dostępne shortkody dla wtyczki Display Posts Shortcode

przykład:

https://github.com/billerickson/display-posts-shortcode/blob/master/README.md#display-posts-shortcode

Display Posts Shortcode

Contributors: billerickson
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=MQKRBRFVRUV8C
Tags: shortcode, pages, posts, page, query, display, list
Requires at least: 3.0
Tested up to: 4.6.0
Stable tag: 2.7.0

Display a listing of posts using the

shortcode

Description

The Display Posts Shortcode was written to allow users to easily display listings of posts without knowing PHP or editing template files.

Add the shortcode in a post or page, and use the arguments to query based on tag, category, post type, and many other possibilities. You can also customize the output with parameters like: include_date, include_excerpt, and image_size.

Installation

  1. Upload display-posts-shortcode to the /wp-content/plugins/ directory.
  2. Activate the plugin through the Plugins menu in WordPress.
  3. Add the shortcode to a post or page.

Parameters

author
Specify the post author
Default: empty
Example:

category
Specify the category slug, or comma separated list of category slugs
Default: empty
Example:

category_display
Specify ‚true’ to display the categories the current post is in. Specify a taxonomy slug (e.g., ‚post_tag’) to list a different taxonomy
Default: empty
Example:

category_label
If using category_display, specify the label that appears before the list of categories.
Default: „Posted in: ”
Example:

content_class
Specify the class name used for the post content
Default: content
Example:

  • Własne tłumaczenie jakiegoś wyrażenia w woocommerce

    Funkcja do functions.php umożliwiająca własne tłumaczenia pól odporne na aktualizacje woocommerce.
    Sprawdzi się w sklepie z 1 językiem

    // Zmiana tłumaczenia "Adres rozliczeniowy" na "Adres na fakturę"
    add_filter('gettext', 'translate_reply');
    add_filter('ngettext', 'translate_reply');
    function translate_reply($translated) {
    $translated = str_ireplace('Adres rozliczeniowy', 'Adres na fakturę', $translated);
    return $translated;
    }
    

    Funkcję można ograniczyć tylko do strony koszyka korzystając no z:

    if (is_cart()) {
    // run function
    }
    

     

  • Google Analytics: Alert o wzroście odwiedzin stron 404

    Cel:  najlepiej odwiedziny strony z określonym tytułem (zawierające 404)

    + Alert: wzrost współczynnnika realizacji powyższego celu

     

  • Likbuilding
    • Parametry Trust Flow i Citation Flow są znów najważniejszymi czynnikami pod kątem których oceniana jest moc linków.
  • Prawidłowa budowa strony 404
    1. Nazwa firmy i logo
    2. Wyjaśnienie dla użytkownika, dlaczego widzi tę stronę
    3. Listę potencjalnych przyczyn wyświetlenia się strony 404
    4. Link do strony głównej lub innej odpowiedniej strony
    5. Wyszukiwarka
    6. Link z e-mailem na którego użytkownicy mogą wysyłać informację o błędzie
  • Jak najszybciej odindeksować podstronę, której nie chcemy w wynikach organicznych?

    Kolejny krok to mądra polityka treści. Zasada główna, jaką powinieneś się kierować jest taka, że jeśli z Twojej strony znika jakaś treść i jest to celowe działanie, chcesz wykluczyć ją jak najszybciej z indeksacji i usunąć z Google to użyj statusu 410 GONE. Jest to dedykowany status do usuwania treści. do tego służy. Aktywność GoogleBota na stronach z tym statusem jest niższa niż na stronach 404. Oczywiście dodatkowo usuń linki wewnętrzne, aby nie wysyłać robota na strony 404 czy 410. Tu może przydać się crawler, który na start sprawdzi obecną strukturę i wyszuka wszelkie uszkodzone linki.

    Krzysztof Marzec: https://blog.majestic.com/pl/szkolenia/jak-dbac-o-poprawne-statusy-brak-lancuchow-przekierowan/

    definicja:  410 GONE

    The target resource is no longer available at the origin server and that this condition is likely to be permanent.

