How to Register Custom Taxonomy For WordPress Users

The Custom Taxonomy feature has been introduced since WordPress 2.9. It allows you to create custom groups for Post, Page as well as Custom Post Types.

Say that you are building a book directory website, and you have created a Custom Post Type for posting the Books. By using Custom Taxonomy, you can create a custom taxonomy for it, called Genre. Within this Genre taxonomy, you can create a number of items (which technically is called terms) such as Fiction, Kids, or Biography for grouping the Books.

Unfortunately, at this point, we can’t register Custom Taxonomy to Users; at least not in a straightforward way as we would register it in the other Post Types. One perfect application that we could foresee from this idea is that we can use it to assign additional user attributes, such as their occupation, profession or organizational position, in place of registering a new set of User Roles. It also opens the possibility to query the users based upon the assigned taxonomy terms.

If this idea is something that may benefit your website, take a look at this tip.

Getting Started

First, we will install a plugin named User Taxonomies to simplify our job.

Once the plugin is activated. Go to GenerateWP to generate the Taxonomy codes. Put the code output in the functions.php file of your theme. This code snippet below is an example. Though, it has been stripped out to make this article look shorter. You can follow this link to see the full code.

 if ( ! function_exists( 'user_staff_position' ) ) { function user_staff_position() { register_taxonomy( 'staff_position', 'post', $args ); } add_action( 'init', 'user_staff_position', 0 ); } 

Now, change the Post Type parameter in the following line:

 register_taxonomy( 'staff_position', 'post', $args ); 

…from post to user, like so:

 register_taxonomy( 'staff_position', 'user', $args ); 

Now, go to the WP-Admin, and you should find a new menu added under the Users menu, as seen below.

new user menu
Assigning the Custom Taxonomy

Navigate to the new menu and create a few terms. For this example, we created two items: CEO and Managers.

create user tax

Then go to user editing screen and assign one item from the taxonomy to the user.

user select tax

Query the Users

We are going to display the users in the theme based on the given term (of the taxonomy). But before going further, let’s create a new page template. We are going add the codes throughout the following section within this new template.

In this particular case, we won’t be able to query the users with get_users or WP_User_Query; when you create a new WP_User_Query class, it does not output the Custom Taxonomy that is assigned to the users. Justin Tadlock, in his tutorial, shows us how to use the get_objects_in_term function, instead.

This function outputs the object ID (which in our case the object means the user) that are tied with the term. To use it, we need two parameters: the Term ID and the Taxonomy name. You can spot the Term ID at the Browser URL bar when you edit it as shown below.

term id

Once you’ve found the ID, put it within the function, like so.

 $users = get_objects_in_term(3, 'user_position'); 

You can use var_dump() to display the object IDs that have been retrieved; In my case, it returns the users with the ID of 1 and 3.

user object id

Using these IDs, we can also retrieve, for example, the user name and avatar.

 <ul> <?php if ( !empty( $users ) ) : ?> <?php foreach ( $users as $id ) : ?> <li class="user-entry"> <figure><?php echo get_avatar( get_the_author_meta('email', $id), '40' ); ?></figure> <h5 class="user-title"><a href="<?php echo esc_url( get_author_posts_url( $id ) ); ?>"><?php the_author_meta( 'display_name', $id ); ?></a></h5> </li> <?php endforeach; ?> <?php endif; ?> </ul> 

…and, finally, here is the result.

query result

That’s it. You can freely modify the above codes to meet your requirement.

The post How to Register Custom Taxonomy For WordPress Users appeared first on Hongkiat.

10 Tips to Hardening WordPress Security

If you are running a WordPress-powered website, its security should be your primary concern. In most cases, WordPress blogs are compromised because their core files and/or plugin are outdated; outdated files are traceable and it’s an open invitation to hackers.

How to keep you blog away from the bad guys for good? For starters, make sure you are always updated with the latest version of WordPress. But there’s more. In today’s post, I’ll like to share with you some useful plugins as well as some tips to harden your WordPress security.

1. Changing Default “wp_” Prefixes

Your website might be at stake for some vulnerabilities (e.g. SQL Injection) if you are using the predictable wp_ prefixes in your database tables. The following tutorial teaches you how to get them changed via phpMyAdmin in 5 easy steps.

2. Hide login error messages

Error login messages may expose and give hackers an idea if they’ve gotten username correct/incorrect, vice versa. It is wise to hide it from unauthorized login.

To hide login error messages, you can simply put the following code in functions.php

add_filter( 'login_errors', '__return_false' );

3. Keep wp-admin Directory Protected

Keeping “wp-admin” folder protected adds an extra layer of protection. Whoever attempts to access files or directory after “wp-admin” will be prompt to login. Protecting your “wp-admin” folder with login and password can be done in several ways:

  • WordPress plugin – Using the WordPress HTTP Auth.
  • cPanel – If your hosting supports cPanel admin login, you can set protection easily on any folder via cPanel’s Password Protect Directories graphical user interface. Find out more from this tutorial.
  • .htaccess + htpasswd – Creating a password-protected folder can also be done easily by setting the folders you want to protect inside .htaccess and users allowed to access inside .htpasswd. The following tutorial shows you how to do it in 7 steps.

4. Maintaining Backups

Keeping backup copies of your entire WordPress blog is as important as keeping the site safe from hackers. If all fails, at least you still have the clean backup files to revert. There are two types of backup practice: Full Backup and Incremental backup.

The “full backup” will include everything within the site including the files and database when creating the backup. This method it’ll take space more than necessary, and may cause a spike on CPU and disk usage when performing the backup. So it’s not quite recommended if your site got limited resources.

The “incremental” backup on the other hand will take the full only the first time and will only take backup of the recently changed items thus more efficient. Today there are a number of options for this type of backups in WordPress with a fair amount of fees such as VaultPress and WP Time Capsule.

