Why you shouldn’t use one click installer to install wordpress

Yes, you will fall at the mid-ocean, trust me!

Well, most of the bloggers just maintain a simple blog so usually they don’t need to worry. They just need to keep a regular backup. But if you are planning to run a business site in wordpress and if that site is your everything, never ever use one click installer to install wordpress! You’d be better off installing it manually which may take you a few minutes longer to install.

Here you can get an idea about manually installing wordpress:
http://codex.wordpress.org/Installing_WordPress
http://www.siteground.com/tutorials/wordpress/wordpress-installation.htm

If you want to install manually, download wordpress from here. Then you can upload this through ftp. You can use several ftp client such as – filezilla, coreftp, fireftp (a firefox add-on) etc. You can know about uses of filezilla here.

Why you shouldn’t?

  • Big WordPress Security Risks
  • Exporting and importing content with WordPress’s built in export tools
  • They use old scripts. Updated versions of WordPress or any script are not immediately released on those services. They install an outdated version of WordPress. It’s not a good start with outdated one.
  • They bypasses almost all settings used for installing
  • Sometimes it has issues while you want to upgrade.
  • Suppose first created database is wpdb1 and the next one is wpdb2 and so on. Malicious hackers know this is how they’re created and it gives them more ammo.
  • Created a file named fantversion.php (or something similar), which is common for all auto installers. This is a security risk if crackers know how to break into it.
  • The auto created database name and the database username is same in most cases.

So what if you have already installed?

  • First of all, keep a backup of whole site and the database.
  • Download latest wordpress from WP rep. (see above for link)
  • Delete wp_admin and wp_includes folder via ftp.
  • Extract the zip and upload only wp_admin and wp_includes folder via ftp.
  • Change (alter) the database name, db username and password.
  • Put the changed db name, db username and db password in wp-config.php.
  • Get new auth key, salt etc from https://api.wordpress.org/secret-key/1.1/salt
  • Copy and replace the keys in wp-config.php
  • Uninstall the plugins that come with default one-click installation

It should work.

WordPress is a 15min install when completely secured and optimized through htaccess. So it’s your decision what will be your route. I just showed you some examples, if you do a little research over google you will get lots of ideas about it.

Hope you will enjoy! :)

How to convert hexadecimal color value to RGB value in php

Most of the CMS provides a color picker in admin panel to user to choose a color. And almost all of the color pickers return the color code as hexadecimal mode, e.g. #4EE4D3. So, you can just get the value and set the color in css. For example:
[php]

body{
background:
}

[/php]

This is a very good practice. Problem occurs if you want to put a opacity option to the user. You can set background opacity with hexadecimal color value. You must use RGBA filter, so RGB color mode as well. Like:
[css]
body{
background: rgba(233, 122, 234, 0.7);
}
[/css]

So, we need to convert the hexadecimal value to its equivalent rgb value. Here is a very small function that will do the job:

So using this function you will get the rgb value, and with that you use the opacity :)

Hope you will enjoy! :)

Get current page url in php

In an application, sometimes we need to get the current page URL in php. I mean, the URL shown in the browser. Here is how you can do it.

First, we will declare and use the function as the following:

Hope you will like it :)

Reorder or rearrange buddypress menu items

Don’t like the order of BuddyPress menu items? Change it!

Use the following code and organize in your way – how you want to reorder the BuddyPress menu items.

You can add those codes in your functions.php in the theme, if you think your theme won’t be changed. Otherwise mu-plugins is the best solution. To use mu-plugins, go to /wp-content/ and find the folder with name ‘mu-plugins’. If there is no folder in that name, then create a folder, name it ‘mu-plugins’, create a file inside that, give any name you like and paste the code in there. You don’t need to activate that plugin. Mu-plugins means must use plugins, so it will be activated automatically always. If you use mu-plugins then add a php start tag at the beginning of the code.

:)

Get All posts by tag in a network – wordpress multisite

If you want to show some selected posts as popular posts across the network, then this snippet is for you :) You can fetch posts by any tag that is available in your wordpress multisite network and show those to anywhere, maybe in the main site or in any subsite.

