Category: Wordpress

Posted on

Easy Guide to Remove Menu Item in WordPress Admin Panel

Remove Menu Item in WordPress Admin Panel
WordPress admin panel comes with a lot of options in the menu, but you can get rid of them fairly easily if necessary. With one of our clients, we needed to get rid of few menu items, so it is easier for her to understand things. In this article, we will show you how easy it is to remove a menu item in the WordPress Admin Panel.

For WordPress 3.1 or above, just paste the following code in your theme’s functions.php file:

1
2
3
4
add_action( 'admin_menu', 'my_remove_menu_pages' );
function my_remove_menu_pages() {
    remove_menu_page('link-manager.php');  
}

In version prior to WordPress 3.1, you would need to paste the following code in your theme’s functions.php file:

1
2
3
4
5
6
7
8
9
10
function remove_menus () {
global $menu;
    $restricted = array(__('Links'));
    end ($menu);
    while (prev($menu)){
        $value = explode(' ',$menu[key($menu)][0]);
        if(in_array($value[0] != NULL?$value[0]:"" , $restricted)){unset($menu[key($menu)]);}
    }
}
add_action('admin_menu', 'remove_menus');

The code above will get rid of the Links option for all users (including administrators). Only two user roles are allowed to see the Link tab (Administrators and Editors). Now if this is for a multi-author site (where there are many editors), and you as an administrator still want access to the Links menu, then you can add parameters to do so.

You would need to utilize the function current_user_can(), and with a simple if statement, you can get rid of the link menu or other items for specific user role.

This is a very handy trick for consultants and developers who work on larger sites.

Additional Sources

Remove Menu Page
Current User Can Function Reference
User Roles and Capabilities Chart

Posted on

Change the Default Search URL Slug in WordPress – Easy Guide

Change the Default Search URL Slug

WordPress search URLs are not user friendly. In this article, we will show you how to easily change the default search url slug in WordPress and make it more SEO and user friendly.

Why Change Default Search URL Slug in WordPress

WordPress uses SEO friendly URL structure for all pages on your website. Typical SEO friendly WordPress URLs look like this:

http://example.com/some-page/
http://example.com/2018/03/some-article/
http://example.com/category/some-category/

As you can see, these URLs are quite easy to understand for users as well as search engines.

However, WordPress still uses non-friendly URL for search results page. A typical search URL in WordPress looks like this:

http://example.com/?s=search-term

This URL structure doesn’t match the rest of your website URLs. While some WordPress search plugins improve the search results, most don’t do anything about the search URL itself.

What if you can make your search URL look like:

http://example.com/search/your-search-term/

Let’s take a look at how to make the WordPress search page URL slug more SEO friendly.

Changing Search Page URL Slug in WordPress

For this tutorial you will need to edit your WordPress theme files. If you haven’t done this before, then please take a look at our guide on how to copy and paste code in WordPress.

Method 1. Change WordPress Search URL Slug via Functions File

This method is easier and recommended for most users.

First, you need to copy and paste the following code in your theme’s functions.php file or a site-specific plugin:

function wpb_change_search_url() {
    if ( is_search() && ! empty( $_GET['s'] ) ) {
        wp_redirect( home_url( "/search/" ) . urlencode( get_query_var( 's' ) ) );
        exit();
    }   
}
add_action( 'template_redirect', 'wpb_change_search_url' );

Don’t forget to save your changes.

You can now go to your website and try using the search feature. You will notice that the search URL looks like this:

http://example.com/search/your-search-query/

Method 2. Change Search URL Slug via htaccess File

The .htaccess file is often used to set up redirects and other website configuration tasks. You can also use it to change the default search URL slug in WordPress.

Your .htaccess file is located in your website’s root folder, and you will need to use FTP or File Manager app in cPanel to edit it. Refer to this guide, if you can’t find the .htaccess file.

In your .htaccess file, you need to paste the following code at the bottom:

# Change WordPress search URL
RewriteCond %{QUERY_STRING} \\?s=([^&]+) [NC]
RewriteRule ^$ /search/%1/? [NC,R,L]

Don’t forget to save your changes and upload the .htaccess file back to the server.