Furthermore, we’ve also previously covered a list of solutions to backup your WordPress files and database, including both useful plugins and backup services.

5. Prevent Directory Browsing

Another big security loophole is having your directories and its files exposed, and accessible to public. Here’s a simple test to check if your WordPress directories are well protected:

  • Enter the following URL in browser, without the quotes. “http://www.domain.com/wp-includes/

If it shows blank or redirect you back to home page, you are safe. However, if you see screen similar to the image below, you are not.

protect directory

To prevent access to all directories, place this code inside your .htaccess file.

 # Prevent folder browsing. Options All -Indexes

If your site running on nginx, you can add the following instead.

autoindex off;

6. Keep WordPress Core Files & Plugins updated

One of the safest ways to keep your WordPress site safe is to make sure your files are always updated to the latest release. Fortunately, WordPress today comes with an automatic update turned-on, so as soon as there’s a security patch available, your site should be immediately updated. Just make sure that you or your developer did not have it turned off.

7. Pick a Strong Password

WordPress now comes with a strong password suggestion field that looks like below when creating a new account or updating to a new password. It will indicate whether your password is Strong or Weak. You should pick the Strong password for sure. But the downside of having a strong password is that it’s not easily memorizeable. That’s why I recommend to have a password manager like 1Password or LastPass

8. Remove Admin User

A typical installation of WordPress comes with a default user named “admin”. If that’s the username to your WordPress site, you are already making hacker’s life 50% easier. Using user “admin” should be avoided at all times.

A safer approach to logging into your admin securely is to create a new administrator and have “admin” removed. And here’s how you do it:

  1. Login to WordPress admin panel
  2. Go to Users -> Add New
  3. Add a new user with Administrator role, make sure you use a strong password.
  4. Log out of WordPress, re-login with your new admin user.
  5. Go to Users
  6. Remove “admin” user
  7. If “admin” have posts, remember to attribute all posts and links back to the new user.

9. Disable XMLRPC

XMLRPC in WordPress is a common entry point of attack in WordPress. So it’s always good idea to disable it when your site does not require XMLRPC. You can restrict XMLRPC endpoint to certain IPs in case it’s needed, for example:

Apache
<Files xmlrpc.php> order deny,allow allow from 192.0.64.0/18 deny from all
</Files>
Nginx
 location = /xmlrpc.php { allow 192.0.64.0/18; deny all; access_log off; } 

10. Add HTTP Security Headers

Adding HTTP security headers will add extra security layer to your site which helps to mitigate certain attacks. The headers will intruct the browser to behave on certain direction set in the headers. For example, the X-Frame-Options will allow you whether your site can be embedded within an iframe. Other type of Headers you can add include: X-XSS-Protection, Strict-Transport-Security, X-Content-Type-Options, Content-Security-Policy, and Referrer-Policy.

 Header always append X-Frame-Options DENY Header set X-XSS-Protection "1; mode=block" Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" Header set X-Content-Type-Options nosniff Header set Content-Security-Policy "default-src 'self';" Header set Referrer-Policy "no-referrer" 
Nginx
 add_header X-XSS-Protection "1; mode=block"; add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload'; add_header X-Frame-Options "DENY"; add_header X-Content-Type-Options nosniff; add_header Content-Security-Policy "default-src 'self';"; add_header Referrer-Policy same-origin; 

To add these headers, you might need to reach out to the hosting company where your site is hosted.

Bonus: Subscribe to WPVulnDB

Last but not least, you might want to stay on top of the latest exposed vulnerabilities in WordPress Core, Plugins, and Themes by subscribing to WPVulnDB. It describes what type vulnerability, what it is, what version is affected, and whether it’s already fixed.

If you find one of your plugins, you’re using are on the report, you should can take immediate action to mitigate it and update the plugins when the fix is available immediately.

The post 10 Tips to Hardening WordPress Security appeared first on Hongkiat.

10 WordPress Plugins to Harden Website’s Security

You created a website on WordPress, selected a reliable hosting for it, and added a beautiful theme. However, like all other aspects, security of your website is also of utmost importance. Even though WordPress has some security features built-in, but the type of threats a website is vulnurable to, you need some special plugins.

This post will list some of the best plugins to harden the security on your website and keep it safe from malacious attacks. Let’s take a look.

Login

Login Lockdown can help to mitigate your site from a brute force attack. The plugin will record the IP address and timestamp on every failed login attempt. If it detects multiple failed attempts on a certain period of time from the same IP address, it will disable all the requests from that address for an hour. You can set the length of the lockdown from the Settings page of the plugin.

wordpress login lockdown
WP-DB Manager

Part of a security measure is having a backup, especially a database backup which contains all the data (e.g. content, users, and options) on your website. WP-DB-Manager is a handy plugin that allows you to do just that easily. It can backup the database, restore it as well set an automatic scheduled backup.

wordpress db manager
Antivirus

The Antivirus plugin works similar to an antivirus installed on your computer. It’ll scan exploits, malware, and spam injections within the files as well as the database on your site. The scan can be initiated manually to select files or run daily. The plugin will notify you when it finds any malicious codes to your email address.

Bear in mind though, that the plugin may cause a performance degradation depending on the number of files it has to scan and the specification of the server on which the site runs.

wordpress antivirus
Bad Behavior

Bad Behavior is the plugin which helps you fight with those annoying spammers. The plugin will not only help you prevent spam messages on your blog, but also will try to limit access to your blog, so they won’t be able even to read it.

wordpress bad behaviour
User Spam Remover

User Spam Remover can automatically remove spam, old, or never-used accounts. It also creates a backup of all the user account that it deletes so that you can easily restore it if needed. It is a handy tool if your site manages multiple users with open registration.

user spam remover
Block Bad Queries

This plugin attempts to block away all malicious queries attempted on your server and WordPress blog.

