What’s the Purpose of inc and lib Folders within WordPress Themes and Plugins?

What’s the Purpose of inc and lib Folders within WordPress Themes and Plugins?

WordPress Directories

WordPress inc and lib folders (directories) aren’t something that I would say belong solely in themes or only in plugins. Instead, I’ve used the inc directory and lib directory in both themes and plugins.

The inc Directory

As my general rule, I use the inc directory primarily to place collections of functions that are related to core functionality but aren’t necessarily meant to clutter up the primary core of the theme or plugin.

For Themes

For example, if I’m working on a theme and I have a collection of functions for said theme that I use as helper functions, I’d much rather create inc/helpers.php than to drop them in functions.php. Over time, more helpers can be added.

In more specific cases, I also use the inc directory as a way to store core theme files such as theme-customizer.php or custom-header.php. This way, these files are focused solely on a single purpose and are easier to maintain over time. Plus, they are self-descriptive.

This keeps functions.php lean, and it keeps procedural programming files slightly more organized than having one giant “god-file” by the time of delivery.

For Plugins

In the case of plugins, I generally use object-oriented programming so the inc directory is normally used to hold additional classes that I write that are used as part of the core plugin file, but are dependencies.

This means that if I have the core plugin that depends on, say, a custom CSV parser or a serialization / de-serialization class, then these files would reside in inc.

The lib Directory

In short, the lib directory is used for third-party libraries. That is, these are used to make sure that I place code written by another author or team of developers in a place that I can easily retrieve (and attribute – don’t forget! :)) in my project.

The thing about third-party libraries is that they aren’t always PHP-based. Instead, they may be JavaScript based, CSS based, or a combination of all three. In that case, I have to take it case-by-case.

If it’s a third-party JavaScript library such as say, FitVids, then I’ll have a directory js/lib/jquery.fitvid.js. Similarly, if there’s a CSS libraries that I’m using, like Foundation, then I’ll drop those files in css/lib/foundation.css.

Finally, if there is a library that is composed of JavaScript and CSS and/or PHP, then I normally drop them in the lib directory in the root of the theme or plugin because most of those files will have dependencies on one another and it’s significantly more painful to try to go through and update all of the relative path references especially when you have to repeat the process when there’s an update.

Also, I know that an alternative to this is using a vendors directory. Though I’ve seen the convention and think it’s just as good, I’ve personally just stuck with lib.

Please feel free to share to this information to anyone who would like to learn more about the use of WordPress inc and lib folders. Of course also feel free to submit a comment.

If you want a recommendation of some high quality WordPress themes, plugins, and other digital assets, you should check out what envato.com is currently offering below.

Unlimited Digital Assets


If you’re looking for all things WordPress, check out all of our latest WordPress guides.

references: developer.wordpress.org, tommcfarlin.com, largo.readthedocs.io

Best WordPress Hosting Providers for 2019: Top 10 Guide

Best WordPress Hosting Providers for 2019: Top 10 Guide

Welcome to the WTG Guide of the 10 Best WordPress Hosting Providers for 2019.

In this list, we’ll look at some of the best WordPress hosting providers available like Bluehost, WP Engine, 1&1 IonosHostgator, and Inmotion.

You probably already have a decent understanding of WordPress, but if you don’t here is some information:

WordPress is a free and open-source content management system (CMS) based on PHP & MySQL. Features include a plugin architecture and a template system. It is often associated with blog websites but it is widely used for other types of websites and web content including traditional business sites, mailing lists, forums, media galleries, and online stores. Essentially any website can be made with WordPress. Used by more than 60 million websites, including 33.6% of the top 10 million websites as of April 2019, WordPress is the most popular website management system in use.

Let’s take a closer look at the WTG top 10 WordPress web hosting providers for 2019.

1. Bluehost – 10/10

If you’re interested in utilizing WordPress for a website, Bluehost is definitely the WordPress hosting provider to consider. Bluehost has both specific WordPress and WooCommerce (WordPress Ecommerce) hosting plans available (along with management support). It also offers a site migration service.

Bluehost regularly creates daily backups, even on the lowest-priced web hosting accounts. Bluehost is known for offering 24-7 phone support and SSH access for more technically advanced users.

2. WP Engine – 9.5/10

Incredible Offer: Get Genesis Framework & StudioPress Themes FREE.
Sign up for a WP Engine hosting plan.
Receive the Genesis Framework and 36 StudioPress Themes FREE.
Over $2,000 in value.

WP Engine is a major player in the WordPress web hosting service providers world… chances are you’ve probably heard of them before. WordPress is within their name (WP:Wordpress) and they live up to their focus on delivering high quality WordPress hosting services. The managed servers they provide are among the best out there. Additionally, there are various options, so you can easily find the perfect hosting whether you want a managed, dedicated or cloud WordPress hosting service.

From personal blogs to a complex site for your company, organization, or brand, WPEngine handles your requirements with their in-house caching technology for massive scalability and speed.

And of course don’t forget about the incredible offer of the Genesis and Studiopress Themes for FREE when you sign up.


3. 1&1 IONOS – 9/10

1&1 IONOS provides a wide range of hosting services, along with a full e-commerce stack, domain name registration, Office 365 solutions, and online marketing programs. 

The company also offers higher-end Windows and Linux servers, available with Plesk and cPanel respectively. We were very intrigued to see that the company offers Atom-based dedicated servers as well as the more traditional Xeon-based machines.

1&1 IONOS has some of the most reasonable monthly prices we’ve seen for a major hosting provider, and it comes highly recommended by WTG because of it.

Good phone, email, and chat tech support, along with SSD-based hosting for faster performance, and a free SSL certificate make 1&1 IONOS a WordPress web hosting provider that is tough to beat.

4. Hostgator – 9/10

HostGator is a full-service hosting company, with plans for almost any need. Whether you’re starting out and need a very basic site, or need to be able to host a considerably large business with higher visits per month , HostGator has a service that can help.

Compared to some of it’s competitors Hostgator’s WordPress Cloud Hosting “Standard Plan” offers a larger storage capacity, and unlimited email addresses, all at a lower monthly cost.


5. InMotion Hosting – 8.5/10 

InMotion is one of the most respected Web hosting providers, and at WTG we believe they put considerable effort to compete with their WordPress hosting offerings. We particularly like that the company offers free backups and SSH access, even on their lower-end plans. Integrated WP-CLI (Command Line Interface for WordPress) is also available.

They offer an all-SSD infrastructure, 24-7 telephone support in addition to the ticket/email/chat support options. Additionally they offer a basic site migration, in that they’ll unpack a site saved from another cPanel instance. InMotion provides free SSL and free malware detection. InMotion also offers a full 90-day money-back guarantee.

hostinger wordpress hosting

6. Hostinger – 8.5/10

Hostinger, a hosting provider based out of Lithuania, apparently signs up a new client every five seconds. With 29 million users in 178 countries and subsidiaries in the US, Indonesia, and Brazil, the company has been in operation since 2004.

Hostinger has a nice selection of plans, all of which can be optimized for WordPress. We particularly liked that even the least expensive plans offered some level of SSH access for those who need it. The company gained points for its offering of SSD performance, dedicated IP, and regular backups for some plans.

Hostinger offers a 30-day money back guarantee with wording we wish more providers would use: “If for any reason you decide not to continue with Hostinger, we will offer a full refund on your purchase, no questions asked.” If you have any questions, the company has support chat lines available 24/7. 

7. iPage – 8/10

Every WordPress web hosting provider in this top 10 list provides quality hosting at a reasonable price, iPage is no exception. They have a low WP Starter monthly rate of $3.75/mo (very reasonable), as well as the recommended WP Essential monthly rate of $6.95/mo (very reasonable as well).

We believe they provide a good WordPress “hub” with hand-selected themes, pre-installed plugins, and a fully customized WordPress control panel.

We like how iPage offers 24-7 telephone support and a 30-day guarantee on top of its ridiculously low price. If you’re on a budget and want to try out WordPress web hosting, It’ll be tough to find a better starting price than what iPage is offering.

8. Liquid Web – 8/10

We believe that Liquid Web delivers well on its Personal, Freelance (best seller), Professional, and Business WordPress hosting plans. Liquid Web focuses on customer satisfaction, auto optimizations, and the ability to manage a lot of data through various sites (as needed).

To briefly elaborate, Liquid Web explains that the amount of page views should not be focused on in relation to costs but only in regards to the desire to increase potential customers, clients, conversions, etc. The page views are not readily viewable, and their are no overage fees.

9. MediaTemple – 7.5/10

Media Temple has the persona and culture of “For Us By Us”, meaning this a company for WordPress developers and designers by WordPress developers and designers.

Their mottos and mantras can be sensed in their attention to design and capabilities of handling as much technical aspects as desired. If you want to “get serious” about creating and/or advancing your WordPress site, then Media Temple is a great destination to make it happen.

green geeks wordpress web hosting

10. GreenGeeks – 7/10

GreenGeeks is an excellent WordPress hosting provider that provides top-notch support and everything you need to run a successful website.

GreenGeeks focus on clean and renewable energy is a breath of fresh air, literally. Performant hosting, great support, and a cause you can get behind. You can feel good about choosing GreenGeeks.

What exactly is a Managed WordPress site?

Due to the popularity of WordPress, several web hosting providers have chosen to specialize in WordPress and offer what’s known as managed WordPress hosting.

Managed WordPress hosting is a concierge service where all technical aspects of running WordPress is managed by the host.

This includes security, speed, WordPress updates, daily backups, website uptime, and scalability.

The idea behind managed WordPress hosting is to offer a completely hassle-free experience, so you can focus on running your business and doing what you are good at.

One of the best parts about Managed WordPress hosting is the premium support. Your support is provided by real WordPress experts with lots of experience rather than someone who is reading a support manual.

Customers describe managed WordPress hosting as “a Five-Star Hotel for WordPress” and “like having an army of WordPress experts on your side”.

Benefits of a Managed WordPress Site

The host will often import your previous WordPress blog, if you have one. Usually you’ll get some preinstalled themes and plugins to simplify customization. 

There should at least be an option to automatically update the site, a security service like SiteLock will be on hand to keep your blog malware-free, and we would expect 24/7 support from a team with real WordPress knowledge.

It’s unfortunate, but sites do get hacked on occasion. Usually, WordPress sites are hacked through the backend, or through using faulty plugins or themes.

Shared web hosts can potentially be more vulnerable than managed WordPress hosts. Managed hosting solutions will also look at every aspect of your site to ensure that your site is always protected against the latest threats.

Most shared web hosting plans aren’t equipped to handle very large amounts of traffic. The last thing you’d want is to have your site crash once you start to receive large numbers of traffic.

Managed hosting services are equipped to grow with you, so your site will be ready to handle all of the traffic you send at it.

The best hosts go even further, optimizing their servers to boost WordPress performance, and sometimes throwing in extras like a content delivery network (CDN) to deliver great speeds worldwide.

6 Significant Companies and Organizations Currently Utilizing WordPress

Don’t underestimate the power and utility of WordPress.

1. The Washington Post

As you probably guessed, WordPress naturally evolved to support large publications. The CMS makes it easy for publishers to produce lots of articles (especially with the Gutenberg editor), readers to consume lots of content, and search engines to index it all.

Even if you’re not running a major daily publication, this is helpful for your enterprise site because you can trust in the SEO benefits of WordPress. (Think about it – an organization like The Washington Post would not leave that to chance!) TechCrunch is another great example of an enterprise WordPress publication.

2. Sony Music

Yep, this leader of the entertainment industry uses WordPress to power its website. From featuring artists to sharing the latest Sony news, WordPress makes it easy to share different categories of content. No matter what your marketing team is after, WordPress probably has a way to do it.

3. The Walt Disney Company

One of the world’s most magical studios uses WordPress to tell its digital story. It’s a reliable way to bring your brand to consumers and keep your content up to date! And thanks to the ease of WordPress, your marketing team can focus on updating pages with the latest information, instead of fumbling with servers.

4. S’well

This popular water bottle brand uses WordPress for its website, which is largely an eCommerce site! You’ll find all the signature elements of online stores, including product pages, discount codes, and a smooth cart checkout process.

There are several themes and plugins built specifically for WordPress that make eCommerce sites a breeze to set up. Plus, if your marketing team is supporting sales with a content strategy, you’ll get all the blogging benefits of WordPress, too.

5. AMC

I’ve talked a lot about written content, but WordPress can masterfully display visual content also, as seen on AMC’s website. The entertainment channel uses its site to promote its TV shows, so it leverages photographs and videos to share those stories.

6. Harvard

If you’re at all worried about professionalism, don’t be – even prestigious organizations like Harvard use WordPress. One of the reasons is that it’s a reliable platform, so you can trust that your organization’s online presence will always be accessible for web visitors.

No matter what content type your enterprise business is focused on, WordPress will help you show it off easily and beautifully, while also keeping your site secure and speedy.

How to Add a Back to Top Button to Your WordPress Site

How to Add a Back to Top Button to Your WordPress Site

User experience is often an overlooked aspect of website design, which is unfortunate, really, because it plays an important and essential role in ensuring visitors can easily use and navigate your site.

It’s in your best interests to make your visitors’ experience seamless and as effortless as possible. After all, you want them to spend time on your site, read your content and even buy your products or services if you offer any.