    Jaki kod zastosować w .htaccess?

    Redirect gone /path/path/folder/
    ErrorDocument 410 default

    Co wybrać? 410 czy 404?

    • 404 również zadziała, ale nieco później – po kilkakrotnym odpytaniu serwera o daną podstronę
    • 410 zadziała szybciej
  • Tworzenie stron statycznych z cmsów

    Rozwiązania do tworzenia stron statycznych (o ile dobrze rozumiem – na podstawie własnych stron dyynamicznych)

    1. Jekyll
    2. Hexo.js
    3. Metalsmith
    4. Hugo
    5. Pelican
    6. GatsbyJS
    7. Wintersmith
    8. Nuxt
    9. Middleman
    10. Assemble
    11. Octopress
    12. Hakyll
    13. Sculpin
    14. Gutenberg
    15. Jigsaw
    16. Statik
    17. MkDocs
    18. Cactus
    19. DocPad
    20. Phenomic
    21. React-Static
    22. Harp

    Cmsy, które kończą pracę generując strony statyczne:
    1. Netlify CMS – darmowy
    2. Forestry.io
    3. Siteleaf
    4. DatoCMS
    5. Publii
    6. Sitecake
    7. CloudCannon
    8. Lektor
    9. Appernetic
    10. Bowtie
    11. Contentful

  • Cache WordPress – polecany plugin

    Wp rocket caching plugin

  • Wtyczki dla bezpieczeństwa wordpressa

    SUCURI

    • pokazuje nieudane próby logowania, pokazuje wyedytowane pliki systemowe, ma możliwość włączenia firewall (płatna usługa miesięczna)

    WP SECURITY QUESTIONS

    • Dodaje w panelu logowania do wordpressa dodatkowe pytania. Dla każdego użytkownika można zdefiniować inne pytanie.

    Login LockDown plugin

    • Ogranicza liczbę logowań z błędnym hasłem do podanej liczby
  • Blokada IP przez .htaccess

    Blokada pojedynczego IP:

    order allow,deny
    deny from 192.168.1.2
    allow from all

    blokada kilku IP

    order allow,deny
    deny from 192.168.1.2
    deny from 10.130.130.6
    deny from 172.16.130.106
    allow from all

    o ban a whole IP range, such as from 192.168.1.1 to 192.168.1.254, you can also do so by using an .htaccess file as seen in the below example.

    order allow,deny
    deny from 192.168.1.
    allow from all

    blokada hostname

    order allow,deny
    deny from badisp.com
    allow from all
  • 14 tips to protect wordpress

    http://www.wpbeginner.com/wp-tutorials/11-vital-tips-and-hacks-to-protect-your-wordpress-admin-area/

    Are you seeing a lot of attacks on your WordPress admin area? Protecting the admin area from unauthorized access allows you to block many common security threats. In this article, we will show you some of the vital tips and hacks to protect your WordPress admin area.

    Tips and hacks to protect WordPress admin area

    1. Use a Website Application Firewall

    A website application firewall or WAF monitors website traffic and blocks suspicious requests from reaching your website.

    While there are several WordPress firewall plugins out there, we recommend using Sucuri. It is a website security and monitoring service that offers a cloud based WAF to protect your website.

    Website Application Firewall

    All your website’s traffic goes through their cloud proxy first, where they analyze each request and block suspicious ones from ever reaching your website. It prevents your website from possible hacking attempts, phishing, malware and other malicious activities.

    For more details, see how Sucuri helped us block 450,000 attacks in one month.

    2. Password Protect WordPress Admin Directory

    Your WordPress admin area is already protected by your WordPress password. However, adding password protection to your WordPress admin directory adds another layer of security to your website.

    First login to your WordPress hosting cPanel dashboard and then click on ‘Password Protect Directories’ or ‘Directory Privacy’ icon.

    Directory privacy

    Next, you will need to select your wp-admin folder, which is normally located inside /public_html/ directory.