It works in the background, checking for excessively long request strings (i.e., greater than 255 chars), as well as the presence of either “eval(“ or “base64” in the request URI.

block bad queries
iThemes Security

iThemes Security makes it easy to implement general security patches to your WordPress site installation.

With the plugin, you can change the table prefix, enable 2FA with Google Authenticator, Google ReCaptcha, User Action Logging, and a lot more. It’s an all-in-one WordPress security plugin.

ithemes security
Defender

Defender also comes with several security features that you can enable on your site such as Hide error reporting, Disabling file editor, and changing the table prefix. It also provides some low-level security recommendations of your server.

wordpress defender
Jetpack

Jetpack does many things including some security features such as Monitoring which allows you to monitor whether your site is up or down, Single Sign-on which is powered by WordPress.com to allow users using their WordPress.com account, and Brute-force protection.

wordpress jetpack
Security Headers

Adding some Headers Response will add extra layers of security to your site. The Headers will direct on how should the browsers to behave when they render your website.

A few of the Headers we are seeing here include the Strict-Transport-Security header will enforce the browsers to load your site through HTTPS, X-Frame-Options, and X-XSS-Protection. This plugin makes it easier to add these headers on your site without the need to have access to your server.

The post 10 WordPress Plugins to Harden Website’s Security appeared first on Hongkiat.

15 wp-config Snippets to Configure WordPress Site

WordPress admin makes it easy to manage configurations without touching a line of code. These basic configuration settings are then stored in the wp-options table inside the database. But, WordPress also has a separate configuration file, called wp-config.php, that can be used for further customizations.

Wp-config is the file where your custom hosting data (database name, database host, etc.) is saved when you install a self-hosted WordPress site. You can also add other configuration options to this file, with which you can enable or disable features such as debugging, cache, multisite, SSL login, automatic updates, and many others.

wp-config frontend

Localize and edit wp-config

When you download WordPress, the wp-config.php file is not yet present inside the install folder. However, there’s a file called wp-config-sample.php that you need to copy and rename to wp-config.php. Then, you need to add your basic connection data (database name, database username, database password, hostname, security keys) to this file.

If your hosting provider uses the Softaculous auto installer (most do so) this process is automated for you and you will find a wp-config.php and a wp-config-sample.php file in your root folder when you connect your server via FTP.

wp-config.php

Note that the order of settings matters, so don’t rearrange them. When editing the wp-config file, always use a code editor such as Sublime Text, Atom, Notepad++, Visual Studio Code, or TextMate. Word processors (Microsoft Office, Google Docs, LibreOffice, etc.) will mess your file up, never use them to edit code files.

The settings saved into wp-config override the database, in case the same type of configuration is present at both (e.g. home URL)

Where to place the code snippets

In this article, you can find 20 code snippets with which you can use to customize your wp-config.php file.

Most of these configuration options don’t exist in wp-config by default. If you want to use them you need to add them below the starting <?php tag and code comments, but above the MySQL settings.

Place of snippets

1. Turn on WP debugger

You can turn the WordPress debugger on and off in the wp-config file. The first snippet below does exist by default in wp-config (below the database configurations) but its value is set to false. To turn the debugger on, change its value to true.

The second snippet turns on the frontend debugger that allows you to debug CSS and JavaScript scripts. Use the debuggers only on development sites never in production.

 # Turns on PHP debugger define( 'WP_DEBUG', true ); # Turns on CSS and JavaScript debugger define( 'SCRIPT_DEBUG', true ); 

2. Change database table prefix

WordPress uses the wp_ table prefix by default. If you want a more secure database you can choose a more complicated table prefix.

This config option also exists in the wp-config file by default, you only need to change the value of the $table_prefix variable to a more secure one.

Only change the table prefix if you have a clean install or on a development site, as it’s risky to do so on a production site.

 # Creates secure table prefix for database tables # Only numbers, letters, underscores $table_prefix = 'a81kJt_'; 

3. Change WordPress URLs

You can set the WordPress and home URLs in the WordPress admin, under the Settings > General menu. However, you can also configure these URLs in the wp-config file.

Defining the WP_SITEURL and WP_HOME constants in the wp-config file has two advantages:

  1. it can be life-saving if you can’t access your admin area for some reason
  2. it can reduce the number of database calls while your site is loading (as wp-config overrides the options saved in the database)

WP_SITEURL specifies the URL users can reach your site with, while WP_HOME defines the root of your WP install. If you installed WordPress into your root folder (this is the default option) they take the same value.

 # Specifies site URL define('WP_SITEURL', 'http://www.yourwebsite.com'); # Specifies home URL (the root of the WP install) define('WP_HOME', 'http://www.yourwebsite.com/wordpress'); 

4. Empty trash after a certain time

You can make WordPress to automatically empty your trash after a certain number of dates. The smallest value of this constant is 0, in this case you disable the trash feature.

 # Empties trash after 7 days define( 'EMPTY_TRASH_DAYS', 7 ); 

5. Enable WordPress cache

You can enable WordPress’ built-in caching feature with the following line of code. Most caching plugins, such as W3 Total Cache and WP Super Cache, automatically add this snippet to the wp-config file.

 # Enables WP cache define( 'WP_CACHE', true ); 

6. Enable WordPress Multisite

By adding the WP_ALLOW_MULTISITE constant to your wp-config file, you can enable WordPress’ multisite feature that allows you to create a network of WP sites.

 # Turns on WordPress Multisite define( 'WP_ALLOW_MULTISITE', true ); 

7. Redirect non-existing subdomains and subfolders

Sometimes visitors type a non-existing subdomain or subfolder into the URL bar. You can redirect these users to another page on your domain, for instance to the homepage with the help of the NOBLOGREDIRECT constant.

