Backing up your software sounds like a chore to most of us out there, but I guarantee you you will thank yourself for doing it plus there a plenty of solutions to automate it.

Perhaps you’re not really sure when to backup and when not? Here’s just a few things you could be doing that in my opinion requires a backup first:

• Activating a plugin that uses the database to store it’s settings and other stuff
• Adding a sweet code snippet to your functions.php
• When you’re about to modify any theme template file.
• Before updating your WordPress installation to the latest WordPress version (on a sidenote: WordPress released it’s 3.0 RC2)
• Adding just a few lines of CSS to any stylesheet

There a few things you should backup on a regular basis:

• Your Theme folder
• The complete contents of wp-content
• The complete WordPress installation
• Your Database

The frequency of these backup depend entirely on how active your site is, but my general rule of thumb is at least every day. At least. Backing up your theme folder every now and then is only really necessary if you’re one of those people who like to temper with the different template files and your style sheet. But again, better be safe then sorry so there’s really no overkill in these kinds of things.

I know you keep hearing everybody talk about it, but these things ARE really life savers. So confession time: honestly, how well are you prepared for accidental screw ups, hardware failures or even hacked sites? How many times do you back up?

This article first appeared on BloggingPro: The Good And The Bad About Working With Theme Frameworks

Photo Credit: Pong

Humor Yourself, Backup Your WordPress Site is a post from: ForSite Media

Perhaps you have noticed here on BloggingPro most images in post do not exceed the 240px range, but of course not all images can be found in exact that width. Most of the time you need to crop or resize those images you found to the proper width size.

I don’t know about you, but if I don’t have to fire up Photoshop or GIMP for such an easy task I’d rather not.  Furtunatly WordPress comes built in with a solution. We even mentioned it before.

After you have uploaded an image you are given the chance to edit that image. Yes, that same screen where you decide what alignment you want to give that image, where to link it at, what title the image should have, that’s where you can actually edit the image. Right next to the thumbnail image it says <em>Edit Image</em>

That <em>Edit Image</em> certainly is not a replacement for Photoshop and the likes, but you can perform some basic actions like scaling, my favorite. To show you what I mean I actually created a short screen cast of editing an image to scale a 800px wide image back to 230px.

This is just an example of what you can do, as you have seen there are more things you can do with that image. A function in WordPress people in general make very little use of, mostly because they don’t know it’s there.Were you aware of this function and if so have you ever used it?

This article first appeared on BloggingPro:Scaling Images via the Image Upload Function in WordPress

Edit Images in WordPress is a post from: ForSite Media

There are three sources about Custom Post Types I think you all should read to get a better grasp of what it can do for you. I’ve heard people say that the new WordPress 3.0 Custom Post Types feature is really not all that important, but I’d like to show them different by presenting you these three great sources.

1. Justin Tadlock wrote an extensive review about custom post types explaining in great detail what they are, how they behave and what you can do with them:
   

   Don’t be confused by the term “post” in the name. It is actually an extremely generic term and should not be considered the same thing as a blog post. If you prefer, you can replace it with “content” instead.

   Visit Justin’s site for more information.

2. The second source I’d like to bring to your attention is by Konstantin of kovshenin.com. Konstantin also demonstrates with some inspiring examples how to bend the custom posts types functionality to your liking. To give you an example:
   

   One more example – a Real Estate Agency, same story – Pages, Blog Posts, News stories, property For Sale, property For Rent, Land for sale. The last three would contain extra taxonomy in forms of Country, Region. Custom fields such as price, total area, etc. The Edit Property page could even contain a Google Map where you could point out its location!

   Visit kovshenin.com for more information

3. The last, but certainly not the least source I’d like to run by you is about the Custom Post Types UI plugin by Brad Williams. This plugin enables you to create custom post types without having to code, if that’s not your thing. Or as Brad puts it:
   

   This plugin provides an easy to use interface to create and administer custom post types in WordPress. Plugin can also create custom taxonomies. This plugin is created for WordPress 3.0.

   Visit Brad’s site for more information.

So, with all that information taken in now, what do you think the Custom Posts Type feature can offer you?

