5 Best WordPress Firewall Plugins Compared

Are you looking for the best WordPress firewall plugin for your website? WordPress firewall plugins protect your website against hacking, brute force and distributed denial of service (DDoS) attacks. In this article, we will compare the best WordPress firewall plugins, and how they stack up… Read More »

The post 5 Best WordPress Firewall Plugins Compared appeared first on WPBeginner.

Are you looking for the best WordPress firewall plugin for your website? WordPress firewall plugins protect your website against hacking, brute force and distributed denial of service (DDoS) attacks. In this article, we will compare the best WordPress firewall plugins, and how they stack up against each other.

Best WordPress firewall plugins compared

What is a WordPress Firewall Plugin?

A WordPress firewall plugin (also known as web application firewall or WAF), acts as a shield between your website and all incoming traffic. These web application firewalls monitor your website traffic and blocks many common security threats before they reach your WordPress site.

Aside from significantly improving your WordPress security, often these web application firewalls also speed up your website and boost performance.

There are two common types of WordPress firewall plugins available.

DNS Level Website Firewall – These firewall route your website traffic through their cloud proxy servers. This allows them to only send genuine traffic to your web server.

Application Level Firewall – These firewall plugins examine the traffic once it reaches your server but before loading most WordPress scripts. This method is not as efficient as DNS level firewall in reducing the server load.

We recommend using a DNS level firewall because they are exceptionally good at identifying genuine website traffic vs bad requests.

They do that by tracking thousands of websites, comparing trends, looking for botnets, known bad IPs, and blocking traffic to pages that your users would normally never request.

Not to mention, DNS level website firewalls significantly reduce the load on your WordPress hosting server which makes sure that your website does not go down.

Having said that, let’s take a look at the best WordPress firewall plugins that you can use to protect your website.

1. Sucuri

Sucuri

Sucuri is the leading website security company for WordPress. They offer DNS level firewall, intrusion and brute force prevention, as well as malware and blacklist removal services.

All your website traffic goes through their cloudproxy servers where each request is scanned. Legitimate traffic is allowed to pass through, and all malicious requests are blocked.

Sucuri also improves your website’s performance by reducing server load through caching optimization, website acceleration, and Anycast CDN (all included). It protects your website against SQL Injections, XSS, RCE, RFU and all known-attacks.

Setting up their WAF is quite easy. You will need to add a DNS A record to your domain and point them to Sucuri’s cloudproxy instead of your website.

At WPBeginner, we use Sucuri to improve our WordPress security. See how how Sucuri helped us block 450,000 WordPress attacks in 3months.

Pricing: Starting from $199.99/year billed annually.

Grade: A+

2. Cloudflare

Cloudflare

Cloudflare is best known for their free CDN service which includes basic DDoS protection as well. However, their free plan doesn’t include website application firewall. For WAF you will need to signup for their Pro plan.

Cloudflare is also a DNS level firewall which means your traffic goes through their network. This improves performance of your website and reduces downtime in case of unusually high traffic.

The Pro plan only includes DDoS protection against layer 3 attacks. For protection against advanced DDoS layer 5 and 7 attacks, you will need at least their business plan.

Cloudflare has its pros, which include CDN, caching, and a larger network of servers. The downside is that they do not offer application level security scans, malware protection, blacklist removal, security notifications and alerts. They also do not monitor your WordPress site for file changes and other common WordPress security threats.

For more details see our comparison of Sucuri vs Cloudflare.

Pricing: Starting from $20/month for Pro plan and $200/month for Business.

Grade: A

3. SiteLock

SiteLock

SiteLock is another well-known website security company offering website application firewall, DDoS protection, malware scan and removal services.

SiteLock’s WAF is a DNS level firewall with a CDN service included in all plans to improve performance of your website. They offer daily malware scans, file change monitoring, security alerts, and malware removal.

All plans include basic DDoS protection while advanced DDoS protection is available as an add-on. They also allow customers to display SiteLock trust seal on their websites.

They have also partnered with many hosting companies to offer their basic plan as an addon. If you start your WordPress blog with Bluehost then you will be shown SiteLock as an addon that you can add to your hosting package.

However, it is unclear what’s included in that addon, and how it is different than the plans offered on SiteLock’s official website.

Pricing: Accelerate Plan costs $299 / year and Prevent plan costs $499 / year.

Grade: B+

4. Wordfence Security

Wordfence

Wordfence is a popular WordPress security plugin with a built-in website application firewall. It monitors your WordPress site for malware, file changes, SQL injections, and more. It also protects your website against DDoS and brute force attacks.

Wordfence is an application level firewall which means that firewall is triggered on your server and bad traffic is blocked after it reaches your server but before loading your website.

This is not the most efficient way to block attacks. Large number of bad requests will still increase load on your server. Because it’s an application level firewall, WordPress does not come with a content delivery network (CDN).

Wordfence comes with on-demand security scans as well as scheduled scans. It also allows you to manually monitor traffic and block suspicious looking IPs directly from your WordPress admin area.

To learn more about Wordfence, see our guide on how to install and setup Wordfence security in WordPress.

To get their sophisticated application level firewall, you really need the Premium version.

Pricing Basic plugin is Free. Premium version pricing starts from $99/year for a single site license.

Grade: B

5. BulletProof Security

BulletProof Security

BulletProof security is another popular WordPress security plugin. It comes with a built-in application level firewall, login security, database backup, maintenance mode, and several security tweaks to protect your website.

BulletProof security does not offer a very good user experience and many beginners may have difficulty understanding what to do. It does come with a setup wizard that automatically updates your WordPress .htaccess files and enables firewall protection.

It does not have a file scanner to check for malicious code on your website. The paid version of the plugin offers extra features to monitor for intrusion and malicious files in your WordPress uploads folder.

Pricing: Free basic plugin. Pro version costs $59.95 for unlimited sites and lifetime support.

Grade: C

Conclusion

After careful comparison of all these popular WordPress firewall plugins, we believe that Sucuri is undoubtedly the best firewall protection you can get for your WordPress site.

It is the best DNS level firewall with the most comprehensive security features to give you complete peace of mind. On top of that, the performance boost that you get from their CDN is very impressive.

We hope this article helped you find the best WordPress firewall plugin for your website. You may also want to see our ultimate step by step WordPress security guide for beginners.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

The post 5 Best WordPress Firewall Plugins Compared appeared first on WPBeginner.

5 Best WordPress Firewall Plugins Compared

Are you looking for the best WordPress firewall plugin for your website? WordPress firewall plugins protect your website against hacking, brute force and distributed denial of service (DDoS) attacks. In this article, we will compare the best WordPress firewall plugins, and how they stack up… Read More »

The post 5 Best WordPress Firewall Plugins Compared appeared first on WPBeginner.

Are you looking for the best WordPress firewall plugin for your website? WordPress firewall plugins protect your website against hacking, brute force and distributed denial of service (DDoS) attacks. In this article, we will compare the best WordPress firewall plugins, and how they stack up against each other.

Best WordPress firewall plugins compared

What is a WordPress Firewall Plugin?

A WordPress firewall plugin (also known as web application firewall or WAF), acts as a shield between your website and all incoming traffic. These web application firewalls monitor your website traffic and blocks many common security threats before they reach your WordPress site.

Aside from significantly improving your WordPress security, often these web application firewalls also speed up your website and boost performance.

There are two common types of WordPress firewall plugins available.

DNS Level Website Firewall – These firewall route your website traffic through their cloud proxy servers. This allows them to only send genuine traffic to your web server.

Application Level Firewall – These firewall plugins examine the traffic once it reaches your server but before loading most WordPress scripts. This method is not as efficient as DNS level firewall in reducing the server load.

We recommend using a DNS level firewall because they are exceptionally good at identifying genuine website traffic vs bad requests.

They do that by tracking thousands of websites, comparing trends, looking for botnets, known bad IPs, and blocking traffic to pages that your users would normally never request.

Not to mention, DNS level website firewalls significantly reduce the load on your WordPress hosting server which makes sure that your website does not go down.

Having said that, let’s take a look at the best WordPress firewall plugins that you can use to protect your website.

1. Sucuri

Sucuri

Sucuri is the leading website security company for WordPress. They offer DNS level firewall, intrusion and brute force prevention, as well as malware and blacklist removal services.