 # Redirects non-existing subdomains and subfolders to homepage define( 'NOBLOGREDIRECT', 'http://www.yourwebsite.com' ); 

8. Manage post revisions

WordPress has a built-in version control system, which means it saves all post revisions you create. A frequently edited post can have as many as 25-30 revisions that can take up a lot of database space after a while.

With the WP_POST_REVISIONS constant, you can maximize the number of post revisions or completely disable the feature.

 # Completely disables post revisions define( 'WP_POST_REVISIONS', false ); # Allows maximum 5 post revisions define( 'WP_POST_REVISIONS', 5 ); 

9. Enable built-in database optimization

WordPress has a built-in database optimization feature you can turn on by adding the following line to the wp-config file.

I wrote in detail about how this tool works in this article. The most important thing to note is that the database optimization screen is available for anyone (even for non-logged in visitors). Enable the feature only for the period of time you want to run the optimization tool, then don’t forget to disable it.

 # Turns on database optimization feature define( 'WP_ALLOW_REPAIR', true ); 

10. Disable automatic updates

WordPress runs automatic background updates by default for minor releases and translation files.

You can toggle this feature on and off by setting the values of the AUTOMATIC_UPDATER_DISABLED (for all updates) and WP_AUTO_UPDATE_CORE (for core updates) constants according to the following rules:

 # Disables all automatic updates define( 'AUTOMATIC_UPDATER_DISABLED', true ); # Disables all core updates define( 'WP_AUTO_UPDATE_CORE', false ); # Enables all core updates, including minor and major releases define( 'WP_AUTO_UPDATE_CORE', true ); # Enables core updates only for minor releases (default) define( 'WP_AUTO_UPDATE_CORE', 'minor' ); 

11. Increase PHP memory limit

Sometimes you may want to increase the PHP memory limit your hosting provider has allocated to your site, especially if you get the dreaded “Allowed memory size of xxxxxx bytes exhausted” message. To do so, use WP_MEMORY_LIMIT for the website and WP_MAX_MEMORY_LIMIT for the admin area.

Note that some hosts don’t allow to increase the memory limit manually, in this case contact them and ask them to do it for you.

 # Sets memory limit for the website define( 'WP_MEMORY_LIMIT', '96M' ); # Sets memory limit for the admin area define( 'WP_MAX_MEMORY_LIMIT', '128M' ); 

12. Force SSL login

To increase website security, you can force users to log in through 5 Tips to Toughen Up Your WordPress Login Security

The post 15 wp-config Snippets to Configure WordPress Site appeared first on Hongkiat.

Must-Have WordPress Tools and Services That Will Make Your Day

Every web designer knows there’s always room for improvement, and any of the WordPress tools and services described in this article could easily take your business to the next level.

There’s no shortage of tools and services that make that claim. Some are better than others of course, and some are far better than others. To find those that are “far better” which is what you’d really want to be doing, is simply a matter of sifting through the roughly 55,000 WordPress tools and services currently on the market, checking likely candidates, and zeroing in on those that appear to be most promising.

That’s not a bad approach if you have a few weeks of spare time on your hands, but we’ve already done the heavy lifting, and we want to share with you our expert picks of must-have WordPress tools and services for 2019.

1. Elementor

elementor

Elementor is a powerful page builder with advanced capabilities that enables you to create the perfect website to convey your message without having to code. You can choose from 100+ templates to work with or start pages from scratch. Either way, using Elementor will improve your workflow and increase your productivity by letting you design and build your websites quicker and better.

With Elementor, you get a website builder that’s already trusted by top professionals with more than 2 million active installs. The drag and drop editor is quick and powerful, and packed with super-useful widgets you can use to quickly create your site layouts.

Since you can use any theme or any plugin with Elementor, you’ll benefit by having complete design freedom, no matter what other theme or plugin you chose.

Looking further into Elementor, you’ll discover one cool feature after another; popups, advanced forms, and hover and scroll animations being a few of them.

2. Brizy WordPress Website Builder

brizy

Web designers are anything but lazy, but they won’t object to working with a website-building tool that’s almost ridiculously easy to use and doesn’t require coding or any special technical skills.

Brizy is such a tool. For starters, you get 240 blocks, 150 layouts, and 16 popups out of the box, all of which are ready-made and professionally designed. The pre-made blocks give you a good starting point if you find starting a design from scratch is a bit too intimidating. Figuring out a page’s structure is no problem at all and when you have your content on hand you can literally build a page in mere minutes.

4,000 icons come with the package, you can easily change colors or fonts on a page or across all pages, and you can save your customized blocks for future use.

Brizy is free to download and you can create your first website at no cost.

3. WordPress Site Care

wordpress site care

Newt Labs’ goal is to make your website management painless and allow you to focus on your main project tasks, please your clients, and grow your business.

The Newt Labs team will help you with small fixes to your site, give you unlimited assistance and advice, and take care of all WordPress updates including the core, theme, and plugins, security monitoring, and other day-to-day management tasks. They will back up your WordPress site daily and store the backup off-site. Since their cloud hosting is optimized for WordPress you can speed up your website by upgrading to a proper hosting service.

Newt Labs will also monitor your website, checking against blacklists to keep your brand’s reputation intact.

As a part of their maintenance service, Newt Labs provides access to the latest WordPress and WooCommerce video tutorials directly in your sites dashboard to empower you to get the most from your website and its content.

4. Goodie

goodie

Goodie joins end-clients directly with a web developer. Only experienced developers are hired, and they are assigned to work directly with you. There are no middlemen. Simple upload your design, whether it is extensively detailed or barely beyond the concept stage and Goodie will carefully code it for a special price of $999.

Goodie’s service is ideal for small or local business owners, web designers, and for coding websites in the 1-10 page range and simple WordPress sites.