A small feature that many sites offer is a “back to the top” button, which allows users who have scrolled through pages of content to quickly return to the top of the page. This feature is especially useful for sites that contain a lot of information or have infinite scroll.

In today’s WTG project we’ll show you how to add a dynamic “back to the top” button to your site in a few quick and easy steps.

Before You Begin

An example of a back to top button
An example of the back to top button we’ll be creating.

The button we’re going to create will sit in the bottom-right of the page, will be fully responsive, fade into visibility when you scroll down and smoothly scroll up to the top of the page when the button is clicked. Neat, right?

First, there is one incredibly important action you should take before you start.

The steps to set up the button are simple, but it will require editing theme files. For this reason, it’s important that you backup your style.css and functions.php files in the theme where you want the button to appear. While you’re at it, back up your whole site just to be safe and because it’s a good habit.

If you want to add a back to top button to an existing theme, it’s a WordPress best practice to create a child theme so that any changes you make will not be erased by future updates of the original theme.

All set? Let’s go!

Copy and Upload the Script

Access your site’s files via FTP or cPanel and navigate to your theme’s JavaScript folder, which will be in wp-content > themes > your-theme > js.

The location of this file may differ from theme to theme, but usually, you’ll find it here. If your theme doesn’t contain a js folder, then go ahead and create one.

In this folder, create a new file called topbutton.js. You can name this file whatever you’d like, but if you do change the name, keep in mind that you will also need to change every reference to it in the code you add. Either way, add the following code In the new file:vtopbutton.js hosted with ❤ by GitHub

You can adjust how fast the button scrolls to the top by editing the number beside var speed = toward the top. The higher the number, the slower the automatic scroll will be.

Similarly, you can adjust the speed of the fade animation by editing the number beside var duration = and how many pixels are scrolled on a page when the button appears by by editing the value for var offset =.

This script is set up to display the button after you’ve scrolled 100 pixels on a page. It’s set low so it’s easier for you to test out even if you have a fresh install with very little to no content.

Realistically, you may very well want to change these values to whatever suits your specific needs. Once you have successfully created this new file, you’re ready to move on to the next step.

Make a Button

Make a note of your button image's URL in your media library
Click on your uploaded button’s image in your media library to find the URL you need to complete this step.

Use your favorite image editing software to create a button, purchase a button image or find one with a GPL licence that you can use for free. Upload it to your site and make a note of the image’s direct link. We’ll need it for the next step.

Once you’ve uploaded the image file, you can find the URL you need by viewing your media library and clicking on the thumbnail of your button. An in-line popup will appear and on the right-hand side you’ll find the link.

If you don’t like the idea of adding an image and you’d rather add text, this is also possible.

Keep in mind that the text will likely inherit the color, size and font of your theme so styling the button through CSS will take a bit of skill. The results will be very specific to your theme so using an image for the button as we are doing here is a much simpler solution.

Keep this page open and head on over to the next step.

Edit the style.css File

Open your theme’s CSS stylesheet add the following code anywhere you see fit as long as it’s not in between already existing tags and code. At the very bottom is a great place for it.

Alternatively, if you’ve previously installed a plugin such as Simple Custom CSS, you can add the code right into the area provided. Don’t forget to hit the save button!vstyle.css hosted with ❤ by GitHub

Don’t forget to replace the image link in this snippet of code with your button’s URL you noted in the previous step. If you don’t change the link, no button will appear so don’t forget this step.

4. Edit functions.php

In order for the JavaScript file you created to have any effect, you need to tell WordPress you want to use the file. You can do this by creating what’s called an enqueue script in your theme’s functions.php file.

The best place to add the following code is at the very end of the file, that way it will be less likely that it will interfere with other code. functions.php hosted with ❤ by GitHub

Once you’ve either edited and saved the file directly through your control panel or you’ve used FTP to upload the edited file – and replace the old one – you’re all set to start the next step.

Add the Button Link

The last step is to add the actual link to the pages of your site so the back-to-top button will appear.

You could put this link in every page template you have or in the header.php file, but since the button will appear at the bottom of the page, let’s put it in your footer. It will keep things nice and simple in case you decide to make future changes.

You can place your link virtually anywhere in the footer.php file.
I placed the link above the footer tag in the footer.php file when testing out this button in the Twenty Fifteen default theme.

Open your footer.php file which will most likely be found in thewp-content > themes > your-theme folder.

The button is set to hover separately over all content of the page at the very bottom, right-hand corner so it doesn’t matter where you put the button link as long as it’s not smack dab in the middle of other code. Placing it between the footer or a div tag is usually a good spot.

If you decide to change the position of the button in the CSS stylesheet, keep in mind that where you put the button link may actually matter. It may appear exactly where you placed the link in the footer.

The CSS is currently set to a fixed position of 5 pixels from the bottom and right-hand side of the window so it shouldn’t currently be a problem. Here’s the link you will need to add to your footer.php file:footer.php hosted with ❤ by GitHub

You may notice the the link doesn’t actually have any text or button associated with it. This is because we’ve already established the button image with CSS so it’s not necessary to add it.

It’s also made clear that we are using a class instead of an id to define the link and its properties. This is simply so you can be free to add more similar buttons to your page, rather than being confined to one button per page. Changing this is not necessary.

The moment you’ve been waiting at the edge of your seat for has arrived! Go ahead, visit a page in your site that requires a lot of scrolling and check out your new “back-to-top” button.

Final Thoughts

Now your site’s visitors will be able to view your content with a bit more ease. If you’re not too keen on editing your theme’s files yourself, not to worry, there’s an easier alternative.

The easier alternative (plugin):

Scroll Top plugin will enable a custom and flexible Back To Top button to your WordPress website. It allows your visitor to easily scroll back to the top of your page. You will get features such as unlimited color choices, icon font & retina ready.

Now you’re ready to make your visitors’ experience a better one with each and every click.

references: wpmudev

What do you think of back to top buttons? What would you add to a site to increase UX? Let us know by submitting a comment below.

What is WordPress?

What is WordPress?

WordPress is the world’s most popular tool for creating and managing websites — any kind of website, from a simple blog to a full-featured business website.

You say you’ve never built a website? No problem! With WordPress you don’t need any coding or design skills to create a professional looking site. There are thousands of free site designs to choose from (known as “themes” in the WordPress world). With WordPress it’s easy to build your website without writing a single line of code or knowing anything about HTML.

Unlike traditional desktop software, WordPress runs online (in the cloud, so to speak). There’s nothing to install on your computer and you don’t need any special tools. You can update your website from anywhere that you have an Internet connection – even your smartphone.

Best of all, WordPress is free in every sense of the word. It’s both free to use and free to modify. So, if you are the sort of person who likes to tinker with code, you can dig in and make WordPress do just about anything you want it to.

Unlike other free website building tools, WordPress is completely portable. That means you can host your website anywhere and move it at any time (something that can’t be said for services like Wix or Weebly).

Speaking of web hosting, there are a couple of different ways to host your WordPress website:

WordPress.com is the hosted version, meaning your website runs on the official WordPress servers. You can go there right now and create your own website for free in just a few minutes. This is the best place to start if you just want to see what WordPress is all about.

You should be aware of a few limitations to WordPress.com. You’re limited to only the themes that are pre-installed and you can’t use plugins (those are mini-programs that add features to your website). There’s also a small fee if you want to use your own domain name.

Don’t worry though, if you decide you like WordPress and want to take full advantage of everything it has to offer, you can easily move your site later.

WordPress.org is the self-hosted version. This is what you’ll use if you want to run WordPress on your own web hosting account. When you use this version you have complete control over the design and functionality of your website.

There’s a reason why 30% of all websites are built with WordPress. Take a look at the WordPress showcase and you’ll see everyone from The New Yorker to the The Rolling Stones using WordPress to run their website. While you’re at the showcase you may even find some inspiration for your own website.

So now that you know what WordPress is, it’s finally time to start building your website.

How to Connect WordPress with 8 Different Cloud Based Services

How to Connect WordPress with 8 Different Cloud Based Services

For many of us, cloud storage has become a key component of our workflow. These services make it incredibly easy to back up files and share them with others. You can even set them up so they run quietly in the background – copying your files as you work.

Plus, most services offer more than one way to access your storage space. Sure, you could download an official mobile app or use their website. But, through the use of an API, other applications can also tap into the system – including WordPress.

There are a number of different reasons and use cases for hooking your WordPress site up to the cloud. Today, we’ll look at a few of the more popular scenarios and introduce you to some WordPress themes and plugins that will help you to get started.

The WordPress Toolbox
Unlimited Downloads: 500,000+ WordPress Themes, Plugins, Templates & Design Assets


Serve Up Media

Media files can take up a lot of server space and eat away at your allotted bandwidth. Cloud storage can help by keeping media separate and quickly serving it up, much like a content delivery network (CDN).

WP Offload Media Lite

WP Offload Media Lite

WP Offload Media Lite works with a number of popular cloud providers, including Amazon S3, DigitalOcean and Google Cloud Storage. The plugin will automatically copy uploaded files to the cloud and changes the URL accordingly. Just note that a copy of the files you upload will remain on your hosting server – they just won’t be used. A pro versionadds the ability to move existing media to the cloud and other goodies.



Users of Google Cloud Storage can leverage WP-Stateless to serve up media files through the tech behemoth’s redundant servers. Choose from one of three custom “modes”: Backup, CDN and Stateless – the latter storing and serving media exclusively from Google’s servers. There are a lot of customization possibilities here and the plugin will even automatically replace hard-coded media links to reflect their new location.

Media Cloud

Media Cloud

Media Cloud claims nearly identical functionality when compared to WP Offload Media, but in a completely free plugin. However, it also ties in with the imgix API, which adds some killer features such as the ability to upload media files directly to the cloud (bypassing WordPress), along with enhanced image editing and cropping capabilities. There’s also support for WP-CLI.

File Sharing

Providing easy access to files is what cloud services do best. However, it’s not necessarily a major strength of WordPress. But that’s why these plugins exist. Use one to share files with anyone, right through your website.

WordPress Download Manager

WordPress Download Manager

While WordPress Download Manager will help manage files on your server, it also connects with various cloud providers as well. Add files from services such as Box, DropBox, Google Drive and Microsoft OneDrive for you users to download. You’ll have control over who has access and the ability to display file listings in an attractive, easy-to-navigate UI.

Google Drive Embedder

Google Drive Embedder

With Google Drive Embedder, you can embed documents from your Google Drive account directly into a WordPress page or post. Alternatively, the plugin can add a direct download link to your files as well. A premium version adds the ability to share entire folders and more. Note that you’ll also need to install the free Google Apps Login plugin in order to enable your site to connect with Google Drive.

Contact Form 7 Dropbox

Contact Form 7 Dropbox

Accepting file uploads on your forms can be a headache. With Contact Form 7 Dropbox, you can streamline the process by allowing form attachments to be uploaded directly to your DropBox account. This keeps you from having to deal with large emails and will be easier to manage. As its name indicates, the plugin works with the free Contact Form 7 form builder.

Site Backup

Having a recent copy of your site backed up to the cloud is always a good idea. While many hosts offer on-site backup, a server crash could be catastrophic. When you back up to a separate cloud server, that allows you to access to everything should the worst happen.

Note that we already have a helpful listing of free WordPress backup plugins, some of which will sync with cloud services. However, we did want to highlight a couple of other choices which didn’t make that initial list.

Backup WD

Backup WD

Backup WD enables you to create a highly-customized backup of your site and store it on one of several cloud services (including Amazon S3, DropBox and Google Drive). You can choose to back up your entire website, database included, or just specific parts. And automated scheduling makes it easy to back things up daily, weekly or monthly.



Use XCloner to create custom backups that you can easily restore through the WordPress admin. It’s compatible with AWS, DropBox, Google Drive, Microsoft Azure and others for off-site storage. The plugin can even generate a backup before an automated WordPress core update. You’ll also receive an email notification whenever a backup process has been completed.

Reaching for the Cloud

In essence, the cloud is just a place to store files. However, its usefulness goes well beyond having some extra hard drive space. Indeed, its massive infrastructure can benefit your WordPress website in a number of ways.

Whether it’s circumventing storage limits on your host, boosting performance or offering an easy way to share documents, there are plugins available that will have you up and running within just minutes.

How to Secure a WordPress Website

How to Secure a WordPress Website

WordPress security is often referred to as “hardening.” Makes sense. After all, the process is like adding reinforcements to your castle. It’s all about bolstering the gates and putting lookouts on every tower. But that term doesn’t always allow you to realize the details that go into improving site security.

Even if you’ve done next to nothing to improve your site’s security, it’s likely that you have at least a cursory familiarity with some popular tactics. It’s also likely you’ve heard of a plugin or two that can get the job done.

This article is going to focus more directly on the ways you can secure your site’s admin, and more specifically, the ways that aren’t discussed over and over in every list out there. Because security is seriously important.

Did you know 73% of the popular sites that use WordPress were considered “vulnerable”?

Or that of the top 10 most vulnerable plugins, five were commercial plugins available for purchase?

Worse yet, one of those five plugins was actually a security plugin, which is just, well, pretty awful.

While the core installation of WordPress is very easy to use and relatively secure, the more you add on top of it via plugins, themes, and custom code, the more likely it is to be hacked. And the more users you add to any given installation, the likelihood increases further, still. That’s bad news all around for individuals and businesses, alike. 

With that in mind, let’s spend some time today exploring ways you can secure your site’s back-end to ensure your information (and that of your customers’) remains safe.

