Blog

WordPress is the most popular website-building platform for a variety of reasons. One of them is the vast array of tools and design options and aids it places at your disposal.

Still, there are times you’ll want to invest in a multipurpose or specialty theme if you are to have everything you need at your fingertips.

That may be enough, but if not, and a desired website feature or capability is still out of reach, you have four options:

• Go without it
• Code it yourself;
• Get a developer to do the work for you
• Find a plugin that will do the job

We suggest the latter option. After all, there are more than 55,000 plugins in the WordPress directory; admittedly more than you might care to have to plow through.

We’re willing to bet that you could use one or more of the following 8 top 2020 plugins to put your website on steroids.

One more thing — they’re free to try or use.

1. Brizy Website Builder for WordPress

If you’re in the market for a free quality website building tool to supplement what the WordPress platform provides, the Brizy plugin could be just what you’ve been looking for.

There are several good reasons for choosing Brizy including —

• Ease of setup and ease of use because of this plugin’s intuitive user interface
• No coding is required, and since Brizy is drag and drop you can build a page in mere minutes
• It bears repeating that using Brizy won’t cost you one cent. You can download it and start working with it today if you want to.
• There’s no shortage of useful design aids and options, including 500+ pre-made blocks, 40 popups, 150 layouts, and thousands of icons, colors, and font styles.

Should you run into a problem or want to learn as much as you can about where this plugin can take you, there’s plenty of documentation and an excellent selection of tutorial videos.

2. wpDataTables

When confronted with vast amounts of data (thousands and thousands of rows) gathered from several sources and presented in several formats is precisely what wpDataTables plugin can do to prepare colorful, informative, responsive, and editable tables or charts. Without wpDataTables, it could take you hours or even days to complete the task.

On the other hand, it would take wpDataTables only a few minutes. That, in a nutshell, is one of the reasons why you might choose this WP plugin to do the heavy lifting for you.

wpDataTables can work with data from most, if not all, standard sources such as Excel and CSV files, MySQL queries, JSON feeds, and Google spreadsheets.

It’s ideal for presenting data relating to operational or financial statistics, complex analysis, comparison data, or building and maintaining a product catalog.

3. Logic Hop — Content Personalization for WordPress

It’s 2020, why is your website showing the same content to every visitor? With Logic Hop, you can display personalized content to each person that visits your site. Why? Because personalized websites perform 200% better. That’s more sales, more signups, more conversions, and lower bounce rates!

Logic Hop automagically pulls over 50 points of data, including geolocation, that can be used to personalize almost any aspect of your site. Want to show a different CTA at night? Easy. Want to show coupons for returning visitors? Done.

Take our word for it; Logic Hop is hands-down the best personalization plugin for WordPress. It’s fully integrated with your favorite page builders like Divi, Beaver Builder, and Elementor, and it’s surprisingly easy to use. Another plus, Logic Hop, is the only personalization tool that works with caching — And it’s GDPR compliant! Give it a try and see what personalization can do for your site.

4. StarCat Reviews

Product reviews can often play a key role in eCommerce sales. StarCat Reviews is a WooCommerce Review plugin that replaces outmoded WooCommerce reviews with a review and rating system designed to give your business a boost by increasing your eCommerce conversions.

These reviews can feature Multiple Rating options, products, or services. Pros & Cons and overall review scores. You can manage the review process easily. You can display product ratings on Google search pages, and you can put into play premium add-ons like the Photo/Video Review add-on to make the reviews more effective. 

5. Amelia WordPress Booking Plugin

The Amelia plugin does three essential things for you and does them well.

• Automates your business’s appointment and event bookings; saving you a ton of money and time in the process
• Keeps customers happy by enabling them to book, cancel and reschedule appointments online 24/7
• Keeps your employees happy by matching customer appointment bookings with their availability and preferences

Plus, you can manage bookings from a central location and customize the design and application questions to match your business needs.

6. Heroic KB — Knowledge Base Plugin

A hallmark of excellent customer service is the ability to offer a speedy, informative response to their questions. An FAQ page is one approach, but not always a satisfactory one.

Customers always appreciate getting knowledgeable answers and information, especially when they can get it on a 24/7 basis. The Heroic KB knowledge base plugin’s features include live search, article feedback, and answers based on its analysis of actions visitors have taken while visiting your site.

7. Rank Math SEO

You can tie yourself in knots trying to make a website as SEO friendly as possible. Rank Math, with its clean and straightforward interface together with a host of SEO-enhancing features, will do the job for you, saving you a lot of time and needless stress in the process.

Key features include Automated Image SEO, WooCommerce SEO, Automated Image SEO, and several Local SEO options. It will also evaluate 40 different SEO factors to help make your site an e-commerce powerhouse.

8. WordPress Review

WordPress Review gives you an ideal solution for setting up your website to review books, games, videos, or anything else. You can choose among several types of reviews, circle, star, percentage, and thumbs up, for example, as well as creating product comparison tables.

WordPress Review provides 19 time-saving rich snippets and 16 pre-defined website designs to work with. This plugin is compatible with any WordPress theme and integrates with WooCommerce.

This little gold mine of 8 top plugins for 2020 likely contains one or more nuggets that can put a new or an existing website of yours on steroids. Each provides features or functionalities lacking in most WordPress themes, including specialty themes.

Since they are free to try or use, don’t wait to try one or more of them out to see where you might put them to good use.

The post These 8 WordPress Plugins Will Save You Time appeared first on Hongkiat.

For different kinds of sites running on WordPress, you need some particular type of plugins. For instance, for an online store, you need e-commerce plugins. Similarly, for a photography site, you need image-related plugins. However, if you’re a multisite admin, you can administer a WordPress Multisite network along with some useful plugins to help you manage your different websites.

So, in today’s post, I am going to showcase a list of handy and useful WordPress plugins for managing multiple websites. I know you may have already heard about some of these plugins, but I kept them to compile a complete list of multisite plugins that work for everyone — even newbies. Let’s take a look.

Jetpack

Jetpack, the multi-module plugin from Automattic, provides numerous features for multisite installations. What makes it interesting is that it protects your sites from brute force attacks and also monitors the uptime of your websites for free. Moreover, you can also configure 2-factor authentication for your users, and check stats and analytics in a single panel.

With Jetpack, you can also avail of its content creation and optimization tools, including an image CDN, simple embeds, carousels, slideshows, extra widgets, etc., and discussion tools like email subscriptions, social login, and many more.