5. WordLift

wordlift

The WordLift plugin is a semantic platform that utilizes AI for SEO and partners with WooRank to measure the performance of content over Google in terms of factors that influence organic traffic; search rankings for example.

WordLift also translates content into knowledge graphs and machine-readable content that help search engines understand what your content is really about and at the same time improve user engagement.

Tips to Make Your WordPress Site Secure

Choose a Good Hosting Company

  • Site performance and site security are the issues here, and you can expect to get what you pay for. If you go with a cheap hosting provider, you’re putting your site and perhaps your business at risk.
  • You won’t have to experience losing your data once, which is one time too many if you choose a hosting service that treats your site as if it’s their own.

Install a WordPress Security Plugin

  • Either you rarely if ever check your site security for malware, check it occasionally, or you automate the process and let a plugin do the work. The third option obviously makes the most sense. The right plugin can monitor your site 24/7 to keep tabs on what’s happening.

Update WordPress regularly

  • By releasing new upgrades on a consistent basis, WordPress is continually being improved in terms of performance and security. When a malicious bug is discovered, it’s promptly taken care of when an update is released. If you don’t update, that malicious bug can still cause mischief.
  • Make it a habit to periodically visit the WordPress dashboard, check for new updates, and hit the “Update Now” button if you see one.

Back up your site regularly

  • All that’s involved is to create a copy of your site and store it somewhere safe. Do so periodically, whether its daily or monthly. Some hosting sites perform daily backups.

Conclusion

This article covers 5 must-have WordPress tools and services you can use to build better websites and 5 valuable tips you’ll want to follow to keep them up and running; although one of the services listed will do that for you.

If you’re looking for a faster, easier, and more efficient website builder either Elementor or Brizy will be ideal. If SEO gives you headaches give WordLift a try or checkout Goodie for your development needs. And, if you’d like to hand over site maintenance to someone else so you can focus on website building, Newt Labs is there to help.

The post Must-Have WordPress Tools and Services That Will Make Your Day appeared first on Hongkiat.

How to Setup a Staging Environment for WordPress Development

Usually we would start developing a website in a local server. Then, we upload it to a staging site, and after everything are confirmed, we push the website to the live server. As simple as that sound, developing a website can be a very lengthy process.

In this post, we will see how to deploy and configure these stages effectively when developing for WordPress using a handy plugin called WP Local Toolbox.

Once the plugin is activated, it exposes a number of PHP constants. To name but a few, these constants will let us know if we are currently in a live site or in local site, ensure unnecessary plugins in certain stage remain deactivated, and notify us when new content has been added in the live site.

Development Stage

This is where we start. We build our website in a localhost: a web server running in our computer. If you are using OS X, you can easily set one up with MAMP. Windows users have a few more options such as MAMP (for Windows), WAMP, and XAMPP.

At this stage, you can use development tools like Codekit, and Grunt or Gulp. You can work together with your colleagues using Git version control; you can also freely conduct some experiments, and safely make errors along the way.

In the development period, I encourage you to enable the WP_DEBUG and to install a few WordPress plugins such as Query Monitor, RTL Tester, and User Switching in addition to the plugins that we would deploy in the live site. These few extra plugins are meant to facilitate the development as well as testing process. That said, we will not activate these plugins at the staging or live site.

Open the wp-config.php, and add the following line after define('WP_DEBUG', true);.

 define('WP_DEBUG', true); define('WPLT_SERVER', 'dev'); 

This line marks our WordPress install in localhost as “development”. When you log in to the WordPress dashboard, you will notice that the Admin bar, by default, now returns green with the server stated as DEV SERVER.

Setting it dev enables the “Discourage search engines from indexing this site” option to prevent the site accidentally being indexed in Search Engine, although it is only accessible in our computer.

WordPress dashboard in local

If you do not like the default green, you can always change it by defining WPLT_COLOR. The color can be defined with a color keyword or with the Hex format as shown below.

 define('WPLT_COLOR', '#7ab800'); 

Additionally, you might also want to forcefully deactivate a few plugins that are not needed during development, like the caching plugin, backup plugin and Akismet.

To do so, specify each plugin in an array with WPLT_DISABLED_PLUGINS.

 define('WPLT_DISABLED_PLUGINS', serialize( array( 'w3-total-cache/w3-total-cache.php', 'akismet/akismet.php', ) ));  

“Staging” Stage

The “staging” site is where we test our site. Ideally it should be in an environment that is closely mimics (the content, the server specification, and etc.) the live site in order to catch bugs and errors that we may have missed in the development stage.

The site usually should only be accessible to some people including the clients, to show them the final version of the websites.

Some plugins are better deactivated such as the plugins that we have used in the development stage, a caching plugin, and a backup plugin. Staging site could be set in a subdomain, for example, staging.coolsite.com or in a separate domain like coolsitestaging.com.

We define the staging site in wp-config.php as follows.

 define('WP_DEBUG', true); define('WPLT_SERVER', 'testing'); define('WPLT_DISABLED_PLUGINS', serialize( array( 'w3-total-cache/w3-total-cache.php', 'akismet/akismet.php', 'debug-bar/debug-bar.php', 'debug-bar-extender/debug-bar-extender.php', 'debug-bar-console/debug-bar-console.php', 'simply-show-ids/simply-show-ids.php', 'monster-widget/monster-widget.php', 'theme-check/theme-check.php', 'wordpress-beta-tester/wp-beta-tester.php', ) )); 

We now set the server as staging or testing. The Admin bar color should now turn orange.

At this stage, we can also deactivate a few plugins that we use for development. We keep a few other development plugins activated and WP_DEBUG enabled as we need to catch errors while testing in the staging server.