What You Should Know Already

In case someone reading this isn’t well-versed in WordPress, I’d be remiss if I didn’t at least list out some basics. Even if you’re a WordPress pro, having this list to refer to can be helpful as you set about implementing security strategies on your sites.

Keep WordPress up-to-date. Something so simple can have a big impact on site security. Whenever you login to the dashboard and see that “Update available” banner, click it and update your site. If you’re worried about something breaking, make a backup before installing it. The important thing is that you do it, and with regularity. Information about any security holes that were fixed from the previous version are now available to the public, which means an out of date site is all the more vulnerable.

Keep plugins and themes up-to-date. Just as you update the WordPress Core regularly, you should also update plugins and themes. Each plugin and theme installed on your site is like a backdoor into your site’s admin. Unless properly secured (vetted thoroughly, updated regularly, etc), plugins and themes are like anopen door to your personal info.

Delete any plugins or themes you’re not using. Along the same line of thinking as what’s listed above, getting rid of any plugins or themes you don’t need will reduce the likelihood of being hacked. If you’re not using them, you’re not going to want to update them, so it’s a much better idea to delete them. Read: Deactivating plugins isn’t enough; you must actually click “Delete.”

Only download plugins and themes from well-known sources. When you can, downloading plugins and themes from WordPress.org is actually your best bet since they will have been thoroughly scanned before being admissible to the Theme Directory or Plugin Directory. If you want a premium theme or plugin, only download them from reputable sources like Themeforestor from a highly respected developer’s website.

Change file permissions. Avoid configuring directories with 777 permissions. You should opt for 755 or 750, instead, according to WordPress.org. While you’re at it, set files to 640 or 644 and wp-config.php to 600.

Don’t use “admin” as a username. If you’ve already installed WordPress using “admin” as your username or something else very simple, you can change it by inputing an SQL query in PHPMyAdmin.

Change your password often (and make it good). Random strings of letters and numbers are best. If you don’t feel like coming up with something manually, you can use a password generator to accomplish the task like Norton Password Generator or Strong Password Generator.

Passwords have been given the special treatment for the upcoming version of WordPress 4.3 and will by strong by default.
Passwords have been given the special treatment for the upcoming version of WordPress 4.3 and will by strong by default.

Make sure your users establish strong usernames and passwords. It’s all fine and well if you create a good username and password but if your users don’t, your personal efforts won’t matter and your site will be just as vulnerable.

Add two-step authentication. A really good way to prevent brute force attacks is to set up two-step authentication. This means a password is required plus an authorization code that is sent to your phone in order to login to your site. Often, the second login code is sent via SMS. Several plugins can be used to add this feature including ClefGoogle Authenticator, and Duo Two-Factor Authentication.

Install a firewall on your computer. It’s one extra step, yes, but easy to do. And once installed offers another layer of protection from hackers and security breaches. A few firewall software providers to check out include ComodoNorton Internet Security, and ZoneAlarm Free Firewall.

Limit logins. The brute force attack is tactic #1 for hackers. If you let them, they’ll try to login to your site over and over again until they crack your password. That’s why it’s called “brute force” because the onslaught is relentless. However, there are plugins that allow you to limit the number of times a person from a specific IP can attempt to login within an allotted period of time. The user is restricted from attempting to login again for a given period of time. Login LockDown is great for offering this feature but other plugins that offer a whole set of security features often include login limiting like iThemes Security and Sucuri Security.

Limit user access. Sometimes site security is run through the wringer because of something very simple: granting too many people access. A good rule of thumb is to only grant access to those who absolutely need it and even then, only give them the bare minimum of permissions to complete their assigned tasks. Giving all of your contributors administrative permissions is just asking for trouble.

Backup your site. I don’t just mean every once in a while. I mean predictably on a schedule. Scheduled backups are an essential part of any site’s security strategy because it ensures that if your site is compromised, you’ll be able to restore it to a version prior to the damage with ease. Choose an automated solution like VaultPressBlogVaultBackupBuddy, or WordPress Backup to Dropbox for simple backups and with built-in restore options.

Check for theme authenticity and conduct security scans. Just as you install an antivirus software on your computer to check for malware, so too should you install a scanner on WordPress. A security scanner will check for malicious code in your plugins, core files, and plugins to ensure nothing has been tampered with. Several scanners exist that you may wish to consider including Sucuri SitecheckCodeGuardTheme Authenticity Checker, and AntiVirus.

Now that we’ve brushed up on the things you should already know about securing a WordPress website, we can move on to some of the more obscure things as well as those that you just might not have thought of yet.

But first, make sure you create a child theme before making any changes to your functions.phpfile.

1. Cut Back on Plugin Use

I know I already mentioned in the list above that you should delete plugins and themes you’re not using. But it’s worth noting that you should make an effort to limit the total number of plugins you install in the first place. To keep your site secure, you need to be scrupulous in the criteria you use to select plugins.

This isn’t just about security, either. It’s about site speed and performance, too. Loading your site up with too many plugins can slow it down dramatically. So if your site can function without a particular plugin, skip it. Or, look for plugins that check off several items on your must-have features list. The fewer plugins you have, the fewer chances you give hackers to access your info.

2. Don’t Download Premium Plugins for Free

Though I totally get what it’s like to be a business person on a budget, it’s just a bad idea overall to try to download premium plugins from anywhere other than where they are officially for sale.

It’s lame to download pirated plugins anyway, but if you needed more of a deterrent than that, totally legitimate plugins are often corrupted with malware by the time they hit these illegal download sites. That means what was once a great premium plugin with excellent code is now a hacker’s direct line into your site’s backend. And for what? All because you wanted to save a quick buck.

Skip the illegal downloads and torrents, people. Just don’t do it.

3. Consider Automatic Core Updates

I’ve already talked about the importance of updating your WordPress installation whenever a new version is released, but it bears repeating. In fact, if you’re running an older version of WordPress than what is current, all of the security flaws in the version you’re running is common knowledge to the public. That means hackers have that info, too, and can easily use it to attack your site.

But updating your site might not be enough, especially if you don’t make site maintenance a regular habit. In these cases, the more automated you can make these tasks, the better. While I recognize it’s not for everyone, automatic updates might be a good option for those who want to take a more hands-off approach to site management but want a secure site, just the same.

Ever since WordPress 3.7, minor WordPress updates now happen automatically. But major updates are still something you need to approve. You can insert a bit of code into your wp-config.php file, however, to configure your site to install major core updates automatically.

It doesn’t get much simpler. Just insert this in the file and major core updates will happen in the background without the need for your approval:

# Enable all core updates, including minor and major:
define( ‘WP_AUTO_UPDATE_CORE’, true );

Be warned, however, that auto updates can break your site, especially if you’re running a plugin or a theme that isn’t compatible with the latest version. Still, setting up the auto updates might be worth the risk if you don’t regularly log into your site.

4. Set Plugins and Themes to Update Automatically

Now I realize this one also isn’t for everyone, but it’s worth mentioning anyway. Typically, plugins and themes are things you’ll need to update manually. After all, updates are released at different times for each. But again, if you’re not someone who makes site maintenance a regular thing, you may wish to configure automatic updates so everything stays current without necessitating your immediate intervention.

Automatic updates for plugins and themes are another thing you can configure by inserting a bit of code into wp-config.php. For plugins you’ll use:

add_filter( ‘auto_update_plugin’, ‘__return_true’ );

For themes, use:

add_filter( ‘auto_update_theme’, ‘__return_true’ );

5. Eliminate the Plugin and Theme Editor

If you’re the kind of developer who routinely makes changes and tweaks to plugins and themes then you may want to disregard this section. But if you don’t use the built-in plugin and theme editor in the WordPress dashboard on a regular basis, you’re better off disabling it altogether.

Why? Because authorized WordPress users are given access to this editor and if their accounts are hacked, the editor can be used to take down an entire site just by modifying the code found there.

So you can remove this editor by inserting another bit of code into the wp-config.phpfile. It’s another simple one:

define( ‘DISALLOW_FILE_EDIT’, true );

6. Eliminate PHP Error Reporting

Beefing up your site’s backend security has a lot to do with closing the holes or weak spots. Now, if a plugin or theme doesn’t work correctly, it might create an error message. This is definitely helpful when troubleshooting, but here’s the problem: these error messages often include your server path.

Hackers would only need to view your error reports to get your full server path, which means you’d be handing them every nook and cranny of your website on a silver platter. No matter how helpful error reporting might be, it’s a better idea to disable it altogether. This one’s another code snippet to be added to wp-config.php.

@ini_set(‘display_errors’, 0);

7. Protect Your Most Pertinent Files Using .htaccess

If you’re into WordPress security at all, you’ve heard of the .htaccess file before and have likely accessed it. Still, the changes you make in this one file can have such a huge impact on your entire site’s security, I can’t leave it off the list.

Why is this file so important? It’s at the heart of WordPress and directly affects how your site structures permalinks and how it handles security. You can insert many different code snippets into the .htaccess file anywhere outside the #BEGIN WordPress and #END WordPress tags to modify what files are visible within your site’s directory. These snippets are sourced directly from the WordPress Codex.

For starters, you’ll want to hide wp-config.php because it’s a central hub for your site and includes your personal info and many other details related to security. Hide it by adding this bit of code to .htaccess:

<files wp-config.php>
order allow,deny
deny from all

You can also restrict admin access by creating a new .htaccess file and uploading it to the wp-admin directory. You’ll then insert the following code:

order deny,allow
allow from
deny from all

Insert your own IP address in the appropriate spot. You can allow access to wp-admin from multiple IP addresses by listing them out as allow from IP Address, each on a new line.

You can restrict access to wp-login.php in much the same way. Just add the following code into .htaccess:

<Files wp-login.php>
order deny,allow
Deny from all
# allow access from my IP address
allow from

If you don’t want to block every IP but your own and instead wish to just block specific people attempting to access wp-admin or wp-login.php, you can do so by blocking those IP addresses individually using this bit of code:

order allow,deny
deny from 456.123.8.9
allow from all

Another way to prevent people from viewing your site’s directories is to make them non-browsable. This simple bit of code will do the trick:

Options All -Indexes

8. Hide Author Usernames

If WordPress defaults are left intact, it’s really easy to find out each author’s username for your site. And since more often than not the main author of a site is also the administrator, it’s also easy to find out the admin’s username. Which isn’t good. Anytime you’re giving away info to hackers, you run the risk of seeing your site compromised.

According to DreamHost, it’s a good idea to hide the author’s username to ensure you aren’t making the hacker’s job easier. To do this, all you need to do is add some code to your site. Once inserted, this code will make it so when someone inputs ?author=1 after your main URL, they won’t be presented with the administrator’s information and will instead be sent back to your homepage.

Just copy and paste the following into your functions.php file:

add_action(‘template_redirect’, ‘bwp_template_redirect’);
function bwp_template_redirect()
if (is_author())
wp_redirect( home_url() ); exit;

9. Keep Track of Dashboard Activity

If you have many users on your site, it might be a good idea to keep track of what they’re doing on your dashboard. Not that you suspect them of any wrongdoing, but sometimes when you have a lot of people involved in your site, a simple misstep can cause something to break. That’s why logging dashboard activity is so useful – it allows you to retrace your user’s steps up to the point of site breakage. You can even retrace your own steps.

This is also great for security because it allows you to connect the dots between a specific action and a specific reaction. So, if a certain uploaded file caused your site to break, you can investigate it further to see if it contained malicious code.

A great, free plugin option for checking over activity on your site.
A great, free plugin option for checking over activity on your site.

Yes, WordPress logs this information automatically but it’s not easy to use. It’s a much better idea to use a plugin to organize all of that data. So you can see if installing a certain plugin, making a specific code change, or uploading a file caused the issue you’re dealing with. But even if you’re not handling a site issue, being able to see what your users are doing on your site at all times can offer some peace of mind.

According to Pagely, a good plugin to check out is WP Security Audit Log. This free plugin maintains a log of everything that happens on your site’s backend, so you can easily view both what users and hackers are doing. This plugin keeps track of everything from when a new user is created to file management to published post changes.

If that plugin doesn’t do it for you, there are others available including Activity Log and Simple History that are well worth checking out.

10. Obscure the Login Page

Though security that focuses on obscurity isn’t complete, it’s still an important part of your overall strategy. After all, hiding certain elements of your site won’t prevent hackers from accessing them, but it’ll make it harder for them to get to. And that’s good, right?

Lockdown and lockout intruders with this free plugin.
Lockdown and lockout intruders with this free plugin.

Relocating or renaming your login page is a quick way to make a hacker’s job harder. Brute force attacks are typically automated, so if your login page is anything different than www.websitename.com/wp-admin or www.websitename.com/wp-login.php then they’re going to have a really difficult time attacking. Many plugins are available that make this simple change for you including Lockdown WP Admin as well as several of the major WordPress security plugins.

11. Pick the Best Hosting You Can Afford

You can trick out your site all you want with all the latest security hacks but if you don’t have a good hosting provider, your efforts aren’t going to matter all that much. In fact, security experts WP White Security reported that 41% of WordPress sites were hacked due to a security vulnerability on the host itself. That’s edging on half there, which means you need to do something about your hosting plan, ASAP.

