WordPress Hacking and you What you can do

As if website hacking is not something new to you, to mention hacking of WordPress sites could just sound like another form of it. But you’re relying on the wonderful technology that WordPress provides to post, manage and display your website content could mean just being over –confident or outright ignorant about the perils that are already the matter of concern in the wide world of website design.

Wordpress Hacking and you
WordPress Hacking and you

Any website is hacked for a variety of reasons; to steal information, to place spammy links, to feed on the traffic a particular website has to ones advantage and much more. This is not very different with hacking of WordPress sites too. WordPress works almost entirely on its plugins and a well devised database to create a system where dynamic content is a cakewalk for anyone, who owns a website, to manage. Hackers simply find the vulnerability in a plugin, insert a malicious code or code edit and gain access to the database that manages all content. There, they can place SQL codes to manipulate the website’s content and pretty much have your website under their control.

Why WordPress is a point of concern?

Why WordPress is a point of concern
Why WordPress is a point of concern

 

The turn of events, making a highly desirable and easy technology as WordPress, utilized for website designing from just being a blog building platform, to be a vulnerable target for hackers to break in to, is more of a recent development. The interesting facts related to this phenomenon are;

  • WordPress’s popularity has soared across the world and currently accounts for a huge share of websites built and maintained around the world.
  • Ease with WordPress in building websites has misled website owners to a false sense of security also. Most of this is seen among small businesses and startup companies who are also happy with the lesser investment it needs.
  • Following the last point, a large group of website owners don’t really religiously update their WordPress installations, whereby rendering themselves vulnerable to security loopholes that hackers utilize.
  • The third-party plugin developers are also risking their customers with plugins that has not been tested enough and neither been created with farsightedness.

Let’s try a more technical view of this scenario.

image03

  • On a development level, bad coding can create vulnerabilities that hackers can use to their advantage
  • At the administrative level, applying poorly constructed passwords can make access to skilled hackers very easy
  • Plugins developed without a good amount of testing and a stable and fool-proof coding can compromise the website’s security on a whole
  • Website owners/managers who do not care to do regular WordPress updates puts themselves at great risk of falling prey to newer hacking attacks

So how do I safeguard myself?

image04

It’s one thing to operate and manage WordPress modules at an operational level, where you essentially add and edit content for your website. When it comes to making your WordPress website safe from hackers, you definitely need to meet the experts and get things done. Nevertheless, you had better looked up for the following cues;

  • Are there pages in your websites failing to appear as expected?
  • Is your admin area failing to perform at any point?
  • Have you verified that new plugin that you have considered attaching to your website?
  • Are you getting a lot of spam emails lately?

If any of these cues turns on, it’s time for you to call for technical experts like hosting supporters to get your website checked. Few of the measures that can help in preserving your website are;

  • Take backup of your website data regularly
  • Change your passwords to stronger ones. The more mixed up and complex, the better
  • Use WordPress security keys. Your hosting support should know that in the file wp-config.php there is a place where you can enter encrypted security keys for information stored in your cookies. Go to https://api.wordpress.org/secret-key/1.1/ to generate your keys and update your wp-config.php
  • Delete plugins that cannot be trusted or those that are not in use anymore
  • If you can make out from the Error log file, it will tell you which file is causing the issue. You can replace or remove those files
  • It is best to upgrade your WordPress to latest versions. This also includes your Worpress theme
  • Check for file permissions and upload permissions
  • Use some security plugins like the ones listed below
    • Wordfence
    • All in One Security Firewall
    • Sucuri Security
    • iThemes Security (formerly Better WP Security)
  • Change WordPress Table prefix. This is something your tech support understands and can help you with
  • If you have any contact forms in your website, crosscheck with developers if that form is built with core CT standards.

image05

WordPress has made building and maintaining websites a wonderful experience for you. But as much a great tool it is, it can serve you with its caliber when you keep it updated and well-maintained. Your diligence will pay off with your WordPress installation giving you the great advantage of seamless website performance for a long time into the future.

Disable sending password email to new wordpress users

Some days before I installed new wordpress 4.3 version, I came across with issue of sending email forcefully to new wordpress user on their email address. Many times wordpress admin wants to create users like authors, contributers and subscribers in their website. But with newer version of wordpress, we cannot create wordpress users without informing them.

This password email change is added for better security. This feature has following feature.

– Strong admin control over options

– Random generator is fine, but

– Strong passwords mandatory, at least XX (16? 20?) characters

Here is tutorial for disable sending password email to new wordpress users

Following is screen shot of user creation form in wordpress 4.3 and newer version.

Disable sending password email to new wordpress users
Disable sending password email to new wordpress users

Issue

Many times, I requested to add guest post so, I wanted to create contributes. But due to this feature, I cannot create users without email confirmation.

Here is solution:

You can add following code in your functions.php file, which you can find in your wordpress theme folder.

