Category Archives: Wordpress

How-to for Wordpress

Creating a WordPress Child Theme

CSS, PHP, Wordpress

Overview

WordPress LogoSave yourself some heartburn, do not modify WordPress templates directly … create child templates. Creating a child template will allow you to update a theme without having to re-work it to include your change.

To create a child theme, you need to do the following:

  • Create a child theme directory
  • Place a new style.css file in your child theme directory
  • Add a functions.php file to the child theme directory
  • Add copies of files you plan to modify in the new child theme directory

Create a child theme directory

Go tot he themes diretory (wp-content/themes), create a subdirectory with the name othe original theme, but, append “-child’ to the directory name. Example, if you want a child them for the twentyfifteen theme, create a subdirectory twentyfifteen-child.

In the twentyfifteen-child directory, create a file style.css. In the style.css file, you must have the following minimum header.


/*
 Theme Name:   Western Way Realty
 Theme URI:    http://example.com/western-way-realty/
 Description:  This is a Child Theme of twentyfifteen for the Nomad Realty
 Author:       John Doe
 Author URI:   http://example.com
 Template:     twentyfifteen
 Version:      1.0.0
 License:      GNU General Public License v2 or later
 License URI:  http://www.gnu.org/licenses/gpl-2.0.html
 Tags:         light, dark, two-columns, right-sidebar, responsive-layout, accessibility-ready
 Text Domain:  twenty-fifteen-child
*/

 

When creating the header for the style.css file, include the

  • Them Name: followed by the name of your new child theme
  • Theme URI: followed by the location of updates for the theme
  • Description: followed by the description of the template and remember to reference the name of the parent theme to assure user remembers to include the parent theam.
  • Author: followed by your name (or the name of the developer of the new child template)
  • Author URI: followed by the URI of the authors website.
  • Template: followed by the name of the parent template
  • Version: followed by the version number you want for the child template
  • License: followed by the software license that is used to release this template
  • License URI: followed by the address of a copy of the release license.

Following the style.css header, you may now add any new CSS that will be needed in your theme.

Create a function.php file

In the child theme directory, create a file function.php. The original theme function will provide all functions you need, but, this function.php can be used to override the function.php function or to include new function.php content for the child theme.

At minimum, the functions.php file should include the following:


    add_action( 'wp_enqueue_scripts', 'theme_enqueue_styles' );
    function theme_enqueue_styles() {
        wp_enqueue_style( 'parent-style', get_template_directory_uri() . '/style.css' );
        wp_enqueue_style( 'child-style',
            get_stylesheet_directory_uri() . '/style.css',
            array('parent-style')
    );
}

 

The above code assure that the parent style.css file is loaded, and it assure that the new style.css file is loaded for the new theme.

With the creation of the functions.php file in your child directory, you are ready to go…

Keep Going

Keep going creating your new child theme. Add new child themes functions to the new functions.php. Add the new CSS content to the new style.css file. If you need to modify other files, such as header.php, footer.php, template.php or any other file … copy it to your new child theme directory and make your mods in the new child themes directory.

Protect Your Website from Hackers (and Spammers) 2

Security, Wordpress

Recently, I mentioned that you should be concerned about hackers (and spammers). I listed a number of items that you can do to increase the security of your website, and I listed reasons you should be concerned about security. However, I didn’t take the time to explain how to perform the protective activities. This article and following articles will give explanations that will help you perform those protective activities listed. Today, I’ll explain how to:

  • Check your site regularly for potential security problems.
  • Keep your website software up-to-date.
  • Monitor your site for unauthorized attempts to login by unauthorized people
  • Hide your login page
  • limit login attempts
  • never use the default administrator name
  • randomize your password

There are several WordPress plugins that will allow you to monitor for potential hackers and spammers. Personally, I find WordFence and Lockdown WP to be two exceptional plugins to help monitoring a WordPress site. Install WordFence and Lockdown WP and you’ll find an incredible set of tools to monitor your site.

Your first steps will be to configure these two plugins.