All your website traffic goes through their cloudproxy servers where each request is scanned. Legitimate traffic is allowed to pass through, and all malicious requests are blocked.

Sucuri also improves your website’s performance by reducing server load through caching optimization, website acceleration, and Anycast CDN (all included). It protects your website against SQL Injections, XSS, RCE, RFU and all known-attacks.

Setting up their WAF is quite easy. You will need to add a DNS A record to your domain and point them to Sucuri’s cloudproxy instead of your website.

At WPBeginner, we use Sucuri to improve our WordPress security. See how how Sucuri helped us block 450,000 WordPress attacks in 3months.

Pricing: Starting from $199.99/year billed annually.

Grade: A+

2. Cloudflare

Cloudflare

Cloudflare is best known for their free CDN service which includes basic DDoS protection as well. However, their free plan doesn’t include website application firewall. For WAF you will need to signup for their Pro plan.

Cloudflare is also a DNS level firewall which means your traffic goes through their network. This improves performance of your website and reduces downtime in case of unusually high traffic.

The Pro plan only includes DDoS protection against layer 3 attacks. For protection against advanced DDoS layer 5 and 7 attacks, you will need at least their business plan.

Cloudflare has its pros, which include CDN, caching, and a larger network of servers. The downside is that they do not offer application level security scans, malware protection, blacklist removal, security notifications and alerts. They also do not monitor your WordPress site for file changes and other common WordPress security threats.

For more details see our comparison of Sucuri vs Cloudflare.

Pricing: Starting from $20/month for Pro plan and $200/month for Business.

Grade: A

3. SiteLock

SiteLock

SiteLock is another well-known website security company offering website application firewall, DDoS protection, malware scan and removal services.

SiteLock’s WAF is a DNS level firewall with a CDN service included in all plans to improve performance of your website. They offer daily malware scans, file change monitoring, security alerts, and malware removal.

All plans include basic DDoS protection while advanced DDoS protection is available as an add-on. They also allow customers to display SiteLock trust seal on their websites.

They have also partnered with many hosting companies to offer their basic plan as an addon. If you start your WordPress blog with Bluehost then you will be shown SiteLock as an addon that you can add to your hosting package.

However, it is unclear what’s included in that addon, and how it is different than the plans offered on SiteLock’s official website.

Pricing: Accelerate Plan costs $299 / year and Prevent plan costs $499 / year.

Grade: B+

4. Wordfence Security

Wordfence

Wordfence is a popular WordPress security plugin with a built-in website application firewall. It monitors your WordPress site for malware, file changes, SQL injections, and more. It also protects your website against DDoS and brute force attacks.

Wordfence is an application level firewall which means that firewall is triggered on your server and bad traffic is blocked after it reaches your server but before loading your website.

This is not the most efficient way to block attacks. Large number of bad requests will still increase load on your server. Because it’s an application level firewall, WordPress does not come with a content delivery network (CDN).

Wordfence comes with on-demand security scans as well as scheduled scans. It also allows you to manually monitor traffic and block suspicious looking IPs directly from your WordPress admin area.

To learn more about Wordfence, see our guide on how to install and setup Wordfence security in WordPress.

To get their sophisticated application level firewall, you really need the Premium version.

Pricing Basic plugin is Free. Premium version pricing starts from $99/year for a single site license.

Grade: B

5. BulletProof Security

BulletProof Security

BulletProof security is another popular WordPress security plugin. It comes with a built-in application level firewall, login security, database backup, maintenance mode, and several security tweaks to protect your website.

BulletProof security does not offer a very good user experience and many beginners may have difficulty understanding what to do. It does come with a setup wizard that automatically updates your WordPress .htaccess files and enables firewall protection.

It does not have a file scanner to check for malicious code on your website. The paid version of the plugin offers extra features to monitor for intrusion and malicious files in your WordPress uploads folder.

Pricing: Free basic plugin. Pro version costs $59.95 for unlimited sites and lifetime support.

Grade: C

Conclusion

After careful comparison of all these popular WordPress firewall plugins, we believe that Sucuri is undoubtedly the best firewall protection you can get for your WordPress site.

It is the best DNS level firewall with the most comprehensive security features to give you complete peace of mind. On top of that, the performance boost that you get from their CDN is very impressive.

We hope this article helped you find the best WordPress firewall plugin for your website. You may also want to see our ultimate step by step WordPress security guide for beginners.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

The post 5 Best WordPress Firewall Plugins Compared appeared first on WPBeginner.

How to Redirect Your User’s Attention with Comment Redirect

Comments are a great way to keep your users engaged and build a strong community around your content. Tiny hacks like comment redirect help you improve user experience and stand out. In this article, we will show you how to easily redirect user’s attention with… Read More »

The post How to Redirect Your User’s Attention with Comment Redirect appeared first on WPBeginner.

Comments are a great way to keep your users engaged and build a strong community around your content. Tiny hacks like comment redirect help you improve user experience and stand out. In this article, we will show you how to easily redirect user’s attention with comment redirect in WordPress.

Redirect Your User’s attention with Comment Redirect

First thing you need to do is install and activate the Yoast Comment Hacks plugin. For more details, see our step by step guide on how to install a WordPress plugin.

Upon activation, you need to visit Settings » Comment Hacks page to configure plugin settings.

Yoast Comment Hacks settings page

Yoast Comment Hacks plugin is a combination of many useful hacks to improve the default WordPress comment system. See our guide on how to install and setup Yoast Comment Hacks for WordPress to learn about all its features.

Right now we will focus on the comment redirect feature in the plugin.

Go ahead and click on the ‘Comment Redirect’ tab on the settings page.

Select a page where you want users to be redirected

Here you need to select a page where you want your first time commenters to be redirected to. This could be a simple thank you page with an email signup form, social media links, and your most popular posts.

You can also redirect users to a landing page, special offer, or a specific lead magnet page.

After selecting your page, don’t forget to click on the save changes button to store your settings.

To see the comment redirect in action, you will need to logout of your WordPress site first. After that go to any post on your website and leave a comment using a random name and email address.

You will be automatically redirected to your selected page when you submit the comment.

Comment redirect page example

Creating A Powerful Comment Redirect Page

Yoast Comment Hacks only redirects first time commenters. This means you only get one shot at converting those users and leaving a meaningful impression.

Here are some tips on creating a powerful comment redirect page.

You can create a beautiful custom page using a drag and drop page builder plugin. We recommend using Beaver Builder which comes with several ready to use page templates that will work perfectly for this purpose.

You also need to set a goal for your comment redirect page. This goal could be any task you would like to see the user perform. For example, buying a product, signing up for your email list, following you on social media, etc.

You can use OptinMonster to capture those leads. It is the best lead generation software that helps you convert abandoning visitors into subscribers and customers.

We hope this article helped you learn how to redirect your user’s attention with comment redirect in WordPress. You may also want to see these actionable tips to drive traffic to your WordPress site.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

The post How to Redirect Your User’s Attention with Comment Redirect appeared first on WPBeginner.

25 Interesting Facts About WordPress (Infographic)

Want to know some cool WordPress facts? WordPress turn 14 years old today, so we thought what best way to celebrate the world’s most popular website building software than to create a top 25 facts about WordPress infographic. Here are 25 most interesting facts about… Read More »

The post 25 Interesting Facts About WordPress (Infographic) appeared first on WPBeginner.

Want to know some cool WordPress facts? WordPress turn 14 years old today, so we thought what best way to celebrate the world’s most popular website building software than to create a top 25 facts about WordPress infographic. Here are 25 most interesting facts about WordPress that you may not know.

You can click on the image below to view the infographic or keep reading the text version :)

25 Facts about WordPress

1. WordPress is Older Than Twitter and Facebook

WordPress.org homepage in 2003

The first version of WordPress was released on May 27, 2003. This makes WordPress older than both Facebook and Twitter.

2. The Name – WordPress

The name WordPress was suggested by Christine Selleck Tremoulet

Christine Selleck Tremoulet, a prolific blogger and a friend of Matt Mullenweg (co-founder of WordPress), suggested the name WordPress.