// Fix New User Email Send
if ( !function_exists('wp_new_user_notification') ) :
function wp_new_user_notification( $user_id, $notify = '' ) { }
endif;

After adding this code, I am able to create wordpress user without sending email to user.

how to get parent page title in wordpress

If want to get parent page title in wordpress and show in wordpress then use following code snippet in your theme you can easily get the parent page title.

how to get parent page title in wordpress

Normally what I would do is check $post->parent and if 0 then return page title else return title of page above. Problem is that $post->parent will only go back one level. I need to use some sort of recursive function that keeps going back until $post->parent == 0.

Add following code in to your wordpress theme, functions.php file and that sit. you will done.

<!--?<span class="hiddenSpellError" pre="" data-mce-bogus="1"-->php
 global $post;
 $parent_title = get_the_title($post->post_parent);
 echo $parent_title;
?>

Using above code you can easily print the page title in wordpress theme.

how to get parent page title in wordpress
how to get parent page title in wordpress

Change image name to wordpress post slug during upload

WordPress tutorial, Change image name to wordpress post slug during upload. If you want to rename files during upload and set their names to the post slug.

If you want to rename files during upload and set their names to the post slug the files are being attached to, plus some random characters (a simple incremental counter will be just fine) to make the filenames different.

Change image name to wordpress post slug during upload

Change image name to wordpress post slug during upload
Change image name to wordpress post slug during upload

In other words, if you are uploading/attaching images to the post whose page slug is “test-page-slug”, i’d like for the images to be renamed on the fly to test-page-slug-[C].[original_extension] — test-page-slug-1.jpg, test-page-slug-2.jpg etc (no matter what the original filenames were).

This is very easy. You just need to use following hook in functions.php file.

function wp_modify_uploaded_file_names($image_name) {

    // Get the parent post ID, if there is one
    if( isset($_GET['post_id']) ) {
        $post_id = $_GET['post_id'];
    } elseif( isset($_POST['post_id']) ) {
        $post_id = $_POST['post_id'];
    }

    // Only do this if we got the post ID--otherwise they're probably in
    //  the media section rather than uploading an image from a post.
    if(is_numeric($post_id)) {

        // Get the post slug
        $post_obj = get_post($post_id);
        $post_slug = $post_obj->post_name;

        // If we found a slug
        if($post_slug) {

            $random_number = rand(10000,99999);
            $image_name['name'] = $post_slug . '-' . $random_number . '.jpg';

        }

    }

    return $image_name;

}
add_filter('wp_handle_upload_prefilter', 'wp_modify_uploaded_file_names', 1, 1);

This is very easy.
if you have pretty permalinks enabled, so I’ve added a check to make sure there is a slug before renaming the file. You’ll also want to consider checking the file type, which I haven’t done here–I’ve just assumed it’s a jpg.

How to How to remove first image from post wordpress

wordpress tutorial, remove first image from post wordpress. In many wordpress old site they used the first image as post or featured image. Here solution. while showing the single post they not want to show the first image which is uploaded.

How to remove first image from post wordpress

How to remove first image from post wordpress
How to remove first image from post wordpress

Using following code you can remove the first image from wordpress post. Please put following code in to functions.php file (you will find this file in your theme folder)


function remove_first_image ($content) {
if (!is_page() && !is_feed() && !is_feed() && !is_home()) {
$content = preg_replace("/<img[^>]+\>/i", "", $content, 1);
} return $content;
}
add_filter('the_content', 'remove_first_image');

when you see the single page of blog then you will not see the first image from blog post.

 

Add Custom Content to End of RSS feed for wordpress

wordpress tutorial for, Add Custom Content to End of RSS feed for wordpress. WordPress has own wordpress api to designed many RSS feed format. code given here.

Add Custom Content to End of RSS feed for wordpress

RSS (most commonly expanded as Really Simple Syndication) is a family of web feed formats used to publish frequently updated works—such as blog entries, news headlines, audio, and video—in a standardized format.

Add Custom Content to End of RSS feed for wordpress
RSS feed are very important. WordPress has own wordpress api to designed many RSS feed format.
In this tutorial I will show you how to add the custom text in your rss feed.
You just need to open your functions.php file and put following code in that file.

function feed_the_Filter($query) {
if ($query->is_feed) {
add_filter('the_content','add_to_feed');
}
return $query;
}
add_filter('pre_get_posts','feed_the_Filter');

function add_to_feed($content) {
$content .= '<p>Follow us on Twitter &amp;lt;a href="http://twitter.com/wordpressapi"&amp;gt;Wordpress API&amp;lt;/a&amp;gt;</p>';
$content .= '<p>Join our &amp;lt;a href="http://www.facebook.com/pages/wordpressapi/280021545846"&amp;gt;Wordpress API Facebook Community Page&amp;lt;/a&amp;gt;</p>';

return $content;
}

disable image upload for wordpress users

wordpress tutorial, disable image upload for wordpress users. If you want to restrict the normal author to upload media file your wordpress blog.  So you can use the following code in your functions.php file.

disable image upload for wordpress users

disable image upload for wordpress users
disable image upload for wordpress users

Following function will remove the upload media button from wordpress dashboard.


