Blog

The Custom Taxonomy feature has been introduced since WordPress 2.9. It allows you to create custom groups for Post, Page as well as Custom Post Types.

Say that you are building a book directory website, and you have created a Custom Post Type for posting the Books. By using Custom Taxonomy, you can create a custom taxonomy for it, called Genre. Within this Genre taxonomy, you can create a number of items (which technically is called terms) such as Fiction, Kids, or Biography for grouping the Books.

Unfortunately, at this point, we can’t register Custom Taxonomy to Users; at least not in a straightforward way as we would register it in the other Post Types. One perfect application that we could foresee from this idea is that we can use it to assign additional user attributes, such as their occupation, profession or organizational position, in place of registering a new set of User Roles. It also opens the possibility to query the users based upon the assigned taxonomy terms.

If this idea is something that may benefit your website, take a look at this tip.

Recommended Reading: How To Display List Of Authors With Pagination

Getting Started

First, we will install a plugin named User Taxonomies to simplify our job.

Once the plugin is activated. Go to GenerateWP to generate the Taxonomy codes. Put the code output in the functions.php file of your theme. This code snippet below is an example. Though, it has been stripped out to make this article look shorter. You can follow this link to see the full code.

 if ( ! function_exists( 'user_staff_position' ) ) { function user_staff_position() { register_taxonomy( 'staff_position', 'post', $args ); } add_action( 'init', 'user_staff_position', 0 ); } 

Now, change the Post Type parameter in the following line:

 register_taxonomy( 'staff_position', 'post', $args ); 

…from post to user, like so:

 register_taxonomy( 'staff_position', 'user', $args ); 

Now, go to the WP-Admin, and you should find a new menu added under the Users menu, as seen below.

Assigning the Custom Taxonomy

Navigate to the new menu and create a few terms. For this example, we created two items: CEO and Managers.

Then go to user editing screen and assign one item from the taxonomy to the user.

Query the Users

We are going to display the users in the theme based on the given term (of the taxonomy). But before going further, let’s create a new page template. We are going add the codes throughout the following section within this new template.

In this particular case, we won’t be able to query the users with get_users or WP_User_Query; when you create a new WP_User_Query class, it does not output the Custom Taxonomy that is assigned to the users. Justin Tadlock, in his tutorial, shows us how to use the get_objects_in_term function, instead.

This function outputs the object ID (which in our case the object means the user) that are tied with the term. To use it, we need two parameters: the Term ID and the Taxonomy name. You can spot the Term ID at the Browser URL bar when you edit it as shown below.

Once you’ve found the ID, put it within the function, like so.

 $users = get_objects_in_term(3, 'user_position'); 

You can use var_dump() to display the object IDs that have been retrieved; In my case, it returns the users with the ID of 1 and 3.

Using these IDs, we can also retrieve, for example, the user name and avatar.

 <ul> <?php if ( !empty( $users ) ) : ?> <?php foreach ( $users as $id ) : ?> <li class="user-entry"> <figure><?php echo get_avatar( get_the_author_meta('email', $id), '40' ); ?></figure> <h5 class="user-title"><a href="<?php echo esc_url( get_author_posts_url( $id ) ); ?>"><?php the_author_meta( 'display_name', $id ); ?></a></h5> </li> <?php endforeach; ?> <?php endif; ?> </ul> 

…and, finally, here is the result.

That’s it. You can freely modify the above codes to meet your requirement.

The post How to Register Custom Taxonomy For WordPress Users appeared first on Hongkiat.

If you are running a WordPress-powered website, its security should be your primary concern. In most cases, WordPress blogs are compromised because their core files and/or plugin are outdated; outdated files are traceable and it’s an open invitation to hackers.

How to keep you blog away from the bad guys for good? For starters, make sure you are always updated with the latest version of WordPress. But there’s more. In today’s post, I’ll like to share with you some useful plugins as well as some tips to harden your WordPress security.

Read Also: 10 WorfPress Plugin to Secure Your Website

1. Changing Default “wp_” Prefixes

Your website might be at stake for some vulnerabilities (e.g. SQL Injection) if you are using the predictable wp_ prefixes in your database tables. The following tutorial teaches you how to get them changed via phpMyAdmin in 5 easy steps.

2. Hide login error messages

Error login messages may expose and give hackers an idea if they’ve gotten username correct/incorrect, vice versa. It is wise to hide it from unauthorized login.

