Tag Archives: wordpress

Password Protect more than just Content and Comments

The following is not a news, but today I had to fix a problem like that at work, so I thought that can be repeated for who has a similar situation.

worpress-password-protected

In WordPress when you use Password protected posts or pages, the post or page content will be hidden until the user inserts the password.

By default WordPress will hide the content and the comments of the post or page that  uses Password protected in the settings and show on screen a message like

This post is password protected. To view it please enter your password below:

The title will also start with “Protected: “. See here how to remove the title prefix.

When the user will type the right password than will be able to view the page completely.

Code wise will be hidden just the text or HTML returning by the following methods

the_content();
comments_template();

inside the files in your WordPress theme (page.php or single.php or index.php).

Problem?

You will find that if you use custom fields or simply use in your loop

<img scr="<?php echo get_post_meta($post->ID, 'postThumb', true); ?>" />

those data will not be protected and they will be visible on the screen.

How to protect custom fields in WordPress?

The simple solution is to use the WordPress function post_password_required() like in the example below

<?php
    if ( !post_password_required() ) 
    { 
        // your protected stuff here
    ?>
    <img scr="<?php echo get_post_meta($post->ID, 'postThumb', true); ?>" />
    <?php
    }
?>

Remove Protected and Private title prefix

If you use Private or Password Protected posts or pages you might want to remove that awful title prefix

  • Private: …
  • Protected: …

To remove the title prefix you can simply add in your WordPress theme functions.php file, the following code

function the_title_trim($title)
{
  $pattern[0] = '/'.__('Protected').': /';
  $pattern[1] = '/'.__('Private').': /';
  $replacement[0] = ''; 
  $replacement[1] = ''; 
  return preg_replace($pattern, $replacement, $title);
}
add_filter('the_title', 'the_title_trim');

This code will remove the title prefix for Private and Password Protected pages and posts, independently by the language used in the WordPress installation.

Redirect to post when search query returns single result

To avoid the list of just a single search result, you can add the following code in your theme’s function.php file.

add_action('template_redirect', 'single_result');  
function single_result() {
	global $wp_query; 
	if ( is_search() && !is_paged() ) {
		if ( $wp_query->post_count == 1 ) {
			wp_redirect( get_permalink( $wp_query->posts['0']->ID ) );
		}
	}
}

This code will also avoid the automatic redirection in case of many search results split in pages and in the last page there is just a single result.

Defer loading of JavaScript in WordPress

Deferring loading of JavaScript functions that are not called at startup reduces the initial download size, allowing other resources to be downloaded in parallel, and speeding up execution and rendering time.

While this “lazy” method of loading doesn’t reduce the total JS payload, it can significantly reduce the number of bytes needed to load the initial state of the page, and allows the remaining bytes to be loaded asynchronously in the background.

In order to speed up the loading of a page all the JavaScript in the HTML header has to be run after the page finish to load, more precisely at the end of the page before the </body> tag.

WordPress automatically adds all the core and plugin JavaScript in the HTML header using the function wp_head() or at the end of the page using wp_footer().

All the JavaScript contained in the header wp_head() has to be moved at the end of the page in wp_footer().

In order to do that you can add those simple line in your function.php of the your theme.

if(!is_admin()) {
	// Move all JS from header to footer
	remove_action('wp_head', 'wp_print_scripts');
	remove_action('wp_head', 'wp_print_head_scripts', 9);
	remove_action('wp_head', 'wp_enqueue_scripts', 1);
	add_action('wp_footer', 'wp_print_scripts', 5);
	add_action('wp_footer', 'wp_enqueue_scripts', 5);
	add_action('wp_footer', 'wp_print_head_scripts', 5);
}

All this will be valid just in the public website not for the admin panel.

Make sure that in your theme you will not add any other JavaScript in your header.

If you use HTML5, Modernizr (or html5shiv) needs to be in the HTML header, in order to make the old browsers (i.e. IE7, IE8) HTML5 and CSS3 friendly.

 

How to update WordPress on Aruba.it hosting

Aruba.it has a strict write permission on his web hosting servers.
Just adding the following two simple lines at the top of the wordpress configuration file wp-config.php and your website will be able to run all the updates without returning any error.

<?php
   define('FS_CHMOD_FILE',0755);
   define('FS_CHMOD_DIR',0755);
   ...
?>

Enjoy your automatic wordpress upgrades and plugin updates.

Personalise the WordPress maintenance page

Every time you update your WordPress site, the website will show the maintenance message to visitors.

Unfortunately the default maintenance page is not so pretty. What can you do about that?

Simple! Just design an HTML page as you like with the message that the website is under maintenance and it will come back soon.

Use the file name

maintenance.php

for this page and upload it to your

/wp-content/

folder.

The next time you will update your WordPress installation that page will be served to your visitors.

 

Protect your wp-config.php

You can protect your wp-config.php in WordPress if you have access and your server support .htaccess.

Just make a little addition to your .htaccess as following:

<File wp-config.php>
order allow, deny
deny from all
</File>

Malicious people will have an harder life in order to get hold of your wp-config.php file, which contains really sensitive information.

Try this out on a test installation first just to avoid funny surprises in case you have some sort of special configuration.

How to show a custom post type in a category page in WordPress

If you want to use the default taxonomy category in a custom post type (i.e. products) it is easy, just create your new post type “Product” and link it to use the taxonomy category.

Example
add to your theme function.php the following:

add_action('init', 'create_my_post_types');
function create_my_post_types() {
	register_post_type(
		'products',
		array(
			'label' => 'Products',
			'description' => '',
			'public' => true,
			'show_ui' => true,
			'show_in_menu' => true,
			'capability_type' => 'post',
			'hierarchical' => false,
			'rewrite' => array('slug' => '', 'with_front' => true),
			'query_var' => true,
			'supports' => array(
				'title',
				'editor',
				'excerpt',
				'trackbacks',
				'custom-fields',
				'comments',
				'revisions',
				'thumbnail',
				'author',
				'page-attributes'
			),
			'taxonomies' => array('category'),
			'labels' => array (
				'name' => 'Products',
				'singular_name' => 'Product',
				'menu_name' => 'Products',
				'add_new' => 'Add Product',
				'add_new_item' => 'Add New Product',
				'edit' => 'Edit',
				'edit_item' => 'Edit Product',
				'new_item' => 'New Product',
				'view' => 'View Product',
				'view_item' => 'View Product',
				'search_items' => 'Search Products',
				'not_found' => 'No Products Found',
				'not_found_in_trash' => 'No Products Found in Trash',
				'parent' => 'Parent Product'
			)
		)
	);
}

As alternative to create you post type you can easily use a WordPress plugin Custom Post Type UI or similar plugins.

Soon you will realise that when you go in a category page just default post will be displayed. Where are my products gone?

Strangely if you use the widget Categories with the tick “Show post counts” on you will see that the total number of post in a single category will be the sum of the default posts + the products (custom post type)

In order to have in the category page both the post types together you need to patch a bit the query that return the post inside a category.

Add to your theme function.php the following:

add_filter('pre_get_posts', 'my_get_posts');
function my_get_posts($query) {
    if(is_category() && false == $query->query_vars['suppress_filters'])
        $query->set('post_type', array('post', 'products'));
    return $query;
}