Review: WordPress Web Design for Dummies by Lisa Sabin-Wilson

Posted on April 18, 2012 by Chad Warner

WordPress Web Design for Dummies by Lisa Sabin-Wilson

This book is one of the best on WordPress I’ve read, because it covers the work I do with WordPress: administration, tweaking themes, and finding and using plugins. It shows how to create several types of sites with WordPress, and explains the HTML, CSS, and PHP needed to tweak themes or build them from scratch. It features colorful code snippets and screenshots. I really liked the many excellent plugin recommendations. The book is best for the intermediate to advanced WordPress designer, developer, or administrator.

I liked Chapter 11: Dissecting Themes and Templates, and Chapter 12: Displaying Content with Widgets and Template Tags. So far I’ve only tweaked themes, but these chapters made me eager to dive deeper into theme development. This book convinced me that I’ve only scratched the surface of what’s possible with WordPress.

Because of what I do with WordPress, this book was more relevant than the other WordPress For Dummies books: WordPress for Dummies (read my review) and WordPress All-in-One For Dummies (read my review).

Notes

Optimize images with the Dynamic Drive Image Optimizer or Web Resizer.
Create a portfolio page by creating a category called Portfolio, filling it with posts with featured images, then calling them with query_posts().

Hosts that support WordPress

Free font resources

Premium font resources

Premium WordPress themes

Plugin recommendations

E-commerce plugins

Cart66 (premium) doesn’t require much theme tweaking
WP e-Commerce (free) requires theme tweaking
MarketPress (free) doesn’t require much theme tweaking, and is good for WordPress Network (Multisite) and BuddyPress
Shopp (premium) requires theme tweaking

Gallery plugins

NextGEN Gallery creates sortable photo galleries
Organizer allows you to organize, rename, resize, and manage uploaded images
Random Image Widget displays a random image from the image-upload folder
Mini-Slides lets you create inline slideshows

Social network plugins

Twitter Tools for Twitter integration
WordBooker for Facebook integration

Miscellaneous plugins

Advanced Text Widget allows you to execute raw PHP code and specify on which pages it should be displayed
Custom Post Type UI provides an easy to use interface to create and administer custom post types and taxonomies
WP Featured Content Slider makes a slideshow of recent posts with images
Collision Testimonials Shortcode puts client testimonials on the front page, and creates a full testimonials page
All in One SEO Pack for SEO
PluginBuddy Mobile (premium) creates a mobile-ready version of your website.
Subscribe to Comments to let visitors subscribe to individual posts
ShareThis for adding social sharing icons
WP Super Cache for caching
WP Security Scan for improving security
BackupBuddy (premium) for creating backups and migrating sites
WPMU Premium (premium) is a collection of plugins including membership, classified ads, chat, domain mapping, and anti-spam
WP Nivo Slider creates a slideshow that prominently displays content (good for front pages)
Simple:Press creates a support forum

View all my reviews

WordPress Network (Multisite) installation & plugins

Posted on April 11, 2012 by Chad Warner

I took these notes about WordPress Network (Multisite) at our WordPress Grand Rapids (WPGR) meetup on March 15, 2012. Learn more about WordPress Grand Rapids on Meetup and WPGR.org.

WordPress Network installation

Presenters

Brian Richards, http://wpstartbox.com/
Topher DeRosia, http://codeventure.net/

What’s a Network?

A WordPress Network is a collection of sites that all share the same WordPress installation and database. They can also share plugins and themes. The individual sites don’t have their own directories on the server, but they do have separate directories for media uploads and separate tables in the database.

Why use Network?

easily update multiple sites; updates to WordPress, plugins, and themes apply to all sites
quickly create new sites

A network is ideal for creating a WordPress development environment, because you can quickly create and destroy sites.

Caveats

each new site creates its own tables, which can lead to scaling issues
updates or changes to WordPress, plugins, and themes apply to all sites; any problems affect all sites

A network isn’t ideal for hosting client sites, because it’s not easy to move standalone sites in or out; you have to use WordPress’ import or export tools. However, plugins like Backup Buddy can make importing easier.