If you want to use shared hosting, make sure your plan includes account isolation. This will prevent someone else’s site on the server from affecting yours in any way. But I think it’s a much better idea to use a service that’s catered directly toward WordPress, however. A managed hosting provider that specializes in WordPress is more likely to include a WP firewall, up-to-date PHP and MySQL, regular malware scanning, a server that’s designed for running WordPress, and a customer service team that knows WordPress inside and out.

Pagely was the first managed hosting service for WordPress. 
Pagely was the first managed hosting service for WordPress.

A few really good managed WordPress hosts that have solid security track records include WP EnginePagely, and Siteground.

12. Keep Your Computer Up-to-Date, Too

Sometimes hackers can gain access to your site due to security vulnerabilities on your computer. The best way to combat this is to keep your computer up-to-date. When software patches are released, install them. When a new operating system is released, do your best to upgrade as soon as possible.

Don't forget to keep your computer up-to-date, too.
Don’t forget to keep your computer up-to-date, too.

Likewise, make sure you use an anti-virus software on a regular basis. You can run a free antivirus software like AvastPanda Free AntivirusComodo, or AVG to see if there are any viruses or malware on your computer and to eliminate them.

Wrapping Up

Securing a WordPress site is about so much more than installing a security plugin and walking away. There are subtle nuances that fill out a complete strategy. Some you might’ve known about before but it is my hope that some were new discoveries. Sometimes, it’s the simple things you haven’t thought of yet that spell the difference between a mediocre security strategy and a great one.

References: wordpress.org, themeforest, wpmudev

The WordPress Nav Walker Class: A Guided var_dump()

The WordPress Nav Walker Class: A Guided var_dump()

There are many things about the WordPress nav menu system that I like, and a handful of things I really dislike. The things I dislike happen to trigger my pet peeves: Markup-bloat and non-SMACCS-ish class names. To me, it’s worth a deep dive to correct this situation. However, I don’t want to lose integration with the admin UI, and I don’t want to lose the dynamic class names that core gives us, such as current_page_item or current-menu-ancestor. Therefore, I’m not going to replace anything: I’m going to extend the PHP class that draws the nav menus: The Walker_Nav_Menu class.

I’ll do this by building a plugin that outputs nav menus with whatever markup and classes I want. Along the way, I’ll stop and smell the roses var_dump() the PHP variables that WordPress exposes to us. This plugin will have the following components:

  1. A main plugin file to register the plugin and call other files
  2. A shortcode for outputting the menu
  3. Some CSS, JS, & SVG to do things like show/hide submenus
  4. A custom walker class, which will extend the core Walker_Nav_Menu class

Of those components, all but the last one will act mainly as placeholders. They’ll offer the minimum amount of code in order to achieve the minimum viable product, and I won’t be exploring them in detail. They will provide just enough of a foundation for me to build a custom walker class.


  • Let’s do this on the twentyfifteen theme
  • If any other plugins are active, be sure they don’t cause JS or PHP errors. If in doubt, deactivate them
  • I’m on WordPress 4.3.1. at the time of writing

The Plugin

I’m going to cite blocks from the finished plugin as we go. You can grab it from my GitHub repo if you’d like to refer to the finished product, or even install it on a WordPress test site.

The output from the finished plugin

The Shortcode

The plugin works by registering a shortcode, [csst_nav]. The shortcode takes one argument, which_menu, where you can choose which nav menu to output by providing the slug, ID, or title of a nav menu. Here are some examples, where I happen to have a menu called “Legal Links”, with a slug of legal-links and an ID of 5:

  • [csst_nav]
  • [csst_nav which_menu='legal-links']
  • [csst_nav which_menu='Legal Links']
  • [csst_nav which_menu='5']


Using the shortcode in the editor

The shortcode is a wrapper for the wp_nav_menu() function, which takes a ton of arguments.

Here’s where I depart from the defaults and do what I prefer instead:

  • menu: I want to be able to specify which menu to grab.
  • container: I want less markup, so no container element is needed.
  • menu_class: I love class names. I’ll give this some classes namespaced for my plugin and for the menu I’m grabbing.
  • echo: No thank you. I’ll return the menu rather than echo it.
  • items_wrap: I’ll wrap the items in a <nav> rather than the default unordered list.
  • before: I’ll open each menu item as a <span>, and also get rid of core’s hard-coded <li>.
  • after: I’ll close each menu item with a closing </span>, and also get rid of core’s hard-coded</li>.
  • before_submenu: I’ll open each submenu as a <span> instead of a <ul>.
  • after_submenu: I’ll close each submenu with a closing <span>, rather than a closing </ul>.
  • walkerThis is why you’re reading this article. I’ll tell WordPress to use our custom walker class.

Some of those arguments, such as before_submenu and after_submenu, don’t actually ship with wp_nav_menu(). That’s okay though, as they still get passed through to the walker class where I can use them however I like.

Here’s what that all looks like in code:


   * The main template tag for this class.  Get a custom menu via our walker.
   * @return string A WordPress custom menu, passed through our walker class.
  public function get() {
    // The CSS class for our shortcode.
    $class = strtolower( __CLASS__ );

    // Get a menu from the db.
    $which_menu = $this -> which_menu;

     * Args for a call to wp_nav_menu().
     * Some of these args don't get used by wp_nav_menu() per se,
     * but we're able to pass them through to our walker class, which does use them.
    $menu_args = array(

      // Instead of wrapping each menu item as list item, let's do a span.
      'after' => '',

      // The closing markup after a submenu.
      'after_submenu' => '',

      // Instead of wrapping each menu item as list item, let's do a span.
      'before' => '',

      // The opening markup before a submenu.
      'before_submenu' => '',

      // Nope, we don't need extra markup wrapping our menu.
      'container' => FALSE,

      // Nope, let's return instead of echo.
      'echo' => FALSE,

      // Let's use a <nav> instead of a nested list.
      'items_wrap' => '<nav role="navigation" class="%2$s">%3$s</nav>',

      // Which menu to grab?  Takes ID, name, or slug.
      'menu' => $which_menu,

      // CSS classes for our menu.
      'menu_class' => "$class $class-$which_menu",

      // Our custom walker.
      'walker' => new CSST_Nav_Walker(),


    // The main content of the shortcode is in fact a call to wp_nav_menu().
    $out = wp_nav_menu( $menu_args );

    return $out;



Alright, enough with the preamble. It’s time to dive into the custom walker class. I love excruciating detail!

The Custom Walker Class

There is something of a hierarchy going on here:

  1. Core defines an extremely generic class: Walker. Its purpose is to iterate through complex structures like multi-dimensional arrays, and do stuff on each member of that structure.
  2. Core then defines a more specific extension of Walker, made specifically for digging through navigation menus: Walker_Nav_Menu.
  3. Finally, I define my own extension of Walker_Nav_Menu, calling it CSST_Nav_Walker.

My custom walker class will extend the following methods from core’s Walker_Nav_Menu:

  • start_el(), which appends the opening markup for menu items, and menu items themselves.
  • end_el(), which appends the closing markup menu items.
  • start_lvl(), which appends the opening markup for submenus.
  • end_lvl(), which appends the closing markup for submenus.

Those are some super generic names, eh? That’s kind of the point: We’re inheriting from Walker, which is meant to be able to iterate through any kind of structure, for any reason. In that context, specificity is the enemy. Let’s cut through the abstract nomenclature and figure out what each method does for us!

start_el( &$output, $item, $depth = 0, $args = array(), $id = 0 )

This method draws the opening html for a menu item, and the menu item itself. It carries five parameters:

  1. &$output, which is the all of the HTML for the menu, up until “this” menu item. When I say “this” menu item, understand that this method is called once for each menu item.
  2. $item, which is the WP Post object for this menu item (menu items are in fact posts of the nav_menu_item post type), plus some additional data particular to nav menus.
  3. $depth, which keeps track of how many levels deep we are in the menu — as in nested submenus.
  4. $args, which is mostly an array of arguments for wp_nav_menu(). It includes the arguments that we passed in our shortcode callback, plus all of the default values we omitted.
  5. $id, which is documented in the core source as the ID of the current menu item, though I’m not sure if it’s still supported.

Most of these parameters are a bit underwhelming, but some of them carry a ton of useful information. Allow me to var_dump()!


Notice that this variable is prefixed with an ampersand, meaning it’s passed by reference. That means the method does not have to return anything, because anything that happens to this variable within the method will affect the variable outside of the method as well. This is also why the var_dump()gets very large very quickly:

var_dump( esc_html( $output ) );

gets us:


string(0) ""

string(274) "
    Front Page

string(1066) "
    Front Page
    [...] (truncated)

This ends up being about 35kb of var_dump() text, so I’ve greatly truncated it. I’m only showing parts of the first three menu items. That’s the markup for the preceding menu items, at each menu item, which is why we append the current menu item to it.


This parameter gives us the WP Post object for the current menu item, making it by far the most interesting arg in this method.

wp_die( var_dump( $item ) )

gives us:


object(WP_Post)#358 (40) {
  ["ID"]                    => int(68)
  ["post_author"]           => string(1) "1"
  ["post_date"]             => string(19) "2015-10-07 01:05:49"
  ["post_date_gmt"]         => string(19) "2015-10-07 01:05:49"
  ["post_content"]          => string(1) " "
  ["post_title"]            => string(0) ""
  ["post_excerpt"]          => string(0) ""
  ["post_status"]           => string(7) "publish"
  ["comment_status"]        => string(6) "closed"
  ["ping_status"]           => string(6) "closed"
  ["post_password"]         => string(0) ""
  ["post_name"]             => string(2) "68"
  ["to_ping"]               => string(0) ""
  ["pinged"]                => string(0) ""
  ["post_modified"]         => string(19) "2015-10-07 01:05:49"
  ["post_modified_gmt"]     => string(19) "2015-10-07 01:05:49"
  ["post_content_filtered"] => string(0) ""
  ["post_parent"]           => int(0)
  ["guid"]                  => string(33) "http://localhost/wp/csstnav/?p=68"
  ["menu_order"]            => int(1)
  ["post_type"]             => string(13) "nav_menu_item" 
  ["post_mime_type"]        => string(0) ""
  ["comment_count"]         => string(1) "0" 
  ["filter"]                => string(3) "raw"
  ["db_id"]                 => int(68)
  ["menu_item_parent"]      => string(1) "0"
  ["object_id"]             => string(2) "50"
  ["object"]                => string(4) "page"
  ["type"]                  => string(9) "post_type"
  ["type_label"]            => string(4) "Page"
  ["url"]                   => string(28) "http://localhost/wp/csstnav/"
  ["title"]                 => string(10) "Front Page"
  ["target"]                => string(0) ""
  ["attr_title"]            => string(0) ""
  ["description"]           => string(0) ""
  ["classes"]               => array(8) {
    [0]=> string(0) ""
    [1]=> string(9) "menu-item" 
    [2]=> string(24) "menu-item-type-post_type" 
    [3]=> string(21) "menu-item-object-page" 
    [4]=> string(17) "current-menu-item" 
    [5]=> string(9) "page_item"
    [6]=> string(12) "page-item-50"
    [7]=> string(17) "current_page_item"
  ["xfn"]                   => string(0) "" 
  ["current"]               => bool(true)
  ["current_item_ancestor"] => bool(false)
  ["current_item_parent"]   => bool(false)

Pretty neat, right? We could reach into that post object and get a ton of cool stuff like the excerpt, the date, taxonomies. Heck, maybe we could engineer a way to do featured images for nav menu items! In addition to these values that we normally see for posts, there are a couple of new items, such as classes. That’s where the awesome array of dynamic CSS classes can be found: Things like current-menu-item. Also of note is object, which gives us details about what this menu item is linking to: Perhaps a page or a term archive.


Depth keeps a running tally of many submenus “deep” we are. I don’t have any use for this, but I’m willing to stop and admire what core does with it: They use it to prepend tab characters (as in, literally, “\t”) so that the source code is more readable. At least I’m assuming that’s why. Well played core, well played.

Rather than var_dump() $depth, it’s more instructive to just append it to &amp;$output for each item. You can see how it’s tracking the level for each item:


A demonstration of $depth, from the start_el() method.


$args should look familiar: It’s mostly the array of values that I passed to wp_nav_menu() in our shortcode. Plus, the default values for any args that I omitted.

var_dump( esc_html( $args ) );

gets us:


object(stdClass)#341 (16) {
	["menu"]            => string(13) "a-nested-menu"
	["container"]       => bool(false)
	["container_class"] => string(0) "" 
	["container_id"]    => string(0) "" 
	["menu_class"]      => string(31) "csst_nav csst_nav-a-nested-menu" 
	["menu_id"]         => string(0) "" 
	["echo"]            => bool(false) 
	["fallback_cb"]     => string(12) "wp_page_menu" 
	["before"]          => string(0) "" 
	["after"]           => string(0) "" 
	["link_before"]     => string(0) "" 
	["link_after"]      => string(0) "" 
	["items_wrap"]      => string(46) "%3$s"
	["depth"]           => int(0) 
	["walker"]          => object( CSST_Nav_Walker )#339 (5) {
		["icon"]     => string(96) "
			<svg class='csst_nav_svg-icon'>
				<use xmlns:xlink='http://www.w3.org/1999/xlink' xlink:href='#csst_nav_svg-icon'></use>
		["tree_type"]=> array(3) {
			[0] => string(9) "post_type" 
			[1] => string(8) "taxonomy"
			[2] => string(6) "custom"
		["db_fields"] => array(2) {
			["parent"] => string(16) "menu_item_parent" 
			["id"]     => string(5) "db_id"
		["max_pages"]    => int(1) 
		["has_children"] => bool(false)
	["theme_location"] => string(0) ""

Of note is the walker arg. You can see that it names our walker class, and even catches the SVG icon that we saved as a class member! The other items under the walker arg are either unused or uninteresting for our purpose of customizing a nav menu.


