidebar by editing the sidebar.php file. Or, you can also use the widgets subpanel ( located at Appearance > Widgets) in your WordPress admin panel to add and change your sidebar (this option does not require you to know any scripting). If you have installed and activated sidebar plugins and widgets, you will find these plugins listed in the widgets subpanel.

For more information: http://codex.wordpress.org/Customizing_Your_Sidebar

For more information on the Widgets subpanel: http://codex.wordpress.org/Widgets_SubPanel

Add Contact Form

By now, we all know that adding a mailto link on a website is the easiest way to increase the amount of spam in your inbox. Instead, use a contact form. WordPress has hundreds of contact form plugins you can choose from: http://wordpress.org/extend/plugins/search.php?q=contact. Contact Form 7 (http://contactform7.com/) is the plugin that we would like to recommend to you.

All you need to do is install the plugin, activate it and design your form, then add it to your page in just a click.

Add Google Analytics Tracking Code

Everyone wants to know how many visitors come to their website. Google Analytics is the most popular tool for tracking your website traffic. Adding the Google Analytic tracking code is very easy – setup an analytics account with Google and copy and paste the provided code before the </body> tag on the footer.php file (so that the code is embeded at the bottom of all pages of your website).

For more information: http://wordpress.org/extend/plugins/google-analytics-for-wordpress/

Tweaking your WordPress Theme (Part 2)

In today’s post, we will be sharing another three tips on tweaking your WordPress theme

Page Navigation

Many themes display all of your pages across the top of your site. But let’s say you’d like to exclude a page from the main navigation. Here’s one way you can do it:

Look for the following code (usually in the header.php file):

<?php wp_list_pages(); ?>

Change it to this:

<?php wp_list_pages(‘exclude=4’); ?>

This will tell WordPress to list all your pages except for the page with ID 4. You can change this number to whichever Page ID you’d like to exclude.

If you want to exclude more than one page, simply separate all the page IDs with a comma, like this:

<?php wp_list_pages(‘exclude=4,5,7,10’); ?>

For more information on WP list pages: http://codex.wordpress.org/Template_Tags/wp_list_pages

Add Something (Anything) to the End of Every Blog Post

Maybe you want to add a link to subscribe to your newsletter, an advertisement, etc. To the end of every blog post. Here’s how you do it:

The file you need to edit is the single.php. This is the template that displays your single articles. Open the file and find a good spot for the content you want to add. For example, to add a “Subscribe to newsletter” link after your post (and before the comments):

<?php the_content(); ?>

[the “subscribe to newsletter” link]

<?php comments_template(); ?>

Changing the Header Image

Websites are often judged by their looks and the first impression comes from the header – it is the first thing that your visitors see.

Your theme’s header is specified in the header.php and the style.css files. In the header.php file, you may see:

<div id=”header”>

<div id=”headerimg”>

<h1>

<a href=”<?php echo get_option(‘home’); ?>”>

</h1>

<div class=”description”>

<?php bloginfo(‘description’); ?>

</div>

</div>

</div>

And in the styles.css file, you may see:

#header {

background: url(“<?php bloginfo(‘stylesheet_directory’); ?>/images/header.jpg”>

no-repeat bottom center; }

#headerimg {

margin: 10px 8px 0;

height: 192px;

width: 740px; }

To change the image file, replace the “header.jpg” with the name of the new image file you have uploaded to replace it. If it is in a different directory, replace the bloginfo() tag with the address of the image’s location.

If you are using an image that is the same size, then simply replace the image. But if the image is a different size, change the height and width in the #headerimg section.

For more information: http://codex.wordpress.org/Designing_Headers

Tweaking your WordPress Theme (Part 1)

WordPress is one of the most popular CMS platforms in today’s web design industry, largely because of the vast selection of available themes, free and commercial. But most often a theme is only a starting point – there is no such thing as a perfect theme – many website owners start with a great theme and tweak it to perfectly suit their needs.

Tweaking is not a privilege of those proficient in scripting or programming. There are many “customizations” you can make to your WordPress theme, even if your scripting/design knowledge and experience is limited.

Here are some of the easy customizations you can make to your WordPress theme.

  1. Edit the theme’s CSS
  2. Display post excerpts or full content
  3. Excluding/including a category
  4. Crafting page navigation
  5. Add something (anything) to the end of your blog posts
  6. Change the header image (if theme has a header image)
  7. Change the sidebar
  8. Add contact form
  9. Add Google Analytics tracking code

We will be discussing the first 3 customizations in this post.

Edit Theme CSS

You can tweak colors, fonts, layouts, backgrounds and other visual elements by editing the Cascade Stylesheet, or CSS. Most of the time, you will find the theme’s CSS style in the file style.css. You can access this file via Appearance > Editor in your WordPress admin panel.

How to:

  1. Locate the attribute you want to edit. The attributes are identified by names indicating sections, such as body, header, etc.
  2. Make the changes to the code displayed between the curly brackets { }.
  3. Save the changes

For more information: http://codex.wordpress.org/CSS

Display Post Excerpts or Full Content

By default, your theme will display the full content of your blog posts on your home page. But if you would rather display only a short excerpt from the post as a little “teaser” to click through to the full article, you can tweak your theme to display excerpts.

To do this, you will need to get familiar with two tags:

1) The tag that displays your full post content is <?php the_content(); ?>

2) The tag that displays your post excerpt is <?php the_excerpt(); ?>

All you need to do is replace the content tag with the excerpt tag on your index.php file. Then, when you write a new post, enter in your article summary (or teaser) in the Excerpt field.