    On the next screen, you need to check the box next to ‘Password protect this directory’ option and provide a name for the protected directory.

    After that, click on the save button to set the permissions.

    Password protect directory settings

    Next, you need to hit the back button and then create a user. You will be asked to provide a username / password and then click on the save button.

    Now when someone tries to visit the WordPress admin or wp-admin directory on your website, they will be asked to enter the username and password.

    Enter password

    For more detailed instructions, see our guide on how to password protect WordPress admin (wp-admin) directory.

    3. Always Use Strong Passwords

    Always use strong passwords

    Always use strong passwords for all your online accounts including your WordPress site. We recommend using a combination of letters, numbers, and special characters in your passwords. This makes it harder for hackers to guess your password.

    We are often asked by beginners how to remember all those passwords. The simplest answer is that you don’t need to. There are some really great password manager apps that you can install on your computer and phones.

    For more information on this topic, see our guide on the best way to manage passwords for WordPress beginners.

    4. Use Two Step Verification to WordPress Login Screen

    WordPress login screen with Google Authenticator enabled

    Two step verification adds another security layer to your passwords. Instead of using the password alone, it asks you to enter a verification code generated by the Google Authenticator app on your phone.

    Even if someone is able to guess your WordPress password, they will still need the Google Authenticator code to get in.

    For detailed step by step instructions see our guide on how to setup 2-step verification in WordPress using Google Authenticator.

    5. Limit Login Attempts

    Limit login attempts

    By default, WordPress allows users to enter passwords as many times as they want. This means someone can keep trying to guess your WordPress password by entering different combinations. It also allows hackers to use automated scripts to crack passwords.

    To fix this, you need to install and activate the Login LockDown plugin. Upon activation, go to visit Settings » Login LockDown page to configure the plugin settings.

    For detailed instructions, see our guide on why you should limit login attempts in WordPress.

    6. Limit Login Access to IP Addresses

    Another great way to secure WordPress login is by limiting access to specific IP addresses. This tip is particularly useful if you or just a few trusted users need access to the admin area.

    Simply add this code to your .htaccess file.

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    AuthUserFile /dev/null
    AuthGroupFile /dev/null
    AuthName "WordPress Admin Access Control"
    AuthType Basic
    <LIMIT GET>
    order deny,allow
    deny from all
    # whitelist Syed's IP address
    allow from xx.xx.xx.xxx
    # whitelist David's IP address
    allow from xx.xx.xx.xxx
    </LIMIT>

    Don’t forget to replace xx values with your own IP address. If you use more than one IP address to access the internet, then make sure you add them as well.

    For detailed instructions, see our guide on how to limit access to WordPress admin using .htaccess.

    7. Disable Login Hints

    Disabled login hints

    On a failed login attempt, WordPress shows errors that tell users whether their username was incorrect or the password. These login hints can be used by someone for malicious attempts.

    You can easily hide these login hints by adding this code to your theme’s functions.php file or a site-specific plugin.

    1
    2
    3
    4
    function no_wordpress_errors(){
      return 'Something is wrong!';
    }
    add_filter( 'login_errors', 'no_wordpress_errors' );

    8. Require Users to Use Strong Passwords

    If you run a multi-author WordPress site, then those users can edit their profile and use a weak password. These passwords can be cracked and give someone access to WordPress admin area.

    To fix this, you can install and activate the Force Strong Passwords plugin. It works out of the box, and there are no settings for you to configure. Once activated, it will stop users from saving weaker passwords.

    It will not check password strength for existing user accounts. If a user is already using a weak password, then they will be able to continue using their password.

    9. Reset Password for All Users

    Concerned about password security on your multi-user WordPress site? You can easily ask all your users to reset their passwords.

    First, you need to install and activate the Emergency Password Reset plugin. Upon activation, go to visit Users » Emergency Password Reset page and click on ‘Reset All Passwords’ button.

    Reset all passwords

    For detailed instructions, see our guide on how to how to reset passwords for all users in WordPress

    10. Keep WordPress Updated

    WordPress often releases new versions of the software. Each new release of WordPress contains important bug fixes, new features, and security fixes.