$id seems to be a big disappointment. It’s always 0. Not even gonna dump it for you.

Practical Uses for the start_el() Args

Let’s start with what core does in Walker_Nav_Menu -> start_el(). As I noted above, they use $depth to prepend tabs, seemingly in pursuit of more legible source code. Such craftsmanship! Also, you’d better believe they grab those CSS classes from $item.

In my custom version, I have two value-adds. First, I have a chance to build the menu item according to my own coding preferences. I happen to hate ternary operators, for example. Second, I have a chance to namespace all of the CSS classes that WordPress generates for the menu item. current-menu-item would become csst_nav-current_menu_item. I do this by passing the css classes to a custom method which renames the classes and passes them back. They come back with the prefix for our project, and some more consistent formatting around things like hyphens and underscores.

That does it for start_el()! I have nothing more to say about the opening HTML for a menu item. But now that it’s open, we’d better close it.

end_el( &$output, $item, $depth = 0, $args = array() )

The end_el() is a very short method: All it does is append the closing html for a menu item. It carries the same args as start_el(), except for $id, which it omits. Also, &amp;$output will be larger than it was when we encountered it in start_el(), since the current $item has been appended to it. These args are var_dump()‘d in my discussion of start_el(), so I won’t go over them again.

As for practical usage, it’s interesting to note that core simply prints a closing li. Instead, I’m reaching back into $args in order to close the element with the markup I specified via the after arg when creating our shortcode.

start_lvl( &$output, $depth = 0, $args = array() )

The purpose of this oddly named fellow is to start a new “level” in the structure we’re digging through. That sounds pretty abstract, but fortunately we have a very familiar example at our fingertips: In a nav menu, a new level is simply a submenu!

This method carries three parameters, &$output$depth, and $args, which are all var_dump()‘d above. As for usage, core takes this opportunity to open a new ul for the submenu, complete with indented source code. Very nice. However, many times I have found myself unhappy with the submenu treatment. For example, I want to add a toggle icon to indicate that there is a submenu. I want the submenu to use my markup and CSS classes. And, I want the submenu to respond as a show/hide when the toggle is clicked. This is the perfect time to make these customizations.

Good times: Our submenu is open and submenu items will be appended to it via start_el() and end_el(), above. If there are submenus inside of this submenu item, no problem. Those will be appended via start_lvl() as well. Once that’s all done, we’ll need to close our submenu.

end_lvl( &$output, $depth = 0, $args = array() )

This method is very similar to end_el(), only instead of closing a menu item, it closes a submenu. For core, that’s a closing ul. For me, it’s a closing span.

Other Elements

My custom walker does have some other elements: A constructor and a couple of attributes. I use the constructor to call my svg icon class and grab a toggle icon for the submenus. I save the icon as an attribute on the class, so my other methods can easily use it.

Core’s Walker_Nav_Menu class has some other elements as well:

  • A mysterious attribute called $tree_type, which even core does not use. The source documents it as “What the class handles”, and a var_dump() gives us:
    	array(3) {
    		[0]=> string(9) "post_type"
    		[1]=> string(8) "taxonomy"
    		[2]=> string(6) "custom"

    Which, meh, whatever.

  • An attribute called $db_fields, which is a bit opaque. A var_dump() gives us:
    	array(2) {
    		["parent"] => string(16) "menu_item_parent"
    		["id"]     => string(5) "db_id"

    To which, I yield. If you can figure out how these are used and how we might leverage them for something interesting, leave it in the comments!

Resources and Next Steps

Walker and its heirs are not as heavily discussed or documented as other parts of WordPress, which is one of the things that inspired me to write this article. However, there is some prior work available. I first became interested in walker deep-dives when I saw this port of a BootStrap nav menu. And, predictably, the codex gives a couple of examples as well.

The main axe I’ve been grinding in this article has been to gain control of my class names and markup around nav items and submenus, but there are many other possibilities. Perhaps we could reach into $item and grab the featured image or some post meta, if $item happens to be linking to a post. If it happens to be linking to a term archive, perhaps we’d want to grab something from the upcoming term_meta system. You could even do something totally different, like output menu items with the markup and classes expected by your favorite jQueryUI widget or image slider. Give it a try and happy var_dump()ing!

How to Fix the Error Establishing a Database Connection in WordPress

How to Fix the Error Establishing a Database Connection in WordPress

If you have been surfing the web for a while, you have at least seen this error a few times. “Error Establishing a Database Connection” is one of those curses that could be caused by many reasons. As a WordPress beginner, this could be awfully frustrating specially when it happened on its own without you changing anything.

Note: Before you make any database changes, make sure you have sufficient backups.

Why do you get this error?

Well in short, you are getting this error because WordPress is unable to establish a database connection. Now the reason why WordPress is unable to establish a database connection can vary. It could be that your database login credentials are wrong or have been changed. It could be that your database server is unresponsive. It could be that your database has been corrupted. In my experience, majority of the times this error happens because of some sort of server error however there could be other factors as well. Lets take a look at how to go about troubleshooting this problem.

Does the problem occur for /wp-admin/ as well?

First thing you should do is to make sure that you are getting the same error on both the front-end of the site, and the back-end of the site (wp-admin). If the error message is the same on both pages “Error establishing a database connection”, then proceed onto the next step. If you are getting a different error on the wp-admin for instance something like “One or more database tables are unavailable. The database may need to be repaired”, then you need to repair your database.

You can do this by adding the following line in your wp-config.php file:

1 define('WP_ALLOW_REPAIR', true);

Once you have done that, you can see the settings by visiting this page:http://www.yoursite.com/wp-admin/maint/repair.php

WordPress Database Repair

Remember, the user does not need to be logged in to access this functionality when this define is set. This is because its main intent is to repair a corrupted database, Users can often not login when the database is corrupt. So once you are done repairing and optimizing your database, make sure to remove this from your wp-config.php.

If this repair did not fix the problem, or you are having trouble running the repair then continue reading this article as you might find another solution to work.

Checking the WP-Config file

WP-Config.php is probably the single most important file in your entire WordPress installation. This is where you specify the details for WordPress to connect your database. If you changed your root password, or the database user password, then you will need to change this file as well. First thing you should always check is if everything in your wp-config.php file is the same.

1 define('DB_NAME', 'database-name');
2 define('DB_USER', 'database-username');
3 define('DB_PASSWORD', 'database-password');
4 define('DB_HOST', 'localhost');

Remember your DB_Host value might not always be localhost. Depending on the host, it will be different. For popular hosts like HostGator, BlueHost, Site5, it is localhost. You can find other host values here.

Some folks suggested that they fixed their problem by replacing localhost with the IP. It is common to see this sort of issue when running WordPress on a local server environment. For example on MAMP, the DB_Host value when changed to the IP may seem to work.

1 define('DB_HOST', '');

IP’s will vary for online web hosting services.

If everything in this file is correct (make sure you check for typos), then it is fair to say that there is something wrong on the server end.

Check your Web Host (MySQL Server)

Often you will notice this Error establishing database connection when your site gets swarmed with a lot of traffic. Basically, your host server just cannot handle the load (specially when you are on shared hosting). Your site will get really slow and for some users even output the error. So the best thing you should do is get on the phone or livechat with your hosting provider and ask them if your MySQL server is responsive.

For those users who want to test if MySQL server is running yourself, you can do a few things. Test other sites on the same server to see if they are having the issue. If they are also getting the same error, then most definitely there is something wrong with your MySQL server. If you do not have any other site on this same hosting account simply go to your cPanel and try to access phpMyAdmin and connect the database. If you can connect, then we need to verify if your database user has sufficient permission. Create a new file called testconnection.php and paste the following code in it:

1 <?php
2 $link = mysql_connect('localhost', 'root', 'password');
3 if (!$link) {
4 die('Could not connect: ' . mysql_error());
5 }
6 echo 'Connected successfully';
7 mysql_close($link);
8 ?>

Make sure to replace the username and password. If the connected successfully, then it means that your user has sufficient permission, and there is something else that is wrong. Go back to your wp-config file to make sure that everything there is correct (re-scan for typos).

If you cannot connect to the database by going to phpMyAdmin, then you know it is something with your server. It does not necessarily means that your MySQL server is down. It could mean that your user does not have sufficient permission.


Solutions that Worked for Others

It is important to note, that these may not work for you. Use at your own risk and make sure that you have sufficient backups if anything goes wrong.

Deepak Mittal said that his client was getting the error that database needs to be repaired. Even after repairing the database, the error did not go away. He tried various things and at the end, the issue was the site url. Apparently that was changed which caused the error to persist. He ran the SQL query by going to phpMyAdmin:

1 UPDATE wp_options SET option_value='YOUR_SITE_URL' WHERE option_name='siteurl'

Make sure to replace YOUR_SITE_URL with the actual url example: http://www.wpbeginner.com. The wp_options will be different if you have changed the default WordPress database prefix.

This seemed to fix the issue for him and few others that commented on his post as well.

Sachinum suggested that he was able to connect the database with testconnection.php, so he changed the wp-config.php user to the root user. WordPress started to work perfectly fine. Then he reverted the settings back to the database-user, and it continued to work. He could not figure out what was wrong, but concluded that it was a typo.

Cutewonders suggested that they removed the content of active_plugins in wp_options table and edited the contents of recently_edited. Basically that seemed to fix the problem. Please see their full response here.

14 Tips for Making WordPress Admin Client Proof

Being a developer means creating sites for many different clients, including ones who don’t know WordPress and are very likely to break their website the moment you hand it over.

Now, this could translate into something as mundane as a poorly formatted blog post. Or, their tampering could result in a site that breaks – completely.

Client-proof your client's site and avoid broken websites and 404 pages.
Client-proof your client’s site and avoid broken websites and 404 pages.

Even when it’s totally the client’s fault, a broken site makes the developer look bad. I know, it’s not fair. But as the developer (and the one with all the WordPress guru-level credibility), you should know better than to provide unfettered dashboard access to a newbie.

This can be difficult terrain to traverse.

How do you ensure the site you spent all that time on stays looking and functioning great without bruising your client’s ego—and potentially losing them? There’s a fine balance to be made, but it can be done.

Let’s explore some ways to make the dashboard client-proof so you can remain proud of any site you build, long after it’s published.

Firstly: A Word on Maintenance

There are broadly two types of clients: Clients that want you to build a site and have you continue to maintain it for the long-term and clients that want you to build a site then walk away. The latter group believes that once the site is built, they can handle the maintenance. They have an “I’ve got this,” mentality.

And you know what? In some cases, they do. Some of your clients might be pretty WordPress literate already and are perfectly capable of maintaining a site with just a little guidance. But others might not have a clue and need their hands held through every step. That can be problematic if the client expects you to launch the site and pretty much hand over the keys.

It might be a budgetary thing or the client might legitimately think they can handle maintenance. Nothing a quick Google can’t solve, they might think.

Understanding Your Clients

Before we go any further, It’s important to take a moment to see this from the client’s perspective. They’re coming at this from a dollars and cents point of view. Web development is something they’ve decided to invest in. And as an investment, it’s something they’ve likely weighed the pros and cons of sinking money into.

But the extent of that investment varies from client to client. As I already mentioned, some might view web development as a one-time expense.

Many clients have money front and center in their minds.
Many clients have money front and center in their minds.

And no matter how much you try to convince them otherwise, they insist that once the site is launched, your relationship is over. Basically, the client views the cost of web hosting and a domain name and possibly a backup solution as their only recurring web development expenses and will handle the process of adding new content on their own thankyouverymuch.

When web development can cost several thousand dollars, it’s understandable that your clients will want to save a buck somewhere. A good way to pitch a maintenance plan is to offer reduced hourly rates and really sell the idea that site maintenance will be hands off for them. This might fly if your client anticipates needing to make many updates per month.

However, if only occasional updates to the content will be needed, you’re going to be hard-pressed to hard-sell a maintenance package.

Before you feel completely dejected at the prospect of your sites getting ruined by uninformed clients, take a deep breath and recognize there is something you can do. Many somethings, actually, that act as an ultimate defense against mistakes, missteps, snafus, and even arrogance.

With these safeguards in place, your client’s site will remain as you intended and he or she will remain pleased, no matter what level of control that’s preferred.

1. Create Your Clients’ Login Info

Setting up a username and password for your client can reduce security breaches.
Setting up a username and password for your client can reduce security breaches.

Before you ever hand over the site to your client, you can help alleviate some damage by creating their login credentials for them. This means you don’t have to send instructions about how to create a good username or password. Instead, you can just create them on your own and provide the details to the client during the training phase (which we’ll get to a bit later).

This way, you’ll avoid any admin usernames set to “admin” and any passwords set to “password,” and you’ll make a solid effort toward preventing brute force attacks. You can also modify the user’s settings to whatever works best. If you will be doing some maintenance for this client, you can restrict their access to the Editor level and then they won’t even be able to tamper with the site’s backend! Of course, this won’t work in every situation. If you must allow Administrator access to the client, then the rest of the tips outlined here will help you maintain control even while they’re in control.