3. WordPress Powers Nearly 27% of All Websites

CMS usage statistics

According to W3Techs web technologies surveys, WordPress currently powers nearly 27% of all websites.

4. WordPress Dominates 76.4% of CMS Market Share

WordPress CMS markets share

According to Wappalyzer, WordPress dominates the content management software usage with 76.4% market share.

5. WordPress is Open Source and Free

WordPress is free and open source

WordPress is released under GNU GPL license, which allows anyone in the world to download and use it. The source code is freely available for anyone to study, use, modify, and build upon.

See our article on why is WordPress free? What are the costs? What is the catch?

6. WordPress is Not Owned by Any Company

WordPress trademark is owned by WordPress Foundation

In order to protect the freedoms offered by open source, WordPress co-founder Matt Mullenweg created the WordPress Foundation. This non-profit organization owns the ‘WordPress’ trademark, and protects freedoms offered by the software’s open source license.

For more details see: who owns WordPress and how does WordPress make money.

7. WordPress Doesn’t Have a CEO

WordPress community

Since WordPress is an open source project not owned by any company, it does not have a CEO. The project is run by volunteer developers from all over the world.

There is a thorough decision making process in place which allows anyone to submit bug reports, patches, suggest features, and so on.

8. WordPress powers a Multi-Billion Dollar Economy

WordPress is a multi-million dollar industry

Hundreds of companies and thousands of professionals from all over the world sell WordPress based products, services, and solutions. WordPress provides excellent opportunities to thousands of developers, designers, and entrepreneurs to build their businesses upon WordPress.

Check out our list of 20 most influential WordPress businesses and companies.

9. 1.48 Billion Plugin Downloads

1.48 Billion plugin downloads

WordPress plugin downloads crossed 1.48 Billion total downloads in 2016. That’s 48% increase since 2015 when plugin downloads surpassed 1 Billion mark.

10. WordPress is Used by Governments All Over The World

WordPress in Government

WordPress powers thousands of government websites in all parts of the world. The list includes dozens of US Federal and State government websites, counties, small towns, high schools, etc.

11. WordPress in Education

WordPress in education

WordPress is used by thousands of universities, colleges, and schools all over the world. The open source license allow students and academia to study, modify, learn, and contribute to the development of WordPress core, plugins, and themes.

See our list of 40+ popular universities that are using WordPress

12. More than 50,000 Free Plugins

WordPress plugins

Plugins are like apps for your WordPress site. There are currently more than 50,000 free WordPress plugins available for download. From creating an online store to adding a contact form, whatever you want to do there is a good chance that you will find a plugin for that.

Take a look at our pick of 24 must have WordPress plugins for business websites.

13. More Non-English WordPress Downloads

More non-English WordPress downloads

In 2014, non-English WordPress downloads surpassed the English version. In later years, WordPress made it possible to install language packs from the WordPress admin area. In the final release of 2016, WordPress added the language switching feature for users on a WordPress site.

14. WordPress is Available in 68+ Languages

WordPress is available in 68+ languages

WordPress is fully translated into 68 languages, and it is partially translated into dozens more. Many popular WordPress plugins and themes are also available in different languages. It can also be used as multi-lingual platform with the help of plugins like WPML and Polylang.

See our guide on how to install WordPress in other languages.

15. WordCamp Events in 41 Countries

WordCamp events around the world

Official WordPress events are called WordCamps. In 2016, there were 115 WordCamp events in 41 countries attended by 36,000 WordPress users.

16. WordPress Meetups in 58 Countries

WordPress meetups around the globe

WordPress meetups are smaller events organized by local communities under the umbrella of the WordPress Foundation. In 2016, there were 3193 WordPress meetups, in 58 countries, attended by 62,566 users.

17. WordPress Cousins

WordPress sister projects

The community behind WordPress also runs sister projects like bbPress, BuddyPress, and GlotPress. They are all open source software built on top of the WordPress core and principles.

18. 11.45% of WordPress sites use SSL Encryption

HTTPS and SSL encryption for WordPress sites

In 2016, the number of WordPress sites using HTTPS was increased from 4% to 11.45%. It is expected to grow tremendously as WordPress plans to push encryption more pro-actively in 2017. See our guide on how to add free SSL in WordPress with Let’s Encrypt.

19. WordPress is Written in PHP and MySQL

WordPress is Written in PHP and MySQL

WordPress is written in PHP programming language and uses MySQL for database.

20. 20% of WordPress is Written in JavaScript

JavaScript

20% code in the WordPress core is JavaScript. This is expected to grow as WordPress becomes more and more like an application development framework.

21. Free Community Based WordPress Support

WordPress support

WordPress is a community driven project and support is widely available free of cost. There is an official WordPress support forum which gets thousands of posts every day.

There are also resource websites like WPBeginner where users can find tutorials, watch videos, and learn WordPress.

If you ever have questions about WordPress, simply reach out to us through our contact form. We also recommend looking at our guide on how to properly ask for WordPress support and get it.

22. WordPress and Jazz

WordPress and Jazz

All WordPress releases are named after Jazz artists. For example, WordPress 1.0 was named after Mike Davis and WordPress 4.6 was named after Pepper Adams.

23. WordPress has a built-in Auto Update System

WordPress updates

WordPress automatically updates itself for minor releases. It can also push plugin updates automatically if there is a severe vulneribility found that threatens millions of websites.

24. WordPress.com is Not The Same as WordPress.org

WordPress.org vs WordPress.com

WordPress is the open source software that allows you to build your website. You will need WordPress hosting to install WordPress (see our guide on how to make a website).

On the other hand, WordPress.com is a blog hosting service run by Automattic.

See our guide on the difference between WordPress.com vs WordPress.org.

25. WordPress for Multisite Networks

WordPress multisite network

WordPress has built-in multisite feature which is hidden by default. It allows you to create a network of websites using the same WordPress installation. For more on this topic, take a look at our guide on how to install and setup WordPress multisite network.

We hope this article helped you learn some new interesting facts about WordPress. You may also want to see our guide on how to choose the best blogging platform.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

The post 25 Interesting Facts About WordPress (Infographic) appeared first on WPBeginner.

29 Best WordPress Themes for Authors

Are you looking for a WordPress theme for authors? As an author, you want to offer a better reading experience for users while allowing them to connect with you and purchase your books. In this article, we will show you some of the best WordPress… Read More »

The post 29 Best WordPress Themes for Authors appeared first on WPBeginner.

Are you looking for a WordPress theme for authors? As an author, you want to offer a better reading experience for users while allowing them to connect with you and purchase your books. In this article, we will show you some of the best WordPress themes for authors that you can use on your website.

Best WordPress themes for Authors

Building a WordPress Site for Authors

WordPress is an ideal platform to build websites for authors and writers. It allows you the flexibility and freedom to grow your author profile and connect with readers.

First, you need to make sure that you are using the right platform. A self-hosted WordPress.org site gives you the freedom to use all WordPress features on your website.

Next, you will need a WordPress hosting account and a domain name.

We recommend using Bluehost. It is one of the largest hosting companies in the world and an official WordPress hosting partner. They’re giving our users 65% off + a free domain.

Once you have signed up for hosting, you are now ready to install WordPress. Follow the instructions in our complete step by step guide on how to start a WordPress blog and you will be up and running in no time.

After installing WordPress, it is time to choose a WordPress theme. Select a theme from our expert pick below.

Need help installing the theme? See our beginner’s guide on how to install a WordPress theme.

Having said that, let’s take a look at some of the best WordPress themes for authors. This list contains both paid and free themes and all of them are mobile responsive.

1. Creativo

Creativo

Creativo is a creative multi-purpose WordPress theme suitable for authors. It includes several readymade website layouts that can be installed with one-click. You will have to just replace the content with your own and you will be good to go.

It has built-in portfolio content type, full WooCommerce support, 7 skins, 3 design layouts, multiple header layouts, and unlimited color choices. It also comes with freebies like a page builder, slider, and a live chat plugin.

2. Modules

Modules

Modules is a beautifully designed WordPress theme perfect for authors and bloggers. It uses a modular approach to design and comes with several ready to use modules that you can drag and drop to build your layouts.