    Using an older version of WordPress on your site leaves you open to known exploits and potential vulnerabilities. To fix this, you need to make sure that you are using the latest version of WordPress. For more on this topic, see our guide on why you should always use the latest version of WordPress.

    Similarly, WordPress plugins are also often updated to introduce new features or fix security and other issues. Make sure your WordPress plugins are also up to date.

    11. Create Custom Login and Registration Pages

    Many WordPress sites require users to register. For example, membership siteslearning management sites, or online stores need users to create an account.

    However, these users can use their accounts to log into WordPress admin area. This is not a big issue, as they will only be able to do things allowed by their user role and capabilities. However, it stops you from properly limiting access to login and registration pages as you need those pages for users to signup, manage their profile, and login.

    The easy way to fix this is by creating custom login and registration pages, so that users can signup and login directly from your website.

    For detailed step by step instructions, see our guide on how to create custom login and registration pages in WordPress.

    12. Learn About WordPress User Roles and Permissions

    WordPress comes with a powerful user management system with different user roles and capabilities. When adding a new user to your WordPress site you can select a user role for them. This user role defines what they can do on your WordPress site.

    Assigning incorrect user role can give people more capabilities than they need. To avoid this you need to understand what capabilities come with different user roles in WordPress. For more on this topic see our beginner’s guide to WordPress user roles and permissions.

    13. Limit Dashboard Access

    Some WordPress sites have certain users who need access to the dashboard and some users who don’t. However, by default they can all access the admin area.

    To fix this, you need to install and activate the Remove Dashboard Accessplugin. Upon activation, go to Settings » Dashboard Access page and select which users roles will have access to the admin area on your site.

    For more detailed instructions, see our guide on how to limit dashboard access in WordPress.

    14. Log out Idle Users

    Idle user logout

    WordPress does not automatically log out users until they explicitly log out or close their browser window. This can be a concern for WordPress sites with sensitive information. That’s why financial institution websites and apps automatically log out users if they haven’t been active.

    To fix this, you can install and activate the Idle User Logout plugin. Upon activation, go to Settings » Idle User Logout page and enter the time after which you want users to be automatically logged out.

    For more details, see our article on how to automatically log out idle users in WordPress.

    We hope this article helped you learn some new tips and hacks to protect your WordPress admin area. You may also want to see our ultimate step by step WordPress security guide for beginners.

    If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

date_format
Specify the date format used when include_date is true. See Formatting Date and Time on the Codex for more information.
Default: ‚(n/j/Y)’
Example:

date
Specify a date to query for posts published that date. More info on Date Queries
Default: empty
Example:

date_column
Specify which date column to use for all date queries. More info on Date Queries
Default: post_date
Example:

date_compare
Specify the comparison operator used for all date queries. More info on Date Queries
Default: =
Example:

date_query_before
Specify the before argument for a date query. More info on Date Queries
Default: empty
Example:

date_query_after
Specify the after argument for a date query. More info on Date Queries
Default: empty
Example:

date_query_column
Specify the date column used for this query. More info on Date Queries
Default: post_date
Example:

date_query_compare
Specify the comparison operator used for this query. More info on Date Queries
Default: =
Example:

excerpt_length
Specify the number of words used in an excerpt. More information
Default: empty (set by your theme)
Example:

excerpt_more
Specify the more text that appears after the excerpt.
Default: empty (set by your theme)
Example:

excerpt_more_link
Specify whether or not to link the excerpt_more text to the post
Default: false
Example:

exclude_current
Specify whether or not to exclude the current post from the query
Default: false
Example:

id
Specify a specific post ID (or multiple post IDs) to display.
Default: empty
Example:

ignore_sticky_posts
Specify whether or not to ignore sticky posts
Default: false
Example: [displa-posts ignore_sticky_posts=”true”]

image_size
Specify an image size for displaying the featured image, if the post has one. The image_size can be set to thumbnail, medium, large (all controlled from Settings > Media), or a custom image size. See Image Alignment
Default: empty
Example:

include_author
Specify whether or not to include the post’s author name.
Default: false Example:

include_content
Specify whether or not to include the full post content. Note that

will be stripped out of the content to prevent infinite loops
Default: false
Example:
  • Własne tłumaczenie jakiegoś wyrażenia w woocommerce