You can now go to your website and use the search feature. You will notice the search URL will now look like this:

http://example.com/search/your-search-query/

We hope this tutorial helped you change the default search URL slug in WordPress.

 

Posted on

Easy Guide to Restore the Get Shortlink Button in WordPress

In this tutorial, we will share how to restore the get shortlink button in WordPress.

What is the Get Shortlink Button in WordPress?

Get Shortlink button is a WordPress feature that allows you to easily get a short link of your WordPress blog post or page. It used to be located right next to the permalink area in the post edit screen.

However if you recently started your blog, then you will not see this feature on your WordPress site because it was removed after WordPress version 4.4.

Let’s take a look at how to bring back the get shortlink button back in WordPress.

Method 1: Using WP Bitly plugin to Add Get Shortlink Button

This method is easier and recommended for most users. This method also allows you to create custom branded short URLs for your website.

Step 1: First thing you need to do is install and activate the WP Bitly plugin. For more details, see our step by step guide on how to install a plugin in WordPress.

Step 2: Upon activation, this plugin will automatically add the Get Shortlink button on your post edit screen.

Step 3: Once you click on this button, it will show you the shortlink for your WordPress posts and pages. This shortlink can be shared in your emails and messages, so your audience can reach directly to the page.

You can also use the WP Bitly plugin to create custom branded shortlinks for your blog posts like we do on WPCademy. See our step by step guide on how to create your own customized short url in WordPress.

Method 2: Manually Adding Get Shortlink Button

This method requires you to add code to your WordPress files. If you haven’t done this before, then please take a look at our guide on how to copy and paste code in WordPress.

Step 1: You will need to add the following code to your WordPress theme’s functions.php file or a site-specific plugin:

add_filter( 'get_shortlink', function( $shortlink ) {return $shortlink;} );

Step 2: This code will add the shortlink filter to display the Get Shortlink button in your WordPress pages and posts.

Step 3: You can click on this button to get the shortlink for your post or page.

We hope this tutorial helped you bring back the Get Shortlink button in WordPress website.

Posted on

How to Scan & Detect Malware in WordPress Themes – Easy Guide

scan and detect malware in wordpress theme

WordPress Themes are ready-made layouts created for WordPress — one of the most popular content management systems used for blogging, news websites and e-commerce projects. These templates are custom solutions for building an online resource from scratch or easily revamping an existing one.

Need To Make Sure That WordPress Theme Is Free From Malware? In this blog, we will help you scan your WordPress website theme for hidden malware or malicious code along-with best plugins you can use to scan your WordPress theme for potentially malicious code.

What is A Nulled WordPress Theme?

Nulled means Cracked or Hacked Version of a WordPress Theme. Basically,its a Premium WordPress Theme which is available for free (or illegally). These themes mostly come up with the back door hack for entering your website which loosens the website security and makes it prone to hacking.

Why WordPress Themes Are infected By Malware?

WordPress is featuring premium themes in its latest versions which are highly secure and malware insusceptible. Unfortunately when it comes to free themes, they are the most easily targeted preys for web attackers. The reason behind is that downloading a free theme from an unknown source or pirated websites may affect the security of your websites.

Such themes are poorly coded and lead to create unauthorized access to websites through loopholes. An unknown source of theme may be created by a hacker who tweaks it for their own profits. There are several reasons behind the exploitation of such themes.

Some of the common reasons are:

  • ​To get a back link from the blog posts on your websites
  • For redirecting your website to spam links
  • To add adverts.
  • To create a backdoor to your website

Look For Presence Of Malicious Code in WordPress Themes

Before discussing the steps to How to Detect Malicious Code or Malware on WordPress Themes, let us hammer out the locations where the malicious code is generally inserted by the hackers. The two common locations on target of smart hackers are the footer.php file and the style.css file.

Apart from this, you should manually check all the files within the theme. The WordPress themes might include some basic files for its functioning. But, if you find additional files that are called without the .php function then your themes are injected with serious malware.