*Note* If no excerpt is set, it will automatically display the first few sentences of your blog post.

For more information on excerpts: http://codex.wordpress.org/Excerpt and http://codex.wordpress.org/Template_Tags/the_excerpt

Excluding/Including a Category

Let’s say you want to display posts from only one category on your homepage, or you want to exclude posts from one or more categories. Here’s how you do it:

Add this code where you want the posts to be displayed:

<?php query_posts(‘cat=3’); ?>

This code will display posts only from category ID 3. Change this number to whichever category ID you’d like to include.

If you want to do the opposite, all you need to do is add a “-“ in front of the category ID number, like this:

<?php query_posts(‘cat=-3’); ?>

This will exclude all posts which have the category ID 3.

For more information on query posts: http://codex.wordpress.org/Template_Tags/query_posts

7 Common WordPress Mistakes (Solutions Provided)

7_common_wp_mistakes

We all make mistakes. But, learning from our mistakes makes the lesson meaningful.

Below are 7 common mistakes that WordPress users often make. By outlining them, we hope this list can help prevent other WordPress users from running into the same problems in the future.

1. All about “username”

There are mainly 2 types of popular mistakes under this category and let’s go over each of them in detail. The first common one we see is: clients using “admin” as username. Recently, WordPress has been attacked by a massive botnet of tens of thousands of computers and the attack was mainly targeting websites with “admin” as the usernames. “Admin” is the most common username that people choose to create. It would make sense for hackers to attack the websites with “easy-to-hack” usernames first.

Solution: don’t use “admin” as your username when you install WordPress. However, if you’ve already used it, check out this article to see how you can change the WordPress username (by default, WordPress does not allow users to change their usernames).

Also, you have the option of inserting your first name and last name when creating an account for your WordPress login.  If you manually insert a name for your account, all your posts will no longer display your username as the author of the posts. Instead, it will display your first name and last name (Note: you are NOT required to insert a GENIUNE first and last name!). Differentiating your username from your “account display name” decreases the chances of hackers successfully guessing your login-name.

Another common mistake in regards to WordPress username is keeping the unused user account. For example, if you hire a contract webmaster to take care of your WordPress website, you should always remove the account once the service ends. Remember, the more user account you have on your site, the greater chance the hackers can access to your website.

Solution: if you don’t need an account, delete it right away.

2. All about “password”

Did you know that the most common passwords are actually “password”, “123456”, and “12345678”? Compiled by a password management company, these results were gathered using the data that hackers have previously posted online.

So, imagine you have a username “admin” with a password “password”, what is the level of difficulty for hackers to attack your website?

Solution: Create a stronger password (e.g. contains at least a letter, a number, and a symbol). Also, regularly update the password!

3. Never backing up your website

Myth: “Why should I back up my own site? Doesn’t my web hosting service provider backup my website anyways?”

Answer: Yes, we do backups of your website, but the backups are mainly for our benefits. All the backup files we make (e.g. in one particular server) are jumbled together. Also, when we perform our backups, it may not be the moment you make changes to your websites. So, chances are, we may not include the latest changes of your website.

Solution: Log in to cPanel and do a full backup of your website regularly. If you don’t know how, read this blog post.

4. Too many categories

The architecture and planning of a website greatly affect its SEO performance. Moreover, leaving excessive categories will slow down your website load time.

Solution: One of the greatest features of WordPress is the capability of using “tags”. “Tag” is very similar to category and it helps WordPress owners to group posts based on the keywords they manually set. So, try to limit the usage of categories and make use of tags to group different posts.

5. Ignoring WordPress and plugin updates

WordPress regularly releases updates for security reasons. If you ignore them, you would probably know the consequences right? The same problem goes to plugins too. Remember this: there are reasons why plugin developers release updates. So when you see the update signs, give them a click immediately!

Solution: Besides regularly logging in to your WordPress Dashboard to see if there are any updates available for download, you may consider using Softaculous to install WordPress. The benefit of using Softaculous to install WordPress is that it will send out email notifications for users when there are new updates release for the installed scripts. For full details, check out our article in our Scripts Library.

6. All about plugins

Speaking of plugins, one of the most common mistakes a WordPress user makes is: missing out the great features of certain plugins. For example, you have a photo WordPress website and you often experience slow load time. You never have the time to investigate the reason behind it. In fact, your high quality images slow down the website. To solve this problem, you can simply install a caching plugin as well as other tools that can help you reduce the file sizes of your website while keeping the quality of the images. To learn more how these plugins help you increase the load time of your WordPress website, check out this article.

While many WordPress users miss out the great features of plugins, on the contrary, there are other WordPress users who like keeping the unused plugin files on the website. Remember: the more files you have on your website, the longer time it takes to load your website. It makes sense to store the files on your website if you are actively using them. But for those that are not in use, why not remove these unnecessary plugins and have a faster website load time?

7. Unfriendly Permalink Structure

By default, WordPress has this setting for permalink:

/?p=123

If you see a blog post with this URL (e.g. YourWordPressBlog.com/?p=123), can you guess what this post is about? If you can’t tell what this blog post is about, your readers (including search engine robots) will have the same experience too.

Solution: login to your WordPress Dashboard. Go to “Settings” and click “Permalinks”. There are 6 settings for you to choose and you can decide which one that fits your need the most.

We hope this article gives you an opportunity to review some of the settings on your WordPress website as well rectify any mistakes. If you need help in solving the problems, our Customer Support Team is happy to assist you. Simply contact us by our live chat, telephone, or customer support ticket system.