If you want to show posts from some selected subsites, you just need to pass those blog IDs as an array parameter or if you send an empty parameter it will fetch posts from all subsites in the network.

Here is the code:

You can add those codes in your functions.php in the theme, if you think your theme won’t be changed. Otherwise mu-plugins is the best solution. To use mu-plugins, go to /wp-content/ and find the folder with name ‘mu-plugins’. If there is no folder in that name, then create a folder, name it ‘mu-plugins’, create a file inside that, give any name you like and paste the code in there. You don’t need to activate that plugin. Mu-plugins means must use plugins, so it will be activated automatically always. If you use mu-plugins then add a php start tag at the beginning of the code. And then use the function in anywhere :)

Show posts based on user preference in wordpress

This is an interesting snippet that will help you to set a preference for the users, so that they will choose their favorite categories and they will see posts from these categories only.

You can add those codes in your functions.php in the theme, if you think your theme won’t be changed. Otherwise mu-plugins is the best solution. To use mu-plugins, go to /wp-content/ and find the folder with name ‘mu-plugins’. If there is no folder in that name, then create a folder, name it ‘mu-plugins’, create a file inside that, give any name you like and paste the code in there. You don’t need to activate that plugin. Mu-plugins means must use plugins, so it will be activated automatically always. If you use mu-plugins then add a php start tag at the beginning of the code.

Enjoy! :)

Remove joined group notification from sitewide activity

This is very little code snippet that will help you to hide some activity notification from the sitewide activity page. When someone joins in a group, we see a notification in sitewide activity page says, “Someone joined the group ABC”.

Screen Shot 2014-09-26 at 7.43.47 PM

This not that bad, but if your site is attacked by spam users, your activity feed will be flooded with spam notification. So why don’t just hide it? :) Here is the code snippet:

You can add those codes in your functions.php in the theme, if you think your theme won’t be changed. Otherwise mu-plugins is the best solution. To use mu-plugins, go to /wp-content/ and find the folder with name ‘mu-plugins’. If there is no folder in that name, then create a folder, name it ‘mu-plugins’, create a file inside that, give any name you like and paste the code in there. You don’t need to activate that plugin. Mu-plugins means must use plugins, so it will be activated automatically always. If you use mu-plugins then add a php start tag at the beginning of the code.

You can do the same for other notification type. If you don’t know the type, in the above code just use:
[php]
print_r($activities);
[/php]

You will get all the types that are coming in your activity field.

Enjoy! :)

How to write dynamic css in a php file in wordpress

It’s always standard to maintain a separate css file for styling, even for dynamic css that is generated by the theme options. Most of the theme developers include this dynamic styles into the header or footer using wp_head or wp_footer hook. How’s about having a totally separate css file for the dynamic styles? :) It’s pretty simple so let’s start!

In my example, I have used redux framework, so that I have a global variable. In my case, I assume my global variable is $lts. So, in functions.php you need to add like this:

[php]
// Adding custom script
add_action( ‘wp_enqueue_scripts’, ‘theme_custom_style_script’, 11 );
function theme_custom_style_script() {
wp_enqueue_style( ‘dynamic-css’, admin_url(‘admin-ajax.php’).’?action=dynamic_css’, ”, VERSION);
}

// Ajax handler for wordpress
add_action(‘wp_ajax_dynamic_css’, ‘dynamic_css’);
add_action(‘wp_ajax_nopriv_dynamic_css’, ‘dynamic_css’);
function dynamic_css() {
// Assuming the css file is in /wp-content/themes/THEME_NAME/assets/css/ directory
require( get_template_directory().’/assets/css/custom.css.php’ );
exit;
}
[/php]

Then in custom.css.php file add this:
[php]

body{
/* You can use your theme option variable here, just declare it as global variable first */
color: ;
}
[/php]

Gist code:

Hope it helps! :)

How to load a wordpress plugin at very last

You need to load your plugin at vert last? Well, sometimes we develop a simple plugin that is dependent to other plugins, something like add-on. So, in those cases, the addon plugins need to be loaded after the parent plugin. Here is a small snippet that need to put at the addon plugin to make sure that the plugin will be load at the last of all plugins.