Staging environment

Live Stage

This is the final stage where we publish our site in a live server and let everyone and anyone see the website. In this stage, we should also deactivate all the plugins for developments and finally activate caching and backup plugins among other things.

 define('WP_DEBUG', false); define('WPLT_SERVER', 'live'); define('WPLT_DISABLED_PLUGINS', serialize( array( 'developer/developer.php', 'debug-bar/debug-bar.php', 'debug-bar-extender/debug-bar-extender.php', 'debug-bar-console/debug-bar-console.php', 'simply-show-ids/simply-show-ids.php', 'regenerate-thumbnails/regenerate-thumbnails.php', 'rewrite-rules-inspector/rewrite-rules-inspector.php', 'rtl-tester/rtl-tester.php', 'user-switching/user-switching.php', 'monster-widget/monster-widget.php', 'theme-check/theme-check.php', 'query-monitor/query-monitor.php', 'wordpress-beta-tester/wp-beta-tester.php', ) )); 

The live stage Admin bar defaults to red (this can be changed). Keep an eye for new content in the live server to keep the testing server database updated with the new content as in the live server; it will make testing more accurate, and ensure that the new contents are displayed OK.

Add the following line in the live server wp-config.php to do so.

 define('WPLT_NOTIFY','me@outlook.com'); 

Once set, we will receive notification through email when our client add new content (posts and pages) in the live server. When they do, copy the content database from live.

If your testing and live server are hosted in the same server, go to phpMyAdmin. Then, select the wp_posts database and select the Operations tab. Within the Copy table to (database.table) box, select the staging site database and make sure that the Add DROP TABLE option is checked so that it will overwrite the existing database.

Copy database to another database

That’s it, we now have nicely organized stages for developing a WordPress site. I realize that many of you have your own style of workflow so feel free to share your best workflow when dealing with “staging”, and what tools you are using.

The post How to Setup a Staging Environment for WordPress Development appeared first on Hongkiat.

Top 8 Portfolio WordPress Themes Designed for Creatives

For a portfolio to do an adequate job of showcasing your work, it has to cover lots of bases. As an example, the text must relate closely with the image its focus is on, and it has to attract visitor attention without taking the focus away from the image itself.

You need the right tools to make this happen. There are plenty of themes on the market that have the right tools when your goal is to create a decent portfolio website. On the other hand, if you want your portfolio website to serve as a truly valuable asset, “decent” just won’t cut it.

What you want, is a stunning, awesome, or award-winning portfolio website. Creating one that meets such a high standard is well within your reach – but you have to pick a theme that can actually help you make that happen.

Like one of the following:

1. Be Theme

be theme

It has a library of 450+ customizable pre-built websites. It offers all the flexibility you need to build a top-quality portfolio website. And it’s easy to use. It’s also the biggest WordPress theme on the market and it’s called Be Theme.

Be’s professionally-designed prebuilt websites are but one of its many powerful core features that includes everything from its Muffin Builder editor, a shortcode generator and a large shortcode generator library, a brand-new Header Builder, and a wide selection of portfolio grids, layouts, and other useful portfolio-building features.

A subset of these customizable pre-built websites can serve as starting points for a portfolio website project. Of particular note is BeAgency, a one page pre-built website featuring a beautiful Ajax portfolio. BeAgency and has been a preferred choice of a variety of agencies looking for the best way to showcase their products.

Be offers an impressive collection of powerful website-building capabilities, and whether you’re a pro or your proposed portfolio website is your first one, you’ll like what this responsive, SEO-friendly WordPress theme offers, and you’ll like its excellent customer support.

2. Kalium

kalium wordpress theme

An excellent choice for portfolio and blog websites as well as for online shops, Kalium gives its users a great selection of theme options, layout designs, and drag and drop content elements to work with to build a portfolio website that showcases your work for the world to see.

Select one or more of Kalium’s demo sites to get your project started. Simply clone the content you want to work with using WPBakery, the world’s top page builder and the 100+ shortcodes and a variety of bonus elements that also come with the package.

As for your portfolio; Kalium gives you 30+ different carefully-crafted portfolio item types in 7 main categories to work from. Each category has options for aligning images, controlling spacing, and incorporating textual information.

And, one thing more. Kalium is delightfully easy to use.

3. Uncode

uncode wordpress theme

The fact that Uncode, with its 50,000 sales is one of ThemeForest’s all-time best sellers is one good reason why this pixel-perfect theme could be a good choice for you. There are many more of course, and you could go through the entire list of Uncode’s features to see what they are.

But if you really want to see what this creative multiuse theme could do to help you create an awesome portfolio website, you need to visit Uncode’s website and browse the user-created website library.

You’ll be impressed and inspired by what you see; whether your next project will be a portfolio website or another website type.

While building your portfolio website, you should find plenty of good use for this creative multiuse theme’s advanced grid system and its adaptive images system and advanced Masonry/Isotope/Carousel features. Your portfolio will shine brightly on large screens and hand-held devices alike.

4. Bridge

bridge wordpress theme

Bridge is perfect for just about any web designer. The fact it happens to be the best-selling creative theme on ThemeForest points that out. Bridge is ideal for all types of websites, and that includes portfolio websites.

Developed by Qode Interactive, Bridge features open-ended customizability, a variety of portfolio building options, and gives its 110,000 happy users 5-star support.

5. The Gem

the gem wordpress theme

TheGem has been called the ultimate WordPress toolbox with respect to its features and capabilities, which include unlimited portfolio website-building options. TheGem gives you 20+ flexible portfolio layouts to work with together with a flexible grid system and a host of column, gap width, loading, and pagination options along with animation and hover effects.

TheGem is designed to significantly expand your portfolio design and build options.

6. Hello

hello wordpress theme

Hello is a lightning-fast, friendly, and free theme that won’t slow you down. It also happens to be the ideal WordPress theme for Elementor. It’s such a good fit that whenever Elementor is updated the majority of the testing is done on Hello.