Creating a new network

Follow Create A Network in the Codex. Brian uses these steps:

Create subdomain (you must have wildcard subdomains enabled; if you have cPanel, you probably do). You can also install to a subdirectory. Choose subdomain or subdirectory before creating network.
Create blank database and upload WordPress files (or use your host’s 1-click WordPress installer).
Browse to subdomain.
Create wp-config.php and follow install.
Open wp-config and add define(‘WP_ALLOW_MULTISITE’, true);
Log into WordPress. Click Tools > Network Setup.
Choose subdomains or subdirectories (Brian recommends subdomain).
Click Install. Paste generated lines into wp-config.php. Paste generated lines into .htacess.
Log back into WordPress.
Sites > Add New to create a new site in the network.

Domain mapping

Use a plugin to redirect a domain to a site in the network. Brian likes the commercial plugin Professional Domain Mapping from WP eBooks. Another option is the free WordPress MU Domain Mapping.

In your hosting account, point the domain being mapped at the network’s root domain. The plugin modifies .htaccess to redirect.

Themes

Super Admin must install themes, then network enable them for sites to use.

Themes > Installed Themes
Network Enable theme

Plugins

Super Admin must install plugins, then network enable them for sites to use. They can be activated per-site. They can also be network activated, which activates them for all sites. Individual sites can’t disable these.

Users

Admin becomes the Super Admin of the network. They can create other Super Admins, Admins, or other roles.
Admins can only enable themes that Super Admin has already network enabled.
You can allow users to register their own accounts. You can also limit registration to email addresses within a set domain. Site Settings > Limited Email Registrations.
Sites > All Sites. On Users tab, grant permissions.

Backup & restore

Backup Buddy backs up and restores entire network or individual sites. Import Buddy migrates standalone sites into the network.

Uploads

All uploads go to wp-content/uploads/blogs.dir/<site-id>
Settings > Upload Settings. Site upload space limited to 10 MB by default
To change existing sites, Sites > Edit > Settings > Site Upload Space Quota. Per-site settings override network limits.

Additional WordPress Network plugins

Networks+ plugin: create a network of networks
WP Blog Replicator: clone existing sites, optionally including content

Examples of WordPress Networks

WordPress.com
Varsity News Network
WPStartbox.com is a Network install. demo.wpstartbox.com is a Network within this (using the Network+ plugin). Each demo site is created using WP Blog Replicator.

Create a sticky footer for WordPress

Posted on March 28, 2012 by Chad Warner

A sticky footer is a footer that sticks to the bottom of the browser window regardless of the length of the page’s content. If the footer isn’t sticky, it will appear too high on short pages, which doesn’t look good. The best instructions I’ve found for creating a sticky footer for WordPress are found in the WordImpressed.com post Put a CSS Sticky Footer in Your WordPress Theme.

graphic from wordimpressed.com

The author explains,

If you’re here, you probably have a footer that likes to ride up to the bottom of your content container. The solution we will implement places the footer wrapper outside of a main wrap that holds all your general content. From there, we will use the power of cascading style sheets to force the footer to stay put at the bottom of the page using some creative and effective styles.

The post shows how to edit your header.php, footer.php, and CSS stylesheet. The post contains helpful code snippets and screenshots. The instructions work for the Twenty Ten and Twenty Eleven themes, and probably many more as well.

Antispam Bee: WordPress anti-spam plugin, free alternative to Akismet

Posted on March 8, 2012 by Chad Warner

The Antispam Bee plugin has become my favorite free anti-spam plugin for WordPress. I’ve used it for a few months, and it works much better than my previous recommendation, Defensio Anti-Spam. I’ve only had a couple spam messages get past Antispam Bee, and I don’t remember getting any false positives. It integrates right into the default commenting system in WordPress.

Why not use Akismet? It’s excellent and free for personal sites, but according to the Akismet signup page, “If your site is for a business or if it promotes a product or service, you should pick from one of our paid account options.” So, most businesses and nonprofits need to pay for Akismet.

To prevent spam from cluttering your database, turn on automatic spam deletion in Antispam Bee: click Settings > Antispam Bee, and on the Advanced tab, check the box Spam will be automatically deleted after. I set it to 30 days. You can optionally display statistics and a spam counter on your dashboard; just check the boxes on the General tab.

