WordPress

Best .htaccess Hacks for WordPress

I previously wrote Best .htaccess Hacks For Websites, now this article has .htaccess hacks pertaining to WordPress only. .htaccess is a configuration file on your server which controls Apache Server and is a very powerful tool for your website if used properly. Here are some .htaccess snippets which will surely help you improve your WordPress installation.

Please backup your .htaccess file before doing any changes. In case anything goes unexpected just replace the .htaccess with your backup.

Redirect WordPress Feed to FeedBurner

This simple snippet will redirect your default WordPress feed to your Feedburner, easy yea? 

RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} !FeedBurner    [NC]
RewriteCond %{HTTP_USER_AGENT} !FeedValidator [NC]
RewriteRule ^feed/?([_0-9a-z-]+)?/?$ http://feeds.feedburner.com/yourfeed [R=302,NC,L]

Simpler Login URL

A single line of code .htaccess can give you a better login experience, now you will just need to go to http://www.example.com/login instead of http://www.example.com/wp-login.php

RewriteRule ^login$ http://www.example.com/wp-login.php [NC,L]

Protect WordPress Blog from Script Injections

This snippet will protect your WordPress from malicious script injections. 

Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]

Remove /category/ from your WordPress URL

This will transform http://www.example.com/category/post to http://www.example.com/post.

RewriteRule ^category/(.+)$ http://www.example.com/$1 [R=301,L]

Redirect Day and Name Permalinks to /%postname%/

If you have recently moved from day and name permalink structure to only post name structure, then use this snippet to redirect all backlinks. 

RedirectMatch 301 /([0-9]+)/([0-9]+)/([0-9]+)/(.*)$ http://www.example.com/$4

Allow only particular IP address to wp-admin directory

If your blog is only managed by you and you have a static IP, then you can use this snippet to make the admin panel accessible only to your IP address.

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "Example Access Control"
AuthType Basic

order allow, deny
deny from all
allow from xx.xx.xx.xx

Protect your WordPress from Hotlinking

Wanna save bandwidth by not serving to other websites? Try the below snippet.

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?example\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L]

Create WordPress Admin Account Using FTP/PHP

Here is a little snippet which can create a WordPress backend account with ease using the FTP, just paste this PHP snippet in the active theme’s functions.php and the account will be created. Also, make sure the username and the email are unique, or the function will fail.

function admin_account() {
    $user = 'AccountID';
    $pass = 'AccountPassword';
    $email = '[email protected]';

    if (!username_exists($user) && !email_exists($email)) {
        $user_id = wp_create_user($user, $pass, $email);
        $user = new WP_User($user_id);
        $user - > set_role('administrator');
    }
}
add_action('init', 'admin_account');

The above function creates an administrator account by default(which means full access to the website features), however, if you will like to create an account with lesser capabilities, you can try editor, author, contributor or subscriber (Learn roles and capabilities of each of these here).

Getting WordPress on an Amazon EC2 at No Cost(Using OpenShift)

Having a website on WordPress platform requires us to have a web server to host our WordPress installation, though there are plenty of free and cheap offerings for WordPress web hosting, but they aren’t worth the trouble, and getting a good plan like dedicated server hosting means spending huge bucks.

One of the top notch web hosting service provided is Amazon EC2, having a website there gives us plenty of advantages like scalability(means we can scale up/down dynamically with no downtime), no server maintenance(as they will do it), easy upgrades of softwares(like php, MySQL) and plenty more. However, Amazon EC2 is not a “free web hosting” provider(although there is a Free Tier, but it is limited) but still we can get our website up there for no cost using OpenShift.

Openshift is a PaaS offering, which is meant for users and developers to share code/applications with community. That is, it is not exactly a web host, but you can host a WordPress installation in it as well. It also means that the PaaS provider will take care of all the security updates(and all that we get with regular Amazon EC2).

I am not going in details of how you can set up a WordPress installation on an OpenShift account since Amith Shah has already done this, check the blog post at http://log.amitshah.net/2011/12/blog-moved-to-wordpress-on-openshift/.

4 New WordPress Plugins

I have created four new WordPress Plugins(after jFlow Plus) in past two months. These plugins provide various amazing functionalities for WordPress Blogs and Websites, I know I should have posted about them here(In Blog) long ago only, but still, its never too late, they are:

Archives: This plugin creates an Archives Page for your WordPress site, the Archives Page lists Tag Cloud, Latest Posts, Categories and Monthly Archives. You can specify the number of latest posts to be displayed from the settings page of this plugin in the Dashboard.