2. Use the Admin Menu Editor Plugin

A quick way to prevent clients from messing with things on the dashboard they shouldn’t be is to use a plugin designed to limit access by user roles. You can certainly assign control to specific dashboard features by user role in the core installation, but it’s not always possible to limit what’s visible. A user without the appropriate permissions just wouldn’t be able to manipulate a certain aspect of the site.

The Admin Menu Editor plugin simplifies the process of editing dashboard menus.
The Admin Menu Editor plugin simplifies the process of editing dashboard menus.

But to avoid questions like, “Hey, why doesn’t X work?” you can hide these off-limits features altogether. The plugin I prefer to accomplish this is Admin Menu Editor.

This plugin allows you to define menu items by user role, change permissions, and reorder menu items by drag and drop for a more intuitive user experience. You can even create custom menus that point to specific parts of the dashboard or to external links.

3. Use a Child Theme

When building a site, you know how important it is to backup your work regularly. You also know why it can be beneficial to develop a site on a local server. All of those details aside, you should also consider using a child theme.

A child theme is basically a second level version of the primary or parent theme that keeps your custom design and features safe from accidental breakage. While you might be thinking about the potential damage done by a hacker, I’m more so referring to the potential damage done by core, plugin, or theme updates. All of these things are designed to patch security flaws and to add new features but updates can sometimes cause any customizations you’ve made to break.

This is especially important if you’re not going to be handling site maintenance for your client. A child theme means they will be able to restore their site as it should be prior to the update without your help. Now, they might need your help to ensure your design works with the new version of WordPress but it would then be up to them to seek you out for help.

4. Skip Code and Embrace Shortcodes

While some developers will advise against the use of shortcodes, I think it’s actually a pretty good idea. So long as you explain what they do and how they work in simple terms, your clients can use them to insert some rather complex features into their posts and pages, with no help from you, and without messing up the site’s structure.

The list of things you can accomplish with shortcodes is just about endless but it’s particularly helpful for inserting highly structured or complex formatting like columns, graphs, multi-tiered lists, and so forth. They can also be really helpful in adding information to a site’s sidebar. For instance, if your client will need to regularly insert new testimonials into the sidebar, you can set up a shortcode that would give them this ability.

Shortcodes are still technically code and you might want to shy away from requiring complete newbie clients from learning them. But for those who have at least a cursory knowledge of how things work on the web, you can introduce the concept during a brief training session. Then just include a reference list of all the enabled shortcodes and what they do.

5. Simplify the Visual Editor 

The visual editor is what your clients will be dealing with the most, so doing your best to eliminate confusion and make the process of writing and editing posts as simple as possible is a good idea. While you can manipulate what appears in the editor by making changes within a theme’s code, a simpler solution is to just use a plugin. Something like TinyMCE Advanced will let you change up all of the buttons that appear on the visual editor with just a few clicks.

TinyMCE Advanced gives you total control over the visual editor.
TinyMCE Advanced gives you total control over the visual editor.

With this plugin, you can make the editor as complex or as simple as you need. If a client is really familiar with the layout of a word processing program, they might prefer to have more buttons.

This has the added benefit of reducing a client’s likelihood of digging around in the text editor to accomplish what they want layout-wise and reducing the chances of something getting messed up. TinyMCE Advanced adds support for things like font family, font size, table editing, and list options.

On the flip-side, the Client-proof Visual Editor reduces clutter.
On the flip-side, the Client-proof Visual Editor reduces clutter.

Another plugin to consider is Client-proof Visual Editor. While the previous plugin focuses on adding numerous features to the visual editor, this one keeps it streamlined. This plugin lets you remove features so as to not confuse your clients. It keeps the options pared down to the bare minimum and automatically enables the “paste from Word” feature so your clients won’t accidentally wind up with sloppily formatted posts.

6. Remove Unnecessary Items from the Dashboard

Another thing you can do to make your site more user friendly for your clients is to hide items on the dashboard that they don’t need. For instance, your client isn’t likely to be interested in the dashboard widget devoted to the latest WordPress news, so it really doesn’t need to be there. Also, the quick post widget might just be confusing to your clients, especially if you’ve gone into some detail to train them to click on Posts > Add new.

You can accomplish this quickly by adding a small bit of code to functions.php (after you’ve created a child theme, of course). Here is the area of code you’re looking for in functions.php:

// Main column (left):
// Side Column (right):

Then you just need to use the remove_meta_box( ) function to eliminate those widgets or meta boxes that are crowding your client’s dash.

You might also wish to hide the theme and plugin editor to prevent clients from messing around with it. Typically, those with administrator level access can modify any aspect of the dashboard, including the code that makes up your plugins and themes. However, if you don’t need to make regular changes to the code, no one else does either! Hiding the editor from view is your best bet for preventing a client from tinkering with it on accident or from going on a “I can Google this and change it myself” adventure.

The code for this is simple, too.  Like, I’m talking one line simple! Just insert it intowp-config.php:

define( ‘DISALLOW_FILE_EDIT’, true );

7. Add Instructions to the Dashboard

If your client isn’t at all interested in purchasing a maintenance package from you, then you need to take advantage of the ability to add guidance throughout the dashboard wherever you can. The best way to do this is to add widgets with custom information. You’d use functions.php for this task as well.

For instance, you might want to add a widget in place of “Quick Draft” that lists out the basic instructions for using WordPress. Sure, your clients could find this information via help files but this way, the information will be branded and targeted just for them.

This instruction widget could include a list of the steps to take to write a post, to conduct site maintenance, and can even include accompanying external links to instructional screencasts, videos, or written out more in depth directions. Don’t be afraid to be creative here.

To add your own instruction widget, you can do so by inserting this code snippet into functions.php:

add_action( ‘wp_dashboard_setup’, ‘register_my_dashboard_widget’ );
function register_my_dashboard_widget() {
‘My Dashboard Widget’,
function my_dashboard_widget_display() {
echo ‘Put your instructions here’;

Assuming you don’t want to make any stylistic changes to this widget, you’d just simply input whatever text you want where it reads “Put your instructions here.”

8. Use Advanced Custom Fields

Advanced Custom Fields takes the formatting guesswork out of the dashboard experience.
Advanced Custom Fields takes the formatting guesswork out of the dashboard experience.

Another way to further customize WordPress to make it more palatable to your clients is to use Advanced Custom Fields. This plugin allows you to add more visual editing options to the dashboard so your clients can have greater control over the content they create without having to venture into code. And as you’ve learned by now, the less a client needs to poke at code, the better!

This plugin allows you to create a wide variety of fields with different input types to accommodate any kind of content. With it, you can assign fields to different edit pages, use custom post types, customize with different input types like text area, image, file, page link, checkbox, radio buttons, and more. It also includes support for more obscure field types like taxonomy, user, Google Maps, tab, and gallery.

9. Offer an Instruction Manual

While adding widgets to the dashboard that feature instructions is a great way to guide your clients through the basic site order of operations, you might need to write out more detailed instructions to further clarify your points or to cover things that you simply can’t fit in the small space provided.

As a solution, you should consider writing an instruction manual. You can link to it from your dashboard and host it on a separate site or in a subdirectory on your main portfolio site. This step is a must if you won’t be providing a maintenance package to your clients (or if they refuse one). While you can’t guarantee your clients will actually read your support documentation, you will at least have the peace of mind in providing everything they need to maintain a site successfully.

A good instruction manual should be well-worn; that means it's referenced often.
A good instruction manual should be well-worn; that means it’s referenced often.

A good instruction manual should:

  • Be comprehensive. Hey, if you’re handing over the keys of a site to a client, you need to spell out everything for them. Go into detail about everything they need to know to operate the site at full capacity.
  • Keep it simple. Yes, you need to add details about everything under the sun related to WordPress but try to steer clear of jargon as best you can. And if something can be left out, do so. You don’t want to overwhelm your client with unnecessary info. And steer clear of acronyms. Unless you’re a web developer, you’re not going to care about learning what WYSIWYG or CMS means.
  • Include a schedule. While making site updates on a regular basis might be intuitive for you, it’s not going to be for your clients. Instead, you need to create a site maintenance schedule they can refer to and follow long after you’re out of the picture. In this schedule, break down every task that should be completed by the client, how frequently, and what steps are required to do it.
  • Include screenshots and images. There’s absolutely no reason why you should write out detailed descriptions of how to use the WordPress dashboard without including at least some screenshots to guide your clients along their way. Can you imagine their confusion as they pore over the sea of text you provided that doesn’t include any visual cues? Don’t do this to your clients!
  • Don’t make assumptions. Just because adding a new post is simple to you because you’ve done it a thousand times doesn’t mean it will be simple for your clients. You need to gauge your clients’ level of WordPress experience and custom-tailor the instructions you provide to fit. So if that means walking the client through every single little step required to write a new post, do it.
The weDocs theme makes it easy to create a support documentation website.
The weDocs theme makes it easy to create a support documentation website.

Once your instruction manual is complete, share it with your clients. You can do this by sending it along in an official email as a PDF or a Google Doc link. Or, you can build a small separate site for your documentation and share that. I recommend the weDocs theme for creating an easy-to-use and interactive manual. It’s built on Bootstrap and though it’s designed for plugin and theme support docs, it can work for an overall guide to WordPress sites as well.

10. Or Do a Screencast

Writing up documentation for your clients is great but there’s no guarantee they’ll actually read it and put it into practice. That can be dangerous for the wellbeing of the site you just built, my friends. Instead, you may opt to create a screencast. In addition to the support docs you provide, you can set up a session to walk your client through using the site you just built.

join.me is just one of many screencast services out there.
join.me is just one of many screencast services out there.

You have a lot of options for doing this. You can screen-share using Skype, for instance but you may wish to use an app dedicated to screencasts like join.me or freeconferencecall.com.

The benefit of doing a screencast is you get to be certain that your client at least heard everything related to managing his site. There’s no way to control whether or not a client uses that information, but a walk through like this at least guarantees the information was actually looked at.

Before starting your screencast, there are a few things you should keep in mind to make the process go a bit more smoothly:

  • Be prepared. It should be a no-brainer, but it’s imperative that you come to the screencast prepared. You don’t need to memorize anything but it’s vital you have the support documentation you’ve written and any relevant notes within arm’s reach. This will ensure the cast stays on message and on schedule.
  • Login and get setup early. If you’re using a screencast app or some such, you need to login and get setup at least 15 minutes early. This will allow you to troubleshoot any tech problems and have a minute to relax and mentally prepare.
  • Give your client time to follow along. There will be some amount of lag in a screencast. It’s just inevitable. So be aware of this when referencing certain things on the screen. Understand that your voice will be heard a few seconds before the action on screen registers. Pausing between each step of a set of instructions is a good way to ensure the audio and visual sync up.
  • Provide opportunities for questions. Your client might need a question or two answered during the screencast, but to avoid interruptions, announce that there will be designated times for questions throughout the cast. Encourage your clients to jot down notes so they don’t forget their queries.

You can always pre-record a screencast, too, but like written documentation, you do run the risk of the client never watching the video. It’s frustrating, I know, but there is really only so much you can do to ensure clients read, listen, and follow your dashboard-preserving instructions.

11. Only Use Reliable Themes and Plugins

This might go without stating but you need to only use reliable themes and plugins on the sites you build, lest you open them up to security breeches. This is even more important when you won’t be handling site maintenance yourself.

What constitutes a reliable theme or plugin? Well, those that have been accepted by the WordPress theme and plugin directories, are typically good. Likewise, plugins and themes made by well-known developers work well, too. But even then, you need to do your due diligence. Sometimes plugins with stellar reputations are found to have security holes, which means you need to stay on top of the news, too.

A good rule of thumb is if you need to question where the plugin or theme came from, don’t use it.

12. Use a Security Plugin

Either use one that covers everything with a broad brush or break down your security coverage into smaller bits. Regardless, the more people you have working on the backend of your site, the more vulnerable the site will be to attacks. You can prepare for the worst by setting up backups (covered next) and installing security plugins that limit login attempts, allow you to block specific IP addresses, and make modifications to core theme files to bolster the site’s defenses.

iThemes Security is a solid security plugin solution.
iThemes Security is a solid security plugin solution.

A few to consider include Sucuri Security and iThemes Security.

13. Setup Automatic Backups

Any site you build needs to be backed up. And it’s important you emphasize the importance of this to your clients as well. But you should never leave your clients fending for themselves in terms of searching for a solution. Instead, you need to provide a backup solution with the site as you hand it over to the client.

Automated backups are best. It takes out the guesswork and ensures the site will be saved even if the site is broken by a hacker, an automatic update, or even the client himself. Configuring backups is fairly simple and can typically be accomplished with a plugin, as you likely know already. You just need to make sure it offers backups and site restoration. A backup plugin that doesn’t allow you to restore a site is effectively useless.

Our backup plugin, Snapshot, includes site restoration.
The backup plugin, Snapshot, includes site restoration.

14. Consider Some Whitelabeling

A lot of the dashboard customization features we’ve talked about here already could be considered whitelabeling but what I want to talk about is adding custom branding to the dash.

Doing so doesn’t necessarily protect the site from client harm but it does keep the site identifiable as theirs. Those who aren’t familiar with WordPress at all might become confused by seeing its name and logo all over the dashboard. Some can even become a tad angry and think you’ve provided a generic site template or something. Stranger things have happened, people, so it’s best to make the dashboard looks as customized as possible to keep your clients happy.