Configure Lockdown WP

Lockdown WP has only a few configurables, but the configurables are some of the most important items you can configure. Using Lockdown WP, you will make it harder for the hacker to find your administration area. To do this, configure Lockdown WP by:

  • Selecting to hide the administration area from those that are not logged into the site. To do that, check the option box next to ” Yes, please hide WP Admin from the user when they aren’t logged in.” Anyone not logged in attempting to access the administration area will receive a page not found 404 error message.
  • Setting a new WordPress Login URL. Normally, access to administration is accessed at the location www.example.com/wp-login.php. Using lockdown WP, set the access point to ANYTHING other than wp-login.php. Set the access point to an unusual, unique access location with a name that has no bearing on your site purpose or function, such as www.example.com/fish201. If you reconfigure this access point, hackers that attempt to login your site will have trouble guessing where you have “moved” the login access, and therefore will have more trouble attempting to hack your login. Anyone that attempts to access at www.example.com/wp-login.php will clearly be a hacker and you will be informed hackers attempt to access this 404 location.

Configure WordFence

WordFence has a large number of important features to configure. Using WordFence, review all the configurable items. The following list has an “X” beside options that should be checked. When a text string should be entered, suggested answers are provided. Make certain that at minimum you set the following configurable:

Basic Options:

  • X Enable firewall
  • X Enable login security
  • X Enable Live Traffic View
  • X Enable automatic scheduled scans
  • X Update Wordfence automatically when a new version is released
  • Where to email alerts: your@email.com

Advanced Options:

  • X Alert on critical problems
  • X Alert on warnings
  • X Alert when an IP address is blocked
  • X Alert when someone is locked out from login
  • X Alert me when a non-admin user signs in

Scans to include:

  • X Scan for the HeartBleed vulnerability?
  • X Scan theme files against repository versions for changes
  • X Scan plugin files against repository versions for changes
  • X Scan for signatures of known malicious files
  • X Scan file contents for backdoors, trojans and suspicious code
  • X Scan posts for known dangerous URLs and suspicious content
  • X Scan comments for known dangerous URLs and suspicious content
  • X Scan for out of date plugins, themes and WordPress versions
  • X Check the strength of passwords
  • X Scan options table
  • X Monitor disk space
  • X Scan for unauthorized DNS changes
  • X Scan files outside your WordPress installation
  • X Scan image files as if they were executable

Firewall Rules:

  • If a crawler’s pages not found (404s) exceed: 5 per minute then block it
  • If a human’s pages not found (404s) exceed: 5 per minute then block it
  • If 404’s for known vulnerable URL’s exceed: 1 per minute then block it
  • How long is an IP address blocked when it breaks a rule: 30 minutes

Login Security Options:

  • Enforce strong passwords? TRUE
  • Lock out after how many login failures : 3
  • Lock out after how many forgot password attempts: 3
  • Count failures over what time period: 10 minutes
  • Amount of time a user is locked out: 30 minutes
  • X Immediately lock out invalid usernames
  • X Don’t let WordPress reveal valid users in login errors
  • X Prevent users registering ‘admin’ username if it doesn’t exist
  • X Prevent discovery of usernames through ‘?/author=N’ scans

Other Options:

  • X Hide WordPress version
  • X Hold anonymous comments using member emails for moderation
  • X Filter comments for malware and phishing URL’s
  • X Check password strength on profile update
  • X Participate in the Real-Time WordPress Security Network

Your second step will be to use WordFence to monitor for hackers on a regular basis

Assuming your have configured according to the list above, you should be well on the way to a safer website. Given the configuration above, hackers will have trouble seeing your administration login page, you will be using more secure passwords, hackers will be blocked if they attempt to access protected areas of your site and your WordPress site will be continually scanned for viruses.

However you can not walk away from the site and assume it is safe. Daily, you will want to check your site reports in WordFence. Under WordFence Life Traffic, check the reports for Pages Not Found, Login & Logouts, and 404 Errors. Each of these reports will identify the page being accessed, visitors home country, and visitors IP address (among other things).

Examine the Pages Not Found and 404 error list. Unless you have broken links, you should have no pages not found. With the exception of a few people that accidentally attempt to access a page and enter a typo, accesses to pages not found should be reviewd carefullly. If you can not rationalize why a person might have attempted to access a page that can not be found. block that person from further access.

Examine the Login & Logout report. Look at the list, scanning for records of people attempting to access with an invalid user name, or show access from a country or area that is not reasonable. If you have no one that should be accessing your administrative area from Arizona or China and records indicate an attempt to access from those areas, block that IP address.

Wordfence will remind you as new versions of your plugins appear. Be diligent and update those plugins. Wordfence will notify you in the event that WordPress has a newer version available. Update WordPress and modules as they come available.