Enhance Admin Bar: This Plugin adds numerous useful options for WordPress Admin Bar, options like Bit.ly Shortlink, Custom Nav Menu in Admin Bar, Admin Bar on bottom and a lot more, all the options can be set in the settings menu of this plugin.

Add Font Family Dropdown to Visual Editor: This is a fairly basic plugin and adds a Font family dropdown for selecting fonts.

Custom Login Redirect: Custom Login Redirect adds a drop down to the login form which lets you to redirect to custom locations after logging in. There are 16 default options already present in the drop down and you can add your own custom URls as well.

jFlow Plus: Awesome WordPress Slider Plugin

jFlow Plus is a very cool jQuery slider been since a while, it is based on jFlow by ktan, though implementing these kinds of jQuery plugins isn’t very difficult, but implementing on WordPress at times get messy, especially if the user frequently changes/customizes their WordPress themes. So to overcome these, I made a WordPress Plugin for easy implementation of jFlow Plus, it does not modify the theme or any other gallery and works separately and is very easy to implement, the width and height of the slider can be changed from the settings menu in the WordPress Dashboard along with autoplay option and time to transition one slide. You can head over to its Release Page or go to http://wordpress.org/extend/plugins/jflow-plus/ for downloading it.

Fix Facebook Like Using WordPress Plugin

I saw a lot of websites and blogs having incorrect data shown up in user profiles who liked their page using the facebook like(Or recommend) button, incorrect data like wrong thumbnail, wrong description and sometimes even wrong title. After a little research I came to know it can be easily corrected by implementing Facebook Open Graph protocol in your website.

Open Graph protocol allows you to specify structured information about your web pages. Here’s an example for a movie page(Taken from here):

{code type=HTML}
<html xmlns=”http://www.w3.org/1999/xhtml”
xmlns:og=”http://ogp.me/ns#”
xmlns:fb=”http://www.facebook.com/2008/fbml”>
<head>
<title>The Rock (1996)</title>
<meta property=”og:title” content=”The Rock”/>
<meta property=”og:type” content=”movie”/>
<meta property=”og:url” content=”http://www.imdb.com/title/tt0117500/”/>
<meta property=”og:image” content=”http://ia.media-imdb.com/rock.jpg”/>
<meta property=”og:site_name” content=”IMDb”/>
<meta property=”fb:admins” content=”USER_ID”/>
<meta property=”og:description”
content=”A group of U.S. Marines, under command of
a renegade general, take over Alcatraz and
threaten San Francisco Bay with biological
weapons.”/>

</head>

</html>
{/code}

I made a WordPress plugin for easier implementation of Open Graph protocol. This plugin fixes wrong thumbnail (og:image), wrong title (og:site_name), wrong description (og:description), etc. It enforces WordPress post thumbnail for image if a post is liked, or your website’s logo if home page is liked and a lot more, you can visit the plugin’s release page at https://priteshgupta.com/plugins/fix-fblike, or download it from WordPress.org at http://wordpress.org/extend/plugins/fix-facebook-like/.

It customizes the following Open Graph protocol properties og:title, og:type, og:url, og:image, og:site_name, fb:admins, og:description.

Here is a screenshot of settings menu in the admin panel for customization(Click for larger image).

Best .htaccess Hacks For Websites

The .htaccess configuration file on your server which controls Apache Server is an important file and a very powerful tool for your website if used properly. It is generally found in root of your web server. In this article I will share how .htaccess can help improve your website’s  stability, security, functionality and usability.

Please backup your .htaccess file before doing any changes. In case anything goes unexpected just replace the .htaccess with your backup.

Search Engine Friendly 301 Redirects

If you have moved your website to another domain and want to redirect all the pages to their new location or you want to redirect a particular URL to a specific page in most Search Engine Friendly manner then you can use the below code in your .htaccess.

## .htaccess Code :: BEGIN
Redirect 301 /Old_Directory/ http://www.new-domain.com/
## .htaccess Code :: END

Note: Remember not to insert “http://www” to the “/Old_Directory/”.

Block Requests From User Agents

By adding a ban list to your .htaccess file you can block all unwanted user agents. These agents at times are harmful and can can cause load on your server.