It also includes several demo websites that you can install and use as an starting point for your website. Inside the theme you will find several custom widgets, unlimited sidebars, header styles, video background support, Google Fonts, and full WooCommerce support.

3. Candid

Candid

Candid is an awesome WordPress theme for storytellers, authors, and photographers. It comes with a two column layout, large images, and graceful mobile responsive design. With its minimalist design approach Candid makes your content pop out.

It offers beautiful typography featuring Abril Display, a clean and sophisticated serif font. It makes your content more readable and enjoyable on all devices and screen sizes.

4. Wilson

Wilson

Wilson is an elegant and simple WordPress theme designed specifically for authors and content rich websites. It includes multiple layouts for your blog, homepage slider, several custom widgets, and multiple post formats.

It has several layouts for header section with different ways to display your logo, navigation menus, and social buttons. It is WooCommerce ready so you can easily add an online store to your WordPress site.

5. Binder Pro

Binder Pro

Binder Pro is a well-crafted WordPress theme designed for publishing. It is perfect for content rich websites like magazines and blogs. Inside it you will find 7 ready-made websites that can be installed with one-click and then you can easily replace content with your own.

It uses modules and allows you to just drag and drop them to build your own layouts as well. It has multiple sidebars, header styles, icon fonts, unlimited custom sidebars and full WooCommerce support.

6. The Daily Dish Pro

Daily Dish Pro

Daily Dish is a WordPress theme for authors and bloggers with a professional design. It is built on top of the powerful Genesis theme framework. The most notable features of the theme are its crisp typography and beautiful display of images.

It has a widgetized homepage layout which is quick and easy to setup. Inside you will also find multiple page templates, custom header, and full WooCommerce support.

7. Heron

Heron

Heron is a beautifully designed WordPress theme for authors, bloggers, and writers. It features beautiful typography, earth toned colors, and a minimalist clean layout. The theme uses large fully scalable featured images and videos.

It has a full screen search overlay next to the navigation menu on top. It also comes with author bio box for multi-author WordPress sites.

8. Medium

Medium

Medium is a WordPress theme for bloggers with a three column layout. It supports infinite scroll, custom colors with multiple page templates including a custom archives page.

Designed to instantly set up a professional looking blog, Medium is quick and easy to setup and looks stunning even on smaller screens.

9. Suarez

Suarez

Suarez is a stunningly beautiful WordPress blog theme for authors. It features a unique homepage style which is designed to showcase your content prominently using images and text.

It includes beautiful animations, multiple page layouts, and custom content discovery widgets. It also has hero homepage slider for your homepage and ships with a separate slider plugin to use anywhere on your site.

10. Brittany

Brittany

Brittany is a stylish WordPress blog theme with a beautiful design. The homepage features an intro section at the top followed by your most important content.

It has several layout options and templates for different pages. You will also get several custom widgets for easy social media integration and content discovery features.

11. Expose Pro

Expose

Expose Pro is a WordPress blogging and portfolio theme for authors. Created by the folks at StudioPress, it comes with a widgetized homepage with four widget areas and has multiple templates for your blog, homepage, archive, and landing pages.

It is designed to beautifully showcase your content and uses large images with elegant typography to make your content more enjoyable. It has a custom gallery post format with lightbox display of your photos. It is highly optimized for speed and performance and comes with quick and straightforward setup.

12. Presence

Presence

Presence is designed to quickly create online presence and works perfectly for bloggers and authors as well. It includes 10 demo websites that you can easily import and then just replace the content with your own to create your website instantly.

13. Remi

Remi

Remi is a simpler WordPress blog and portfolio theme for authors. It has a minimalist two column grid layout. It includes additional layout choices that you can use with several custom widgets, page templates, and multiple sidebars.

It has a sticky sidebar menu on the left followed by a widget ready area. The search feature utilizes Ajax and graceful animation to display results.

14. True North

True  North

True North is an elegant WordPress theme with beautiful design. It uses a grid layout on the home page with beautiful display of images. It has multiple layout choices and a built-in portfolio section to showcase your work.

It also supports custom background, custom header, and has several custom widgets for social media and content discovery features.

15. Elegant

Elegant

Elegant is a WordPress blog and portfolio theme. It features a beautiful layout with logo and navigation menu on top with a social menu. It has multiple layout options including a grid layout.

It has built-in portfolio content type, several custom widgets, multiple color schemes, and easy to use theme options panel. It ships with a drag and drop page builder and full WooCommerce support.

16. Libretto

Libretto

Libretto is a free WordPress blog theme with a distraction free layout which makes it an excellent choice for a blog or author’s website. It has a beautiful color scheme with gorgeous typography.

Designed in the traditional one-column blog layout with navigation menu at top. It supports custom header and background, social links menu, and footer widget area.

17. Pocket

Pocket

Pocket is a distraction free WordPress theme for bloggers, photographers, and authors. It takes the minimalist approach to the design with special focus on typography and images. Using a single column layout, with readable fonts and large featured images, Pocket makes your content pop out and offers a very engaging user experience.

It has a navigation menu at top and a social links menu at the bottom of each page. It requires very little time to set up and gets out of your way so that you can create amazing content on your blog.

18. Writee

Writee

Writee is a free WordPress theme designed for authors, writers, and bloggers. Inside you will find a full-width boxed slider allowing you to showcase your most important content at the top. It pays special attention to readability with elegant typography and a spacious layout.

It has a navigation menu and a social links menu at the top. It also adds social sharing icons below each article and excerpt so that your users can easily sharing content.

19. Baseline

Baseline

Baseline is a WordPress theme for magazine, blogs, and content rich websites. The main focus of theme is improved reading experience and a layout that is easy on eyes.

It includes a header category menu, featured content slider, multiple layout options and infinite scroll. It is easy to setup and has a getting started page to help you setup theme.

20. Relive

Relive

Relive is a modern WordPress theme for authors and storytellers. It is designed to created an immersive experience with the help of audio, video, images and text.

Ideal for long form content with beautiful scrolling effects, Relive also comes with a page builder and tons of customization options. It is easy to setup and ships with 1-click demo content installer.

21. Metro Pro

Metro Pro

Metro Pro is a powerful WordPress theme built on top of Genesis theme framework. It includes an easy to setup home page with sections for featured stories into a beautiful layout.

It also has built-in social media integration, custom menus, custom widgets, and a theme options panel. With rock solid code, Metro Pro is highly optimized for performance and speed.

22. Author

Author

Author is a free WordPress theme for authors and publishers. It focuses on improved accessibility with a beautiful design. It loads fast and the code is optimized to improve performance of your WordPress site.

It uses a simple two-column layout with a sidebar and navigation menu to the right. It is easy to setup and can be customized using live theme customizer.

23. Montblanc

Montblanc

Montblanc is a very powerful and highly customizable WordPress theme perfect for authors. It comes with flexible layout choices, multiple homepage styles, custom widgets, page templates, etc.

It can be used for a multi-author magazine website, or a single page author profile. It also includes portfolio, photo galleries, and beautiful sliders. It is WooCommerce ready and comes with a powerful page builder plugin.

24. Sanse

Sanse

Sanse is an extremely simple WordPress theme for authors and bloggers. It offers a unique design with no featured images displayed on the homepage. Making it load much faster and offer pleasant user experience for your readers.

It is designed for bloggers and is a great choice for long form content. It supports custom logo, custom header and background. It comes with a single widget ready area in the footer and does not include any sidebars.

25. Publisher

Publisher

As the name suggests, Publisher is a WordPress theme for authors, publishers, and magazine websites. It uses a masonry style layout with your content presented as blocks. It beautifully handles images, audio, video, and text.

It is very easy to setup and gets out of your way. It comes with easy customization options that can be all accessed from live theme customizer. It also includes custom headers, custom backgrounds, individual backgrounds for any articles, infinite scroll, and custom widgets.

26. Paperback

Paperback

Paperback is an elegant multipurpose WordPress theme suitable for any kind of website. It is designed to beautifully display your content and is perfect for content rich websites.

It prominently uses featured images from your articles throughout the layout. The home page includes a featured content slider which allows you to quickly get users engaged. It has great typography and looks equally great on mobile and desktop.