This article first appeared on BloggingPro: Custom Post Types Sources You Should Know About

Post image by teilr

Everything You Wanted To Know About Custom Post Types is a post from: ForSite Media

With the recent Pharma hack, more info about it plus a solution on Chris Pearson’s blog, going round I thought it was time to focus on WordPress security today. There are a lot of things you can do build extra layers of security for your WordPress installation.

There are a few different layers involved to secure your WordPress installation. I shall list them grouped together as much as possible.

Server-side & .htaccess

WordPress security starts of course by using a proper hosting company. If a server setup is not secure by default then no amount of security measures is going to keep unwanted visitors out. Please look around before you decide which hosting partner will work best for you.

.htaccess Lockdown

Your .htaccess file can be used for a lot of neat stuff, but most certainly should be deployed to stop hackers from getting in. The .htaccess lockdown allows for you to specify which IP addresses can be used to access your admin dashboard.

Adding the following lines of code will help you doing this:

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "Access Control"
AuthType Basic
order deny,allow
deny from all
#IP address to Whitelist
allow from 123.456.789.012

The 123.456.789.012 part should be replaced with your IP address. Not sure what your IP address is? A visit to What’s My IP will help you out. For an even more extensive solution visit Blog Security.

Disabling Directory Browsing

Some server setups will allow directory browsing, which means that you can see the contents of, say, your plugins folder at http://yoursite.com/wp-plugins/. Disabling this can be quickly done by adding the following piece of code to your .htaccess file:

Options All -Indexes

Secure .htaccess

It should be obvious by now how important a secure .htaccess file is. Firstly you should restrict the file permissions to CHMOD 644.
Log onto your server with your favorite FTP browser and navigate to the root of your domain (Usually this in the public_html folder, unless you have setup your blog installation in its own folder). Find the .htaccess file and right-click the file and set permissions to 644.
The second method – and I would do both – is to add the following code to the very bottom of the content of your .htaccess file:

<files wp-config.php>
Order Deny,Allow
Deny from All
</files>

This is basically only allowing your .htaccess file to access your wp-config.php file.

For more specific and advanced Apache hardening techniques checkout Ask Apache on WordPress and Perishable Press 3G Blacklist.

Optimizing your wp-config file

Optimizing your .htaccess file is a good start, but next your wp-config.php should get some love.

Moving your wp-config file

Starting from WordPress 2.6, you can move your wp-config.php file to one directory above the current location. WordPress will check automatically if the wp-config file is not found in the WordPress directory one directory above the current one.

Change the WordPress table prefix

When installing WordPress the table prefix is wp_ by default. Upon installation it’s easy changing this so something custom, like i.e. blpro_, but it’s a bit harder to do when you already have your site up and running. This is where the plugin WP Security Scan comes to the rescue. This plugin will allow you to change the prefix to a custom one. This way you have given hackers trying to hack into your installation one extra hurdle.

Define Your Secret Keys

When you look in your wp-config file you will find a section that says this:

/**#@+
 * Authentication Unique Keys.
 *
 * Change these to different unique phrases!
 * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/ WordPress.org secret-key service}
 * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
 *
 * @since 2.6.0
 */
define('AUTH_KEY', 'put your unique phrase here');
define('SECURE_AUTH_KEY', 'put your unique phrase here');
define('LOGGED_IN_KEY', 'put your unique phrase here');
define('NONCE_KEY', 'put your unique phrase here');
/**#@-*/

The link mentioned here provides you with a new set of rules which you can replace the bottom four define rules with, like this:

define('AUTH_KEY','lj+_ .[6c1=13n rhZBhjXd0o|miL<bacpyhqzrl }o2a|irZy-]Wy8PYW+a]zE]5');
define('SECURE_AUTH_KEY','s8p1+WgH0{Ph/)Vr;pFggsp{xoh8Cy>>#/+]EJ|P|yQfS* /SJO7XuK#G3&f1rnZ');
define('LOGGED_IN_KEY','h$eIl%#nZ|.}z-U)Z:O$u,y c[N;7^j-x,)Zs*wUHheGO-(KKpONVC664X$uO$Mt');
define('NONCE_KEY','d=>/Uh@%RnZ|*<bgq [2<_R@spP*oE[7oE?<#%xyoowmU0XzxK DjhyLXLcifX32k');

With this step you have made your login passwords a lot stronger than before. Don’t copy the line above, but simply visit https://api.wordpress.org/secret-key/1.1/ for you personal Secret Keys.

