WordPress

Been doing a bit of WordPress customisation work recently, – here are a few ways to delve into your content. There are plugins available for a lot of these techniques; however sometimes you may wish to trim your plugins for speed or other considerations. Enjoy.

1) Displaying Related Posts
Related posts can retain your readers by offering them easy to click, context related links. To execute this ‘hack’ you will need to edit your single.php file (in your current theme)

<?php
//Place in the loop to list 5 posts related to the first tag in the current post
$tags = wp_get_post_tags($post->ID);
if ($tags) {
echo 'Related Posts';
$first_tag = $tags[0]->term_id;
$args=array(
'tag__in' => array($first_tag),
'post__not_in' => array($post->ID),
'showposts'=>5, 'caller_get_posts'=>1
);
$my_query = new WP_Query($args);
if( $my_query->have_posts() ) {
while ($my_query->have_posts()) : $my_query->the_post(); ?>
<p><a href="<?php the_permalink() ?>" rel="bookmark" title="Permanent Link to <?php the_title_attribute(); ?>"><?php the_title(); ?></a></p>
<?php endwhile;
}
}
?>

2) Displaying Recent Comments
Recent comments can be very helpful to build awareness of what topics readers are finding value in. To display recent comments you will need to modify your functions.php file (in your current theme)
If this file is not present, you will need to create it.

<?php
function recent_comments($src_count=10, $src_length=60, $pre_HTML='<ul>', $post_HTML='') {
global $wpdb;
$sql = "SELECT DISTINCT ID, post_title, post_password, comment_ID, comment_post_ID, comment_author, comment_date_gmt, comment_approved, comment_type,
SUBSTRING(comment_content,1,$src_length) AS com_excerpt FROM $wpdb->comments LEFT OUTER JOIN $wpdb->posts ON ($wpdb->comments.comment_post_ID = $wpdb->posts.ID) WHERE comment_approved = '1' AND comment_type = '' AND post_password = '' ORDER BY comment_date_gmt DESC
LIMIT $src_count";
$comments = $wpdb->get_results($sql);
$output = $pre_HTML;
foreach ($comments as $comment) {
$output .= "<li><a href=\"" . get_permalink($comment->ID) . "#comment-" . $comment->comment_ID . "\" title=\"on " . $comment->post_title . "\">" . strip_tags($comment->com_excerpt) ."...</a></li>";
}
$output .= $post_HTML;
echo $output;
}
?>

Wherever you would like to place comments simply include the following line:
<?php recent_comments(); ?>

3) Adding A Print Button To Blog Posts
Of course there are keyboard shortcuts and other ways to perform this task, but it is nice little feature to offer.
Edit your single.php file (in your current theme) and add the following code:

<a href="javascript:window.print()" rel="nofollow">Print this Article</a>

4) Excluding Categories From Your RSS Feed
Perhaps your have a category which has little to do with the rest of your blog, – sometimes it can be useful to exclude certain categories from your feed. Simple.

You will need to know the Category ID (cat_id= seen in your URLs)

Edit your function.php file (for your current theme, or create one if it doesnt exist)

function myFilter($query) {
if ($query->is_feed) {
$query->set('cat','-5'); //Don't forget to change the category ID =^o^=
}
return $query;
}

add_filter('pre_get_posts','myFilter');

Adding custom content to your RSS feed is actually a fairly simple process. You may wish to do this to add a copyright notice, a link to social media profile, twitter account, or perhaps even sell advertising.
Basic usage looks like this:

function rssModification ($contentToFilter) {
// Manipulate the content as required
return $contentToFilter;
}add_filter('filterName', 'rssModification ');


There are lots of filters available and obviously an extensive list here. In this example we are going to use the the_excerpt_rss and the_content_rss filters.

When the filter is executed the data to be modified is passed to the specified function. The content can then be altered and then returned.


function rssContent($content) {
$content = $content . '<a href="http://twitter.com/booleanvalue/">Follow me on Twitter!</a>';
return $content;
}
add_filter('the_excerpt_rss', 'rssContent');
add_filter('the_content_rss', 'rssContent');


A great advantage of WordPress being open source is that it has a large community of talented developers creating thousands of plugins to enhance the default funtionality.

Of course these plugins vary drastically in purpose and quality so here is a short list installed for almost every Boolean client; – you should seriously consider adding them to your own.

Askimet
To use this feature you will need a WordPress API key
If you have comments enabled on your blog then Akismet is absolutely essential as a spam filter. Once configured you will be able to view a list of all spam received in order to confirm that the plugin didn’t catch a real comment. On the rare occasion you can mark it as ‘Not Spam’ and then select ‘Delete All’ in order to flush the remaing spam comments.