To hide login error messages, you can simply put the following code in functions.php

add_filter( 'login_errors', '__return_false' );

3. Keep wp-admin Directory Protected

Keeping “wp-admin” folder protected adds an extra layer of protection. Whoever attempts to access files or directory after “wp-admin” will be prompt to login. Protecting your “wp-admin” folder with login and password can be done in several ways:

• WordPress plugin – Using the WordPress HTTP Auth.
• cPanel – If your hosting supports cPanel admin login, you can set protection easily on any folder via cPanel’s Password Protect Directories graphical user interface. Find out more from this tutorial.
• .htaccess + htpasswd – Creating a password-protected folder can also be done easily by setting the folders you want to protect inside .htaccess and users allowed to access inside .htpasswd. The following tutorial shows you how to do it in 7 steps.

4. Maintaining Backups

Keeping backup copies of your entire WordPress blog is as important as keeping the site safe from hackers. If all fails, at least you still have the clean backup files to revert. There are two types of backup practice: Full Backup and Incremental backup.

The “full backup” will include everything within the site including the files and database when creating the backup. This method it’ll take space more than necessary, and may cause a spike on CPU and disk usage when performing the backup. So it’s not quite recommended if your site got limited resources.

The “incremental” backup on the other hand will take the full only the first time and will only take backup of the recently changed items thus more efficient. Today there are a number of options for this type of backups in WordPress with a fair amount of fees such as VaultPress and WP Time Capsule.

Furthermore, we’ve also previously covered a list of solutions to backup your WordPress files and database, including both useful plugins and backup services.

5. Prevent Directory Browsing

Another big security loophole is having your directories and its files exposed, and accessible to public. Here’s a simple test to check if your WordPress directories are well protected:

• Enter the following URL in browser, without the quotes. “http://www.domain.com/wp-includes/“

If it shows blank or redirect you back to home page, you are safe. However, if you see screen similar to the image below, you are not.

To prevent access to all directories, place this code inside your .htaccess file.

 # Prevent folder browsing. Options All -Indexes

If your site running on nginx, you can add the following instead.

autoindex off;

6. Keep WordPress Core Files & Plugins updated

One of the safest ways to keep your WordPress site safe is to make sure your files are always updated to the latest release. Fortunately, WordPress today comes with an automatic update turned-on, so as soon as there’s a security patch available, your site should be immediately updated. Just make sure that you or your developer did not have it turned off.

7. Pick a Strong Password

WordPress now comes with a strong password suggestion field that looks like below when creating a new account or updating to a new password. It will indicate whether your password is Strong or Weak. You should pick the Strong password for sure. But the downside of having a strong password is that it’s not easily memorizeable. That’s why I recommend to have a password manager like 1Password or LastPass

8. Remove Admin User

A typical installation of WordPress comes with a default user named “admin”. If that’s the username to your WordPress site, you are already making hacker’s life 50% easier. Using user “admin” should be avoided at all times.

A safer approach to logging into your admin securely is to create a new administrator and have “admin” removed. And here’s how you do it:

1. Login to WordPress admin panel
2. Go to Users -> Add New
3. Add a new user with Administrator role, make sure you use a strong password.
4. Log out of WordPress, re-login with your new admin user.
5. Go to Users
6. Remove “admin” user
7. If “admin” have posts, remember to attribute all posts and links back to the new user.

9. Disable XMLRPC

XMLRPC in WordPress is a common entry point of attack in WordPress. So it’s always good idea to disable it when your site does not require XMLRPC. You can restrict XMLRPC endpoint to certain IPs in case it’s needed, for example:

Apache

<Files xmlrpc.php> order deny,allow allow from 192.0.64.0/18 deny from all
</Files>

Nginx

 location = /xmlrpc.php { allow 192.0.64.0/18; deny all; access_log off; } 

10. Add HTTP Security Headers

Adding HTTP security headers will add extra security layer to your site which helps to mitigate certain attacks. The headers will intruct the browser to behave on certain direction set in the headers. For example, the X-Frame-Options will allow you whether your site can be embedded within an iframe. Other type of Headers you can add include: X-XSS-Protection, Strict-Transport-Security, X-Content-Type-Options, Content-Security-Policy, and Referrer-Policy.

 Header always append X-Frame-Options DENY Header set X-XSS-Protection "1; mode=block" Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" Header set X-Content-Type-Options nosniff Header set Content-Security-Policy "default-src 'self';" Header set Referrer-Policy "no-referrer" 

Nginx

 add_header X-XSS-Protection "1; mode=block"; add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload'; add_header X-Frame-Options "DENY"; add_header X-Content-Type-Options nosniff; add_header Content-Security-Policy "default-src 'self';"; add_header Referrer-Policy same-origin; 

To add these headers, you might need to reach out to the hosting company where your site is hosted.