WordPress Security plugins

There are many WordPress Security plugins out there, thankfully. I will list the most important ones, plugins I all use on a day to day basis here.

WP Security Scan

WP Security Scan scans your WordPress installation for security vulnerabilities and suggests corrective actions. This is what the plugin will do and look at:

• passwords
• file permissions
• database security
• version hiding
• WordPress admin protection/security
• removes WP Generator META tag from core code

Download WP Security Scan

Login LockDown WordPress Security

Login LockDown records the IP address and timestamp of every failed WordPress login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range the login function is disabled for all requests from that range. This helps to prevent brute force password discovery.
Download Login LockDown WordPress Security

Stealth Login

This plugin allows you to create custom URLs for logging in, logging out, administration and registering for your WordPress blog. Instead of advertising your login url on your homepage, you can create a url of your choice that can be easier to remember than wp-login.php, for example you could set your login url to http://yoursite.com/login for an easy way to login to your website.
Download Stealth Login

AntiVirus for WordPress

AntiVirus for WordPress is a smart and effective solution to protect your blog against exploits and spam injections. Some of its features include: monitors possible platform vulnerabilities, virus injections, malicious links, etc. It can also send you email notifications and whitelisting.

Download AntiVirus for WordPress

General Precautionary Measures

This is just a short list of general precautionary measures:

• Always have your WordPress software and WordPress plugins updated to the latest version.
• Got any unused WordPress themes and WordPress plugins installed but not activated? Delete them!
• Always use a strong password. Check out this guide on choosing a strong password at the Blog Herald.
• Ditch that admin account and make it a lot harder for hackers to guess your login.
• Use correct file permissions on your WordPress files. General rule is that Files should have a CHMOD value of 644 and folders 755.
• Back up your WordPress database on a regular basis. Any of these plugins will do the job for you in an automated fashion

Sources & Extra Resources

• 10 Way to Stop Spam in WordPress
• WordPress Security Tips and Hacks
• Hardening WordPress with .htaccess
• How to Secure Your WordPress site
• Top 5 WordPress Security Tips
• Advanced WordPress wp-config Tweaks
• 20+ Powerful WordPress security Plugins
• 12 Essential Security Tips and Hacks for WordPress
• A to Z of WordPress .htaccess Hacks

5 Minutes and Counting

WordPress claim to a quick and easy installation of 5 minutes still stands. But, you can easily see how adding a few extra layers of security easily adds a bit of extra time after the installation. Time very well spent though. So what’s your thought? Have I forgotten your favorite WordPress Security tip?

This article first appeared on BloggingPro: WordPress Security – A Comprehensive Guide

Everything You Need to Know About WordPress Security is a post from: ForSite Media

Exclude Pages

Exclude Pages is a plugin that does exactly what the title suggest. It allows you to specify per page whether or not a page needs to be in the menu or not. This plugin adds a checkbox, ‘include this page in menus’ to your page edit screen. All you need to do is uncheck this to exclude pages from the page navigation so that users won’t see on your site. As simple as that. Do keep in mind that pages which are children of excluded pages also do not show up in menu listings.

Download Exclude pages here.

Page Links To

A wonderful little plugin called ‘Page Links To’ allows you to create a WordPress page or post link to a URL of your choosing, instead of its WordPress page or post URL. Especially when used with pages in a (dropdown) menu you can pretty much add any link you can find in your site to use as destination for the page. Page Links To will even allow you to redirect people who go to the old URL to the new one you’ve chosen. So with this plugin it’s very easy to add a link to a certain category or tag listing or even author pages.

Download Page Links To here.

Members

Now the third plugin is called Members and isn’t your typical Page or even Menu Management plugin, but it as plugin that lets you create a very custom made menu when there’s roles involved. For example, when you have a set of pages in your menu that are only meant to be visible for your clients then Members will allow you to create that. Rather than going into detail too much about what Members can do for you, because that is a lot, have a look at two screencasts that will explain to you better than I can do with words how you create a role depended menu.