27. Indigo

Indigo

Indigo is a gorgeous multipurpose WordPress theme. It comes with easy to use modules that you can just drag and drop to build your homepage layout. It also includes 14 ready made websites that you can install and then just replace the content with your own. These websites include a blog, magazine, and stories theme that would work perfectly for any blog or author website.

28. Nectar

Nectar

Nectar is a beautifully designed WordPress theme. It is super flexible and easy to set up for almost any kind of website including an author website with a blog and portfolio section.

The homepage layout features a large full-width slider followed by your call to action, welcome message, and then your featured content. It also includes a custom theme options panel which allows you to just check boxes and add text to setup theme.

29. Lenscap

Lenscap

Lenscap is an ecommerce ready WordPress theme suitable for personal blogs and content rich sites. It includes a large featured content carousel and a footer category menu to add content discovery at the top.

It uses lightbox popup to display your photos and videos for an immersive viewing experience. It includes multiple ready to use color schemes. It is highly customizable and utilizes the live theme customizer for quicker setup.

That’s all for now.

We hope this article helped you find the best WordPress theme for authors and writers. You may also want to see our ultimate WordPress SEO guide and the list of must have WordPress plugins to grow your website.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

The post 29 Best WordPress Themes for Authors appeared first on WPBeginner.

How to Uninstall and Reinstall WordPress

Recently, one of our users asked us how they can uninstall and reintsall WordPress? Reinstalling WordPress can solve issues when all other troubleshootings tips fail. In this article, we will show you how to safely uninstall and reinstall WordPress without losing your data or SEO.… Read More »

The post How to Uninstall and Reinstall WordPress appeared first on WPBeginner.

Recently, one of our users asked us how they can uninstall and reintsall WordPress? Reinstalling WordPress can solve issues when all other troubleshootings tips fail. In this article, we will show you how to safely uninstall and reinstall WordPress without losing your data or SEO.

How to uninstall and reinstall WordPress

When Do You Need to Reinstall WordPress?

Reinstalling WordPress should never be the first option. Most common WordPress errors are easily fixable, and this will save you from the hassle of reinstalling WordPress.

If you cannot figure out the cause of an issue, then follow the instructions in our WordPress troubleshooting guide. It will help you pin-point the issue and find a solution.

In case of a hacked WordPress site, you can try the tips in our guide on how to clean a hacked WordPress site.

If all else fails, then uninstalling and reinstalling a fresh copy of WordPress can be used as the last resort.

Step 0. Create an Emergency Backup

Before you do anything, you should first create a complete backup of your existing WordPress site. You can use a WordPress backup plugin to do this. Make sure that you store your backup files on your computer or a cloud storage service like Google Drive or Dropbox.

We will not be using this backup to reinstall WordPress, but it’s good to have in case something goes wrong.

Step 1. Export Your WordPress Content

First thing you need to do is export your WordPress content by creating a WordPress export file. This file will contain all your posts, pages, categories, tags, and comments.

Restoring a WordPress site using this export file allows you to leave out data created by WordPress plugins.

Here is how you would create a WordPress export file.

First, sign in to your WordPress admin area and then go to Tools » Export page. Select all content and then click on ‘Download Export File’ button.

Download WordPress export file

If you have a lot of registered users on your website, then you may want to export them too. See our guide on how to easily import/export users in WordPress.

Step 2. Download wp-content Folder

All your WordPress themes, plugins, images, and uploads are stored in the /wp-content/ folder on your website.

Let’s download this content to your computer, so that you can use it later to reinstall WordPress.

Connect to your WordPress site using an FTP client or File Manager in cPanel. Once connected, select the wp-content folder and download it to your computer.

Download wp-content folder

After downloading the wp-content folder, you are ready to uninstall WordPress.

Step 3. Properly Uninstall WordPress

To uninstall WordPress, you need to connect to your WordPress site using a FTP client or File Manager in cPanel. Then you need to delete all WordPress files.

You don’t really need to delete your WordPress database. Most WordPress hosting companies allow you to create as many databases and usernames as you need.

Instead of deleting the existing database, you can create a new one with a new username and password.

To create new database, you need to login to your cPanel account and click on MySQL Databases icon.

MySQL Databases

This will bring you to the add new database page.

First, you need to enter a name for your new database and click on create database button.

Create a new database

After that, scroll down to add ‘MySQL Users’ section and add a new user. You will need to enter a username and password, and then click on ‘Create User’ button.

Add New MySQL user

Now you need to add the user to the database you created earlier. Scroll down to ‘Add user to database’ section and then select the username and database you created earlier.

Add user to database

Click on the ‘Add’ button to continue.

Your new database is ready to be used when you reinstall WordPress.

Now that you have successfully uninstalled WordPress, let’s see how to reinstall it and restore your website.

Step 4. Fresh Install WordPress

You need to download a fresh copy of WordPress from WordPress.org website.

Download WordPress

After downloading WordPress, you need to unzip the download file.

You will find a WordPress folder inside it. Open the WordPress folder, and you will see all the WordPress files.

Now, you need to upload these files to your website using an FTP client.

Upload WordPress files

After uploading the WordPress files, go ahead and visit your website. WordPress will now ask you to enter your database information.

Add database info

You need to enter the name of database, username, and password you created earlier. Your host information will most likely be localhost.

Once you are done filling out the information, click on the submit button to continue.

WordPress will now attempt to connect to your database. Upon successful connection, it will show you a success message. You can now click on the ‘Run Install’ button to continue.

Run WordPress installation

In the next step, WordPress will ask you to provide your site information like site title, description, admin email address and password.

Site information

After filling out the information, click on ‘Install WordPress’ button to continue.

WordPress will now finish the installation. Go ahead and log into the WordPress admin area using the username and password you entered earlier.

Once you are logged into WordPress, you need to delete the default content.

Head over to Posts and delete the ‘Hello World’ post. Visit the ‘Comments’ section and delete the default comment. Lastly, go to Pages and delete the sample page.

You have successfully reinstalled a fresh copy of WordPress.

Now let’s move on to restoring your content.

Step 5. Restore Uploads, Images, and Theme

First, you will need to restore your uploads, images, and theme located inside the wp-content folder you downloaded earlier.

To do that, you need to connect to your website using an FTP client and go to /wp-content/ folder.

Next, you need to select the /wp-content/uploads/ folder from your computer and upload it to your website.

Upload the uploads folder

If you have made changes to your WordPress theme or child theme files, then you can upload them now. Your theme folders are located in the /wp-content/themes/ folder.

Step 6. Import Content

Now let’s import your posts, pages, categories, tags, and other content.

First, you need to go to Tools » Import page and then click on ‘Install Now’ link under WordPress.

Install WordPress importer

WordPress will now download and install the WordPress importer. After that you need to click on the ‘Run Importer’ link.

This will bring you to WordPress importer page where you need to click on the ‘Choose File’ button and then select the XML file you downloaded during our step 1.

Importing WordPress XML file

Click on ‘Upload file and import’ button to continue.

WordPress will ask you if you want to create new authors and assign the posts to them or if you would like to assign all posts to your current user account.

Import settings

If it is a single author WordPress site, then you can assign all posts to yourself. Otherwise, do nothing and WordPress will import the authors.

You also need to make sure that you check the box under ‘Import Attachments’. This will allow WordPress to properly import the images in your /wp-content/uploads/ folder to the WordPress media library.

Go ahead and click on the Submit button to continue.

WordPress will now start importing content from the XML file to your fresh WordPress install.

Once finished, you will be able to see your content by visiting your website.

Step 7. Install WordPress Plugins (One by One)

After successfully importing content to your reinstalled WordPress site, you can move on to installing plugins.

You will need to install all plugins one by one and then activate them. You may need to manually setup plugins to adjust their settings.

That’s all, you have successfully uninstalled and reinstalled WordPress. You can now review your website and setup things as they were before like your navigation menus, sidebar widgets, contact form, and more.

We hope this article helped you learn how to uninstall and reinstall WordPress. You may also want to see our ultimate step by step WordPress security guide.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

The post How to Uninstall and Reinstall WordPress appeared first on WPBeginner.

How to Create a Custom WordPress Widget

Do you want to create your own custom widgets in WordPress? Widgets allow you to drag and drop elements into any sidebar or widget ready area of your website. In this article, we will show you how to easily create a custom WordPress widget. What… Read More »

The post How to Create a Custom WordPress Widget appeared first on WPBeginner.