    Funkcja do functions.php umożliwiająca własne tłumaczenia pól odporne na aktualizacje woocommerce.
    Sprawdzi się w sklepie z 1 językiem

    // Zmiana tłumaczenia "Adres rozliczeniowy" na "Adres na fakturę"
    add_filter('gettext', 'translate_reply');
    add_filter('ngettext', 'translate_reply');
    function translate_reply($translated) {
    $translated = str_ireplace('Adres rozliczeniowy', 'Adres na fakturę', $translated);
    return $translated;
    }
    

    Funkcję można ograniczyć tylko do strony koszyka korzystając no z:

    if (is_cart()) {
    // run function
    }
    

     

  • Google Analytics: Alert o wzroście odwiedzin stron 404

    Cel:  najlepiej odwiedziny strony z określonym tytułem (zawierające 404)

    + Alert: wzrost współczynnnika realizacji powyższego celu

     

  • Likbuilding
    • Parametry Trust Flow i Citation Flow są znów najważniejszymi czynnikami pod kątem których oceniana jest moc linków.
  • Prawidłowa budowa strony 404
    1. Nazwa firmy i logo
    2. Wyjaśnienie dla użytkownika, dlaczego widzi tę stronę
    3. Listę potencjalnych przyczyn wyświetlenia się strony 404
    4. Link do strony głównej lub innej odpowiedniej strony
    5. Wyszukiwarka
    6. Link z e-mailem na którego użytkownicy mogą wysyłać informację o błędzie
  • Jak najszybciej odindeksować podstronę, której nie chcemy w wynikach organicznych?

    Kolejny krok to mądra polityka treści. Zasada główna, jaką powinieneś się kierować jest taka, że jeśli z Twojej strony znika jakaś treść i jest to celowe działanie, chcesz wykluczyć ją jak najszybciej z indeksacji i usunąć z Google to użyj statusu 410 GONE. Jest to dedykowany status do usuwania treści. do tego służy. Aktywność GoogleBota na stronach z tym statusem jest niższa niż na stronach 404. Oczywiście dodatkowo usuń linki wewnętrzne, aby nie wysyłać robota na strony 404 czy 410. Tu może przydać się crawler, który na start sprawdzi obecną strukturę i wyszuka wszelkie uszkodzone linki.

    Krzysztof Marzec: https://blog.majestic.com/pl/szkolenia/jak-dbac-o-poprawne-statusy-brak-lancuchow-przekierowan/

    definicja:  410 GONE

    The target resource is no longer available at the origin server and that this condition is likely to be permanent.

    Jaki kod zastosować w .htaccess?

    Redirect gone /path/path/folder/
    ErrorDocument 410 default

    Co wybrać? 410 czy 404?

    • 404 również zadziała, ale nieco później – po kilkakrotnym odpytaniu serwera o daną podstronę
    • 410 zadziała szybciej
  • Tworzenie stron statycznych z cmsów

    Rozwiązania do tworzenia stron statycznych (o ile dobrze rozumiem – na podstawie własnych stron dyynamicznych)

    1. Jekyll
    2. Hexo.js
    3. Metalsmith
    4. Hugo
    5. Pelican
    6. GatsbyJS
    7. Wintersmith
    8. Nuxt
    9. Middleman
    10. Assemble
    11. Octopress
    12. Hakyll
    13. Sculpin
    14. Gutenberg
    15. Jigsaw
    16. Statik
    17. MkDocs
    18. Cactus
    19. DocPad
    20. Phenomic
    21. React-Static
    22. Harp