You can enter your API key under the Plugins tab, and manage spam under the Comments tab. (Askimet is installed by default, so take a few minutes to configure it correctly)

Google Analytics
Google Analytics is a popular statistical analysis package available to track a comprehensive amount of visitor information. The number of visitors to your site, how they found the site, and even what web browser they are using is all available for comparision.

Analyzing the trends of your visitors gives a picture of the most popular content on your site, the terms people are using to find you, and which pages people are linking to on your site so that you can provide more helpful content. It can also give you a better idea of how you can update your site for better search engine optimization.

You can add the tracking code near the end of your footer.php file, just above the </body> tag.

Permalinks
This is one of the first items that should be setup in WordPress giving your posts and pages a ‘pretty’ url eg. sitename.com/category/post-name/ as opposed to sitename.com/p=?1234 This is undoubtably easier on the eyes but more importantly is more SEO friendly since it can incorporate keywords in the URL.

This is a quick and easy setting to change; occasionally however the .htaccess file requires manual editing for this to work properly.

You can update your Permalink structure under the Settings tab in the Admin area.

Permalink Redirect
Once permalinks have been set up, it makes strong sense to install the Permalink Redirect plugin. This plugin extends the basic Permalink settings by ensuring that there are no excess characters in the URL. In the event excess items are present Permalink Redirect sends users to the correct URL by stripping the unnecessary data. Simple.

This plugin requires installation but there is no configuration required.

WP DB Backup
Absolutely essential for WordPress installations is the WP DB Backup plugin which backs up your entire MySQL database. This plugin provides multiple options: manual backup to your own computer or server, or sending it via email.

Best practice is to set the plugin to run automatically, letting you backup your database periodically on a schedule suited to your own requirements.

Backup options are configurable under the Tools tab.
Remember that this just backs up the Database tables and you will occasionally want to download site files files (PHP files, images, etc.) via FTP (or another plugin that I will cover later)

In a follow up to this post a timely reminder that WordPress installations must be secure.

Hackers have developed a distributed WordPress admin account cracking scheme that poses a severe risk for the security of blogs whose owners select insecure passwords.

PHP scripts located on a virtual server run bruteforce (password guessing) attacks on targeted sites. Many sites can be attacked at the same time by the system, with results written into an associated database.

Further details are available here and from the original here.

Having a non standard login (i.e. not administrator) and a long alphanumeric password are easy steps to take, as well as restricting administrative changes to a particular IP address

From the good people over at splashnology this cheatsheet saves you time, energy, and headaches.

Grab it here

Right now there is a worm making its way around old, unpatched versions of WordPress. This particular worm, like many before it, is clever: it registers a user, uses a security bug (fixed earlier in the year) to allow evaluated code to be executed through the permalink structure, makes itself an admin, then uses JavaScript to hide itself when you look at users page, attempts to clean up after itself, then goes quiet so you never notice while it inserts hidden spam and malware into your old posts.

As always, keep your WordPress installation up to date, further reading is available here.

Ongoing tips and tricks for WordPress installations:

1) By default WordPress adds a version number to the header of blog pages.

<meta name="generator" content="WordPress 2.7" />

Unfortunately this information is valuable for WordPress hackers as they can target blogs using the older and less secure versions of WordPress software. To remove this version number from the header add this line to your functions.php file in the WordPress themes folder.

<?php remove_action('wp_head', 'wp_generator'); ?>

2) Since WordPress 2.6 there are document revisions allowing access to all previous versions. This is a fantastic feature for blogs with multiple authors and multiple versions of documents; however many of us do not require this functionality. These post revisions also increase the size of the wp_posts table as each revision creates a new row.

To disable revisions add the following line to your wp-config.php file

define('WP_POST_REVISIONS', false);

3) Hot Linking is the unauthorised linking of images or downloads from your website to another. Basically the images are hosted on your website and other websites link their image tags to your files, – essentially stealing your bandwidth. If people are ‘hotlinking’ to your image files, they are using your bandwidth which you pay for one way or another through bandwith or performance issues.
You can edit your .htaccess file to disable this behaviour:

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(.*\.)?yourservername.com [NC]
RewriteRule \.(jpeg|jpg|gif|png)$ - [F]


4) Users can of course print from your blog directly from their browser, however you can simplify this by providing a direct print button right there on the post.

Edit the single.php file (for individual posts) from the relevant theme folder and add the following code wherever you want to have the option to print.

<a href="javascript:window.print()" rel="nofollow">Print post</a>

This plugin for WordPress can be set to automatically email your database or backup to a file according a set schedule. The homepage for the plugin is here

I cannot stress enough the importance of regular backups. In the event that your website becomes comprimised you can always retrieve a known good backup to get up an running again (after the vulnerabilty is made secure obviously) At Boolean we believe is is much better to be safe than sorry.