Do you want to create your own custom widgets in WordPress? Widgets allow you to drag and drop elements into any sidebar or widget ready area of your website. In this article, we will show you how to easily create a custom WordPress widget.

Creating a custom WordPress widget

What is a WordPress Widget?

WordPress widgets contain pieces of code that you can add to your website’s sidebars or widget ready areas. Think of them as modules that you can use to add different elements by using a simple drag and drop interface.

By default, WordPress comes with a standard set of widgets that you can use with any WordPress theme. See our beginner’s guide on how to add and use widgets in WordPress.

WordPress widgets

WordPress also allows developers to create their own custom widgets. Many WordPress themes and plugins come with their own custom widgets that you can add to your sidebars.

For example, you can add a contact form, a custom login form, or a photo gallery to a sidebar without writing any code.

Having said that, let’s see how to easily create your own custom widgets in WordPress.

Creating a Custom Widget in WordPress

Before we get started, it would be best if you create a site-specific plugin where you will be pasting the widget code from this tutorial.

You can also paste the code in your theme’s functions.php file. However, it will only be available when that particular theme is active.

In this tutorial, we will create a simple widget that just greets visitors. Take a look at this code and then paste it in your site-specific plugin to see it in action.


// Register and load the widget
function wpb_load_widget() {
	register_widget( 'wpb_widget' );
}
add_action( 'widgets_init', 'wpb_load_widget' );

// Creating the widget 
class wpb_widget extends WP_Widget {

function __construct() {
parent::__construct(

// Base ID of your widget
'wpb_widget', 

// Widget name will appear in UI
__('WPBeginner Widget', 'wpb_widget_domain'), 

// Widget description
array( 'description' => __( 'Sample widget based on WPBeginner Tutorial', 'wpb_widget_domain' ), ) 
);
}

// Creating widget front-end

public function widget( $args, $instance ) {
$title = apply_filters( 'widget_title', $instance['title'] );

// before and after widget arguments are defined by themes
echo $args['before_widget'];
if ( ! empty( $title ) )
echo $args['before_title'] . $title . $args['after_title'];

// This is where you run the code and display the output
echo __( 'Hello, World!', 'wpb_widget_domain' );
echo $args['after_widget'];
}
		
// Widget Backend 
public function form( $instance ) {
if ( isset( $instance[ 'title' ] ) ) {
$title = $instance[ 'title' ];
}
else {
$title = __( 'New title', 'wpb_widget_domain' );
}
// Widget admin form
?>
<p>
<label for="<?php echo $this->get_field_id( 'title' ); ?>"><?php _e( 'Title:' ); ?></label> 
<input class="widefat" id="<?php echo $this->get_field_id( 'title' ); ?>" name="<?php echo $this->get_field_name( 'title' ); ?>" type="text" value="<?php echo esc_attr( $title ); ?>" />
</p>
<?php 
}
	
// Updating widget replacing old instances with new
public function update( $new_instance, $old_instance ) {
$instance = array();
$instance['title'] = ( ! empty( $new_instance['title'] ) ) ? strip_tags( $new_instance['title'] ) : '';
return $instance;
}
} // Class wpb_widget ends here

After adding the code you need to head over to Appearance » Widgets page. You will notice the new WPBeginner Widget in the list of available widgets. You need to drag and drop this widget to a sidebar.

Custom WordPress widget added to a sidebar

Now you can visit your website to see it in action.

Previewing your custom widget

Now let’s study the code again.

First we registered the ‘wpb_widget’ and loaded our custom widget. After that we defined what that widget does, and how to display the widget back-end.

Lastly, we defined how to handle changes made to the widget.

Now there are a few things that you might want to ask. For example, what’s the purpose wpb_text_domain?

WordPress uses gettext to handle translation and localization. This wpb_text_domain and __e tells gettext to make a string available for translation. See how you can find translation ready WordPress themes.

If you are creating a custom widget for your theme, then you can replace wpb_text_domain with your theme’s text domain.

We hope this article helped you learn how to easily create a custom WordPress widget. You may also want to see our list of the most useful WordPress widgets for your site.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

The post How to Create a Custom WordPress Widget appeared first on WPBeginner.

12 Most Useful .htaccess Tricks for WordPress

Are you looking for some useful .htaccess tricks for your WordPress site. The .htaccess file is a powerful configuration file which allows you to do a lot of neat things on your website. In this article, we will show you some of the most useful… Read More »

The post 12 Most Useful .htaccess Tricks for WordPress appeared first on WPBeginner.

Are you looking for some useful .htaccess tricks for your WordPress site. The .htaccess file is a powerful configuration file which allows you to do a lot of neat things on your website. In this article, we will show you some of the most useful .htaccess tricks for WordPress that you can try right away.

Most Useful .htaccess Tricks for WordPress

What is .htaccess File and How to Edit it?

The .htaccess file is a server configuration file. It allows you to define rules for your server to follow for your website.

WordPress uses .htaccess file to generate SEO friendly URL structure. However, this file can do a lot more.

The .htaccess file is located in your WordPress site’s root folder. You will need to connect to your website using an FTP client to edit it.

.htaccess file on a WordPress site

If you cannot find your .htaccess file, then see our guide on how to find .htaccess file in WordPress.

Before editing your .htaccess file, it is important to download a copy of it to your computer as backup. You can use that file in case anything goes wrong.

Having said that, let’s take a look at some useful .htaccess tricks for WordPress that you can try.

1. Protect Your WordPress Admin Area

You can use .htaccess to protect your WordPress admin area by limiting the access to selected IP addresses only. Simply copy and paste this code into your .htaccess file:


AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "WordPress Admin Access Control"
AuthType Basic
<LIMIT GET>
order deny,allow
deny from all
# whitelist Syed's IP address
allow from xx.xx.xx.xxx
# whitelist David's IP address
allow from xx.xx.xx.xxx
</LIMIT>

Don’t forget to replace xx values with your own IP address. If you use more than one IP address to access the internet, then make sure you add them as well.

For detailed instructions, see our guide on how to limit access to WordPress admin using .htaccess.

2. Password Protect WordPress Admin Folder

Password protect WordPress admin directory

If you access your WordPress site from multiple locations including public internet spots, then limiting access to specific IP addresses may not work for you.

You can use .htaccess file to add an additional password protection to your WordPress admin area.

First, you need to generate a .htpasswds file. You can easily create one by using this online generator.

Upload this .htpasswds file outside your publicly accessible web directory or /public_html/ folder. A good path would be:

/home/user/.htpasswds/public_html/wp-admin/passwd/

Next, create a .htaccess file and upload it in /wp-admin/ directory and then add the following codes in there:

AuthName "Admins Only"
AuthUserFile /home/yourdirectory/.htpasswds/public_html/wp-admin/passwd
AuthGroupFile /dev/null
AuthType basic
require user putyourusernamehere
<Files admin-ajax.php>
Order allow,deny
Allow from all
Satisfy any 
</Files>

Important: Don’t forget to replace AuthUserFile path with the file path of your .htpasswds file and add your own username.

For detailed instructions, see our guide on how to password protect WordPress admin folder.

3. Disable Directory Browsing

Disable directory browsing

Many WordPress security experts recommend disabling directory browsing. With directory browsing enabled, hackers can look into your site’s directory and file structure to find a vulnerable file.

To disable directory browsing on your website, you need to add the following line to your .htaccess file.

Options -Indexes

For more on this topic, see our guide on how to disable directory browsing in WordPress.

4. Disable PHP Execution in Some WordPress Directories

Sometimes hackers break into a WordPress site and install a backdoor. These backdoor files are often disguised as core WordPress files and are placed in /wp-includes/ or /wp-content/uploads/ folders.

An easier way to improve your WordPress security is by disabling PHP execution for some WordPress directories.

You will need to create a blank .htaccess file on your computer and then paste the following code inside it.

<Files *.php>
deny from all
</Files>

Save the file and then upload it to your /wp-content/uploads/ and /wp-includes/ directories. For more information check out our tutorial on how to disable PHP execution in certain WordPress directories.