WP Multisite Content Copier

A quite handy plugin to manage content on your WordPress site installation. It allows you to copy or update from one site to the other sites (sub-sites). The plugin supports all kinds of post types in WordPress, including the post, page, terms like the category and tag, media, and can perform a single copy of it or in bulk.

Multilingual Press

MultilingualPress takes WordPress multilingual content quite differently. Instead of creating new fields or meta, it works with sub-sites in WordPress Multisite. You can create a sub-site, set the locale language for the site, and associate the website and the content with the ones from the other sites.

The plugin does not lock you in since it does not create custom fields for the content. When you deactivated the plugin, your content will still be there. It’s a pretty smart way to manage multilanguage content.

Delete Me

Managing users across multiple WordPress sites can be a tedious task. This plugin may give you a little convenience on that by adding the ability for the users to delete their accounts themselves. It’s also shipped with plenty of settings. You can enable it Network Wide, which will allow you to remove the user in all the subsites, enable it for a specific user role, and customize the email confirmation as well as the authentication.

Multisite Toolbar Additions

This plugin adds an additional menu to the WordPress Multisite admin bar, as we can see below. It’s like shortcuts. Instead of clicking several steps, you can click once to get there immediately. These can help you to save quite an amount of time when managing the site on the dashboard.

Multisite Enhancements

This plugin improves the dashboard’s network area for super admins with more info and quick utilities. These include adding useful items to ‘Network Admin’ admin bar, stating sites are having a particular plugin or theme enables, etc.

You can even change the footer texts to get stats on RAM, SQL, etc. Not only these, but this plugin also helps you to remove the WordPress logo from the admin bar and add favicon beside site name in the admin area, helping you to identify any site quickly. Though these may seem small improvements, I bet they can save you a few minutes a day.

WP Super Cache

This popular caching plugin generates static HTML files for your WordPress blog’s PHP scripts, and then after, your web server serves static files. WP Super Cache is backed by the Automattic team and provides multisite support, meaning you can install it on a multisite network and configure its settings, and it speeds up every site on your network.

It provides various options to do the same, and you can also enable or disable caching per sub-blog on your multisite network. And that means your website will have better page loading speeds, and that also means better search page rankings.

Yoast SEO

Yoast SEO improves your site’s SEO from all required aspects. It enables you to prepare your posts for search engines, including optimizing the use of focus keyword, optimizing the post’s meta information. The plugin is multisite compatible, and it’s even possible to configure a set of default settings for all blogs on the network.

Using its snippet preview, you can determine how your post will look in the search results, and also edit its meta title and description. The plugin helps you to improve your site’s ranking in search result pages, and increase the click-through rate for organic results.

BackWPup

This plugin helps to save and store your WordPress installation in full, including the “wp-content” directory. And in the case of an emergency or data loss, you can easily restore everything with a single .zip backup file. The plugin being multisite compatible, you can take backups of the whole network, or any sub-blog without any hassle.

As a requirement, the plugin does enable you to store the backup to a cloud drive to prevent file loss or damage. That being said, you can also push the backups to an external backup or storage service like Dropbox, S3, FTP, etc. Moreover, the plugin does additional optimization tasks optimizing and repairing databases, etc.

WP Security Audit Log

WP Security Audit Log is a comprehensive audit log and user monitoring plugin that keeps a record of all activities occurring on a multisite network. Using this plugin and checking its notifications, you can track suspicious activities and prevent security issues.

Not only this, you can even monitor user activities, .e.g, when someone logs in or out from their dashboard, when a new user is created, etc. You can think it like a security camera in your office that tries to protect things and records video to check on thieves.

Of course, you can later deactivate or delete a clone same as you can do with any other sub-blog on a multisite network. Though it works as expected, yet it misses a feature, using which I could specify which all things (posts, plugins, etc.) should be cloned.

User Role Editor

User Role Editor lets you change the roles of users, excluding the administrator, of course. You can simply edit user roles and assign them capabilities per their responsibilities, e.g., a writer must have “create_posts” and an editor must have “publish_posts” capabilities.

Apart from that, you can create and delete the self-made roles for users having restricted or mixed types of capabilities. Moreover, as a bonus feature, you can also remove the unnecessary roles left behind after uninstalling other plugins.

User Switching

With the User Switching plugin, you can instantly switch user accounts by quickly logging in and out as your preferred user. The switching process is entirely secure, and only super admins can do this on multisite installs. This plugin uses the cookie authentication system while remembering the accounts, thus also prevents leaking passwords.

Then after, you can quickly swap back to your super admin account with a single click using the “Switch back” link on the dashboard screen or in the profile menu. That being said, this plugin is great for test environments where you need to log in and out between different accounts, e.g., if you wish to test a user role’s capabilities set by the above plugin.

Unconfirmed

This plugin shows a list of inactivated user registrations, wherein you will be given the option to resend the original activation email, or you can also manually activate those users. It helps you catch false registrations and resend emails for genuine registrations that may have been caught by spam filters.

Multisite Language Switcher

This plugin adds multilingual support to a multisite network’s blogs, and thus, enables you to manage translations of posts, pages, tags, categories, and custom taxonomies. That means, using this plugin, you can easily translate your blogs and reach out to more people who will like to read your blog posts or reach to you in a new language.

Multisite Robots.txt Manager

This plugin helps you manage all robots.txt files for all sub-blogs on a WordPress Multisite network. You can create unique robots.txt files for individual websites, and amazingly, this plugin also allows you to mass update all the sites in the network. You can even scan and clean the old robots.txt files across blogs of the multisite network.

Wrapping up

I always suggest to install as less WordPress plugins as required or possible, and this post is no exception. And although I feel all above plugins are useful for a multisite network, but let me tell you that even I have not installed all of them on my network.

Happy administering, and remember, less plugins means more performance and security.

The post 5 Essential Plugins to Manage Multiple WordPress Sites appeared first on Hongkiat.

Your website’s ‘coming soon’ page can tell a lot about your upcoming product or service. There are so many ways to make an enticing coming soon page – you can play with graphical elements, show countdown to the launch of new website and even give some hints about your new product.

To make it easy for you, here are some interesting coming soon page templates both free and premium. You can use these templates as they are or customize them according to your brand’s theme. Let’s take a look.