Customize the login page with your client's colors and branding.
Customize the login page with your client’s colors and branding.

While there is a myriad of things you can do to customize the dashboard, one of the most important is to offer a custom login screen. Or you can seek out a plugin-based solution like Custom Login.

Wrapping Up

Client-proofing a site—more specifically the site’s dashboard—can feel tedious. After all, you know how to work all the bits and bobs on it, so why bother taking those extra steps? If you’re handling site maintenance for the client, you might not need to perform these added security and customization measures. But if you won’t be handling maintenance, your client will have access to everything, which means you need to take steps to protect your hard work.

Now that you’ve had a chance to review these tips, I hope you’ll find them helpful in creating a site you can be proud of, your client will love, and that they won’t be able to break.


Reference: wpmudev

Let Users Login to WordPress Using an Email Address

It’s not unusual for users to forget the username they chose when signing up for a WordPress site.

Or, when registering for a site, a user might discover the username they want is already taken.

Fortunately, you can give users the option to login to your site with their email address, which they are less likely to forget.

In today’s Weekend WordPress Project, I’ll show you a couple of methods – a code snippet and a plugin – to help you easily add email login to your site.

Adding Email Login with Code

The first thing we need to do is remove the default authentication rights. Add the following snippet to your functions.php file:

//remove wordpress authentication
remove_filter(‘authenticate’, ‘wp_authenticate_username_password’, 20);

Next, we’re going to add our own authentication. To do so, we’re going to useadd_filter.

Add the following code to your functions.php files:

add_filter(‘authenticate’, function($user, $email, $password){
//Check for empty fields
if(empty($email) || empty ($password)){
//create new error object and add errors to it.
$error = new WP_Error();
if(empty($email)){ //No email
$error->add(’empty_username’, __(‘<strong>ERROR</strong>: Email field is empty.’));
else if(!filter_var($email, FILTER_VALIDATE_EMAIL)){ //Invalid Email
$error->add(‘invalid_username’, __(‘<strong>ERROR</strong>: Email is invalid.’));
if(empty($password)){ //No password
$error->add(’empty_password’, __(‘<strong>ERROR</strong>: Password field is empty.’));
return $error;
//Check if user exists in WordPress database
$user = get_user_by(’email’, $email);
//bad email
$error = new WP_Error();
$error->add(‘invalid’, __(‘<strong>ERROR</strong>: Either the email or password you entered is invalid.’));
return $error;
else{ //check password
if(!wp_check_password($password, $user->user_pass, $user->ID)){ //bad password
$error = new WP_Error();
$error->add(‘invalid’, __(‘<strong>ERROR</strong>: Either the email or password you entered is invalid.’));
return $error;
return $user; //passed
}, 20, 3);

Here’s how it works:

The code checks if the username (now email) or password fields are empty. If neither are empty, it uses get_user_by to look for the user’s email. After finding a valid user, it then checks if the password is correct using thewp_check_password() function.

Adding Email Login with Plugins

WP Login Email
The WP Login Email even updates the text on the login page of your site.

If you would rather not mess around with code, the WP Email Login plugin offers a tidy solution.

Simply install the plugin and it will work off the bat. It doesn’t include any settings, it just works.

WP Email Login is available for free in the WordPress Plugin Repository and is compatible with WordPress 4.1.

It also works great (after testing) with Multisite and BuddyPress.


Reference: wpmudev

The 10 Most Annoying Things About Using WordPress

Despite being the world’s most popular blogging platform, WordPress still has its fair share of problems that are beyond irritating to deal with – especially if you can’t figure out what caused them in the first place.

Whether you’re a WordPress newbie or an advanced user with several years of experience, you’re bound to run into problems from time to time. Almost anyone can get by with using WordPress on an extremely basic level – and many people certainly do – but when you start to get serious about customizing your site, lots of little things can easily get in the way and begin to cause trouble.
The number of problems you might encounter while working with WordPress is truly limitless, but here are ten issues that most users have probably encountered at least once or twice, along with the solutions required to fix them!

Plugins That Conflict With One Another

Plugins can be both a blessing and a curse. All it takes is for one plugin to start causing serious problems with another, and it can cause all sorts of problems with your site.

Deactivate each of you plugins one at a time and you’ll soon find the culprit.
Deactivate each of you plugins one at a time and you’ll soon find the culprit.
If you didn’t create a backup of all the plugins you installed and you updated them all at the same time, you’ll have to do some detective work to see which specific one is responsible for the conflict.

Depending on the problem and the amount of plugins you have, this can be pretty time consuming.

Start by deactivating all of your plugins except the one that’s experiencing problems. Then reactivate each plugin one by one, checking the state of your site between each to see if it’s that one causing the conflict.

When you identify the plugin that’s causing the conflict, you’ll either have to get rid of it, find a similar plugin to replace it, or possibly try to find a previous version (if updating it has caused the issue). You can also search for solutions from users who’ve experienced similar problems if the developer of the plugin has a support page or community forum.

Someone Using the Admin Username and Login Page to Hack Your Site

When a WordPress site is first set up, it typically sets your username to admin and enables you to log in at http://sitename.com/wp-login.php. All a hacker needs to do is head over to your login page, which is obvious and easy for them to find, so they can start guessing your password either manually or by using software.

Go on, delete it!
Go on, delete it!
To prevent those nasty hackers from getting in so easily, you should go ahead and create another user by navigating to Users > Add New from your WordPress admin area. Fill in the information, and under Role make sure you set it to Administrator. Remember to use a completely different email address from the original admin user.

Now you have a brand new administrator and you can delete the original one. To do that, log out and log back in with your new user credentials. Go to Users > All Users and hover your mouse over the original admin user to click on the Delete link that pops up. You can then choose to delete all of their content (if any was posted) or have it attributed to your new account before you confirm deletion.

Constant Updates for Plugins, Themes, and WordPress Versions

It’s almost as if every time you log in, something needs to be updated. If you have a lot of plugins installed or use a popular theme, those updates may be more frequent.

Obviously, updates are released for a reason, and you should stay on top of them if you want to keep your site as secure as possible. One way to do that is to schedule time every week, or at least every month, to update all the plugins, themes, and WordPress versions that require updating as part of your regular WordPress maintenance tasks.

You could also take advantage of one of the many plugins available for this type of problem if you take backups regularly and you’re fine with the risks of automatic updating.

Try out the WP Updates Setting plugin for free.
Try out the WP Updates Setting plugin for free.
The WP Updates Settings plugin enables you to set major automatic core background updates, minor automatic core background updates, plugin updates, and theme updates.

Spam Comments That Get Out Of Control

If you have a WordPress site, chances are you’ve had to deal with spam comments. Your site can be brand new without any traffic at all, and somehow, spam will find a way to start infiltrating your comments section. To combat this, there are a variety of measures you can take.

Moderate comments: In your WordPress admin, head over to Settings > Discussion and use the Before a comment appears options to hold back spammy comments for you to moderate first. You can also hold comments that contain a certain number of links or include specific words. Add words to your Blacklist section to keep specific spam comments out.

Close comments on old posts: In the Discussion area there’s a checkbox option labeled “Automatically close comments on articles older than X days”, found in the Other comment settings. Customize it as you see fit.

Use anti-spam plugins: There are loads of great plugins out there that can make your comment moderation tasks a heck of a lot easier. Check out this list of 10 Plugins That Take the Pain Out of Managing WordPress Comments.

The White Screen of Death

It’s quite common to be working in WordPress, only to experience a blank page after installing something new or making some sort of change. If you’re lucky, sometimes you can take a step back (if you can still access your WordPress admin) and undo whatever caused the white screen of death.

It often stems from a plugin or a theme. If you’re certain it’s from a theme or plugin, but can’t access your WordPress admin, you can do some troubleshooting via FTP.

After making sure you have a backup of your site, navigate to the appropriate directory and delete or simply rename the plugin or theme you know caused the problem. That may (or may not) be all you need to do to fix it.

If you’re not sure what’s giving you the white screen of death, you’ll need to dig around a bit deeper. Follow the steps outlined in this article, Troubleshooting White Screen of Death Errors in WordPress.

Getting Locked Out of WordPress When the Password Reset Doesn’t Work

When you forget your login password and try to reset it, sometimes WordPress just doesn’t cooperate. It’s a fairly common issue.

The good news is that you’re not locked out for good, and you can reset your password from phpMyAdmin. You’ll need your site’s database name, so if you’re not sure what that might be, you can find it in your wp-config.php file by accessing it via FTP. Whatever comes after ‘DB_NAME’ is the name of your database.

From your cPanel, access phpMyAdmin and click the appropriate database name from the left. From the list of tables that appear, click on wp_users.

phpMyAdmin Wp_users
After that, click on the pencil icon to the right of user_login to start resetting your password.

phpMyAdmin Edit Pencil
A new set of fields will appear, and the one you’ll need to edit is the user_pass Value. It’s a bunch of random letters, numbers, and symbols. The reason why you see these random characters is because WordPress stores them as MD5 Hash for security purposes, so you’ll have to convert your new password to MD5 Hash too.

phpMyAdmin user_pass Value
You can use this free tool to automatically convert your password to MD5 Hash. Simply type your new password (in plain text) into the Input field, press the MD5 button, and then copy the characters you get in the Result field. Go back to phpMyAdmin to paste it into your user_pass Value field.

Sign up for more
WordPress wisdom

Click go at the bottom to save everything and you’re done. Remember to keep your password in a safe place so you don’t forget it again!

Slow Loading Images

The internet is all about visual content these days. And with so many amazing WordPress themes now available that put your images front and center, it’s kind of a bummer when they don’t load right away or end up slowing your whole site right down.

The real key is to optimize all your images before you upload them to WordPress. Yes, it takes some extra time, but it will be worth it if it means your site and images will load faster. There are at least three things you should be doing:

Resizing: There’s no need to upload a 7,360 by 4,912 pixel image when you want it to show up 15 times smaller than that. There are tons of free tools online that enable you to resize images, but your computer should have one already. If you’re on a Mac you can use the Preview tool, and on a Windows machine you can use Paint.
Cropping: In many cases, you won’t need to display an image in its entirety. Crop out the edges or sections that are irrelevant. Again, both Preview for Mac or Paint for Windows are all you need to do this.
Compressing: Compression reduces the size of the image file by removing unnecessary information without changing the appearance as far as what the human eye can see. For most images, you’ll typically want to stick with using JPG files as opposed to PNGs or GIFs.
For a more detailed list of image optimization tips, have a look at The Complete Guide to Mastering Image Optimization for WordPress. Our own WP Smush is also a recommended plugin to check out if you’re serious about reducing your image file sizes and improving the overall performance of your site.

Facebook Posts Not Displaying Correct Image

Depending on what theme you’re using, sometimes the wrong image will get pulled by Facebook when you try to post a link on your site. It may use an image from the middle of your post and not the featured image, or it may even use one from your sidebar or somewhere else. Strange and annoying!

A simple solution is the Facebook Thumb Fixer plugin, which tells Facebook to pull the featured image from your posts. You can also set up a default image for posts or pages that don’t have featured images.

Go ahead and fix those thumbs.
Go ahead and fix those thumbs.
If you’re serious about promoting your site via Facebook, you can also check out WPMU DEV’s Ultimate Facebook plugin, which not only fixes the image post problem, but offers you a range of other powerful Facebook integration features too.

Themes or Plugins That Look Great on Desktop, but Awful on Mobile

As much as you’d like to assume that everything these days will look fantastic on all screens and devices, that’s not always the case when it comes to WordPress. So don’t settle on a theme or plugin by looking at it from one screen only.

Most themes that are released nowadays are responsive or mobile-optimized, but not all of them are. Likewise, plugins don’t always look all that nice on a smaller smartphone or tablet screen, even if they still work fine. There are a few things you can do to ensure you don’t waste time or money on setting up a theme or plugin that doesn’t look good everywhere.

Always check how recently a plugin was last updated.
Always check how recently a plugin was last updated.
Check the date of the last updated version. In most cases, the sales page or download page for the theme or plugin you’re eyeing will have a version number and the date when it was last updated.

If it hasn’t been updated in several months to a year, you’d probably be better off looking for an alternative.

Search for the words “responsive” or “mobile.” If a theme or a plugin has been made with mobile design in mind, then it almost always says so on its sales or download page. Use keyboard shortcuts Ctrl+F (for Windows) or Command+F (for Mac) to type and immediately find key words.

Test your site on different screens. If you have a smartphone or tablet, then it would be wise to use them to visit your site and see how it looks. Check posts, pages, the sidebar, the comments, the header, and the footer for any inconsistencies. You can also use a free tool like MobileTest.me to see how your site looks on all different types of devices.

Inconsistent Formatting When You Switch Between the Visual Editor and Text Editor

If you prefer to write your content in a word processing program first and then copy it and paste it into WordPress later, you’ve probably experienced just how much of a mess that can make your formatting. Even if you do decide to create most of your work directly in WordPress, inserting specific code or other formatting can quickly break or disappear completely if you switch back and forth between the visual editor and the text editor.

For those who like to copy and paste their work into WordPress, an obvious solution would be to just write your content including all of the HTML code, and then simply copy and paste directly into the text editor. Be careful with switching to the visual editor afterward, which could risk messing it up.