This open source theme supports all of the most widely used and popular WordPress plugins. It’s literally a theme without boundaries.

7. Movedo WP Theme

movedo wordpress theme

MOVEDO is a creative multipurpose WordPress theme featuring a clean, modern design, high quality code, amazing flexibility, and 24/7 support. Some of its seldom seen elsewhere features are truly amazing. You’ll be able to accomplish the seemingly impossible with MOVEDO’s super-crispy moldable typography and ultra-dynamics parallax effects.

Whether your project involves a general or specific-purpose (e.g., portfolio) website, MOVEDO adjusts to your creativity.

8. Pofo

pofo wordpress theme

With more than 150 pre-built elements, 200+ demo pages, and 25 home pages, Pofo is well equipped to meet the challenges any website type could throw at you, but where this blazing fast, highly-flexible multipurpose WordPress theme really shines is in the portfolio, blog, eCommerce arena.

Pofo is an ideal choice for creating a stunning portfolio website; and if you want to add blogging and/or eCommerce capabilities to your website, so much the better.

Conclusion

When you’re faced with several hundred multipurpose themes, many of which appear to have what you need to create a decent portfolio website, searching to find a perfect match, or even a good one, can be a headache. You might have to resort to trial and error in hopes of finding one that will serve you best.

It’s much easier if you have only 8 to choose from. It can still be a challenge because one may seem better in some ways than the next; but you’re actually faced with a can’t lose proposition. Pick one that you feel will get the job done, and you won’t be disappointed.

The post Top 8 Portfolio WordPress Themes Designed for Creatives appeared first on Hongkiat.

You’ve Installed WordPress – What’s Next?

You’ve heard how good WordPress is in terms of expandability, customization and you decided to give it a try. Installing a basic copy of WordPress won’t take too long; but if you are looking for more stability, traffics, search engine optimization, etc, here’s few of my recommendation – The things you should do after installing WordPress.

Get WordPress.com API Key, Activate Akismet

Akismet is a plugin that’s bundled with the WordPress installation that will intelligently get rid of all the unnecessary comment and trackback spams. This will be especially handy when you’re going to use the WordPress native comment system.

Akismet Machine

In order for Akismet to work, you’ll need an Akismet API Key. The key is free, but you’ll need to request for one and apply it on the Akismet plugin. Sign up with WordPress, get Akismet Key.

Once you’ve obtained the key, go to the Settings > Akistmet Anti-spam and enter the key. You’re all set

Change Permalinks

Permalink is the URL format of your posts and pages. By default, WordPress set it up to with a query string for example https://www.hongkiat.com/blog/?p=1 which refers to the page or post with the ID of 1. Not only that this format does not look so nice, it’s also not user-friendly to type in and SEO-friendly. Ultimately, the URL does not tell what the page is all about.

To change the Permalink, go to the Settings > Permalink. Usually setting it to /%postname%/ would be the best. This will change the URL to https://www.hongkiat.com/blog/example-post/.

Several input fields to customize permalink

Install Additional Gutenberg Blocks

Gutenberg or the Block Editor is future of WordPress in that each component is composed with a block unit. WordPress already comes with some essential blocks to write up posts and pages such as the Paragraph block, Heading block, Image block, etc. You can install a plugin that to enrice your content with more blocks, such as the CoBlock.

CoBlock comes with some advanced blocks such as the Pricing Table Block, Author Profile Block, Icon Block, Map Block to add Google Maps, and a lot more others.

If you’d like to create your own block easily without having to code from scratch, Block Lab is a brilliant plugin.

Install SEO Plugin

WordPress is already comse with a couple of basic SEO optimization, such as with the Permalink setting, an improved page title tag, and adding the noindex when the site is set to private. But if you’d like to go further with the SEO optimization, you will need to install a plugin.

There are plenty of so called SEO plugins in WordPress repository. One that’s most popular is Yoast SEO. It comes with the title and description meta editor, Sitemap XML, Breadcrumb navigation, content analysis, and a lot more.

Add Social Media Sharing Buttons

On top of an SEO plugin, having the Social Media button onto your site may be handy for your users to share your content in social media like Facebook and Twitter. With the counter number, you can show how many times that your articles have been spread out in these social media sites.

There are a huge number of choices when it comes to this type of plugin. If you’d like to a simple plugin that’s easy to use without too much bloats, I can recommend installing Social Pug.

Strengthen Security

Securing a site is tough. I honestly would recommend for you to hire a professional to review your site. This would typically involve on reviewing the plugins, theme, and the server configurations to ensure every corner of your site is properly secured.

For the starter, you can install a plugin like iThemes Security. This plugin will allow you to implement several of security best practices on to secure WordPress in just a few clicks away, such changing the login and dashboard URL, remove the user admin, change the wp-content path, and a lot more.

Add Contact Form

Adding contact form on your site allows your readers to reach you out easily. It also helps increase trust worthy of a site because, well, you’re easily reached out. Unlike in the early days of WordPress, today there are a number of very good plugins that allows you to add an advanced contact form easily with drag-and-drop such as Ninja Form, and WPForms.

What about caching?

This allows your site to load faster by generating static HTML page and serve it instead of processing the page through PHP on every page load. Although there are a number of WordPress plugins to enable caching, I would recommend a server-side caching such as Varnish cache or nginx fastcgi cache. It’ll be more reliable and perform much faster than any WordPress plugins.

You can refer to WordPress official guide to enable Varnish.

The post You’ve Installed WordPress – What’s Next? appeared first on Hongkiat.

5 Plugins to Customize Your WordPress Login Page

Login and register pages act as the gateway to our websites. Nicely designed and well-branded login and register pages are what make your site stand out from the rest. If your site functions on user registration or has a members-only section, these login pages will probably help form the first impressions your visitors have of your service or product.