Bonus: Subscribe to WPVulnDB

Last but not least, you might want to stay on top of the latest exposed vulnerabilities in WordPress Core, Plugins, and Themes by subscribing to WPVulnDB. It describes what type vulnerability, what it is, what version is affected, and whether it’s already fixed.

If you find one of your plugins, you’re using are on the report, you should can take immediate action to mitigate it and update the plugins when the fix is available immediately.

The post 10 Tips to Hardening WordPress Security appeared first on Hongkiat.

You created a website on WordPress, selected a reliable hosting for it, and added a beautiful theme. However, like all other aspects, security of your website is also of utmost importance. Even though WordPress has some security features built-in, but the type of threats a website is vulnurable to, you need some special plugins.

This post will list some of the best plugins to harden the security on your website and keep it safe from malacious attacks. Let’s take a look.

Login

Login Lockdown can help to mitigate your site from a brute force attack. The plugin will record the IP address and timestamp on every failed login attempt. If it detects multiple failed attempts on a certain period of time from the same IP address, it will disable all the requests from that address for an hour. You can set the length of the lockdown from the Settings page of the plugin.

WP-DB Manager

Part of a security measure is having a backup, especially a database backup which contains all the data (e.g. content, users, and options) on your website. WP-DB-Manager is a handy plugin that allows you to do just that easily. It can backup the database, restore it as well set an automatic scheduled backup.

Antivirus

The Antivirus plugin works similar to an antivirus installed on your computer. It’ll scan exploits, malware, and spam injections within the files as well as the database on your site. The scan can be initiated manually to select files or run daily. The plugin will notify you when it finds any malicious codes to your email address.

Bear in mind though, that the plugin may cause a performance degradation depending on the number of files it has to scan and the specification of the server on which the site runs.

Bad Behavior

Bad Behavior is the plugin which helps you fight with those annoying spammers. The plugin will not only help you prevent spam messages on your blog, but also will try to limit access to your blog, so they won’t be able even to read it.

User Spam Remover

User Spam Remover can automatically remove spam, old, or never-used accounts. It also creates a backup of all the user account that it deletes so that you can easily restore it if needed. It is a handy tool if your site manages multiple users with open registration.

Block Bad Queries

This plugin attempts to block away all malicious queries attempted on your server and WordPress blog.

It works in the background, checking for excessively long request strings (i.e., greater than 255 chars), as well as the presence of either “eval(“ or “base64” in the request URI.

iThemes Security

iThemes Security makes it easy to implement general security patches to your WordPress site installation.

With the plugin, you can change the table prefix, enable 2FA with Google Authenticator, Google ReCaptcha, User Action Logging, and a lot more. It’s an all-in-one WordPress security plugin.

Defender

Defender also comes with several security features that you can enable on your site such as Hide error reporting, Disabling file editor, and changing the table prefix. It also provides some low-level security recommendations of your server.

Jetpack

Jetpack does many things including some security features such as Monitoring which allows you to monitor whether your site is up or down, Single Sign-on which is powered by WordPress.com to allow users using their WordPress.com account, and Brute-force protection.

Security Headers

Adding some Headers Response will add extra layers of security to your site. The Headers will direct on how should the browsers to behave when they render your website.

A few of the Headers we are seeing here include the Strict-Transport-Security header will enforce the browsers to load your site through HTTPS, X-Frame-Options, and X-XSS-Protection. This plugin makes it easier to add these headers on your site without the need to have access to your server.

The post 10 WordPress Plugins to Harden Website’s Security appeared first on Hongkiat.

Have you ever came across a WordPress blog, saw something you liked, and thought; how they did that, is that a plugin or hack? where can I get those cool mods? etc. Well, you’re not alone in thinking like that. Most WordPress users are always looking or some new ways to optimize their experience.

Keeping this in mind, we created this article by asking WordPress blog owners what kind of hacks and plugins they frequently look for to enhance their blog in any aspect. And here’s our outcome – 60+ most wanted WordPress tips, tricks and tweaks, including those you probably don’t even know the keywords to search for. Let’s take a look at the content.

Useful plugins you should know…

Revert Plugins or Themes to Previous Version (Easily)

As with any other system update, there is a chance that a new plugin or theme update may accidentally screw up your website. WordPress does not allow us to revert to the previous version but you can install this plugin WP-Rollback to get that functionality. Once it is activated it will add a link “Rollback” on any installed plugin.

Text Editor SyntaxHighlighter

The WordPress text-mode editor is pretty plain. You can make it more user-friendly by installing HTML Editor SyntaxHighlighter, a plugin that adds syntax coloring like in a code editor. It will make editing a lot easier, especially if you use Text-mode editor more often than the Visual (WYSIWYG) counterpart.