If you are diligent monitoring your site, you should feel significantly more secure in the area of vulnerability

9 WordPress Plugins to Consider

Wordpress

WordPressPreviously, I offered the names of some must have plugins for a WordPress site. Today, I would like to offer some additional plugins that could prove a great benefit to your site. Some of the plugins would be best used by developers, other are for just about for anyone looking to improve their site. The plugins include:

  1. All 404 Redirect to Homepage

    This plugin will help everyone protect against (1) broken links and (2) from hackers. With this plugin, anyone or anything that tries to find a page on your site that is missing, will be directed to the home page. That is a nice convenient location for people to start if they happen to try to access a page you have removed, or a page that has become broken. From the home page, they have the option to wander your site and enjoy its wonders. Additionally, this has an affect on hackers. Hackers and their bots search for pages that may help them hack into your site. Frequently, they search for pages that do not exist on your site, but, exist in other vulnerable WordPress sites. This plugin will redirect all these hacked access to your home page and safety.

  2. Embed iframe (skip if you are not a techy)

    Not everyone needs to know about iframes. Iframes are tools to allow developers to open small windows in their site that view out into the world. If you do not know what iframes are, don’t worry your head about them. However, if you do know how, why, and when to use an iframe, know … there is a plugin named Embed Iframe and it will make your day when you need an iframe.

  3. Optimize Database after Deleting Revisions

    Everyone should worry about trash sitting around in their WordPress database. Trash in your database can slow down your website. Add Optimize Database after Deleting Revisions to your plugins. This plugin will clean up trash in your database quickly and safely, making your site site happier and healthier.

  4. Per Post Scripts & Styles (skip if you are not a techy)

    This wonderful plugin is for the developers of the world, or the hardcore site enthusiasts. This plugin allows you to conveniently add CSS and JavaScript into individual posts. When added to your plugin list, you can list *.js and *.css files you would like added to the header of individual posts. Also, it allows you to add specific JavaScript and CSS to the header of individual posts to REV up your post content. However be warned, if these files (or snippets) are added via this plugin, the same snippets and js/css files are included in the headers of all pages that contain the article. That means you need to be thoughtful and make certain you make your scripts and CSS in a manner that they only affect item you want affected in the particular article.

  5. Popup Maker

    Anyone may benefit from this plugin. If you have visited a site that asks you to register for some form offer in a popup box, they may have used this popup plugin. There are dozens of popup plugins, but, this plugin is really flexible in a special way. Unlike many, this plugin will allow you to include snippet code from locations such as forms from AWEBER, InfusionSoft, and other services. Many popup plugins for WordPress do are not compatible with 3rd party snippets because they are specially designed to work in a narrow number of situations. If you need to have a popup in WordPress interface with a 3rd Party snippet, consider using PopUp Maker.

  6. Scroll Triggered Box by Dreamgrow

    Anyone may benefit from this plugin. This plugin is similar to PopUp Maker. This plugin has many feature, in some cases, more than PopUp Maker. Also, this popup plugin tools is very easy to use. This plugin can be used to create a very flexible set of popups, but, does have some problems working with 3rd Party forms if they include a Submit button. Scroll Triggered Box by Dreamgrow catches the press of the submit key and interrupts the action that might be intended to occur in a 3rd Party snippet. However, if you are not using a 3rd Party snippet in your popup, consider using this outstanding popup plugin.

  7. Superfish Dropdown Menu

    This plugin is for Anyone that wants a dropdown menu in a template that does not support dropdown menus. This plugin is well designed, integrates will with the WordPress menu configuration scheme, and can set you up with drop down menus quickly.

  8. WP deferred JavaScript (skip if you are not a techy)

    If you are a developer and you are having problems with loading a JavaScript snippet because it is being loaded before the complete load of the DOM, add this plugin. This can occur if you are not including your invocations of JavaScript files correctly. However, adding them correctly can be a nuisance for small jobs. Adding a JavaScript file correctly would require the inclusion of the JavaScript file by use of enqueuing, and modifying functions.php or adding a plugin. Sometimes you may not need or want to go to all that effort. This plugin will help. This plugin will add “defer” to all JavaScript calls, insuring that the DOM is complete before the call of your little chunk of JavaScript is executed. You will not have to worry about adding the code in your footer.