Here you go:

Enjoy!

How to make your wordpress secure, wp config tips and many more

You don’t want your site to be hacked, right? Security should be at the top of to-do list. It doesn’t matter which CMS or platform you use for your website or application or portal, but you need to always think about security. Well, you never can stop a hacker to hack your site, but you can make this difficult for you. Today we are going to discuss about some security issue and wp-config tips.

wp-config.php file is the key of a wordpress site, like a foundation when you build a building. Everything in wordpress stand based on this configuration file. So, it’s important, but most of the users ignore this file or afraid of even looking at this file. But you know what, once you get familiar with this your life would be easier :)

So, let’s start!

  1. Make sure the file permission wp-config.php is 600 to prevent other users on the server from reading it. The permission of other directories should be 750 or 755. And all files should be 640 or 644. Never use 755 for a file or directory, not even for upload folder!
  2. To check any error in your site, you can enable debug mode. Though, enabling debug mode in a live site is not recommended at all. You should have a staging site where you can do all the testing, and when you are done, apply the changes in production server. Anyway, to enable debug more edit a line in wp-config.php. Change

    to

    It will enable debug mode and you will see all the warnings, errors and notices (based on server configuration).

    Now, if you want to enable debug mode but don’t want to display the errors, then use:
    [php]
    define( ‘WP_DEBUG_DISPLAY’, false );
    @ini_set(‘display_errors’,0);
    [/php]
    So, how can you see the errors? Well, you can enable logging the errors :) Adding the following line will create a debug.log file inside of wp-content directory with all the errors and notices.
    [php]
    define( ‘WP_DEBUG_LOG’, true );
    [/php]

  3. So, as you saw the define function, so I hope you are familiar with it or will be :) You can take some advantage of this function. This function is used to define a constant. A constant is a variable but the value of that variable never be changed and you can use that constant anywhere in your site (something like global variable, but you don’t declare it globally before using). Example:
  4. Did you install SSL in your server for your domain? And the site admin is still being loaded over HTTP instead of HTTPS? Well, you can force SSL login.
    [php]
    define( ‘FORCE_SSL_LOGIN’, true );
    [/php]
    You can force the admin of your site to be loaded over HTTPS as well:
    [php]
    define( ‘FORCE_SSL_ADMIN’, true );
    [/php]
    If you use non secure virtual host, you can add this in httpd.conf file: (assuming your site is domain.com)
    [html]
    RewriteCond %{THE_REQUEST} ^[A-Z]{3,9} /(.*) HTTP/ [NC]
    RewriteCond %{HTTPS} !=on [NC]
    RewriteRule ^/?(wp-admin/|wp-login.php) https://domain.com%{REQUEST_URI}%{QUERY_STRING} [R=301,QSA,L]
    [/html]
  5. How’s about disabling theme and plugin editor? Editing via wordpress editor is really a bad habit unless you are sure what you are doing as there is no way to roll back. Adding the following line will disable the editors:
    [php]
    define( ‘DISALLOW_FILE_EDIT’, true );
    [/php]
    If you want to restrict updating themes and plugins from inside the wordpress admin use:
    [php]
    define( ‘DISALLOW_FILE_MODS’, true );
    [/php]
  6. Revision is one of the coolest features in wordpress. Besides it also increases the db size. So you can limit the revisions using the following code to 5 times:
    [php]
    define( ‘WP_POST_REVISIONS’, 5 );
    [/php]
    If you want to completely disable the revision feature use:
    [php]
    define( ‘WP_POST_REVISIONS’, false );
    [/php]
    Plus, if you want to increase the delay (in this example 1500s) of autosave, use this:
    [php]
    define( ‘AUTOSAVE_INTERVAL’, 90000 );
    [/php]
  7. In latest version of wordpress the default theme is twentyfourteen. You can change the default theme to any installed theme. You must need to know the theme slug.
    [php]
    define( ‘WP_DEFAULT_THEME’, ‘twentytwelve’ );
    [/php]