Install Plugin with Single Click

For more plugin management, you could install WP-Core. This is a plugin that makes WordPress plugin installations more streamlined. You can also makes a Collection to put several plugins together and install them with one click.

Show Disk Usage Chart

Install this plugin Disk Usage Sunburst to display a beautiful visualization, similar to DaisyDisk, of your website disk space usage. A quite useful utility to add to your website.

Add Gravatar for post author

Showing an avatar image is one way to get recognized online. With Gravatar be part of the WordPress Core, we can easily show an avatar within your theme from your Gravatar account very easily. This article from ThemeShaper will show you how.

Using custom page as homepage

WordPress will display a list of posts on the home page. But did you know that you can select a specific page to show static content and use other page to show the list of Posts.

Create and display thumbnails for each blog post

This article shows you how to show featured image on your post using the WordPress built-in post thumbnail feature. It’s so easy now to do this. No more hacking around with old ways like TimThumb or hacknig around with the custom field.

Create and display category image

Even so now you can easily show a catgory image the WordPress way. Simply use this plugin called WP Term Images.

Protect CSS mods for any WordPress theme

Let’s learn how you can add a custom CSS on your theme without having to worry that it’ll be overriden.

Open links in new windows by default

It might be a good idea to open up all links of external sites in a new window, by default. This will allow your users to navigate both your site and the external site at the same. In other words, users will stay longer on your site.

WordPress thumbnail size limit

If you’re ever frustratted by your author uploading a blurry or too small of a featured image, this is the perfect plugin for you. Use this plugin to set the minimum height and with that they should be uploading.

Seperate comments from Trackbacks/Pingbacks

WordPress shows both comments and trackbacks and pingbacks in the order of when they are posted. Let’s tidy them up by separating them in a different section.

Creating an Archive Index

Learn how to create a special page in WordPress showing links to all your previous posts arranged in yearly or monthly order.

Custom login page

Creating a beautiful WordPress login page gets so much easier with this plugin. You can pick color, background, and it’s position. It just works and no need to code.

Post text and image count

A clever way to count images in your post but leaving the default WordPress smilies out (which is also technically an image), and display the number.

Place content only in RSS Feed

Place additional content in the RSS feed, but not in the content in the website itself. You could use it to place, for example, a copyright notice on your content.

Adding Tabs to Content

Organize your content with Tabs using this plugin. Using Tab is perfect way to show more content in very little or limited space.

Sidebar With Dynamic Contents

Sidebar often is boring as they look the same in every pages. Let’s learn how to show different content in the sidebar.

Google Syntax Highlighter for WordPress

With this plugin, you can add proper syntax colors to the code block in the content, and let your users to copy the code easily.

Add Breadcrumbs to Your WordPress Blog

Breadcrumb navigation is good for both SEO and your users. Use this plugin to add one on your site.

Buy Me a Beer

Add a Paypal button to your site to let your users send a donation. The plugin makes it very easy to add the button any where in your site and change the styles of the button to match your liking.

Detect Adblocker and display alternative

Display a notice for usrs with AdBlocker. A handy plugin to optimize your ad-based revenue on your site.

Alternative way to display dates

Format the timestamp on Posts or Comments that’s easy to read and understand. For example, we can show Yesterday or 2 Days Ago instead of 17th August 2019.

Check for Broken Links

Broken can be irritating. Use this plugin to check broken links on every Posts on your site.

Display Thumbnails for Related Post

Ever wonder how to add related posts right after the main content? In WordPress, adding related posts along with the image thumbnail is easy with this plugin.

WordPress Plugin Download Counter

Do you have plugin plublished in WordPress.org repository? Here’s the script if you’d like to show the number of downloads the your plugin has got.

Here’s more…

Disabling Full-Height Editor

WordPress 4.0 added a subtle UX change in the editor. If you are scrolling or writing a length paragraph, the height of the editor will match the height of your screen, eliminating the scroll-bars inside the editor.

To reach some panels like the Excerpt and Custom Fields that reside below the editor, you need to scroll all the way down through the end of paragraph. If you don’t want this, tick the option off in the Screen Options panel.

Note: If you’re enabling the block editor a.k.a the Gutenberg, this tip is no longer applicable because WordPress has changed the entire editor interface.

Adding Icon in Menu

Follow this tip to add icon beside your website menu items giving your menu navigation more visual appeal.

Install WordPress Plugin via Github

Did you find a WordPress plugin in Github that you want to install in your website? Follow this tip on how to install plugins conveniently with just a few clicks. Be careful though of what you install as plugins are not moderated. There may be a chance that malicious codes may allow infiltration of your website.