  9. WP Smush.it

    This plugin is great for anyone running a responsive template. One of the problem with a responsive template that is to be compatible with small devices, such as a smart phone, the page may be able to resize, shift and adjust (even resize images to fit), but, they resize the images to fit after they load the FILL SIZE image onto the device. Loading an image that is meant to be loaded on a 17″ monitor onto a 3″x4″ is a problem. You are loading much more image than needed and it loads slowly. Using WP Smush.it, the plugin makes multiple copies of each image and loads an image that is much closer to the optimal size for the device being loaded, so the load of the device will be much faster. Use Smush.it to improve the performance of your WordPress site on tablets and smartphones.

    Related note: currently(1/21/2015) there is a “feature” in the Safari Browser of the IPhone. Here, the use of the phase “feature” is being used as a polite way of saying “bug.” If images are used in the background of websites, these images are not correctly resized either with or without WP Smuch.it. Until this feature is corrected, attempts to display background images in responsive templates must be done manually via CSS and creation of the correct size image. Currently, Safari Browser for the IPhone not only does not correctly resize with the “background-size: cover” directive, it actually creates a ridiculously overblown version of the image being resized.

WordPress: Changing Maximum Upload Size

htaccess, HTML5, PHP, Wordpress

Using WordPress to upload videos (or other files), it may turn out that you need to upload a file larger than the maximum limit set by WordPress. This should no be a significant, you can increase the size of the allowed upload file. To increase the upload size, you must adjust some or all the following PHP variables:

  • WP_MEMORY_LIMIT
  • upload_max_filesize
  • post_max_size
  • max_execution_time

Must and may changes are as following. To increase the upload size, you must increase the upload_max_filesize and post_max_size. If the file is large enough, you may need to increase the size for memory_limit, max_execution_time and max_input_time.

The changes may be made in two locations. They may be made in your php.ini file or your .htaccess file. You may not change them by modifying your wp_config.php file adding an ini_set. Using ini_set in wp_config.php might be your first instinct, but, that will not work.

To keep the change more localized, modify the .htaccess file with the following code (changing the upload preference size as needed for your situation)


    <IfModule mod_php5.c>
        php_value memory_limit 64M
        php_value upload_max_filesize 64M
        php_value post_max_size 64M
        php_value max_execution_time 600
        php_value max_input_time 600
    </IfModule>

If you prefer to change php.ini, you can add the following to th php.ini file as needed in your situation


    memory_limit = 64M
    upload_max_filesize = 64M
    post_max_size = 64M
    max_execution_time = 600
    max_input_time = 600

Create a New WP Page Template

PHP, Wordpress

Creating a new WP Page or Post Template is easy. It is nice that templates to gallerys, video pages, left templates, right templates, etc are currently available. But, from time to time I like to add a new template that has special CSS attached, or uses the title, content and featured image is a different way

This article talks about the way to add a new wordpress page or post template to your list of template selections.

To create a new template:

  • Decide on a name for your new template.

    The template name must have a special format, the options are as follows:

    • page-{slug}.php
    • page-{ID}.php
    • page-{general description}.php

    The first two naming conventions are used for formatting a specific article. If you have created a page or post and you would like that particular page or post to have a special format, you will create a new file that uses the slug or ID of the page to force wordpress to use the new template on that page/post only. These templates to do not show up in the template selection list, they simply format the specific pages.

    The third naming convention is not mandatory, but, is convenient. The third naming convention is used for a template that you would like to see in the template selection list as you create the new page or post. {general description} should be selected to reflect the label you would like seen in the drop down list of the templates. If you are creating a special format template for creation of landing pages, you might use the general description “landing.” If your description has more than one word (ex: my landings) use a dash(-) in place of spaces in your phrase.

    In our example, we will create a new template called “page-landing.php.”

  • Copy an existing template that is similar to the template you need. If you do not want to start from scratch creating the template, there are several files available for you to start with as a baseline for your new template. You will copy it and rename it to your selected new name. To determine what baselines are available to you, go to your theme directory and look down the list to all the files that have the format page-XXXX.php. Any of these and the file page.php can be used as a baseline. For our example, we will copy page.php to the file named page-landing.php.
  • Modify the existing template.

    To create the new general template, you need only add 3 lines at the very top of the file. At the top of the new file page-landing.php, adjust to say:

    

    <?php
    /*
    Template Name: Page: landing    
    */

    The “Template name: ” label may be followed by

    • Page: {description}
    • Post: {description} or
    • {description}

    Once you are done adding this {description}, it will be added to the list of options available in your templates list and it can be selected from your new dropdown list of template options. Go ahead, modify your template and expect to be able to call on this template to help you whenever you need the new template.

  • Your ready to go. Go ahead and create your next post or page with your new format.