Free

#1

Source: Uldeck – License: Free Personal License

#2

Source: Jatin Aggarwal – License: Paid Commercial License

#3

Source: MONUiXD – License: Free Personal License

#4

Source: Raghul Kuduva – License: Free Personal License

#5

Source: Ali Ckreative – License: Paid Commercial License

#6

Source: Faizur Rehman – License: Free Personal License

#7

Source: Kanika Aggarwal – License: xxxx

#8

Source: Creative Tim – License: Free Download

#9

Source: Eftakher Alam – License: Free Download

#10

Source: Style Shout – License: Free Personal and Commercial Use

#11

Source: Anli – License: Free Personal and Commercial Use

#12

Source: Download Website Templates – License: Free Download

Premium

#1

Source: earthquake

#2

Source: Demux

#3

Source: CapitalTemplate2

#4

Source: earthquake

#5

Source: Faizur Rehman

#6

Source: mivfx

#7

Source: ex-nihilo

#8

Source: Erilisdesign

#9

Source: Madeon08

#10

Source: Pixininja

#11

Source: Madeon08

#12

Source: mivfx

#13

Source: InovatikThemes

#14

Source: Erilisdesign

#15

Source: Smarty-Themes

#16

Source: mivfx

#17

Source: CreaboxThemes

#18

Source: Madeon08

#19

Source: Multia-Themes

#20

Source: Erilisdesign

#21

Source: Avanzare

#22

Source: DazeinCreative

#23

Source: BDEXPERT

#24

Source: themeelite

#25

Source: ex-nihilo

The post 20+ “Coming Soon” Templates Worth Waiting For appeared first on Hongkiat.

The Custom Taxonomy feature has been introduced since WordPress 2.9. It allows you to create custom groups for Post, Page as well as Custom Post Types.

Say that you are building a book directory website, and you have created a Custom Post Type for posting the Books. By using Custom Taxonomy, you can create a custom taxonomy for it, called Genre. Within this Genre taxonomy, you can create a number of items (which technically is called terms) such as Fiction, Kids, or Biography for grouping the Books.

Unfortunately, at this point, we can’t register Custom Taxonomy to Users; at least not in a straightforward way as we would register it in the other Post Types. One perfect application that we could foresee from this idea is that we can use it to assign additional user attributes, such as their occupation, profession or organizational position, in place of registering a new set of User Roles. It also opens the possibility to query the users based upon the assigned taxonomy terms.

If this idea is something that may benefit your website, take a look at this tip.

Recommended Reading: How To Display List Of Authors With Pagination

Getting Started

First, we will install a plugin named User Taxonomies to simplify our job.

Once the plugin is activated. Go to GenerateWP to generate the Taxonomy codes. Put the code output in the functions.php file of your theme. This code snippet below is an example. Though, it has been stripped out to make this article look shorter. You can follow this link to see the full code.

 if ( ! function_exists( 'user_staff_position' ) ) { function user_staff_position() { register_taxonomy( 'staff_position', 'post', $args ); } add_action( 'init', 'user_staff_position', 0 ); } 

Now, change the Post Type parameter in the following line:

 register_taxonomy( 'staff_position', 'post', $args ); 

…from post to user, like so:

 register_taxonomy( 'staff_position', 'user', $args ); 

Now, go to the WP-Admin, and you should find a new menu added under the Users menu, as seen below.

Assigning the Custom Taxonomy

Navigate to the new menu and create a few terms. For this example, we created two items: CEO and Managers.

Then go to user editing screen and assign one item from the taxonomy to the user.

Query the Users

We are going to display the users in the theme based on the given term (of the taxonomy). But before going further, let’s create a new page template. We are going add the codes throughout the following section within this new template.

In this particular case, we won’t be able to query the users with get_users or WP_User_Query; when you create a new WP_User_Query class, it does not output the Custom Taxonomy that is assigned to the users. Justin Tadlock, in his tutorial, shows us how to use the get_objects_in_term function, instead.

This function outputs the object ID (which in our case the object means the user) that are tied with the term. To use it, we need two parameters: the Term ID and the Taxonomy name. You can spot the Term ID at the Browser URL bar when you edit it as shown below.

Once you’ve found the ID, put it within the function, like so.

 $users = get_objects_in_term(3, 'user_position'); 

You can use var_dump() to display the object IDs that have been retrieved; In my case, it returns the users with the ID of 1 and 3.

Using these IDs, we can also retrieve, for example, the user name and avatar.

 <ul> <?php if ( !empty( $users ) ) : ?> <?php foreach ( $users as $id ) : ?> <li class="user-entry"> <figure><?php echo get_avatar( get_the_author_meta('email', $id), '40' ); ?></figure> <h5 class="user-title"><a href="<?php echo esc_url( get_author_posts_url( $id ) ); ?>"><?php the_author_meta( 'display_name', $id ); ?></a></h5> </li> <?php endforeach; ?> <?php endif; ?> </ul> 

…and, finally, here is the result.

That’s it. You can freely modify the above codes to meet your requirement.

The post How to Register Custom Taxonomy For WordPress Users appeared first on Hongkiat.

If you are running a WordPress-powered website, its security should be your primary concern. In most cases, WordPress blogs are compromised because their core files and/or plugin are outdated; outdated files are traceable and it’s an open invitation to hackers.

How to keep you blog away from the bad guys for good? For starters, make sure you are always updated with the latest version of WordPress. But there’s more. In today’s post, I’ll like to share with you some useful plugins as well as some tips to harden your WordPress security.

Read Also: 10 WorfPress Plugin to Secure Your Website

1. Changing Default “wp_” Prefixes

Your website might be at stake for some vulnerabilities (e.g. SQL Injection) if you are using the predictable wp_ prefixes in your database tables. The following tutorial teaches you how to get them changed via phpMyAdmin in 5 easy steps.

2. Hide login error messages

Error login messages may expose and give hackers an idea if they’ve gotten username correct/incorrect, vice versa. It is wise to hide it from unauthorized login.

To hide login error messages, you can simply put the following code in functions.php

add_filter( 'login_errors', '__return_false' );

3. Keep wp-admin Directory Protected

Keeping “wp-admin” folder protected adds an extra layer of protection. Whoever attempts to access files or directory after “wp-admin” will be prompt to login. Protecting your “wp-admin” folder with login and password can be done in several ways:

• WordPress plugin – Using the WordPress HTTP Auth.
• cPanel – If your hosting supports cPanel admin login, you can set protection easily on any folder via cPanel’s Password Protect Directories graphical user interface. Find out more from this tutorial.
• .htaccess + htpasswd – Creating a password-protected folder can also be done easily by setting the folders you want to protect inside .htaccess and users allowed to access inside .htpasswd. The following tutorial shows you how to do it in 7 steps.