And finally…

Beyond this point are advanced tips and tricks for those who feel like exploring, and those who enjoy getting their hands dirty with codes. However, many of the following tips may render your website unusable, hence they should be carried out with more attention and with extra caution.

WordPress Output Debug File

This snippet will tell WordPress to save the debug log error in a .log file instead of displaying it in the front-end. A handy snippet to enable WordPress debugging in a live site.

 define('WP_DEBUG', true); define('WP_DEBUG_LOG', true); define('WP_DEBUG_DISPLAY', false);

Using Jetpack Modules – Offline

Run and enable all Jetpack modules offline including the modules that actually requires you to connect to WordPress.com to work; a useful tip if you are developing and integrating Jetpack modules to your theme.

Disable self-ping / self-trackback

This trick prevents WordPress from self-ping, which happens if you cross-link pages or posts of your own website.

 function no_self_ping( &$links ) { $home = get_option( 'home' ); foreach ( $links as $l => $link ) if ( 0 === strpos( $link, $home ) ) unset($links[$l]); } add_action( 'pre_ping', 'no_self_ping' );

Another way you can use is by installing Disabler plugin. It is a plugin that allows you to turn on or off certain WordPress functionality including disabling self-ping.

Pre-Populate Content

This tip is quite useful if you want to add default content each time you create a new post, page, or custom post type content; the idea is similar to adding a standard signature when creating new emails.

Custom Class for Post

The following tip explores some customization of WordPress Post Class thoroughly with post_class. It’s helpful if you want to be more specific with regards to your post styles.

Loading Alternative Template

WordPress uses single.php to show post content. If you want to change it to, perhaps, post.php, this tip will show you how to override default WordPress templates correctly.

WordPress Theme Customizer from Scratch

WordPress 3.4 adds a new API called Customizer which allows you to build controls to customize theme and see the result in real-time. The Customizer API may be overwhleming for some, though, as it involves multi-disciplinary code sets including PHP, JavaScript, Ajax, and jQuery.

Nonetheless, Theme Foundation has compiled a complete guide to WordPress Customizer. You will learn how to add the Customize menu, build Sections, Settings, Input Controls as well as Panels, and learn their functions all together – in and out. An essential reference for WordPress theme developers.

Using Vagrant with WordPress

Vagrant is a great tool to create a virtual environment, and to run a test of your WordPress development to ensure that themes and plugins would work in varying instances. In this following tip, Daniel Pataki, will walk you through how to get your WordPress site up and running with Vagrant.

Retrieving WordPress Gravatar URL

The WordPress get_avatar() is a handy function to get a user’s avatar; the function retrieves the image along with the img element. But sometimes I want to grab just the image URL so that I could freely and easily add custom classes or ids to the image.

If you have this in mind, add the following code in your functions.php:

 function get_avatar_img_url() { $user_email = get_the_author_meta( 'user_email' ); $url = 'http://gravatar.com/avatar/' . md5( $user_email ); $url = add_query_arg( array( 's' => 80, 'd' => 'mm', ), $url ); return esc_url_raw( $url ); }

Then somewhere in another file – perhaps single.php or page.php – use the following code to show the image.

 $avatar_url = get_avatar_img_url(); echo '<img src=" ' . $avatar_url . ' ">'; 

Here’s a more detailed post to break it down for you.

Remove Classes From Menu

WordPress, by default, adds a bunch of classes. While this is good to allow extensive customization, the menu HTML markup looks really cluttered. Tidy it up and add only the class you need with the snippet below.

Applying SSL In WordPress Multisite

SSL, not only secures your website, but also bumps up the rankings in Google search result. In the following tip, Jenni McKinnon covers how to deploy SSL in WordPress multisites that may employ multiple sub-domains.

Customizing WordPress Content Editor

Adding styles to the editor will improve the writing experience in WordPress editor. You can match the typographic styles of the backend with the front-end allowing you to see the final version (or a version as close to the final as possible) while writing. This will reduce the switching of back and forth between the editor and the content output.

 function my_editor_styles() { add_editor_style( 'editor-style.css' ); } add_action( 'admin_init', 'my_editor_styles' ); 

Creating Plugin Welcome Screen

If you have just updated WordPress you will be redirected to a special screen, showing the details of the latest version you have just installed, the contributors, the additions as well as all the changes made under the hood. This tip, Creating a Welcome Screen For Your WordPress Plugin by Daniel Pataki will guide you through how to build a welcome screen for your own plugin.