5. Protect Your WordPress Configuration wp-config.php File

Probably the most important file in your WordPress website’s root directory is wp-config.php file. It contains information about your WordPress database and how to connect to it.

To protect your wp-config.php file from unathorized access, simply add this code to your .htaccess file:

<files wp-config.php>
order allow,deny
deny from all
</files>

6. Setting up 301 Redirects Through .htaccess File

Using 301 redirects is the most SEO friendly way to tell your users that a content has moved to a new location. If you want to properly manage your 301 redirects on posts per post basis, then check out our guide on how to setup redirects in WordPress.

On the other hand, if you want to quickly setup redirects, then all you need to do is paste this code in your .htaccess file.

Redirect 301 /oldurl/ http://www.example.com/newurl
Redirect 301 /category/television/ http://www.example.com/category/tv/

7. Ban Suspicious IP Addresses

Are you seeing unusually high requests to your website from a specific IP address? You can easily block those requests by blocking the IP address in your .htaccess file.

Add the following code to your .htaccess file:

<Limit GET POST>
order allow,deny
deny from xxx.xxx.xx.x
allow from all
</Limit>

Don’t forget to replace xx with the IP address you want to block.

8. Disable Image Hotlinking in WordPress Using .htaccess

Other websites directly hotlinking images from your site can make your WordPress site slow and exceed your bandwidth limit. This isn’t a big issue for most smaller websites. However, if you run a popular website or a website with lots of photos, then this could become a serious concern.

You can prevent image hotlinking by adding this code to your .htaccess file:

#disable hotlinking of images with forbidden or custom image option
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?wpbeginner.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ – [NC,F,L] 

This code only allows images to be displayed if the request is originating from wpbeginner.com or Google.com. Don’t forget to replace wpbeginner.com with your own domain name.

For more ways to protect your images see our guide on ways to prevent image theft in WordPress.

9. Protect .htaccess From Unauthorized Access

As you have seen that there are so many things that can be done using the .htaccess file. Due to the power and control it has on your web server, it is important to protect it from unauthorized access by hackers. Simply add following code to your .htaccess file:

<files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</files>

10. Increase File Upload Size in WordPress

There are different ways to increase the file upload size limit in WordPress. However, for users on shared hosting some of these methods do not work.

One of the methods that has worked for many users is by adding following code to their .htaccess file:

php_value upload_max_filesize 64M
php_value post_max_size 64M
php_value max_execution_time 300
php_value max_input_time 300

This code simply tells your web server to use these values to increase file upload size as well as maximum execution time in WordPress.

11. Disable Access to XML-RPC File Using .htaccess

Each WordPress install comes with a file called xmlrpc.php. This file allows third-party apps to connect to your WordPress site. Most WordPress security experts advise that if you are not using any third party apps, then you should disable this feature.

There are multiple ways to do that, one of them is by adding the following code to your .htaccess file:

# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>

For more information, see our guide on how to disable XML-RPC in WordPress.

12. Blocking Author Scans in WordPress

A common technique used in brute force attacks is to run author scans on a WordPress site and then attempt to crack passwords for those usernames.

You can block such scans by adding the following code to your .htaccess file:

# BEGIN block author scans
RewriteEngine On
RewriteBase /
RewriteCond %{QUERY_STRING} (author=\d+) [NC]
RewriteRule .* - [F]
# END block author scans 

For more information, see our article on how to discourage brute force attacks by blocking author scans in WordPress.

We hope this article helped you learn the most useful .htaccess tricks for WordPress. You may also want to see our ultimate step by step WordPress security guide for beginners.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

The post 12 Most Useful .htaccess Tricks for WordPress appeared first on WPBeginner.

How to Add a Background Image in WordPress

Do you want to add a background image to your WordPress site? Background images can be used to make your website look more engaging and aesthetically pleasant. In this article, we will show you how to easily add a background image to your WordPress site.… Read More »

The post How to Add a Background Image in WordPress appeared first on WPBeginner.

Do you want to add a background image to your WordPress site? Background images can be used to make your website look more engaging and aesthetically pleasant. In this article, we will show you how to easily add a background image to your WordPress site.

How to add a background image in WordPress

Method 1. Add a Background Image Using Your WordPress Theme Settings

Most free and premium WordPress themes come with custom background support. This feature allows you to easily set a background image to your WordPress site.

If your theme supports custom background feature, then we recommend using this method to add a background image to your WordPress site. However, if your theme doesn’t support custom background feature, then you can use other methods in this article.

First you need to visit the Appearance » Customize page in your WordPress admin. This will launch the WordPress theme customizer where you can change different theme settings while viewing a live preview of your website.

Background image option in WordPress theme customizer

Next, you need to click on the ‘Background image’ option. The panel will slide in and show you the options to upload or select a background image for your website.

Select background image

Click on the select image button to continue.

This will bring up the WordPress media uploader popup where you can upload an image from your computer. You can also select a previously uploaded image from media library.

Upload background image

Next, you need to click on the choose image button after uploading or selecting the image you want to use as background.

This will close the media uploader popup, and you will see your selected image’s preview in the theme customizer.

Background image settings

Below the image you will also be able to see the background image options. Under preset, you can select how you want the background image to be displayed: fill screen, fit screen, repeat, or custom.

You can also select background image position by clicking on the arrows below. Clicking on center will align the image to the center of the screen.

Don’t forget to click on the ‘Save & Publish’ button at the top to store your settings. That’s all, you have successfully added a background image to your WordPress site.

Go ahead and visit your website to see it in action.

Method 2. Add Custom Background Image in WordPress Using Plugin

This method is a lot more flexible. It works with any WordPress theme and allows you to set multiple background images. You can also set different backgrounds for any post, page, category, or any other section of your WordPress site.

It automatically makes all your background images to be full screen and mobile responsive. This means your background image will automatically resize itself on smaller devices.

First, you need to install and activate the Full Screen Background Pro plugin. For more details, see our step by step guide on how to install a WordPress plugin.

Upon activation, you need to visit Appearance » Full Screen BG Image page to configure the plugin settings.

Full screen background

You will be asked to add your license key. You can get this information from the email you received after buying the plugin or from your account on the plugin’s website.

Next, you need to click on the save settings button to store your changes. You are now ready to start adding background images to your WordPress site.

Go ahead and click on the ‘Add New Image’ button on plugin’s settings page. This will take you to the background image upload screen.

add new background image

Click on the choose image button to upload or select an image. As soon as you select the image, you will be able to see a live preview of the image on screen.

Next, you need to provide a name for this image. This name will be used internally, so you can use anything here.

Finally, you need to select where you want this image to be used as the background page. Full Screen Background Pro allows you to set images as background globally, or you can choose from different sections of your website like categories, archives, front page, blog page, etc.

Don’t forget to click on the save image button to save your background image.

You can add as many images as you want by visiting Appearance » Full Screen BG Image page.

If you set more than one image to be used globally, then the plugin will automatically start displaying background images as slideshow.

You can adjust the time it takes for an image to fade out and the time after which new background image starts to fade in.

Background fade in and fade out settings

Time you enter here is in milliseconds. If you want a background image to fade out after 20 seconds, then you will need to enter 20000.

Don’t forget to click on the save settings button to store your changes.

Setting Background Image for Individual Posts, Pages, Categories, etc

Full Screen Background Pro also allows you to set background images for single posts, pages, category, tag, etc.

Just edit the post/page where you want to display a different background image. On the post edit screen, you will notice the new ‘Full Screen Background Image’ box below the post editor.

Adding a background image for a single post or page

To use a background image for a specific category, you need to visit Appearance » Full Screen BG Image page and then click on the ‘Add New Image’ button.

After uploading your image, you can select ‘Category’ as the context where you want to display the background image.

Set background image for a specific category

Now enter the specific category ID or slug where you want to display the image. See our guide on how to find category ID in WordPress.

Don’t forget to save your image to store your settings.

Method 3. Add Custom Background Images Anywhere in WordPress Using CSS

By default, WordPress adds several CSS classes to different HTML elements throughout your WordPress site. You can easily add custom background images to individual posts, categories, author, and other pages using these WordPress generated CSS classes.

For example, If you have a category on your website called TV, then WordPress will automatically add these CSS classes to the body tag when someone views the TV category page.