4. Maintaining Backups

Keeping backup copies of your entire WordPress blog is as important as keeping the site safe from hackers. If all fails, at least you still have the clean backup files to revert. There are two types of backup practice: Full Backup and Incremental backup.

The “full backup” will include everything within the site including the files and database when creating the backup. This method it’ll take space more than necessary, and may cause a spike on CPU and disk usage when performing the backup. So it’s not quite recommended if your site got limited resources.

The “incremental” backup on the other hand will take the full only the first time and will only take backup of the recently changed items thus more efficient. Today there are a number of options for this type of backups in WordPress with a fair amount of fees such as VaultPress and WP Time Capsule.

Furthermore, we’ve also previously covered a list of solutions to backup your WordPress files and database, including both useful plugins and backup services.

5. Prevent Directory Browsing

Another big security loophole is having your directories and its files exposed, and accessible to public. Here’s a simple test to check if your WordPress directories are well protected:

• Enter the following URL in browser, without the quotes. “http://www.domain.com/wp-includes/“

If it shows blank or redirect you back to home page, you are safe. However, if you see screen similar to the image below, you are not.

To prevent access to all directories, place this code inside your .htaccess file.

 # Prevent folder browsing. Options All -Indexes

If your site running on nginx, you can add the following instead.

autoindex off;

6. Keep WordPress Core Files & Plugins updated

One of the safest ways to keep your WordPress site safe is to make sure your files are always updated to the latest release. Fortunately, WordPress today comes with an automatic update turned-on, so as soon as there’s a security patch available, your site should be immediately updated. Just make sure that you or your developer did not have it turned off.

7. Pick a Strong Password

WordPress now comes with a strong password suggestion field that looks like below when creating a new account or updating to a new password. It will indicate whether your password is Strong or Weak. You should pick the Strong password for sure. But the downside of having a strong password is that it’s not easily memorizeable. That’s why I recommend to have a password manager like 1Password or LastPass

8. Remove Admin User

A typical installation of WordPress comes with a default user named “admin”. If that’s the username to your WordPress site, you are already making hacker’s life 50% easier. Using user “admin” should be avoided at all times.

A safer approach to logging into your admin securely is to create a new administrator and have “admin” removed. And here’s how you do it:

1. Login to WordPress admin panel
2. Go to Users -> Add New
3. Add a new user with Administrator role, make sure you use a strong password.
4. Log out of WordPress, re-login with your new admin user.
5. Go to Users
6. Remove “admin” user
7. If “admin” have posts, remember to attribute all posts and links back to the new user.

9. Disable XMLRPC

XMLRPC in WordPress is a common entry point of attack in WordPress. So it’s always good idea to disable it when your site does not require XMLRPC. You can restrict XMLRPC endpoint to certain IPs in case it’s needed, for example:

Apache

<Files xmlrpc.php> order deny,allow allow from 192.0.64.0/18 deny from all
</Files>

Nginx

 location = /xmlrpc.php { allow 192.0.64.0/18; deny all; access_log off; } 

10. Add HTTP Security Headers

Adding HTTP security headers will add extra security layer to your site which helps to mitigate certain attacks. The headers will intruct the browser to behave on certain direction set in the headers. For example, the X-Frame-Options will allow you whether your site can be embedded within an iframe. Other type of Headers you can add include: X-XSS-Protection, Strict-Transport-Security, X-Content-Type-Options, Content-Security-Policy, and Referrer-Policy.

 Header always append X-Frame-Options DENY Header set X-XSS-Protection "1; mode=block" Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" Header set X-Content-Type-Options nosniff Header set Content-Security-Policy "default-src 'self';" Header set Referrer-Policy "no-referrer" 

Nginx

 add_header X-XSS-Protection "1; mode=block"; add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload'; add_header X-Frame-Options "DENY"; add_header X-Content-Type-Options nosniff; add_header Content-Security-Policy "default-src 'self';"; add_header Referrer-Policy same-origin; 

To add these headers, you might need to reach out to the hosting company where your site is hosted.

Bonus: Subscribe to WPVulnDB

Last but not least, you might want to stay on top of the latest exposed vulnerabilities in WordPress Core, Plugins, and Themes by subscribing to WPVulnDB. It describes what type vulnerability, what it is, what version is affected, and whether it’s already fixed.

If you find one of your plugins, you’re using are on the report, you should can take immediate action to mitigate it and update the plugins when the fix is available immediately.

The post 10 Tips to Hardening WordPress Security appeared first on Hongkiat.

You created a website on WordPress, selected a reliable hosting for it, and added a beautiful theme. However, like all other aspects, security of your website is also of utmost importance. Even though WordPress has some security features built-in, but the type of threats a website is vulnurable to, you need some special plugins.

This post will list some of the best plugins to harden the security on your website and keep it safe from malacious attacks. Let’s take a look.

Login

Login Lockdown can help to mitigate your site from a brute force attack. The plugin will record the IP address and timestamp on every failed login attempt. If it detects multiple failed attempts on a certain period of time from the same IP address, it will disable all the requests from that address for an hour. You can set the length of the lockdown from the Settings page of the plugin.

WP-DB Manager

Part of a security measure is having a backup, especially a database backup which contains all the data (e.g. content, users, and options) on your website. WP-DB-Manager is a handy plugin that allows you to do just that easily. It can backup the database, restore it as well set an automatic scheduled backup.

Antivirus

The Antivirus plugin works similar to an antivirus installed on your computer. It’ll scan exploits, malware, and spam injections within the files as well as the database on your site. The scan can be initiated manually to select files or run daily. The plugin will notify you when it finds any malicious codes to your email address.

Bear in mind though, that the plugin may cause a performance degradation depending on the number of files it has to scan and the specification of the server on which the site runs.

Bad Behavior

Bad Behavior is the plugin which helps you fight with those annoying spammers. The plugin will not only help you prevent spam messages on your blog, but also will try to limit access to your blog, so they won’t be able even to read it.