Customize Jetpack Mobile Theme

Jetpack comes with a Mobile Theme. It is a special theme that is used when the website is viewed on mobile devices. And like any other theme, we can customize it. Here’s a how-to by Jeremy, one of Jetpack developers, on how to customize the Jetpack Mobile Theme. It’s a good alternative to consider in place of responsive web design.

Adding Featured Image To Category

Want to add a featured image for a Category and display it in your theme? This feature is missing from WordPress, which could actually be useful for theme developers.

Display Hidden “All Settings”

A WordPress easter egg, this code snippet will add all settings in the WordPress database into one page.

Remove Update Notification

WordPress, by default, display update notifications to all user levels when they are logged in to the backend. Add the following codes to hide WordPress update notification except for users with Administrative privilege.

Add Thumbnail In Post/Page Edit List

This code will display featured images you have assigned to post in the Post column. A useful trick to see which post has a thumbnail and which does not. Note that your theme should support post thumbnails.

Sharpening Images

Honestly, I did not know that we could sharpen images in WordPress as we are uploading the image. Here’s how you can, but bear in mind that it only works for JPG images.

Remove Superfluous info In The Head

WordPress adds a bunch of things in the <head> such as WordPress version, RSD Link, and Shortlink, info that’s not all that useful. To remove these bits of info, use this:

 function remove_header_info() { remove_action( 'wp_head', 'rsd_link' ); remove_action( 'wp_head', 'wlwmanifest_link' ); remove_action( 'wp_head', 'wp_generator' ); remove_action( 'wp_head', 'start_post_rel_link' ); remove_action( 'wp_head', 'index_rel_link' ); remove_action( 'wp_head', 'adjacent_posts_rel_link' ); // for WordPress < 3.0 remove_action( 'wp_head', 'adjacent_posts_rel_link_wp_head' ); // for WordPress >= 3.0 } add_action( 'init', 'remove_header_info' );

Remove either one of remove_action from the above snippet of which you want to retain.

Smart WP_Debug

Ideally you should not enable the WP_Debug in a live site as it will expose critical information. But if you need a trick to do so safely, here it is:

 if ( isset($_GET['debug']) && $_GET['debug'] == '1' ) { // enable the reporting of notices during development - E_ALL define('WP_DEBUG', true); } elseif ( isset($_GET['debug']) && $_GET['debug'] == '2' ) { // must be true for WP_DEBUG_DISPLAY to work define('WP_DEBUG', true); // force the display of errors define('WP_DEBUG_DISPLAY', true); } elseif ( isset($_GET['debug']) && $_GET['debug'] == '3' ) { // must be true for WP_DEBUG_LOG to work define('WP_DEBUG', true); // log errors to debug.log in the wp-content directory define('WP_DEBUG_LOG', true); }

With the above code added, you can enable debugging by adding ?debug=2, ?debug=1, ?debug=3 at the end of the URL to see the error that occurs in your website.

Enable Shortcode In Widget

The following is a useful piece of code if you want to embed Youtube or SoundCloud in the widget area with a shortcode.

Set Default Editor (Visual/Text)

Set the default type of editor your users can use. Change the $editor either to html or tinymce. Of course, user would still be able to opt out of the default.

Prolong Auto-logout

WordPress allows one to remain logged in for 48 hours, plus an extension of 14 days if we check the “Remember Me” option at login. If however you are sure your computer will not be breached by a second or third party, you can add this code to keep yourself logged in for up to a year. You will only be prompted for a login once a year.

Always Use Figure

WordPress will wrap img with a p tag. If you are an HTML semantic purist, you can add this code to force WordPress to wrap image with the figure element.

Change Default Role Name

“Administrator”, “Author”, and “Subscriber” are the names given for WordPress users at the administrative level. To change these default names to something that sounds more apt for your website, add the following code, then make the change to the names to what you prefer:

Default Attachment Settings

Here’s a snippet that lets you specify the default size, alignment, and the link for images you want to embed in the editor.

Custom Image Size In Media Uploader

add_image_size is the WordPress function that allows us to crop and display custom image size. If you want to allow users to add image within this custom size, add the following codes to show the “custom image size” option in the WordPress media uploader.

Load Script Only If A Particular Shortcode Is Present

In a previous post we have shown you how to create a custom shortcode. If your shortcode requires a JavaScript function, follow The Jedi Master way by Silviu-Cristian Burcă (famously known as Scribu) to ensure that you only load the JavaScript when the shortcode is applied.

Menu Description

When you add in a menu through Appearance > Menu, you will see an input to add “Description”. But you won’t find it anywhere in the front-end as we have to customize the WordPress default menu template to include the description.