//remove the upload buttons for auther and other wordpress user
function removemediabuttons()
{
if($user-&amp;gt;wp_user_level &amp;gt;= 1) {
remove_action( 'media_buttons', 'media_buttons' );
}

}
add_action('admin_head','removemediabuttons');

Following code will remove the media library tab from the Add new post section for all the users.
Restricts media library access (subscriber) under the “add new post”

function remove_medialibrary_tab($tabs) {
unset($tabs['library']);
return $tabs;
}
add_filter('media_upload_tabs','remove_medialibrary_tab');

This hack is very important for wordpress developers. when you are developing the multiuser wordpress site.

how to hide wordpress login page error messages

wordpress tutorial, how to hide wordpress login page error messages. Here in this article We are Hiding wordpress dashboard login error is very basic thing for keep away hackers.

how to hide wordpress login page error messages
how to hide wordpress login page error messages

Hiding wordpress dashboard login error is very basic thing for keep away hackers. Whenever you and any hackcer are trying to login using the correct username but with the wrong password, that will give you a message saying “Error: Incorrect Password.” hacker will got the clue that the username entered is in the system, and that they simply need to crack its password. Same with username also you will got following message.
“Error: Invalid username”
For avoiding this thing you just need to open your functions.php file and put the following code in that file

add_filter('login_errors', create_function('$a', "return null;"));

This hack will remove the WordPress error by displaying nothing when a login is incorrect.

 

How to set post first image as featured image automatically

So using or choosing the image as featured image for post is another manual work we need to do. Info about. how to set post first image as featured image. We have SQL query for this.

From wordpress 3.0 version wordpress launched the feature called featured image. Many new wordpress themes are compatible with new wordpress version. So using or choosing the image as featured image for post is another manual work we need to do.

Many old wordpress website holder or blogger is having issue with this functionality. What they want is when they create the post they haven’t set the featured image, but they would like the featured image to default to the image that has been included in the post.

Some wordpress always use the first image as featured image but old post was not updated with featured image. They need to do manual work to set the featured image. I also faced same issue.

After doing some R&D I found the solution. If you want to set the your posts first image as featured image then use my following code.

For using the code you need to open your mysql database command prompt or phpmysqladmin program and select your wordpress database and execute the following query in that.

insert into wp_postmeta (meta_value, meta_key, post_id) select DISTINCT(ID), post_type , post_parent from wp_psts where post_type= 'attachment' and post_parent !=0 and post_status='inherit';<br /><br />update wp_postmeta set meta_key = '_thumbnail_id' where meta_key='attachment'

Using above sql query you will be able to set the featured image to your old and new post from post content. If you are having any issues with using this sql then write to me.

How to set post first image as featured image automatically
How to set post first image as featured image automatically

How to send smtp email through wordpress without plugin

Many people want to send smtp email through wordpress. WordPress uses the PHPmailer in there CMS. Using PHPmailer you can send the email using STMP service.

send smtp email through wordpress

But many wordpress developer dont know how to use the wordpress phpmailer functionality. Using PHPmailer you can send the email using STMP service.

send smtp email through wordpress
send smtp email through wordpress

send smtp email through wordpress, wordpress send email smtp

Many people use the wordpress plugins for sending the email. But I recommend not to use any wordpress plugin code for this. Because many of wordpress plugin code are not necessary and that will not useful for your wordpress application.

Here in this article I will show you how to sent email using wordpress with SMTP settings.

Use the following code for this:

[viral-lock message=”Source code is Hidden! It’s Visible for Users who Liked/Shared This article on Facebook or Twitter or Google+. Like or Tweet this article to reveal the content.”]


// SMTP email sent
require_once ABSPATH . WPINC . '/class-phpmailer.php';
require_once ABSPATH . WPINC . '/class-smtp.php';
$phpmailer = new PHPMailer();
$phpmailer->SMTPAuth = true;
$phpmailer->Username = 'Username';
$phpmailer->Password = 'password';

$phpmailer->IsSMTP(); // telling the class to use SMTP
$phpmailer->Host       = "hostname.com"; // SMTP server
$phpmailer->FromName   = $_POST[your_email];
$phpmailer->Subject    = $_POST[your_subject];
$phpmailer->Body       = $_POST[your_message];                      //HTML Body
$phpmailer->AltBody    = "To view the message, please use an HTML compatible email viewer!"; // optional, comment out and test
$phpmailer->WordWrap   = 50; // set word wrap
$phpmailer->MsgHTML($_POST[your_message]);
$phpmailer->AddAddress('support@purabtech.in/files/', 'Wordpress support');
//$phpmailer->AddAttachment("images/phpmailer.gif");             // attachment
if(!$phpmailer->Send()) {
 echo "Mailer Error: " . $phpmailer->ErrorInfo;
} else {
 echo "Message sent!";
}

[/viral-lock]

Use the above code for sending the email from wordpress. With godaddy hosting service above code is very useful for creating the contact us page.

Many wp developers asked me where to add the above code. So here is answer. You can create wordpress theme template page. Like contact us page and add the above code in that page according to your requirement.

Here are some useful links:

How to create contact us template page in wordpress

how to create contact us page without plugin

If you are having any issues or question about using the code then please write to me.