If you’re looking for a more direct solution, you could try the TinyMCE plugin. This handy plugin gives you more control over your editor and solves some of those formatting issues by giving you several more settings to customize the editor. SyntaxHighlighter Evolved is another plugin recommended for developers who are serious about displaying code snippets in their posts.

Wrapping Up

It’s no fun to have to deal with any of these issues when they pop up unexpectedly, and even though they can take up a lot of extra time to figure out, they’re certainly not impossible to solve. You’ll find your site runs a lot smoother if you implement some of our steps when you first set up your WordPress site, rather than waiting.

Reference: wpmudev

37 Essential WordPress Plugins You Should Know

While WordPress offers a ton of features and flexibility, there is still a lot of functionality missing from the core software. The best way to fill in the missing pieces, of course, is to get yourself the right plugins.

Plugins offer all kinds of customization for site admins, however, with almost 40,000 options to choose from it the WordPress Plugin Directory, not to mention all the premium products available, it can be difficult sorting the good from the, well, not so good.

So here’s a collection of free and premium must-haves, the plugins that can help take your site from good to great. I’ve included options for everything from caching the image optimization to security and membership.

Do you have a favorite plugin from this list? Have we missed one that you think is absolutely essential for every WordPress site? Let us know in the comments below.

  • 1. W3 Total Cache


    W3 Total Cache is designed to increase the page load speed for WordPress sites, which will improve your visitors’ overall experience.

    The plugin helps to increase server performance by reducing download times. By reducing page load times, overall site performance improves which helps your site’s rank in search engines.

    W3 Total Cache can also help to improve web server performance during high traffic periods, which is crucial for larger websites.

  • 2. Jetpack


    Jetpack offers a suite of powerful features for your WordPress site. Enhanced security, improved site performance, plenty of content tools, and visitor engagement features are all part of this plugin.

    Additional features include spam-free Comments, Social Sharing, Related Posts, Post by Email, and much more.

    Jetpack even offers a mobile theme option that is lightweight and responsive, designed for phones and tablets.

  • 3. Akismet


    Akismet helps to filter out any comments on your blog that look like spam. The plugin automatically checks comments against the Akismet Web service.

    All comments will have a history for users to view that shows which comments were flagged or cleared by Akismet. In addition, those comments that were marked as spam or unmarked by a moderator will be highlighted in the history.

  • 4. Google Analytics +


    The Google Analytics + plugin allows users to easily track and view search stats for an individual site or collection of sites without leaving WordPress.

    Instead of logging into your Google Analytics account, this plugin brings the data into your dashboard. Functionality within the dashboard allows for easy navigation when viewing a single site as well as multiple sites.

  • 5. Google XML Sitemaps


    This must-have plugin will automatically generate an XML sitemap for your site. Having an XML sitemap is crucial in helping search engines better index your blog.

    With a sitemap, web crawlers can see the structure of your site and retrieve the results more efficiently.

    Search engines like Google, Bing, and Yahoo will be notified every time you create a post about your new content.

  • 6. iThemes Security (formerly Better WP Security)


    iThemes Security helps to fix common holes in your WordPress site from potential automated attacks. Many WordPress administrators generally don’t know they have these holes or vulnerabilities, but iThemes Security can help.

    Because of unknown vulnerabilities from other installed plugins, your site can be an easy target for attacks. iThemes Security works to identify and protect these holes in your site.

  • 7. Contact Form 7


    Multiple contact forms can be created and managed through this plugin. No need for extra coding with the Contact Form 7 plugin, as the form and mail contents can be easily customized through the settings.

    The Contact Form 7 also supports Ajax-powered submitting, CAPTCHA, and Akismet filtering to help with spam.

  • 8. Snapshot


    Snapshot can help to backup and restore your entire WordPress site. There is no need to hire external services to help back up your site with Snapshot.

    Site administrators can create and store as many snapshots (or backups) as they want. At any time, a single click of a snapshot can help restore your site to the point in time it was taken.

  • 9. Login Lockdown

    Lockdown and lockout intruders with this free plugin.

    Login Lockdown will help to limit the number of login attempts from a given IP for a set amount of time. Every time there is a failed login attempt on your WordPress site, Login Lockdown will record the IP address and timestamp.

    If a certain threshold of failed login attempts is passed in a short amount of time, the login function will be disabled from the IP range. This feature will help to prevent brute force password discovery attempts.

    Lock out times can also be customized to fit your site’s needs.

  • 10. Ultimate Branding


    Ultimate Branding is a WordPress plugin that can help site owners display their colors, logo, company name, etc. across their entire site.

    With Ultimate Branding, any WordPress branding can be changed to your brand. Instead of seeing the WordPress name and logo, your company name and logo can be displayed without needing to update a single line of code.

  • 11. Appointments +


    Appointments + is a premium plugin that is perfect for small businesses like salons, studios, and clinics. Basically, anyone who needs to manage and take appointments.

    By enabling customers to book appointments directly through your WordPress site, there is no need to switch between your company website and booking system any longer.

    The plugin will even integrate with PayPal to help collect payments and deposits from customers without any extra coding.

  • 12. MarketPress eCommerce


    MarketPress eCommerce is one of the most comprehensive eCommerce plugins available today for WordPress. Users can create individual e-storefront marketplaces all the way up to large eCommerce networks.

    With the premium MarketPress eCommerce plugin, users will get the features they need to sell any type of product – including digital downloads and material goods. There is no need for any add-ons or extensions with this all-in-one tool.

  • 13. Membership


    Are you looking to offer the members of your site premium content that is not available to anyone else? The Membership plugin can help you create your own membership site by granting limited access to visitors and save premium content for paid customers.

    Through this plugin, you can limit access to pages, posts, categories, videos, audio, images, PDFs, etc. The site administrator can control who sees what and when for their site.

  • 14. Pro Sites


    Pro Sites will help you create a profitable network of sites that can offer access to things like themes, plugins, storage, and domain mapping.

    The plugin makes it easier for you to offer premium services to your customers. For example, site admins can offer tiered memberships to products and services they offer.

  • 15. Yet Another Related Posts Plugin


    The Yet Another Related Posts Plugin (YARPP) can display a list of posts or pages that relate to the current post. This feature provides a great opportunity for your readers to see other relevant content from your site.

    Users have the option of displaying only content found on their site or can make extra money by displaying sponsored content.

  • 16. WP Smush Pro


    WP Smush helps to strip down unnecessary information from your images, thus reducing their file size. The good thing is that by removing all of this information from your images, the quality is not impacted.

    The end result of smaller image sizes is faster site loads, which search engines like Google love.

  • 17. BJ Lazy Load


    BJ Lazy Load can help your WordPress site load faster and save bandwidth. By replacing most images on your site with a placeholder, the plugin loads the content as it gets close to entering the browser screen when a visitor scrolls the page.

    The plugin works for all post images, thumbnails, gravatar images, and content iframes. Other images within your site can also be included by using a delivered function.

  • 18. Duplicator


    Have you ever needed to backup or move an entire WordPress site from one location to another? The Duplicator plugin can duplicate, backup, move, and transfer a site.

    The plugin can also serve as an easy utility for those administrators looking to backup their sites.

    Need to make a clone of your production site for testing purposes? Yep, the Duplicator plugin is perfect for making a backup of a WordPress site for testing and validation.

  • 19. Infinite SEO


    Infinite SEO, a powerful WordPress search engine optimization plugin, can help to boost your sites rankings. This plugin can handle all of your SEO needs in one tool.

    The meta for each post and page can easily be customized through Infinite SEO. Optimization tools, Moz integration, and automatic sitemaps are all added features of this plugin.

  • 20. Floating Social

    Floating Social

    The Floating Social plugin enables users to display social share buttons on their site, which follow readers as they scroll through content.

    This plugin is easy to install and configure. Users can activate only the media share buttons they want to include on their site. The social media buttons and links are responsive and can be adjusted in size and color.

  • 21. Relevanssi


    Relevanssi can replace the default search option on your site where results are sorted in order of relevance, instead of by date.

    The plugin is customizable so that it can be setup to do fuzzy matching on partial words. Content can be found by matching on just one search term or it can be required that all words be found.

    There is a free version of Relevanssi that supports a single site, while the premium version offers multi-site support along with other features.

  • 22. Theme Check


    Using Theme Check is a quick way to test that your active theme supports all of the current WordPress standards and best practices.

    Through a simple admin menu, Theme Check will display all the results after a test is run.

    Web developers should certainly take advantage of this plugin to make sure their theme supports the latest WordPress standards.

  • 23. Broken Link Checker


    Broken Link Checker monitors the links found in your posts, pages, comments, blogroll, and more. The plugin identifies any broken links that no longer work, missing images, or any redirects.

    Once broken links are identified on your site, links can be edited directly from the plugin page to avoid manually updating each post.

  • 24. Disable Comments


    The Disable Comments plugin enables administrators to globally control comments on their site. Comments can be disabled according to post type, on pages, attachments, etc.

    This plugin works well if you want to disable comments on certain post types or on your entire site. However, if you plan to selectively disable comments on individual posts, then this function is better handled directly through WordPress.

  • 25. Regenerate Thumbnails


    The Regenerate Thumbnails plugin enables you to regenerate thumbnails for image attachments. You have the option to regenerate the thumbnails for all image uploads, individual images, or specific multiple image uploads.

    This plugin is very helpful if you have altered any of your thumbnail dimensions or have changed to a new theme that features different image dimensions.

  • 26. Easy Updates Manager


    Easy Updates Manager enables you to manage all of your WordPress updates for a single site or Multisite install. There are tons of settings included within the plugin making it highly customizable.

    Features include options to automatically update WordPress major and minor releases. Site administrators can also opt to automatically update plugins, themes, and much more.

  • 27. Redirection


    Redirection can help manage 301 redirects and keep track of 404 errors without digging into .htaccess files. This plugin can be very useful if you are migrating pages from a different website and changing the directory structures of your WordPress installation.

    A redirection can be setup to pass a URL through to another page, file, or website. Any URL can be redirected, not just those that no longer exist.

  • 28. TablePress


    With TablePress, you can easily create tables that can be embedded into posts, pages, or text widgets by using a Shortcode. No special coding is necessary as table data can be entered directly into a spreadsheet interface.

    Tables can contain any type of data, including formulas. Sorting, pagination, and filtering add additional functionality for TablePress. Tables can also be imported and/or exported from/to Excel, CSV, HTML, and JSON formats.

  • 29. Edit Flow


    Edit Flow makes it easy to communicate with your team members directly within WordPress. It can be customized to fit your specific workflow needs.

    Features include a calendar that offers a view of your scheduled content. Custom statuses can be created to define specific stages of your editorial workflow. Writers and editors can have private discussions through editorial comments all from within WordPress.

  • 30. WP Mail SMTP


    The WP Mail SMTP plugin reconfigures the WordPress delivered mail function to use SMTP. It offers a setup page that enables you to configure various email options. These options include specifying an SMTP host and SMTP port, specifying the from name and email address for outgoing mail, setting SMTP username and password, and more.

  • 31. Gallery


    Gallery offers tools that will assist in adding and editing images for different views on your site that are 100% responsive. Photo galleries and albums can be easily added to posts and pages within WordPress as well as to multiple widgets.

    The plugin can also make it easy to rename, upload, remove, and copy images in just a few steps. Image descriptions and tags can also be added through this tool.

  • 32. All In One Schema.org Rich Snippets


    The All In One Schema.org Rich Snippets plugin can help give search engines a useful summary of your content to display. These useful snippets of information for your content can help you stand out from your competition.

    The plugin supports the following content types: review, event, people, product, recipe, software application, video, and articles.

  • 33. Fast Secure Contact Form


    The Fast Secure Contact Form plugin enables you to easily create and add forms to your WordPress site. Multiple forms can be created with an option to redirect visitors to any URL once the message is sent.

    Contact forms created by this plugin can easily be customized to fit your site. Extra fields of any type can be added, including: text, textarea, checkbox, checkbox-multiple, radio, select, select-multiple, attachment, date, time, hidden, password, and fieldset.

    The plugin also includes CAPTCHA and Akismet support to help block spam.

  • 34. Display Widgets


    Display Widgets enables you to change your sidebar content for different pages, categories, and more. No more extra coding is required to create multiple sidebars for different scenarios on your site.

    All you need to do is click a checkbox on or off for where you want widgets to display or be hidden.

  • 35. Advanced Custom Fields


    The Advanced Custom Fields plugin gives WordPress users the flexibility to visually create custom fields for their site.

    Custom field input types include: text, textarea, wysiwyg, image, file, page link, post object, relationship, select, checkbox, radio buttons, date picker, true/false, repeater, flexible content, and gallery.

  • 36. P3 (Plugin Performance Profiler)


    Often times when a WordPress site loads slowly, it is a result of multiple plugins running. The P3 plugin can help WordPress administrators identify plugin(s) that are causing slowness on their site.

    By measuring the load times of plugins running on a site, administrators can make decisions on what to do with those that are under performing.

  • 37. Black Studio TinyMCE Widget


    Black Studio TinyMCE Widget enables you to insert rich text and/or media objects directly into your sidebars without any HTML coding through a visual editor.

    As a default, WordPress text widgets lack the editor capabilities that are offered in posts and pages. The Black Studio TinyMCE Widget overcomes these limitations by providing a clean visual interface to add media and text.

    Those that prefer to switch from a visual editor to HTML (like posts and pages) also have that option.