Here is an elegant way to do so.

Using Dashicons

You can now use WordPress’s very own crafted font icon, Dashicons, to add icons to the wp-admin menu. Check out our tutorial on how to start using Dashicons.

Customize “Howdy” Message

Follow our previous tutorial to change the WordPress nonsensical “howdy” message that appears at the admin bar to something more personalized.

Exclude Post From The Jetpack Popular Widget

Jetpack comes with a widget that allows you to show the most viewed or popular posts and pages. But sometimes your most popular pages could be the home page or a page that you do not want to include in the most viewed pile.

Add the following code to remove that page or post:

 function jeherve_remove_post_top_posts( $posts, $post_ids, $count ) { foreach ( $posts as $k => $post ) { if ( '1215' == $post['post_id'] ) { unset( $posts[$k] ); } } return $posts; } add_filter( 'jetpack_widget_get_top_posts', 'jeherve_remove_post_top_posts', 10, 3 );

Replace the ID shown in the snippet with the ID of the post or page you want to remove.

Truncate Post Title

The following snippet controls the maximum title length. Add the following snippet in functions.php. Then use the function customTitle() in the template to output the title in place of the WordPress the_title() method.

 function customTitle($limit) { $title = get_the_title($post->ID); if(strlen($title) > $limit) { $title = substr($title, 0, $limit) . '...'; } echo $title; } 

If you build a WordPress Theme with a tiled layout where the tile height has to be equal, you might want to specify the limit of the title length. This snippet should come in handy in that case.

Remove WordPress Logo

WordPress 3.1 adds an admin bar, which includes a handful of links and the WordPress logo. If you are going to handout websites to a client and you want it to be brandless, here is the function to remove that WordPress logo.

QR Code with Link to Article

Improve your website accessibility for mobile devices with QR codes. This code allows you to display QR codes with a link pointing to the article. Mobile users with a QR code scanner can obtain the article link for quick viewing on their mobile devices.

 <img src="https://api.qrserver.com/v1/create-qr-code/?size=500x500&data=" <?php the_permalink() ?> " alt="QR Code for <?php the_title_attribute(); ?> 

The post 60+ Most Wanted WordPress Tricks and Hacks (Updated) appeared first on Hongkiat.

WordPress admin makes it easy to manage configurations without touching a line of code. These basic configuration settings are then stored in the wp-options table inside the database. But, WordPress also has a separate configuration file, called wp-config.php, that can be used for further customizations.

Wp-config is the file where your custom hosting data (database name, database host, etc.) is saved when you install a self-hosted WordPress site. You can also add other configuration options to this file, with which you can enable or disable features such as debugging, cache, multisite, SSL login, automatic updates, and many others.

Read Also: 15 Useful .htaccess Snippets for Your WordPress Site

Localize and edit wp-config

When you download WordPress, the wp-config.php file is not yet present inside the install folder. However, there’s a file called wp-config-sample.php that you need to copy and rename to wp-config.php. Then, you need to add your basic connection data (database name, database username, database password, hostname, security keys) to this file.

If your hosting provider uses the Softaculous auto installer (most do so) this process is automated for you and you will find a wp-config.php and a wp-config-sample.php file in your root folder when you connect your server via FTP.

Note that the order of settings matters, so don’t rearrange them. When editing the wp-config file, always use a code editor such as Sublime Text, Atom, Notepad++, Visual Studio Code, or TextMate. Word processors (Microsoft Office, Google Docs, LibreOffice, etc.) will mess your file up, never use them to edit code files.

The settings saved into wp-config override the database, in case the same type of configuration is present at both (e.g. home URL)

Where to place the code snippets

In this article, you can find 20 code snippets with which you can use to customize your wp-config.php file.

Most of these configuration options don’t exist in wp-config by default. If you want to use them you need to add them below the starting <?php tag and code comments, but above the MySQL settings.

1. Turn on WP debugger

You can turn the WordPress debugger on and off in the wp-config file. The first snippet below does exist by default in wp-config (below the database configurations) but its value is set to false. To turn the debugger on, change its value to true.

The second snippet turns on the frontend debugger that allows you to debug CSS and JavaScript scripts. Use the debuggers only on development sites never in production.

 # Turns on PHP debugger define( 'WP_DEBUG', true ); # Turns on CSS and JavaScript debugger define( 'SCRIPT_DEBUG', true ); 

2. Change database table prefix

WordPress uses the wp_ table prefix by default. If you want a more secure database you can choose a more complicated table prefix.

This config option also exists in the wp-config file by default, you only need to change the value of the $table_prefix variable to a more secure one.

