web hosting
build a website
Browsing articles from "February, 2014"

Moving WordPress site to a new domain

Feb 9, 2014   //   by Anthony Devine   //   Website Development tips  //  No Comments

When moving a site from one domain to another, for example when you develop a site for somebody on your test server and then you move it over to their live server the best method to move that site over I have found is as follows.

First via FTP download all of the files to your computers desktop and then re-upload them to the new location on the new server. Backup the database from your server and move it over to the new server.

Change the wp-config.php file settings to the database details on the new server. Then in the wp-config.php file add in the following:

define('WP_HOME','http://example.com');
define('WP_SITEURL','http://example.com');
replacing the URL with your new domain name. This will force wordpress to use this new domain name instead of the one on your server.

You may find that the permalinks still do not work on your site. You have 2 options to get this to work, either open up the .htaccess file and change the links in there to the new location, or second solution is to delete the contents of the file and save it and make it writeable CHMOD777 then in the backend of your site go to Settings > Permalinks and then choose the option you want and save. This will then fix the links.

If you have hardcoded in all of the links to your test domain you can either go through all of your css files and other template files and change the links over or you can use the Velvet Blues Update URLs this plugin updates all of the links on your site without the hassle of finding them all.

Security on WordPress

Feb 9, 2014   //   by Anthony Devine   //   Website Development tips  //  No Comments

In a few recent Months there are a number of WordPress sites that are being hacked. I have had a few sites hacked myself which was down to building a Website for somebody over 4 years ago and they have not kept the plugins or core software up-to-date, which has left them open to malware.

One site that was hacked of mine was from a base64 javascript injection, this was a nightmare as it injected code into every single php file in the wp-contents folder. There are a great number of php files in the wp-contents folder so it was a big task a head.

You can decrypt base 64 injections with certain sites but you really just need to remove all of the script, you can do this manually as I did or run a script to automatically remove it. The reason i did it manually even tho it took about 3 hours to do is because I wanted to make sure I got all of the scripts.

Once you have completely removed the script you need to upgrade your version of WordPress to the latest version as there are always vulnerabilities and backdoors that are fixed in each new release. Once the core files are up-to-date you need to update your theme files and plugins. Plugins are the way most hackers get into your site so these need to be kept up-to-date and if there are any theme files or plugins that you are not using then you need to delete these files as these are security risks.

When you have everything up-to-date you need to then think about what security plugins you are going to use. The free plugins that I recommend are as follows:

  • Limit Login Attempts by Johan Eenfeldt – This stops multipe attacks on your login page as it locks you out for 30mins if you enter in the password wrong a number of times
  • Captcha by Bestwebsoft – This adds a captcha form on the backend login form which will stop machine based attacks on your site
  • Anti-spam by Webvitality – This stops all of the spam comments added onto your site
  • Wordfence security – A firewall and anti virus scanner
  • Sucuri Security – Scans your site for malware
Another security issue is using the database prefix _wp, this should be changed to something else as it is what most people use as default and can be a risk.

You should also make sure that if you have been hacked that you change all of your servers FTP login details and you should change your WordPress login details as well. Passwords should be strong passwords, you can use this site to find a strong password: Secure Password Generator. You should also make sure that your wordpress Username is not admin, this is a big security risk. To delete this user and create another administrator login you need to do the following:
  • Login as admin and create a new Administrator account
  • Logout of admin account and login as your new account
  • Delete your admin account, it will then tell you to select from the drop down list which account to assign all of the posts admin created. Select your new account form the drop down and proceed with the delete
  • You new account has now been created, you have removed admin and have assigned all of admins posts to your new user

Remember before doing any of the above make sure you take a backup of your database!

The final step to tightening up on your security is to change your folder permissions so they are not all CHMOD777 this will mean that certain parts of wordpress may not function as it usually does in terms of being able to upload from the backend and update form the backend but you just have to mess around with the file permissions until you get the right ones that you need.

The most important thing to remember is to keep all of your files up-to-date and always keep a backup so if there are any issues you can always roll back to a clean verson of your site.

Best lightbox plugin on WordPress

Feb 9, 2014   //   by Anthony Devine   //   Website Development tips  //  No Comments

The best lightbox plugin I have found for WordPress is Lightbox 2.

The good thing about this plugin is that it automatically adds all of your images into a lightbox and if you didn’t want it to do that you can manually add a lightbox shortcode to each image and you can group images together on a page.

The code for manually grouping together images on a page is:

rel="lightbox[roadtrip]"
roadtrip can be changed to anything you want.

Disable comments on WordPress site

Feb 9, 2014   //   by Anthony Devine   //   Website Development tips  //  No Comments

There are options in WordPress to disable user comments, however this never works you will always find your site getting spam comments and you will find a comments form on your site.

The most effective way to remove them is to remove the code for the comments box on all page. Look through your theme files for the following code:

<?php comments_template( '', true ); ?>
and remove out the code. You will probably find this in the, single.php file and the page.php file and maybe in other files.

Stop WordPress creating empty < p > tags

Feb 9, 2014   //   by Anthony Devine   //   Website Development tips  //  No Comments

When you are creating a new page or post in WordPress you will find that when you use the Return button on the keyboard WordPress will automatically add in a blank < p > tag. This is not great as it adds in extra lines into the page and is not very tidy when you look at the code.

A way to stop WordPress creating blank

tags is to add the following in your functions.php file:

remove_filter ('the_content', 'wpautop');

Adding Widgets to specific pages in WordPress

Feb 9, 2014   //   by Anthony Devine   //   Website Development tips  //  No Comments

Widgets in WordPress are brilliant but the main problem they have are that they appear on every page of your site. If you want a widget to appear on just 1 page or a couple of pages without having to hardcode the widget in your core code then you need to use Widget Logic.

Widget Logic is simple to install and once installed you just move a widget to your desired sidebar and you will now notice the widget logic option on your widget. If you want the widget to just appear on a page http://www.yourdomain/windows or http://www.yourdomain/security then use the code:

is_page('windows') || is_page('security')
If you want the widget to appear on every page appart from http://www.yourdomain/windows then use the code:
!is_page('windows')

Creating a sidebar in WordPress

Feb 9, 2014   //   by Anthony Devine   //   Website Development tips  //  No Comments

You may want create a new section on the side of your WordPress site or you may want a new area on your homepage where you can drop in an image of a link.

An easy way to achieve this is to register a sidebar. Firstly open up your functions.php file adn do a search for register_sidebar you will see something like:

register_sidebar( array(
		'name' => __( 'Second Front Page Widget Area', 'twentytwelve' ),
		'id' => 'top-page-content',
		'description' => __( 'Appears at the top of each page', 'twentytwelve' ),
		'before_widget' => '<aside id="%1$s" class="widget %2$s">',
		'after_widget' => '</aside>',
		'before_title' => '<h3 class="widget-title">',
		'after_title' => '</h3>',
	) );
The above is one that I have created, you give your new sidebar a name, and id to call it, a description and you can add tags around the title in the example above a h3 tage has been wrapped around it.

Once you have added in your new sidebar save the file. Then if you go into widgets you will see your new sidebar appear, you can add widgets into this sidebar however as you have not said where you want the sidebar to appear in your template these widgets will not yet appear.

You now need to add in the following code into your template where you want your sidebar to appear:
<?php dynamic_sidebar( 'top-page-content' ); ?>
Once this is saved your widgets will show on the page.

Buckets are an alternative to widgets. Basically it allows you to do the same thing as sidebar Widgets but it is a bit more user friendly as it is a plugin. Download it here >>