    Cmsy, które kończą pracę generując strony statyczne:
    1. Netlify CMS – darmowy
    2. Forestry.io
    3. Siteleaf
    4. DatoCMS
    5. Publii
    6. Sitecake
    7. CloudCannon
    8. Lektor
    9. Appernetic
    10. Bowtie
    11. Contentful

  • Cache WordPress – polecany plugin

    Wp rocket caching plugin

  • Wtyczki dla bezpieczeństwa wordpressa

    SUCURI

    • pokazuje nieudane próby logowania, pokazuje wyedytowane pliki systemowe, ma możliwość włączenia firewall (płatna usługa miesięczna)

    WP SECURITY QUESTIONS

    • Dodaje w panelu logowania do wordpressa dodatkowe pytania. Dla każdego użytkownika można zdefiniować inne pytanie.

    Login LockDown plugin

    • Ogranicza liczbę logowań z błędnym hasłem do podanej liczby
  • Blokada IP przez .htaccess

    Blokada pojedynczego IP:

    order allow,deny
    deny from 192.168.1.2
    allow from all

    blokada kilku IP

    order allow,deny
    deny from 192.168.1.2
    deny from 10.130.130.6
    deny from 172.16.130.106
    allow from all

    o ban a whole IP range, such as from 192.168.1.1 to 192.168.1.254, you can also do so by using an .htaccess file as seen in the below example.

    order allow,deny
    deny from 192.168.1.
    allow from all

    blokada hostname

    order allow,deny
    deny from badisp.com
    allow from all
  • 14 tips to protect wordpress

    http://www.wpbeginner.com/wp-tutorials/11-vital-tips-and-hacks-to-protect-your-wordpress-admin-area/

    Are you seeing a lot of attacks on your WordPress admin area? Protecting the admin area from unauthorized access allows you to block many common security threats. In this article, we will show you some of the vital tips and hacks to protect your WordPress admin area.

    Tips and hacks to protect WordPress admin area

    1. Use a Website Application Firewall

    A website application firewall or WAF monitors website traffic and blocks suspicious requests from reaching your website.

    While there are several WordPress firewall plugins out there, we recommend using Sucuri. It is a website security and monitoring service that offers a cloud based WAF to protect your website.

    Website Application Firewall

    All your website’s traffic goes through their cloud proxy first, where they analyze each request and block suspicious ones from ever reaching your website. It prevents your website from possible hacking attempts, phishing, malware and other malicious activities.

    For more details, see how Sucuri helped us block 450,000 attacks in one month.

    2. Password Protect WordPress Admin Directory

    Your WordPress admin area is already protected by your WordPress password. However, adding password protection to your WordPress admin directory adds another layer of security to your website.

    First login to your WordPress hosting cPanel dashboard and then click on ‘Password Protect Directories’ or ‘Directory Privacy’ icon.

    Directory privacy

    Next, you will need to select your wp-admin folder, which is normally located inside /public_html/ directory.

    On the next screen, you need to check the box next to ‘Password protect this directory’ option and provide a name for the protected directory.

    After that, click on the save button to set the permissions.

    Password protect directory settings

    Next, you need to hit the back button and then create a user. You will be asked to provide a username / password and then click on the save button.

    Now when someone tries to visit the WordPress admin or wp-admin directory on your website, they will be asked to enter the username and password.

    Enter password

    For more detailed instructions, see our guide on how to password protect WordPress admin (wp-admin) directory.

    3. Always Use Strong Passwords

    Always use strong passwords

    Always use strong passwords for all your online accounts including your WordPress site. We recommend using a combination of letters, numbers, and special characters in your passwords. This makes it harder for hackers to guess your password.

    We are often asked by beginners how to remember all those passwords. The simplest answer is that you don’t need to. There are some really great password manager apps that you can install on your computer and phones.

    For more information on this topic, see our guide on the best way to manage passwords for WordPress beginners.

    4. Use Two Step Verification to WordPress Login Screen

    WordPress login screen with Google Authenticator enabled

    Two step verification adds another security layer to your passwords. Instead of using the password alone, it asks you to enter a verification code generated by the Google Authenticator app on your phone.