Only change the table prefix if you have a clean install or on a development site, as it’s risky to do so on a production site.

 # Creates secure table prefix for database tables # Only numbers, letters, underscores $table_prefix = 'a81kJt_'; 

3. Change WordPress URLs

You can set the WordPress and home URLs in the WordPress admin, under the Settings > General menu. However, you can also configure these URLs in the wp-config file.

Defining the WP_SITEURL and WP_HOME constants in the wp-config file has two advantages:

1. it can be life-saving if you can’t access your admin area for some reason
2. it can reduce the number of database calls while your site is loading (as wp-config overrides the options saved in the database)

WP_SITEURL specifies the URL users can reach your site with, while WP_HOME defines the root of your WP install. If you installed WordPress into your root folder (this is the default option) they take the same value.

 # Specifies site URL define('WP_SITEURL', 'http://www.yourwebsite.com'); # Specifies home URL (the root of the WP install) define('WP_HOME', 'http://www.yourwebsite.com/wordpress'); 

4. Empty trash after a certain time

You can make WordPress to automatically empty your trash after a certain number of dates. The smallest value of this constant is 0, in this case you disable the trash feature.

 # Empties trash after 7 days define( 'EMPTY_TRASH_DAYS', 7 ); 

5. Enable WordPress cache

You can enable WordPress’ built-in caching feature with the following line of code. Most caching plugins, such as W3 Total Cache and WP Super Cache, automatically add this snippet to the wp-config file.

 # Enables WP cache define( 'WP_CACHE', true ); 

6. Enable WordPress Multisite

By adding the WP_ALLOW_MULTISITE constant to your wp-config file, you can enable WordPress’ multisite feature that allows you to create a network of WP sites.

 # Turns on WordPress Multisite define( 'WP_ALLOW_MULTISITE', true ); 

7. Redirect non-existing subdomains and subfolders

Sometimes visitors type a non-existing subdomain or subfolder into the URL bar. You can redirect these users to another page on your domain, for instance to the homepage with the help of the NOBLOGREDIRECT constant.

 # Redirects non-existing subdomains and subfolders to homepage define( 'NOBLOGREDIRECT', 'http://www.yourwebsite.com' ); 

8. Manage post revisions

WordPress has a built-in version control system, which means it saves all post revisions you create. A frequently edited post can have as many as 25-30 revisions that can take up a lot of database space after a while.

With the WP_POST_REVISIONS constant, you can maximize the number of post revisions or completely disable the feature.

 # Completely disables post revisions define( 'WP_POST_REVISIONS', false ); # Allows maximum 5 post revisions define( 'WP_POST_REVISIONS', 5 ); 

9. Enable built-in database optimization

WordPress has a built-in database optimization feature you can turn on by adding the following line to the wp-config file.

I wrote in detail about how this tool works in this article. The most important thing to note is that the database optimization screen is available for anyone (even for non-logged in visitors). Enable the feature only for the period of time you want to run the optimization tool, then don’t forget to disable it.

 # Turns on database optimization feature define( 'WP_ALLOW_REPAIR', true ); 

10. Disable automatic updates

WordPress runs automatic background updates by default for minor releases and translation files.

You can toggle this feature on and off by setting the values of the AUTOMATIC_UPDATER_DISABLED (for all updates) and WP_AUTO_UPDATE_CORE (for core updates) constants according to the following rules:

 # Disables all automatic updates define( 'AUTOMATIC_UPDATER_DISABLED', true ); # Disables all core updates define( 'WP_AUTO_UPDATE_CORE', false ); # Enables all core updates, including minor and major releases define( 'WP_AUTO_UPDATE_CORE', true ); # Enables core updates only for minor releases (default) define( 'WP_AUTO_UPDATE_CORE', 'minor' ); 

11. Increase PHP memory limit

Sometimes you may want to increase the PHP memory limit your hosting provider has allocated to your site, especially if you get the dreaded “Allowed memory size of xxxxxx bytes exhausted” message. To do so, use WP_MEMORY_LIMIT for the website and WP_MAX_MEMORY_LIMIT for the admin area.

Note that some hosts don’t allow to increase the memory limit manually, in this case contact them and ask them to do it for you.

 # Sets memory limit for the website define( 'WP_MEMORY_LIMIT', '96M' ); # Sets memory limit for the admin area define( 'WP_MAX_MEMORY_LIMIT', '128M' ); 

12. Force SSL login

To increase website security, you can force users to log in through 5 Tips to Toughen Up Your WordPress Login Security

The post 15 wp-config Snippets to Configure WordPress Site appeared first on Hongkiat.