## .htaccess Code :: BEGIN
## Block Bad Bots by user-Agent
SetEnvIfNoCase user-Agent ^FrontPage [NC,OR]
SetEnvIfNoCase user-Agent ^Java.* [NC,OR]
SetEnvIfNoCase user-Agent ^Microsoft.URL [NC,OR]
SetEnvIfNoCase user-Agent ^MSFrontPage [NC,OR]
SetEnvIfNoCase user-Agent ^Offline.Explorer [NC,OR]
SetEnvIfNoCase user-Agent ^[Ww]eb[Bb]andit [NC,OR]
SetEnvIfNoCase user-Agent ^Zeus [NC]

Order Allow,Deny
Allow from all
Deny from env=bad_bot
## .htaccess Code :: END

Remove WWW from your website’s URL

If you wish to remove the “www” from your website’s URL, like http://your-domain.com instead of http://www.your-domain.com, then you can use the below code.

## .htaccess Code :: BEGIN
RewriteEngine on
Options +FollowSymLinks
RewriteCond %{HTTP_HOST} ^www\.your-domain\.com$ [NC]
RewriteRule ^(.*)$ http://your-domain.com/$1 R=301,NC]
## .htaccess Code :: END

Add WWW to your website’s URL

If you wish to add “www” your website URL, you can add the below code.

## .htaccess Code :: BEGIN
RewriteEngine On
Options +FollowSymLinks
RewriteCond %{HTTP_HOST} ^your-domain.com [NC]
RewriteRule ^(.*)$ http://www.your-domain.com/$1 [L,R=301]
## .htaccess Code :: END

Allow only specific IP addresses and block everyone else

If you want to allow only few particular IPs and deny everyone else then you can use the below code in your .htaccess file. Replace “http://www.your-domain.com/under_construction.html” with the error page which you will like to be displayed to everyone(except the particulars IPs) or you can simply omit the line if you don’t need it.

## .htaccess Code :: BEGIN
ErrorDocument 403 http://www.your-domain.com/under_construction.html
Order deny,allow
Deny from all
Allow from 172.16.254.1
Allow from 172.16.254.9
## .htaccess Code :: END

Ban only specific IP addresses and allow everyone else

If you think there are spammers regularly flooding your website you can simply ban their IP addresses to get rid of them and allow everyone else.

## .htaccess Code :: BEGIN
allow from all
deny from 172.16.254.6
deny from 172.16.254.5
## .htaccess Code :: END

Custom Error Pages

You must have already seen many custom 404 error pages, you can use the below code for error pages for 404 errors and other errors too.

## .htaccess Code :: BEGIN
ErrorDocument 401 /error/401.html
ErrorDocument 403 /error/403.html
ErrorDocument 404 /error/404.html
ErrorDocument 500 /error/500.html
## .htaccess Code :: END

Change Index Page

The default page of a regular server is either an index.html or index.php, you can use the below code to change it.

## .htaccess Code :: BEGIN
DirectoryIndex index2.html
## .htaccess Code :: END

Remove Extensions from Files

The below code removes extension in a URL, this make it the URL more Search Engine Friendly. Example: http://www.your-domain.com/about.php will be http://www.your-domain.com/about. You can replace .php with .html or whatever you want.

## .htaccess Code :: BEGIN
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.+)$ /$1.php [L,QSA]
## .htaccess Code :: END

Disable Directory Browsing

You can block users from viewing directories without an index page using the below code.

## .htaccess Code :: BEGIN
Options All -Indexes
## .htaccess Code :: END

Disable Browser To Prompt Open/Save As Option

Usually when you try to download something you generally get asked whether to Save it or Open it. To disable this from server side, you can use the following code:

## .htaccess Code :: BEGIN
AddType application/octet-stream .mp3
AddType application/octet-stream .mpg
AddType application/octet-stream .avi
AddType application/octet-stream .mov
AddType application/octet-stream .pdf
AddType application/octet-stream .xls
AddType application/octet-stream .zip
## .htaccess Code :: END

Change Script Execution Type

If you have php within an html file, you can still execute it as php using the below code.

## .htaccess Code :: BEGIN
AddType application/x-httpd-php .html
## .htaccess Code :: END

Stop Execution of Script

If you want, you can stop scripts like php, asp, etc from executing and simply display them as plain text.