Semisecure Login Reimagined plugin secures WordPress login without SSL

Posted on March 1, 2012 by Chad Warner

It’s dangerous to send your WordPress username and password over the Internet unencrypted. The best option is to secure your login page with SSL. If that’s not an option, use the Semisecure Login Reimagined plugin instead. I’ve used this plugin on several sites for years.

Below are screenshots of the login page before and during login. The plugin puts its messages just above the Remember Me checkbox. The red outline and asterisks in the 2nd screenshot are from LastPass.

Semisecure Login Reimagined WordPress login page

Semisecure Login Reimagined encrypting login

Here’s more information about this plugin from the WordPress Plugin Directory (Description and FAQ):

Description

Semisecure Login Reimagined increases the security of the login process by using a combination of public and secret-key encryption to encrypt the password on the client-side when a user logs in. JavaScript is required to enable encryption. It is most useful for situations where SSL is not available, but the administrator wishes to have some additional security measures in place without sacrificing convenience.

How does this work?

A user attempts to log in via the login page. If JavaScript is enabled, a secret-key is generated and used to encrypt the password along with a nonce, the public-key encrypts the secret-key, and the original (unencrypted) password is not sent. The server decrypts the secret-key with the private-key which is used to decrypt the password+nonce. The nonce is verified before handing the password over to WordPress for verification.

If JavaScript is not enabled, the password is sent in cleartext just like normal. This is inherently insecure over plaintext channels, but it is the default behavior of WordPress.

Is this really secure?

Short answer: No, but it’s better than nothing.

Without SSL, you’re going to be susceptible to replay attacks/session hijacking no matter what. What this means is that if someone is able to guess or learn the session ID of a logged-in user (which would be trivial to do in an unprotected wireless network), then essentially they could do anything to your WordPress site by masquerading as that user.

So what’s the point?

The point of this is to prevent your password from being transmitted in the “clear.” If someone is in a position where they can learn your session ID, under normal circumstances, they’d also be able to learn your password. The proper use of this plugin removes that possibility.

How can I make my site REALLY secure?

Use SSL. This means you’ll have to have a dedicated IP (which usually costs additional money) and an SSL certificate (which is expensive for a “real” one, but if you’re just using this for your own administration purposes, a “self-signed” certificate would probably suffice). Any more detail on these two things is beyond the scope of this document.

How to change the WordPress permalink structure to postname

Posted on February 2, 2012 by Chad Warner

I’ve been changing the permalink structure for WordPress sites to simply postname, and you can do the same! I’ll show you how to generate the redirects you need.

In the past, I’ve configured WordPress to use the permalink structure Day and Name, which formats the URLs for posts as /%year%/%monthnum%/%day%/%postname%/. Although I knew that a simple %postname% would produce shorter, more memorable URLs, I avoided that structure because it had been shown to result in slower performance.

WordPress 3.3 fixed that issue. The 3.3 release notes in the WordPress Codex say, “Use
the postname permalink structure without a performance penalty.” WPCandy also covered this improvement in the articles Recent commit to 3.3 eliminates performance issues with postname permalink structure and Everything we know about the newly released WordPress 3.3.

So, how do you safely change the permalink structure of an existing site to postname, without breaking all the external links to your posts? You’ll probably need to generate redirects to add to your .htaccess file. Renowned WordPress developer Joost de Valk has a generator in his article How to Change WordPress Permalinks. The tool gives you the redirect you need to add to the top of your .htaccess file.

Free WordPress training videos: WP101 from WPtuts+

Posted on January 24, 2012 by Chad Warner

WPtuts+ has many high-quality WordPress training videos in their WPtuts+ WP101 tutorial series. These videos used to be available only through a subscription to WP101.com, but you can now view most of them for free at WPtuts+.

These are just a few of the topics covered:

The Dashboard
Creating a New Post
Using Categories and Tags
Creating and Editing Pages
Add Photos and Images
Managing Comments
Adding Widgets

WP Security Scan plugin checks WordPress permissions & database security

Posted on December 6, 2011 by Chad Warner

You can never be too security-conscious with WordPress, so let’s look an excellent security plugin: WP Security Scan. I found out about this plugin from the WordPress 3: Developing Secure Sites course on Lynda.com.