User Spam Remover

User Spam Remover can automatically remove spam, old, or never-used accounts. It also creates a backup of all the user account that it deletes so that you can easily restore it if needed. It is a handy tool if your site manages multiple users with open registration.

Block Bad Queries

This plugin attempts to block away all malicious queries attempted on your server and WordPress blog.

It works in the background, checking for excessively long request strings (i.e., greater than 255 chars), as well as the presence of either “eval(“ or “base64” in the request URI.

iThemes Security

iThemes Security makes it easy to implement general security patches to your WordPress site installation.

With the plugin, you can change the table prefix, enable 2FA with Google Authenticator, Google ReCaptcha, User Action Logging, and a lot more. It’s an all-in-one WordPress security plugin.

Defender

Defender also comes with several security features that you can enable on your site such as Hide error reporting, Disabling file editor, and changing the table prefix. It also provides some low-level security recommendations of your server.

Jetpack

Jetpack does many things including some security features such as Monitoring which allows you to monitor whether your site is up or down, Single Sign-on which is powered by WordPress.com to allow users using their WordPress.com account, and Brute-force protection.

Security Headers

Adding some Headers Response will add extra layers of security to your site. The Headers will direct on how should the browsers to behave when they render your website.

A few of the Headers we are seeing here include the Strict-Transport-Security header will enforce the browsers to load your site through HTTPS, X-Frame-Options, and X-XSS-Protection. This plugin makes it easier to add these headers on your site without the need to have access to your server.

The post 10 WordPress Plugins to Harden Website’s Security appeared first on Hongkiat.

Have you ever came across a WordPress blog, saw something you liked, and thought; how they did that, is that a plugin or hack? where can I get those cool mods? etc. Well, you’re not alone in thinking like that. Most WordPress users are always looking or some new ways to optimize their experience.

Keeping this in mind, we created this article by asking WordPress blog owners what kind of hacks and plugins they frequently look for to enhance their blog in any aspect. And here’s our outcome – 60+ most wanted WordPress tips, tricks and tweaks, including those you probably don’t even know the keywords to search for. Let’s take a look at the content.

Useful plugins you should know…

Revert Plugins or Themes to Previous Version (Easily)

As with any other system update, there is a chance that a new plugin or theme update may accidentally screw up your website. WordPress does not allow us to revert to the previous version but you can install this plugin WP-Rollback to get that functionality. Once it is activated it will add a link “Rollback” on any installed plugin.

Text Editor SyntaxHighlighter

The WordPress text-mode editor is pretty plain. You can make it more user-friendly by installing HTML Editor SyntaxHighlighter, a plugin that adds syntax coloring like in a code editor. It will make editing a lot easier, especially if you use Text-mode editor more often than the Visual (WYSIWYG) counterpart.

Install Plugin with Single Click

For more plugin management, you could install WP-Core. This is a plugin that makes WordPress plugin installations more streamlined. You can also makes a Collection to put several plugins together and install them with one click.

Show Disk Usage Chart

Install this plugin Disk Usage Sunburst to display a beautiful visualization, similar to DaisyDisk, of your website disk space usage. A quite useful utility to add to your website.

Add Gravatar for post author

Showing an avatar image is one way to get recognized online. With Gravatar be part of the WordPress Core, we can easily show an avatar within your theme from your Gravatar account very easily. This article from ThemeShaper will show you how.

Using custom page as homepage

WordPress will display a list of posts on the home page. But did you know that you can select a specific page to show static content and use other page to show the list of Posts.

Create and display thumbnails for each blog post

This article shows you how to show featured image on your post using the WordPress built-in post thumbnail feature. It’s so easy now to do this. No more hacking around with old ways like TimThumb or hacknig around with the custom field.

Create and display category image

Even so now you can easily show a catgory image the WordPress way. Simply use this plugin called WP Term Images.

Protect CSS mods for any WordPress theme

Let’s learn how you can add a custom CSS on your theme without having to worry that it’ll be overriden.

Open links in new windows by default

It might be a good idea to open up all links of external sites in a new window, by default. This will allow your users to navigate both your site and the external site at the same. In other words, users will stay longer on your site.

WordPress thumbnail size limit

If you’re ever frustratted by your author uploading a blurry or too small of a featured image, this is the perfect plugin for you. Use this plugin to set the minimum height and with that they should be uploading.

Seperate comments from Trackbacks/Pingbacks

WordPress shows both comments and trackbacks and pingbacks in the order of when they are posted. Let’s tidy them up by separating them in a different section.

Creating an Archive Index

Learn how to create a special page in WordPress showing links to all your previous posts arranged in yearly or monthly order.

Custom login page

Creating a beautiful WordPress login page gets so much easier with this plugin. You can pick color, background, and it’s position. It just works and no need to code.

Post text and image count

A clever way to count images in your post but leaving the default WordPress smilies out (which is also technically an image), and display the number.

Place content only in RSS Feed

Place additional content in the RSS feed, but not in the content in the website itself. You could use it to place, for example, a copyright notice on your content.

Adding Tabs to Content

Organize your content with Tabs using this plugin. Using Tab is perfect way to show more content in very little or limited space.

Sidebar With Dynamic Contents

Sidebar often is boring as they look the same in every pages. Let’s learn how to show different content in the sidebar.

Google Syntax Highlighter for WordPress

With this plugin, you can add proper syntax colors to the code block in the content, and let your users to copy the code easily.

Add Breadcrumbs to Your WordPress Blog

Breadcrumb navigation is good for both SEO and your users. Use this plugin to add one on your site.

Buy Me a Beer

Add a Paypal button to your site to let your users send a donation. The plugin makes it very easy to add the button any where in your site and change the styles of the button to match your liking.

Detect Adblocker and display alternative

Display a notice for usrs with AdBlocker. A handy plugin to optimize your ad-based revenue on your site.

Alternative way to display dates

Format the timestamp on Posts or Comments that’s easy to read and understand. For example, we can show Yesterday or 2 Days Ago instead of 17th August 2019.

Check for Broken Links

Broken can be irritating. Use this plugin to check broken links on every Posts on your site.

Display Thumbnails for Related Post

Ever wonder how to add related posts right after the main content? In WordPress, adding related posts along with the image thumbnail is easy with this plugin.

WordPress Plugin Download Counter

Do you have plugin plublished in WordPress.org repository? Here’s the script if you’d like to show the number of downloads the your plugin has got.