<body class="archive category category-tv category-4"> 

You can use the inspect tool to see exactly which CSS classes are added by WordPress to the body tag.

Use inspect tool to see classes added by WordPress

You can use either category-tv or category-4 CSS class to style just this category page differently.

Let’s add a custom background image to a category archive page. You will need to add this custom CSS to your theme.

body.category-tv { 
background-image: url("http://example.com/wp-content/uploads/2017/03/your-background-image.jpg"); 
background-position: center center; 
background-size: cover; 
background-repeat: no-repeat; 
background-attachment: fixed;
}

Don’t forget to replace background image URL and the category class with your own category.

You can also add custom backgrounds to individual posts and pages. WordPress adds a CSS class with the post or page ID in the body tag. You can use the same CSS code just replace .category-tv with the post specific CSS class.

We hope this article helped you learn how to add a background image in WordPress. You may also want to see our list of extremely useful tricks for the WordPress functions file.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

The post How to Add a Background Image in WordPress appeared first on WPBeginner.

Exploring the preconfigured browser-based Linux Cloud Shell built into the Azure Portal

At BUILD a few weeks ago I did a demo of the Azure Cloud Shell, now in preview. It’s pretty fab and it’s built into the Azure Portal and lives in your browser. You don’t have to do anything, it’s just there whenever you need it. I’m trying to convince them to enable “Quake Mode” so it would pop-up when you click ~ but they never listen to me. 😉

Animated Gif of the Azure Cloud Shell

Click the >_ shell icon in the top toolbar at http://portal.azure.com. The very first time you launch the Azure Cloud Shell it will ask you where it wants your $home directory files to be persisted. They will live in your own Storage Account. Don’t worry about cost, remember that Azure Storage is like pennies a gig, so assuming you’re storing script files, figure it’s thousandths of pennies – a non-issue.

Where do you want your account files persisted to?

It’s pretty genius how it works, actually. Since you can setup an Azure Storage Account as a regular File Share (sharing to Mac, Linux, or Windows) it will just make a file share and mount it. The data you save in the ~/clouddrive is persistent between sessions, the sessions themselves disappear if you don’t use them.

Now my Azure Cloud Shell Files are available anywhere

Today it’s got bash inside a real container. Here’s what lsb_release -a says:

[email protected]:~/clouddrive$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 16.04.1 LTS
Release:        16.04
Codename:       xenial

Looks like Ubuntu xenial inside a container, all managed by an orchestrator within Azure Container Services. The shell is using xterm.js to make it all possible inside the browser. That means you can run vim, top, whatever makes you happy. Cloud shells include vim, emacs, npm, make, maven, pip, as well as docker, kubectl, sqlcmd, postgres, mysql, iPython, and even .NET Core’s command line SDK.

NOTE: Ctrl-v and Ctrl-c do not function as copy/paste on Windows machines [in the Portal using xterm.js], please us Ctrl-insert and Shift-insert to copy/paste. Right-click copy paste options are also available, however this is subject to browser-specific clipboard access

When you’re in there, of course the best part is that you can ssh into your Linux VMs. They say PowerShell is coming soon to the Cloud Shell so you’ll be able to remote Powershell in to Windows boxes, I assume.

The Cloud Shell has the Azure CLI (command line interface) built in and pre-configured and logged in. So I can hit the shell then (for example) get a list of my web apps, and restart one. Here I’m getting the names of my sites and their resource groups, then restarting my son’s hamster blog.

[email protected]:~/clouddrive$ az webapp list -o table
ResourceGroup               Location          State    DefaultHostName                             AppServicePlan     Name
--------------------------  ----------------  -------  ------------------------------------------  -----------------  ------------------------
Default-Web-WestUS          West US           Running  thisdeveloperslife.azurewebsites.net        DefaultServerFarm  thisdeveloperslife
Default-Web-WestUS          West US           Running  hanselmanlyncrelay.azurewebsites.net        DefaultServerFarm  hanselmanlyncrelay
Default-Web-WestUS          West US           Running  myhamsterblog.azurewebsites.net             DefaultServerFarm  myhamsterblog

[email protected]:~/clouddrive$ az webapp restart -n myhamsterblog -g "Default-Web-WestUS"

Pretty cool. I’m going to keep exploring, but I like the way the Azure Portal is going from a GUI and DevOps dashboard perspective, but it’s also nice to have a CLI preconfigured whenever I need it.


Sponsor: Did you know VSTS can integrate closely with Octopus Deploy? Watch Damian Brady and Brian A. Randell as they show you how to automate deployments from VSTS to Octopus Deploy, and demo the new VSTS Octopus Deploy dashboard widget. Watch now!


© 2017 Scott Hanselman. All rights reserved.
     

At BUILD a few weeks ago I did a demo of the Azure Cloud Shell, now in preview. It's pretty fab and it's built into the Azure Portal and lives in your browser. You don't have to do anything, it's just there whenever you need it. I'm trying to convince them to enable "Quake Mode" so it would pop-up when you click ~ but they never listen to me. ;)

Animated Gif of the Azure Cloud Shell

Click the >_ shell icon in the top toolbar at http://portal.azure.com. The very first time you launch the Azure Cloud Shell it will ask you where it wants your $home directory files to be persisted. They will live in your own Storage Account. Don't worry about cost, remember that Azure Storage is like pennies a gig, so assuming you're storing script files, figure it's thousandths of pennies - a non-issue.

Where do you want your account files persisted to?

It's pretty genius how it works, actually. Since you can setup an Azure Storage Account as a regular File Share (sharing to Mac, Linux, or Windows) it will just make a file share and mount it. The data you save in the ~/clouddrive is persistent between sessions, the sessions themselves disappear if you don't use them.

Now my Azure Cloud Shell Files are available anywhere

Today it's got bash inside a real container. Here's what lsb_release -a says:

[email protected]:~/clouddrive$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 16.04.1 LTS
Release:        16.04
Codename:       xenial

Looks like Ubuntu xenial inside a container, all managed by an orchestrator within Azure Container Services. The shell is using xterm.js to make it all possible inside the browser. That means you can run vim, top, whatever makes you happy. Cloud shells include vim, emacs, npm, make, maven, pip, as well as docker, kubectl, sqlcmd, postgres, mysql, iPython, and even .NET Core's command line SDK.

NOTE: Ctrl-v and Ctrl-c do not function as copy/paste on Windows machines [in the Portal using xterm.js], please us Ctrl-insert and Shift-insert to copy/paste. Right-click copy paste options are also available, however this is subject to browser-specific clipboard access

When you're in there, of course the best part is that you can ssh into your Linux VMs. They say PowerShell is coming soon to the Cloud Shell so you'll be able to remote Powershell in to Windows boxes, I assume.

The Cloud Shell has the Azure CLI (command line interface) built in and pre-configured and logged in. So I can hit the shell then (for example) get a list of my web apps, and restart one. Here I'm getting the names of my sites and their resource groups, then restarting my son's hamster blog.

[email protected]:~/clouddrive$ az webapp list -o table
ResourceGroup               Location          State    DefaultHostName                             AppServicePlan     Name
--------------------------  ----------------  -------  ------------------------------------------  -----------------  ------------------------
Default-Web-WestUS          West US           Running  thisdeveloperslife.azurewebsites.net        DefaultServerFarm  thisdeveloperslife
Default-Web-WestUS          West US           Running  hanselmanlyncrelay.azurewebsites.net        DefaultServerFarm  hanselmanlyncrelay
Default-Web-WestUS          West US           Running  myhamsterblog.azurewebsites.net             DefaultServerFarm  myhamsterblog


[email protected]:~/clouddrive$ az webapp restart -n myhamsterblog -g "Default-Web-WestUS"

Pretty cool. I'm going to keep exploring, but I like the way the Azure Portal is going from a GUI and DevOps dashboard perspective, but it's also nice to have a CLI preconfigured whenever I need it.


Sponsor: Did you know VSTS can integrate closely with Octopus Deploy? Watch Damian Brady and Brian A. Randell as they show you how to automate deployments from VSTS to Octopus Deploy, and demo the new VSTS Octopus Deploy dashboard widget. Watch now!


© 2017 Scott Hanselman. All rights reserved.