## .htaccess Code :: BEGIN
RemoveHandler cgi-script .php .asp .html
AddType text/plain .php .asp .html
## .htaccess Code :: END

Set Default Admin Email ID

Using below code you can set the default Email ID of your server.

## .htaccess Code :: BEGIN
ServerSignature EMail
SetEnv SERVER_ADMIN [email protected]
## .htaccess Code :: END

Disable Hotlinking

Using this disable users from using images hosted on your server in their website, this helps in saving bandwidth. You can do this by adding the below code, replace “http://your-domain.com/copyright.jpg” with the image which you will like to be displayed instead.

## .htaccess Code :: BEGIN
Options +FollowSymlinks
#Protect against hotlinking
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www.)?your-domain.com/ [nc]
RewriteRule .*.(gif|jpg|png)$ http://your-domain.com/copyright.jpg[nc]
## .htaccess Code :: END

Enable Caching

The below code will tell the web browser to use cache instead when your website is loaded. It doesn’t directly increase the loading speed of your website, it will basically loads the cached content when the user visits your website second time. Currently the cache expiry time is set to 1 day(86400 seconds).

## .htaccess Code :: BEGIN
# BEGIN EXPIRES
ExpiresActive On
ExpiresDefault "access plus 86400 seconds"
ExpiresByType text/css "access plus 1 week"
ExpiresByType text/plain "access plus 1 month"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType application/x-javascript "access plus 1 month"
ExpiresByType application/javascript "access plus 1 week"
ExpiresByType application/x-icon "access plus 1 year"
# END EXPIRES
## .htaccess Code :: END

Guide to Sitemaps – What? Why? How?

A website/blog is like a book, and thus it also needs a index or table of contents. In web terminology we call this ‘table of contents’ sitemap. There are mainly two kinds of sitemaps.

HTML Sitemap: It is meant to be accessed by your website’s visitors, which helps them to browse your website, see what they have point of interest in and increase your website’s/blog’s usability. It is simply a hierarchical list of links on a web page. Most of the (premium)WordPress themes now have in built Sitemap page template. Otherwise some or other WordPress plugin is always there to do the job. Click here for an example of a HTML Sitemap.

XML Sitemap: These kind of sitemaps are meant for search engine bots to crawl, you can submit one of these to search engines after building it. It is one of the most important aspect in large websites. Click here for an example of an XML Sitemap.

Creating a sitemap

HTML Sitemap

If you are using a CMS like WordPress or Joomla, both kinds of sitemaps can be built easily using various plugins/components, like you can use this to create a HTML Sitemap on WordPress.

Otherwise, if you have a normal website, you can easily create it with any usual WYSIWYG editor. You should start by creating a list of your pages, then adding the sub pages below the parent pages, and then linking them. After the skeleton has been made, style the sitemap page(using CSS),  match it to your website layout and then put it live after testing all the links.

XML Sitemap

Creating an XML sitemap has never been this easier. If you are on WordPress(like me) you can use this amazing plugin Google XML Sitemaps. It builds your sitemap very adequately also, it notifies all major search engines like Google, Bing, Yahoo etc, every time you create a post about the new content. If you are on Joomla, you can use Xmap it has much more features that its WordPress counter part.

Again, if you have a normal website, and you are an advanced user(who knows XML, HTML, etc) you can create the sitemap yourself. The below example shows a Sitemap in XML format. The Sitemap in the example contains a small number of URLs, each using a different set of optional parameters. Please remember that your sitemap should always be UTF-8 encoded.

{code type=XML}
<?xml version=”1.0″ encoding=”UTF-8″?>
<urlset xmlns=”http://www.sitemaps.org/schemas/sitemap/0.9″>
<url>
<loc>http://www.example.com/</loc>
<lastmod> 2005-01-01 </lastmod>
<changefreq>monthly</changefreq>
<priority> 0.8 </priority>
</url>
<url>
<loc>http://www.example.com/catalog?item=12&amp;desc=vacation_hawaii</loc>
<changefreq>weekly</changefreq>
</url>
<url>
<loc>http://www.example.com/catalog?item=73&amp;desc=vacation_new_zealand</loc>
<lastmod> 2004-12-23 </lastmod>
<changefreq>weekly</changefreq>
</url>
<url>
<loc>http://www.example.com/catalog?item=74&amp;desc=vacation_newfoundland</loc>
<lastmod> 2004-12-23T18:00:15+00:00 </lastmod>
<priority> 0.3 </priority>
</url>
<url>
<loc>http://www.example.com/catalog?item=83&amp;desc=vacation_usa</loc>
<lastmod> 2004-11-23 </lastmod>
</url>
</urlset>
{/code}

Thanks to sitemaps.org for supplying with this brilliant example,
you can see the tag definitions here.