Here’s more…

Disabling Full-Height Editor

WordPress 4.0 added a subtle UX change in the editor. If you are scrolling or writing a length paragraph, the height of the editor will match the height of your screen, eliminating the scroll-bars inside the editor.

To reach some panels like the Excerpt and Custom Fields that reside below the editor, you need to scroll all the way down through the end of paragraph. If you don’t want this, tick the option off in the Screen Options panel.

Note: If you’re enabling the block editor a.k.a the Gutenberg, this tip is no longer applicable because WordPress has changed the entire editor interface.

Adding Icon in Menu

Follow this tip to add icon beside your website menu items giving your menu navigation more visual appeal.

Install WordPress Plugin via Github

Did you find a WordPress plugin in Github that you want to install in your website? Follow this tip on how to install plugins conveniently with just a few clicks. Be careful though of what you install as plugins are not moderated. There may be a chance that malicious codes may allow infiltration of your website.

And finally…

Beyond this point are advanced tips and tricks for those who feel like exploring, and those who enjoy getting their hands dirty with codes. However, many of the following tips may render your website unusable, hence they should be carried out with more attention and with extra caution.

WordPress Output Debug File

This snippet will tell WordPress to save the debug log error in a .log file instead of displaying it in the front-end. A handy snippet to enable WordPress debugging in a live site.

 define('WP_DEBUG', true); define('WP_DEBUG_LOG', true); define('WP_DEBUG_DISPLAY', false);

Using Jetpack Modules – Offline

Run and enable all Jetpack modules offline including the modules that actually requires you to connect to WordPress.com to work; a useful tip if you are developing and integrating Jetpack modules to your theme.

Disable self-ping / self-trackback

This trick prevents WordPress from self-ping, which happens if you cross-link pages or posts of your own website.

 function no_self_ping( &$links ) { $home = get_option( 'home' ); foreach ( $links as $l => $link ) if ( 0 === strpos( $link, $home ) ) unset($links[$l]); } add_action( 'pre_ping', 'no_self_ping' );

Another way you can use is by installing Disabler plugin. It is a plugin that allows you to turn on or off certain WordPress functionality including disabling self-ping.

Pre-Populate Content

This tip is quite useful if you want to add default content each time you create a new post, page, or custom post type content; the idea is similar to adding a standard signature when creating new emails.

Custom Class for Post

The following tip explores some customization of WordPress Post Class thoroughly with post_class. It’s helpful if you want to be more specific with regards to your post styles.

Loading Alternative Template

WordPress uses single.php to show post content. If you want to change it to, perhaps, post.php, this tip will show you how to override default WordPress templates correctly.

WordPress Theme Customizer from Scratch

WordPress 3.4 adds a new API called Customizer which allows you to build controls to customize theme and see the result in real-time. The Customizer API may be overwhleming for some, though, as it involves multi-disciplinary code sets including PHP, JavaScript, Ajax, and jQuery.

Nonetheless, Theme Foundation has compiled a complete guide to WordPress Customizer. You will learn how to add the Customize menu, build Sections, Settings, Input Controls as well as Panels, and learn their functions all together – in and out. An essential reference for WordPress theme developers.

Using Vagrant with WordPress

Vagrant is a great tool to create a virtual environment, and to run a test of your WordPress development to ensure that themes and plugins would work in varying instances. In this following tip, Daniel Pataki, will walk you through how to get your WordPress site up and running with Vagrant.

Retrieving WordPress Gravatar URL

The WordPress get_avatar() is a handy function to get a user’s avatar; the function retrieves the image along with the img element. But sometimes I want to grab just the image URL so that I could freely and easily add custom classes or ids to the image.

If you have this in mind, add the following code in your functions.php:

 function get_avatar_img_url() { $user_email = get_the_author_meta( 'user_email' ); $url = 'http://gravatar.com/avatar/' . md5( $user_email ); $url = add_query_arg( array( 's' => 80, 'd' => 'mm', ), $url ); return esc_url_raw( $url ); }

Then somewhere in another file – perhaps single.php or page.php – use the following code to show the image.

 $avatar_url = get_avatar_img_url(); echo '<img src=" ' . $avatar_url . ' ">'; 

Here’s a more detailed post to break it down for you.

Remove Classes From Menu

WordPress, by default, adds a bunch of classes. While this is good to allow extensive customization, the menu HTML markup looks really cluttered. Tidy it up and add only the class you need with the snippet below.

Applying SSL In WordPress Multisite

SSL, not only secures your website, but also bumps up the rankings in Google search result. In the following tip, Jenni McKinnon covers how to deploy SSL in WordPress multisites that may employ multiple sub-domains.

Customizing WordPress Content Editor

Adding styles to the editor will improve the writing experience in WordPress editor. You can match the typographic styles of the backend with the front-end allowing you to see the final version (or a version as close to the final as possible) while writing. This will reduce the switching of back and forth between the editor and the content output.

 function my_editor_styles() { add_editor_style( 'editor-style.css' ); } add_action( 'admin_init', 'my_editor_styles' ); 

Creating Plugin Welcome Screen

If you have just updated WordPress you will be redirected to a special screen, showing the details of the latest version you have just installed, the contributors, the additions as well as all the changes made under the hood. This tip, Creating a Welcome Screen For Your WordPress Plugin by Daniel Pataki will guide you through how to build a welcome screen for your own plugin.

Customize Jetpack Mobile Theme

Jetpack comes with a Mobile Theme. It is a special theme that is used when the website is viewed on mobile devices. And like any other theme, we can customize it. Here’s a how-to by Jeremy, one of Jetpack developers, on how to customize the Jetpack Mobile Theme. It’s a good alternative to consider in place of responsive web design.

Adding Featured Image To Category

Want to add a featured image for a Category and display it in your theme? This feature is missing from WordPress, which could actually be useful for theme developers.

Display Hidden “All Settings”

A WordPress easter egg, this code snippet will add all settings in the WordPress database into one page.

Remove Update Notification

WordPress, by default, display update notifications to all user levels when they are logged in to the backend. Add the following codes to hide WordPress update notification except for users with Administrative privilege.

Add Thumbnail In Post/Page Edit List

This code will display featured images you have assigned to post in the Post column. A useful trick to see which post has a thumbnail and which does not. Note that your theme should support post thumbnails.