This plugin does several things, but I especially like the initial scan, permissions scanner, and database prefix changer.

Initial Scan

Provides a quick scan of your site and makes security recommendations.

Permissions scanner

Checks directory permissions to make sure they’re set properly.

Database prefix changer

A common security-through-obscurity tip is to change the database prefix. I used this plugin to change the database prefix for several sites, and encountered no trouble. Still, make a backup first!

This plugin integrates with WebsiteDefender‘s online services, which I haven’t checked out. Luke Rumley of Rumley Design, a fellow member of WordPress Grand Rapids, told me that they provide downtime monitoring like Pingdom.

Adding Google Custom Search to WordPress

Posted on November 29, 2011 by Chad Warner

I like to replace the default search functionality in WordPress with Google Custom Search. While recently redesigning a site using a child theme of the Twenty Eleven theme for WordPress, I found that Google had discontinued the IFrame option for Google Custom Search.

Fortunately, I found this post from iamtgc.com: Integrating a Google Custom Search Engine into your WordPress blog. The post clearly shows how to add Google Custom Search to WordPress without using a plugin. It shows how to

generate the code for your Google custom search engine
create a new page to contain the search results. Note: when you paste the code from Google into WordPress, make sure you remove any blank lines from the JavaScript, or the page may just render “Loading…”
modify your search form template (usually named searchform.php)
modify the CSS (usually named style.css) to style the search form

Best WordPress podcasts, Fall 2011

Posted on October 25, 2011 by Chad Warner

These are my favorite audio podcasts about WordPress. I posted a list of the 9 best WordPress podcasts in March 2011, and decided it was time to update the list. Maybe some day I’ll write a review for each one, but for now, I just pasted the description from each podcast’s site or iTunes page.

I’ve listed them roughly in the order I like them. I prefer those that offer tips, recommendations, and tutorials over those that simply cover WordPress news. I’m always looking for more, so please add your favorites in the comments!

Your Website Engineer

Join us for an entertaining and informative look at creating a high quality website for your business or personal blog by using WordPress. If you already have a website, this podcast can help you update it to Web 2.0 standards. A website doesn’t have to be the hardest part of owning a small business. With this show, I will show you how you can take charge of keeping your website maintained and always up to date. This show focuses on WordPress and how it is the best solution for small businesses looking to create a website.

daWPshow WordPress Podcast

A podcast for those who use WordPress. Note: hasn’t been updated since May 2011.

WordPress Weekly

Hosted by Jeff Chandler. Your weekly source of news and discussions related to WordPress as well as any projects under the Automattic umbrella.

WordPress Plug-ins from A to Z

Your host John Overall covers a new WordPress plug-in each week on WordPress Plug-ins from A to Z. Working his way though the alphabet covering some pretty interesting plug-ins as well as some simple ones. With over 11k plug-ins available for word press it is a pretty good bet that we wont run out of plug-ins to cover.

The WPCandy WordPress Podcast

A weekly overview of the most recent and important WordPress news.

WordPress in 10 Minutes..in 10 minutes

The companion podcast to Sams Teach Yourself WordPress in 10 Minutes by Chuck Tomasi and Kreg Steppe. Note: hasn’t been updated since April 2011.

WordCast Plugin Picks

The world is full of WordPress plugins, so join Dave Moyer and Kym Huynh as they cut through the noise and clutter to bring you the best plugins for your website or blog. Part of the WordCast network at wordcastnet.com. Note: hasn’t been updated since May 2011.

The WordPress Podcast

Features exclusive interviews with fellow WordPress developers, topics such as WordPress hosting and SEO, and news on the latest plugins and updates. The WordPress Podcast is hosted by Joost de Valk and Frederick Townes. Note: hasn’t been updated since Feb. 2011.

WordCast Conversations

The WordCast team tackles hot blogging, social media and WordPress topics, with in-depth interviews with experts. Note: hasn’t been updated since June 2011.