And now for the actual magic:

More out there
I know there are a lot more plugins out there that let you manage your menu, but these three I have found to be working perfectly every time I have used them. If however you are curious about other plugins out there, I do encourage you to see what the plugin repository has to offer you on pages and menus.

This article first appearded on BloggingPro: Menu Management for WordPress

Menu Management for WordPress is a post from: ForSite Media

You of course already knew WordPress 3.0 will be sporting a brand new default theme, named Twenty Ten, but there are quite a few more new features that can improve your WordPress experience. Instead of listing every single feature, I thought it would be nice to make a list of those who already wrote about WordPress 3.0.

Custom Post Types

The Custom Post Type feature will make it possible to have a certain type of post show up with only those features that you really need when writing a post. I think Dougal sums it up very nicely:

A nice feature of custom post types is that you can customize which pieces of the editor appear for them. Don’t need excerpts? Turn them off. Don’t need post thumbnails (I mean “featured images”) or custom fields? Turn them off. Want to just use the excerpt field, and eliminate the WYSIWYG editor? You can do that.

More reading on Custom Post Types

• First Impressions of Custom Post Type
• Custom Post Types in WordPress 3.0
• Custom Post Type UI Plugin for WordPress
• Extending Custom Post Types in WordPress 3.0

Menu

There’s been a lot of talk about new Menu feature and the way it looks now is certainly not set in stone yet, but you get a pretty good feel of what the WordPress 3.0 Menu function will look like after having looked at this video.

Multisite / Network

One of the first things we knew about WordPress 3.0 is that is would merge the stand-alone version of WordPress with the Multi User version we all know as WordPress MU. Alongside with Custom Post Types this to me is the best feature of WordPress 3.0.

More info can be found here

• WordPress 3.0 Multisite Settings
• Running on WordPress 3.0

Custom Background

A very clever feature which will find it’s way to a lot of themes, I’m sure, is the custom background feature. With this feature you can quite easily change the background of your design by simply uploading a preferred image and activating it. Twenty Ten already has this feature built in.

• WordPress 3.0 Custom Background Support

Conclusion

I haven’t even scratched the surface when it comes to the total list of all the new stuff WordPress 3.0 will bring us, but I’m sure there’s plenty of information available behind all the links in this post that will help you get a good feel of what WordPress 3.0 is going to do for you. Should you be interested in all the new features than be sure to check out the WordPress 3.0 on the Codex. If you want to help out testing be sure to download the beta and any and all bugs you encounter can be reported via the wp-testers mailing list.

This article first appeared on BloggingPro: Get Ready for WordPress 3.0

What Can You Expect From WordPress 3.0 is a post from: ForSite Media

I’ve never been a fan of either Kubrick’s look or code, but I must say Twenty Ten is genuinely a great base theme to use for all your WordPress projects, especially when working with Child Themes. Sure it’s not as advanced as say Thematic, but it does produce powerful semantic HRML and is in general very well SEO optimized. No surprise there because Ian Stewart, the creator of Thematic, was also the one who inspired Twenty Ten with his theme called Kirby, and recently joined Automattic as a Theme Wrangler.

Twenty Ten will feature amongst other things a proper horizontal dropdown menu, great typography, microformats. post thumbnails for custom headers and WYSIWYRG. A very cool feature that makes use of editor-style.css stylesheet which in turn makes sure you are now getting a perfect replica of your blog’s theme when you’re writing in the WordPress’ visual editor. This neat function was introduced by Andrew Ozz and implemented by Matt Thomas (the actual author of Twenty Ten) and I’m sure it will find it’s way very quickly to a lot of themes.

To really get a good impression of what Twenty Ten looks like you can head over the the Development blog of Twenty Ten which, of course, uses WordPress’ new default theme. If you’d like to check under the hood and see what the fuss is all about you can download Twenty Ten by downloading a zip file of the latest bleeding edge version of WordPress (which should never be used on live a live site and only as a test installation). In the wp-content/themes folder you will find the latest version of Twenty Ten.

All in all Twenty Ten to me is a major improvement over Kubrick. What do you think?

This article first appeared on BloggingPro: Twenty Ten: The New and Improved Default WordPress Theme

Twenty Ten, a New Default Theme for WordPress is a post from: ForSite Media