Sharpening Images

Honestly, I did not know that we could sharpen images in WordPress as we are uploading the image. Here’s how you can, but bear in mind that it only works for JPG images.

Remove Superfluous info In The Head

WordPress adds a bunch of things in the <head> such as WordPress version, RSD Link, and Shortlink, info that’s not all that useful. To remove these bits of info, use this:

 function remove_header_info() { remove_action( 'wp_head', 'rsd_link' ); remove_action( 'wp_head', 'wlwmanifest_link' ); remove_action( 'wp_head', 'wp_generator' ); remove_action( 'wp_head', 'start_post_rel_link' ); remove_action( 'wp_head', 'index_rel_link' ); remove_action( 'wp_head', 'adjacent_posts_rel_link' ); // for WordPress < 3.0 remove_action( 'wp_head', 'adjacent_posts_rel_link_wp_head' ); // for WordPress >= 3.0 } add_action( 'init', 'remove_header_info' );

Remove either one of remove_action from the above snippet of which you want to retain.

Smart WP_Debug

Ideally you should not enable the WP_Debug in a live site as it will expose critical information. But if you need a trick to do so safely, here it is:

 if ( isset($_GET['debug']) && $_GET['debug'] == '1' ) { // enable the reporting of notices during development - E_ALL define('WP_DEBUG', true); } elseif ( isset($_GET['debug']) && $_GET['debug'] == '2' ) { // must be true for WP_DEBUG_DISPLAY to work define('WP_DEBUG', true); // force the display of errors define('WP_DEBUG_DISPLAY', true); } elseif ( isset($_GET['debug']) && $_GET['debug'] == '3' ) { // must be true for WP_DEBUG_LOG to work define('WP_DEBUG', true); // log errors to debug.log in the wp-content directory define('WP_DEBUG_LOG', true); }

With the above code added, you can enable debugging by adding ?debug=2, ?debug=1, ?debug=3 at the end of the URL to see the error that occurs in your website.

Enable Shortcode In Widget

The following is a useful piece of code if you want to embed Youtube or SoundCloud in the widget area with a shortcode.

Set Default Editor (Visual/Text)

Set the default type of editor your users can use. Change the $editor either to html or tinymce. Of course, user would still be able to opt out of the default.

Prolong Auto-logout

WordPress allows one to remain logged in for 48 hours, plus an extension of 14 days if we check the “Remember Me” option at login. If however you are sure your computer will not be breached by a second or third party, you can add this code to keep yourself logged in for up to a year. You will only be prompted for a login once a year.

Always Use Figure

WordPress will wrap img with a p tag. If you are an HTML semantic purist, you can add this code to force WordPress to wrap image with the figure element.

Change Default Role Name

“Administrator”, “Author”, and “Subscriber” are the names given for WordPress users at the administrative level. To change these default names to something that sounds more apt for your website, add the following code, then make the change to the names to what you prefer:

Default Attachment Settings

Here’s a snippet that lets you specify the default size, alignment, and the link for images you want to embed in the editor.

Custom Image Size In Media Uploader

add_image_size is the WordPress function that allows us to crop and display custom image size. If you want to allow users to add image within this custom size, add the following codes to show the “custom image size” option in the WordPress media uploader.

Load Script Only If A Particular Shortcode Is Present

In a previous post we have shown you how to create a custom shortcode. If your shortcode requires a JavaScript function, follow The Jedi Master way by Silviu-Cristian Burcă (famously known as Scribu) to ensure that you only load the JavaScript when the shortcode is applied.

Menu Description

When you add in a menu through Appearance > Menu, you will see an input to add “Description”. But you won’t find it anywhere in the front-end as we have to customize the WordPress default menu template to include the description.

Here is an elegant way to do so.

Using Dashicons

You can now use WordPress’s very own crafted font icon, Dashicons, to add icons to the wp-admin menu. Check out our tutorial on how to start using Dashicons.

Customize “Howdy” Message

Follow our previous tutorial to change the WordPress nonsensical “howdy” message that appears at the admin bar to something more personalized.

Exclude Post From The Jetpack Popular Widget

Jetpack comes with a widget that allows you to show the most viewed or popular posts and pages. But sometimes your most popular pages could be the home page or a page that you do not want to include in the most viewed pile.

Add the following code to remove that page or post:

 function jeherve_remove_post_top_posts( $posts, $post_ids, $count ) { foreach ( $posts as $k => $post ) { if ( '1215' == $post['post_id'] ) { unset( $posts[$k] ); } } return $posts; } add_filter( 'jetpack_widget_get_top_posts', 'jeherve_remove_post_top_posts', 10, 3 );

Replace the ID shown in the snippet with the ID of the post or page you want to remove.

Truncate Post Title

The following snippet controls the maximum title length. Add the following snippet in functions.php. Then use the function customTitle() in the template to output the title in place of the WordPress the_title() method.

 function customTitle($limit) { $title = get_the_title($post->ID); if(strlen($title) > $limit) { $title = substr($title, 0, $limit) . '...'; } echo $title; } 

If you build a WordPress Theme with a tiled layout where the tile height has to be equal, you might want to specify the limit of the title length. This snippet should come in handy in that case.

Remove WordPress Logo

WordPress 3.1 adds an admin bar, which includes a handful of links and the WordPress logo. If you are going to handout websites to a client and you want it to be brandless, here is the function to remove that WordPress logo.

QR Code with Link to Article

Improve your website accessibility for mobile devices with QR codes. This code allows you to display QR codes with a link pointing to the article. Mobile users with a QR code scanner can obtain the article link for quick viewing on their mobile devices.

 <img src="https://api.qrserver.com/v1/create-qr-code/?size=500x500&data=" <?php the_permalink() ?> " alt="QR Code for <?php the_title_attribute(); ?> 

The post 60+ Most Wanted WordPress Tricks and Hacks (Updated) appeared first on Hongkiat.

WordPress admin makes it easy to manage configurations without touching a line of code. These basic configuration settings are then stored in the wp-options table inside the database. But, WordPress also has a separate configuration file, called wp-config.php, that can be used for further customizations.

Wp-config is the file where your custom hosting data (database name, database host, etc.) is saved when you install a self-hosted WordPress site. You can also add other configuration options to this file, with which you can enable or disable features such as debugging, cache, multisite, SSL login, automatic updates, and many others.