This warrants a look at customizable WordPress login pages (if you like to build your own, here is a handy tutorial), and the plugins that enable us to do so. There are various WordPress plugins that help to customize login and register pages, as well as protect the site in various ways from malicious attacks. On top of that, you can even customize the pages to reflect your branding or personality.

Custom Login

Custom Login lets you change the visual appeal of the login page. You can change everything from your site’s logo, background and colors to the login form, labels and form anchor – all from this plugin.

Social Login

With Social Login, users can login, register and comment using their social accounts – no more login or email registrations required. It works for more than 25 social networks including popular social sites such as Facebook, Twitter, Google, GitHub, LinkedIn, Instagram, PayPal, OpenID and many more. It’s even compatible with BuddyPress.

Erident Custom Login and Dashboard

Erident Custom Login and Dashboard lets you completely customize your WordPress site’s login screen and admin dashboard. It allows you to change the site’s logo and background wordpress-plugins-customize-login-page/color of the login screen/form, and much more. It also lets you add opacity to the form as well as a hyperlink to the logo, and you can also change the footer text on the admin dashboard.

Custom Login Plugin

Custom Login Plugin gives you the ability to replace the default WordPress-branded login page with your top-to-bottom customized login screen. It makes your login design completely responsive, and comes with support for background slideshow, unlimited color schemes, integrated Google Fonts and support for social connectivity (you can add icons linked to your social profiles).

Theme My Login

With Theme My Login, you can customize the WordPress login, register and forgot password pages as per your site theme. It creates a page to use in place of ‘wp-login.php’ from a page template of your theme. The customization options available include redirect options, gravatar support, custom links and emails, theme user profiles, and more.

Bonus: Google Apps Login

Google Apps Login offers a simple, secure login and user management for your WordPress blog, or any site under your Google Apps domain. It allows your users to login using their Google credentials to authenticate their account securely and also supports two-factor authentication.

The post 5 Plugins to Customize Your WordPress Login Page appeared first on Hongkiat.

10 WordPress Plugins for Better Mobile-Responsive Websites (Updated)

You can use a WordPress plugin to create landing pages, customize your login page, adopt two-factor authentication, or even figure out how to optimize your site for you with artificial intelligence. In this post, we’re going to add another item to that list, bringing you 10 plugins to create mobile-responsive blogs for you.

You don’t need to have the skills, capability or budget to create a respnosible or mobile site from scratch these days. Just grab one of these plugins, install it and start customizing the end result to suit your branding needs. All it takes is just a few clicks.

Instagram Feed

As the name implies, the plugin does allow you to add Instragram photo gallery on to any posts and pages on your website. It is responsive out-of-the-box so you can get it set and up quickly.

Instagram Feed

If you’d like to customize the output, the plugin provides a a handful of options which allows you whether to show a thumbnail or the full picture, display the Instagram “follow” button, and add your own custom CSS and JavaScript.

Responsive Menu

The Menu Navigation is one of the essential elements on your website. It has to be responsive to let users easily navigate the website on any screen size easily. This plugin allows you to add “responsive” menu navigation and optimized for touch-screen usage with nice animation flare.

Responsive Menu

The plugin provides a pretty bunch of options for customization including to add the background, add custom CSS, change the animation, upload logos, set a custom trigger to display the menu, and a lot more.

DK Pricr

Creting a responsive Pricing Table can be a challenge. But with this plugin, you can set it up in a minute. You can create as many as pricing table without limitation. You can add title, subtitle, description, change the currency, add custom classes and CSS, and set the font size on to the Pricing Tables.

DK Pricr

Page Builder by SiteOrigin

Page Builder by SiteOrigin is one of my favourite page builder plugins in WordPress ecosystem. It blends well with the WordPress interface, which makes it intuitve to use. The plugin allows you to create responsive layout with rows and columns right from the WordPress editor.

The things you can add to the layout is limitless, you can add basic content like the heading, paragraph, image, to something more complex like a Form, Button, and Image Slider through their free add-on.

Page Builder by SiteOrigin

Responsive Lightbox

“Lightbox” effect is a method to display image at an overlay of the content. This plugin to enable lightbox to many type of contents on your website. Not only image, gallery, and video, it also allows you to set it for the Widgets, Comments, as well as WooCommerce product images. It’s a pretty neat plugin.

Responsive Lightbox

Master Slider

MasterSlider is a plugin that allows you to add a set of images and videos in a form of slider. It supports touch so users can naturally navigate the slider by a swipe in a touch-enabled devices. Still it’s also compatible with many browsers including the older ones like IE8+, making it a pretty robust plugin.

Master Slider<

Tabby Tabs

With this plugin, creating a tabbed content has never been easier. You can add tabs using the shortcode provided for instance, [tabby title="My Tab" icon="cog"]. You can, of course, add tabs as many as you need. The plugin is built with accessibility in mind. It uses semantic HTML markup, ARIA attributes, and allows for keyboard navigation.

Tabby Tabs

WP Responsive Table

If your content would require tables, look no further. This plugin allows you turn HTML tables on your content responsive, by enabling horizontal scroll in a small viewport. No config, settings, shortcode, or anything. It just works with simply an HTML table. Still you are able to customize the styles through the Customizer.

WP Responsive Table

Photo Gallery Image

This plugin aims specifically at creating responsive gallery. You can add multiple images and videos on to the gallery and set it in a different layout available; Tiles, Carousel, Slider, and Grid. You can then add the gallery on to the page by using shortcode or a template tag.

Photo Gallery Image

The Event Calendar

The Events Calendar is a neat WordPress plugin that allows you to set up an Event with the announcement, ticketing, and a calendar which is nicely responsive out of the box.

The Event Calendar

The post 10 WordPress Plugins for Better Mobile-Responsive Websites (Updated) appeared first on Hongkiat.