Signs that suspect your WordPress themes are infected with malicious content:

  1. Google Warning Messages: Your website will be displayed with a malware warning message with either an entirely blocked website or partially blocked website.
  2. WordPress White Screen of Death: When your website suddenly starts showing white screen of death, it means that your site is probably exploited with malware infection.
  1. .htaccess pirate: If your .htaccess file is corrupted, it keep redirecting your website to other spam links which you can’t understand.
  2. Popups: When there are several popup ads running on your website start redirecting towards malicious links or other popups if you tend to close, this means your website is a victim of malware exploitation.

Detect Malicious code in  WordPress Themes?

Performing a Google search is a good way to check if there’s a malicious code in a particular WordPress theme. If someone out there has found a malicious code in a theme they got from the same location, such a person must have sounded out a warning to others.

Initial step in discovering hidden malware or malicious code in your WordPress theme is to check if the files contained in the theme are all required

  • Scan WordPress Theme before Installation

The most frequent technique to detect malware on your installed themes is to scan your entire website. This will scan all the files on your website. You can do so in several ways:

  • Ask Google:

Google Safe Browsing is a tool that alerts the webmasters when their websites are compromised with unsafe content or malicious files.  You can use this tool to diagnose your website for surreptitious malware and resolve it.

https://www.google.com/safebrowsing/diagnostic?site=

Insert your website url in the above mentioned link and press ENTER. For example –

https://www.google.com/safebrowsing/diagnostic?site=example.com

When you press ENTER, it will provide you the Safe Browsing status of the website with the unsafe content found on your website.

  • Search Files

Make a cross file search for eval. If you find this one then the author (or someone who ripped it) has something to hide. Read more about eval(base64_decode hack.

 

  • Tools & Scanners to Detect Malware and Malicious in WordPress Themes

You can also use free malware scanners for scanning your website. A short overview of such scanners:

  • PCRisk: It is a free online tool that can be utilized to can any website for malicious codes, vulnerability exploits, infected files and other suspicious activities.
  • SiteGuarding.Com: Another popular online tool to check your website for malware and security issues.
  • After downloading the plugin or theme, The first thing you should do is to check for virus, trojans and other worms using Virus Total.

scan wp theme with virus total

  • WP Hacked Help: A free online wordpress malware scanner tool. You can scan your website for potential malware with this tool.

 

WordPress Theme Checker Plugins To Detect Malicious Code

Sometimes people download free themes from anywhere other the author’s page. The themes installed this way are poorly coded which makes it easier for hackers to insert back links to their websites.

Another effective way to deal with malicious code disguised in your free WordPress themes is to install best plugins that are designed for this purpose only.

 

​1. Theme Authenticity Checker (TAC)

tac plugin for wp theme check

TAC scans the source files of all the WordPress themes installed on your website. It takes you to the particular theme, the line number and a small piece of the distrusted code​ where the suspected malware is found. You can analyze the code and hence, easily​ remove the malware. To download this plugin, click here.

2. Quttera Web Malware Scanner​

quttera web malware scanner for wordpress

This plugin is specialised in detecting hidden malware, viruses malicious codes, spam links, blacklisting status and much more. So, you can use this tool to scan your website for free by installing this plugin. Quttera​ offers different malware cleanup plans for websites. To check these plans, you can visit the website.

​3. BulletProof Security:

BulletProof Security is one of the best wordpress security plugins of 2018, it comes with a number of salient features for WordPress security protection. This plugin has MS Malware scanner to scan each and every file present on your WordPress website. It also offers .htaccess Website Security Protection (Firewalls). Other features are login security. database backups, anti-spam and regular monitoring of website for website protection.

4. Anti-Malware​:

gotmls plugin for wp theme

Anti Malware is one of he popular plugins used to scan and detect malware from WordPress websites. Free version of WordPress offers detection of malware whereas you can also choose premium version for additional features. A premium Anti Malware plugin checks the website for brute-force attacks and DDos Attacks. You can get it here for free.

Best Tips To Make Sure That WordPress Theme is Safe.