Read Also: 15 Useful .htaccess Snippets for Your WordPress Site

Localize and edit wp-config

When you download WordPress, the wp-config.php file is not yet present inside the install folder. However, there’s a file called wp-config-sample.php that you need to copy and rename to wp-config.php. Then, you need to add your basic connection data (database name, database username, database password, hostname, security keys) to this file.

If your hosting provider uses the Softaculous auto installer (most do so) this process is automated for you and you will find a wp-config.php and a wp-config-sample.php file in your root folder when you connect your server via FTP.

Note that the order of settings matters, so don’t rearrange them. When editing the wp-config file, always use a code editor such as Sublime Text, Atom, Notepad++, Visual Studio Code, or TextMate. Word processors (Microsoft Office, Google Docs, LibreOffice, etc.) will mess your file up, never use them to edit code files.

The settings saved into wp-config override the database, in case the same type of configuration is present at both (e.g. home URL)

Where to place the code snippets

In this article, you can find 20 code snippets with which you can use to customize your wp-config.php file.

Most of these configuration options don’t exist in wp-config by default. If you want to use them you need to add them below the starting <?php tag and code comments, but above the MySQL settings.

1. Turn on WP debugger

You can turn the WordPress debugger on and off in the wp-config file. The first snippet below does exist by default in wp-config (below the database configurations) but its value is set to false. To turn the debugger on, change its value to true.

The second snippet turns on the frontend debugger that allows you to debug CSS and JavaScript scripts. Use the debuggers only on development sites never in production.

 # Turns on PHP debugger define( 'WP_DEBUG', true ); # Turns on CSS and JavaScript debugger define( 'SCRIPT_DEBUG', true ); 

2. Change database table prefix

WordPress uses the wp_ table prefix by default. If you want a more secure database you can choose a more complicated table prefix.

This config option also exists in the wp-config file by default, you only need to change the value of the $table_prefix variable to a more secure one.

Only change the table prefix if you have a clean install or on a development site, as it’s risky to do so on a production site.

 # Creates secure table prefix for database tables # Only numbers, letters, underscores $table_prefix = 'a81kJt_'; 

3. Change WordPress URLs

You can set the WordPress and home URLs in the WordPress admin, under the Settings > General menu. However, you can also configure these URLs in the wp-config file.

Defining the WP_SITEURL and WP_HOME constants in the wp-config file has two advantages:

1. it can be life-saving if you can’t access your admin area for some reason
2. it can reduce the number of database calls while your site is loading (as wp-config overrides the options saved in the database)

WP_SITEURL specifies the URL users can reach your site with, while WP_HOME defines the root of your WP install. If you installed WordPress into your root folder (this is the default option) they take the same value.

 # Specifies site URL define('WP_SITEURL', 'http://www.yourwebsite.com'); # Specifies home URL (the root of the WP install) define('WP_HOME', 'http://www.yourwebsite.com/wordpress'); 

4. Empty trash after a certain time

You can make WordPress to automatically empty your trash after a certain number of dates. The smallest value of this constant is 0, in this case you disable the trash feature.

 # Empties trash after 7 days define( 'EMPTY_TRASH_DAYS', 7 ); 

5. Enable WordPress cache

You can enable WordPress’ built-in caching feature with the following line of code. Most caching plugins, such as W3 Total Cache and WP Super Cache, automatically add this snippet to the wp-config file.

 # Enables WP cache define( 'WP_CACHE', true ); 

6. Enable WordPress Multisite

By adding the WP_ALLOW_MULTISITE constant to your wp-config file, you can enable WordPress’ multisite feature that allows you to create a network of WP sites.

 # Turns on WordPress Multisite define( 'WP_ALLOW_MULTISITE', true ); 

7. Redirect non-existing subdomains and subfolders

Sometimes visitors type a non-existing subdomain or subfolder into the URL bar. You can redirect these users to another page on your domain, for instance to the homepage with the help of the NOBLOGREDIRECT constant.

 # Redirects non-existing subdomains and subfolders to homepage define( 'NOBLOGREDIRECT', 'http://www.yourwebsite.com' ); 

8. Manage post revisions

WordPress has a built-in version control system, which means it saves all post revisions you create. A frequently edited post can have as many as 25-30 revisions that can take up a lot of database space after a while.

With the WP_POST_REVISIONS constant, you can maximize the number of post revisions or completely disable the feature.

 # Completely disables post revisions define( 'WP_POST_REVISIONS', false ); # Allows maximum 5 post revisions define( 'WP_POST_REVISIONS', 5 ); 

9. Enable built-in database optimization

WordPress has a built-in database optimization feature you can turn on by adding the following line to the wp-config file.

I wrote in detail about how this tool works in this article. The most important thing to note is that the database optimization screen is available for anyone (even for non-logged in visitors). Enable the feature only for the period of time you want to run the optimization tool, then don’t forget to disable it.

 # Turns on database optimization feature define( 'WP_ALLOW_REPAIR', true ); 

10. Disable automatic updates

WordPress runs automatic background updates by default for minor releases and translation files.

You can toggle this feature on and off by setting the values of the AUTOMATIC_UPDATER_DISABLED (for all updates) and WP_AUTO_UPDATE_CORE (for core updates) constants according to the following rules:

 # Disables all automatic updates define( 'AUTOMATIC_UPDATER_DISABLED', true ); # Disables all core updates define( 'WP_AUTO_UPDATE_CORE', false ); # Enables all core updates, including minor and major releases define( 'WP_AUTO_UPDATE_CORE', true ); # Enables core updates only for minor releases (default) define( 'WP_AUTO_UPDATE_CORE', 'minor' ); 

11. Increase PHP memory limit

Sometimes you may want to increase the PHP memory limit your hosting provider has allocated to your site, especially if you get the dreaded “Allowed memory size of xxxxxx bytes exhausted” message. To do so, use WP_MEMORY_LIMIT for the website and WP_MAX_MEMORY_LIMIT for the admin area.

Note that some hosts don’t allow to increase the memory limit manually, in this case contact them and ask them to do it for you.

 # Sets memory limit for the website define( 'WP_MEMORY_LIMIT', '96M' ); # Sets memory limit for the admin area define( 'WP_MAX_MEMORY_LIMIT', '128M' ); 

12. Force SSL login

To increase website security, you can force users to log in through 5 Tips to Toughen Up Your WordPress Login Security

The post 15 wp-config Snippets to Configure WordPress Site appeared first on Hongkiat.