The other and more recommended way to create sitemaps is to use any of the XML Sitemap Generator services available online, you can find plenty of them online.
The one I like is XML-Sitemaps.com (Maximum 500 pages).
It does most of the job itself, and just leaves the uploading part for you.

Specifying Sitemap in robots.txt file

You should include the location of your sitemap in your robots.txt file so that search engine finds it when accessing your robots.txt , you can insert it using the below code.
{code type=CSS}
Sitemap: http://www.example.com/sitemap.xml
{/code}

 

After you are done with your XML Sitemap. I will recommend you to submit it to your Google Webmaster account. Google will index it in a little while, and you can see effective results.

Other types of sitemaps

Of course there are few more kinds of sitemaps, I am including a few below.

RSS Feeds: They are not really sitemaps, but rather web feeds meant for feed readers, but they do work as great sitemaps for blogs.

ROR Sitemap: A variant of XML sitemaps, much more robust that XML and support various kinds of formats. See more here.

Video/Geo/ News Sitemap: They content links to your videos/geo-content/news articles so that they are searchable in Google Video/Google Maps/Google News.

Mobile Sitemap: Mobile sitemaps contain a lists of web pages made particularly for mobiles, for search engine’s mobile index. Here is an example of a Mobile Sitemap

Comment Systems


Tired of having that old Comment system of your Blogging platform. Here’s what you need. There are 2 major app which you can try for managing comment in your blog one is Disqus and another Js-Kit. The disqus is old and free and is used by huge sites like Mashable where as Js-Kit is new, Evolving and next generation.

With Comment System’s you can able your readers to comment with there Facebook/Twitter profile and Various other profile. There also some more advanced features which you can get using these Comment System like real time conversations.

More info:

Disqus

JS-Kit

Blogger.com vs WordPress.com

So you must be having a Blog(If NO, Go get one today). Where do you host  it Blogger.com OR WordPress.com. Or if you have your own Hosting space with php and Mysql then for sure WordPress.org. This post will compare Blogger.com with WordPress.com. Also don’t get confused with WordPress.com and WordPress.org. WordPress.org is a CMS which you need to host and is the best Blog System currently. I will not be including features which are in both of them OR neither of them.

Feature

Blogger.com

WordPress.com
Customization with themes Yes, You can edit the HTML and CSS No
Import No, Only from another Blogspot Blog Yes, From most of the Blog programs
Static Page No Yes, As much as you want
Analytics/Stats No, But you may install a third party Analytics program Yes, In built and is great
Image Storage 1 GB, Can be browsed through Picasa 3 GB, Can be upgraded
Classification Through applying Labels Through applying Categories and Tags
Contact Forms No, But Third Party contact forms can be installed Yes, Using [contact-form]
Comments Simple, But you can install powerful comments system like Disqus Nice comment system but you can’t install Disqus
Embed Object (Like: Flash) Yes No
RSS Yes, And can be optimized with Feedburner Yes, But No Feedburner optimization
Spam Fighting No Akismet
Change blog URL Yes No
Javascript Yes, You can Add it here No
Google Webmaster Tools Yes, Verify using <meta> tag and Add blog/atom. No

Please See:

  • If you wish to upgrade to WordPress.org soon then go for WordPress.com. As it supports Categories as well as Tags(Which is common in WordPress.com and WordPress.org).
  • If you don’t wish to upgrade to WordPress.org and don’t want to host things then go for Blogger.com
  • Most of people start from platforms like WordPress.com or Blogger.com and move to WordPress.org(It includes me).
  • Also if you are newbie in Blogging go for Blogger.
  • Blogger is also owned by Google which is a 800 pound gorilla in Internet.
  • There is also a http://draft.blogger.com where you can see features if blogger about to come.

My Suggestion: Go for Blogger.com. As it has the biggest advantage that is Flexibility.