  • Never download any free theme from other than author’s website. It can make your website vulnerable.
  • Scan your website regularly with reputable WP scanner.  It checks your website for WordPress infections like Malicious Redirects, Malware Injections, Backdoors, Google Blacklisting. We start cleaning up your website once your request is submitted.
  • Use Tools to Check Your Themes such as Themecheck.infoTheme Check & Exploit Scanner
  • Keep backup of your website at hand.
  • Make sure you have a highly secure hosting service.
  • Always use the latest version of WordPress.
  • Keep the plugins and themes up-to-date with the latest versions.
Posted on

WordPress Editor Keyboard Shortcuts

In the WordPress visual editor you can use a combination of keys to do things that normally need a mouse, trackpad or other input device. Rather than reaching for your mouse to click on the toolbar, you can use the following keyboard shortcuts:

Windows and Linux use “Ctrl + letter”, Mac uses “Command (⌘) + letter”.

Contents

1 Editor Shortcuts
1.1 Ctrl + key
1.2 Alt + Shift + key
1.3 Formatting Shortcuts
2 Keyboard Shortcuts for Comments
2.1 Activating Keyboard Shortcuts
2.2 The Meaning of Selected
2.3 Using Keyboard Shortcuts to Navigate Comments
2.4 Using Keyboard Shortcuts to Perform Actions on Comments
2.5 Bulk Actions

Ctrl + key

Letter Action
c Copy
v Paste
a Select all
x Cut
z Undo
y Redo
b Bold
i Italic
u Underline
k Insert/edit link

Alt + Shift + key

The following shortcuts use a different key combination: Windows/Linux: “Alt + Shift (⇧) + letter”. Mac: “Ctrl + Option (alt ⌥) + letter”. (Macs running any WordPress version below 4.2 use “Alt + Shift (⇧) + letter”).

Letter Action
n Check Spelling (This requires a plugin.)
l Align Left
j Justify Text
c Align Center
d Strikethrough
r Align Right
u • List
a Insert link
o 1. List
s Remove link
q Quote
m Insert Image
w Distraction Free Writing mode
t Insert More Tag
p Insert Page Break tag
h Help
x Add/remove code tag
1 Heading 1
2 Heading 2
3 Heading 3
4 Heading 4
5 Heading 5
6 Heading 6
9 Address

Formatting Shortcuts

Formatting Shortcuts while using visual editor (Since Version 4.3)

Letter Action
* Start an unordered list
Start an unordered list
1. Start an ordered list
1) Start an ordered list
## H2
### H3
#### H4
##### H5
###### H6
> transform text into blockquote
horizontal line
`..` transform text into code block

Keyboard Shortcuts for Comments

Beginning with WordPress Version 2.7, the ability to use keyboard shortcuts to browse and moderate comments was introduced. These keyboard shortcuts are designed to save time by allowing you to rapidly navigate and perform actions on comments. If your blog gets a large number of comments, you will find these shortcuts especially useful.

Activating Keyboard Shortcuts

Keyboard shortcuts are enabled on a per-user setting, and can be turned on by visiting the Profile panel in Administration > Users > Your Profile. Check the Keyboard Shortcuts checkbox to enable keyboard shortcuts for comment moderation.

Please note, the keyboard shortcuts are designed to use both hands, simultaneously, on a QWERTY style keyboard layout.

The Meaning of Selected

The keyboard shortcuts are used for navigation and for actions. For any action to affect a comment, that comment must be first selected. The comment that is considered selected is indicated with a light-blue background. By default, no comment is selected, so, you will need to press either the letter j key, or letter k key, to start navigating.

Using Keyboard Shortcuts to Navigate Comments

Navigating comments is accomplished with the j and k keys. When you first visit the Comments page, no comments is selected, so, first press the letter j, or the letter k, to select the first comment. After that, just press the letter j to move the select to the next comment.

  • Pressing j moves the current selection (light-blue background) down.
  • Pressing k moves the current selection (light-blue background) up.

Note that if you come to the bottom of a page of comments and press j again, you will be taken to the next page and the first comment of that next page will be selected. Likewise, pressing k at the top of a comment page will zoom you to the previous page, selecting the comment at the bottom of that previous page. This makes it very easy to navigate through a long list of comments to perform the necessary actions.

Using Keyboard Shortcuts to Perform Actions on Comments

For one of these actions to affect a comment, make sure the comment is first selected (see above).

  • Pressing a approves the currently selected comment.
  • Pressing s marks the current comment as spam.
  • Pressing d moves the comment to the trash (WordPress 2.9) or deletes the current comment.
  • Pressing z restores the current comment from the trash or activates the Undo when that row is selected.
  • Pressing u unapproves the currently selected comment, placing it back into moderation.
  • Pressing r initiates an inline reply to the current comment (you can press Esc to cancel the reply).
  • Pressing q activates “Quick Edit” which allows for rapid inline editing of the current comment.
  • Pressing e navigates to the edit screen for the current comment.

Bulk Actions

You can also perform an action on multiple comments at once. First, you’ll need to select the comments for the bulk action, using the x key to check the checkbox for the currently selected comment. Shift-x can be used to toggle the checkboxes, inverting their state. Once you have some comments checked:

  • Pressing Shift-a approves the checked comments.
  • Pressing Shift-s marks the checked comments as spam.
  • Pressing Shift-d deletes the checked comments.
  • Pressing Shift-u unapproves the checked comments.
  • Pressing Shift-t moves the checked comments to the Trash.
  • Pressing Shift-z restores the checked comments from the Trash.
Posted on

How to set correct file permission for your WordPress website

file permission wordpress

There a number of ways to accomplish this change. There are also a number of variations to these permissions that include changing them to be more restrictive. These however are the default recommendations. Check with your host before making permissions changes as they can have adverse affects on the performance and availability of your site.

Avoid having any file or directory set to 777. The default permission scheme should be:

Folders – 750
Files – 640

understanding file permission in wp

When you setup WP you (the webserver) may need write access to the files. So the access rights may need to be loose.

chown www-data:www-data  -R * # Let Apache be owner
find . -type d -exec chmod 755 {} \;  # Change directory permissions rwxr-xr-x
find . -type f -exec chmod 644 {} \;  # Change file permissions rw-r--r--

After the setup you should tighten the access rights, according to Hardening WordPress all files except for wp-content should be writable by your user account only. wp-content must be writable by www-data too.


chown :  -R * # Let your useraccount be owner
chown www-data:www-data wp-content # Let apache be owner of wp-content

Maybe you want to change the contents in wp-content later on. In this case you could

  • Temporarily change to the user to www-data with su,
  • Give wp-content group write access 775 and join the group www-data or
  • Give your user the access rights to the folder using ACLs.

Whatever you do, make sure the files have rw permissions for www-data.

For a detailed explanation of unix file permissions, see File system permissions – on Wikipedia

Posted on

How to Install Cinnamon on Ubuntu 16.04

Install Cinnamon on Ubuntu 16

Cinnamon is an open source project that provides users with a full featured desktop environment for GNU/Linux operating systems. It is a fork of the GNOME Shell user interface distributed with the GNOME project. It has been designed from the ground up to provide users with a traditional, yet advanced and modern graphical session for their Linux-based operating systems. It’s usually deployed on the Linux Mint distribution.

This article assumes you have at least basic knowledge of linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo’ to the commands to get root privileges. I will show you through the step by step installation Cinnamon on a Ubuntu 16.04 server.

Install Cinnamon on Ubuntu 16.04

Step 1. First make sure that all your system packages are up-to-date by running these following apt-get commands in the terminal.

sudo apt-get update
sudo apt-get upgrade

Step 2. Installing Cinnamon.

First add the community PPA and this PPA can be used only by Xenial users. And please make sure that idr00t doesn’t provide any guarantee and you understand that you install at your own risk. But the following community PPA has been un-officially given the go ahead by Moorkai, one of the developers behind the popular Cinnamon PPA:

sudo add-apt-repository ppa:embrosyn/cinnamon

Now, type the following command to finally install Cinnamon:

sudo apt-get install cinnamon

To check the installed version of Cinnamon, please issue the below command on your terminal to check whether Cinnamon is installed or not:

cinnamon --version

Step 3. Accessing Cinnamon.

If everything goes OK, log out and select log in with Cinnamon session or Cinnamon (Software Rendering) session if you want it use software rendering to do more of the graphical work):
install-cinnamon
Congratulation’s! You have successfully installed Cinnamon. Thanks for using this tutorial for installing Cinnamon on your Ubuntu 16.04 system. For additional help or useful information, we recommend you to check the official Cinnamon web site.