    Even if someone is able to guess your WordPress password, they will still need the Google Authenticator code to get in.

    For detailed step by step instructions see our guide on how to setup 2-step verification in WordPress using Google Authenticator.

    5. Limit Login Attempts

    Limit login attempts

    By default, WordPress allows users to enter passwords as many times as they want. This means someone can keep trying to guess your WordPress password by entering different combinations. It also allows hackers to use automated scripts to crack passwords.

    To fix this, you need to install and activate the Login LockDown plugin. Upon activation, go to visit Settings » Login LockDown page to configure the plugin settings.

    For detailed instructions, see our guide on why you should limit login attempts in WordPress.

    6. Limit Login Access to IP Addresses

    Another great way to secure WordPress login is by limiting access to specific IP addresses. This tip is particularly useful if you or just a few trusted users need access to the admin area.

    Simply add this code to your .htaccess file.

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    AuthUserFile /dev/null
    AuthGroupFile /dev/null
    AuthName "WordPress Admin Access Control"
    AuthType Basic
    <LIMIT GET>
    order deny,allow
    deny from all
    # whitelist Syed's IP address
    allow from xx.xx.xx.xxx
    # whitelist David's IP address
    allow from xx.xx.xx.xxx
    </LIMIT>

    Don’t forget to replace xx values with your own IP address. If you use more than one IP address to access the internet, then make sure you add them as well.

    For detailed instructions, see our guide on how to limit access to WordPress admin using .htaccess.

    7. Disable Login Hints

    Disabled login hints

    On a failed login attempt, WordPress shows errors that tell users whether their username was incorrect or the password. These login hints can be used by someone for malicious attempts.

    You can easily hide these login hints by adding this code to your theme’s functions.php file or a site-specific plugin.

    1
    2
    3
    4
    function no_wordpress_errors(){
      return 'Something is wrong!';
    }
    add_filter( 'login_errors', 'no_wordpress_errors' );

    8. Require Users to Use Strong Passwords

    If you run a multi-author WordPress site, then those users can edit their profile and use a weak password. These passwords can be cracked and give someone access to WordPress admin area.

    To fix this, you can install and activate the Force Strong Passwords plugin. It works out of the box, and there are no settings for you to configure. Once activated, it will stop users from saving weaker passwords.

    It will not check password strength for existing user accounts. If a user is already using a weak password, then they will be able to continue using their password.

    9. Reset Password for All Users

    Concerned about password security on your multi-user WordPress site? You can easily ask all your users to reset their passwords.

    First, you need to install and activate the Emergency Password Reset plugin. Upon activation, go to visit Users » Emergency Password Reset page and click on ‘Reset All Passwords’ button.

    Reset all passwords

    For detailed instructions, see our guide on how to how to reset passwords for all users in WordPress

    10. Keep WordPress Updated

    WordPress often releases new versions of the software. Each new release of WordPress contains important bug fixes, new features, and security fixes.

    Using an older version of WordPress on your site leaves you open to known exploits and potential vulnerabilities. To fix this, you need to make sure that you are using the latest version of WordPress. For more on this topic, see our guide on why you should always use the latest version of WordPress.

    Similarly, WordPress plugins are also often updated to introduce new features or fix security and other issues. Make sure your WordPress plugins are also up to date.

    11. Create Custom Login and Registration Pages

    Many WordPress sites require users to register. For example, membership siteslearning management sites, or online stores need users to create an account.

    However, these users can use their accounts to log into WordPress admin area. This is not a big issue, as they will only be able to do things allowed by their user role and capabilities. However, it stops you from properly limiting access to login and registration pages as you need those pages for users to signup, manage their profile, and login.

    The easy way to fix this is by creating custom login and registration pages, so that users can signup and login directly from your website.

    For detailed step by step instructions, see our guide on how to create custom login and registration pages in WordPress.

    12. Learn About WordPress User Roles and Permissions

    WordPress comes with a powerful user management system with different user roles and capabilities. When adding a new user to your WordPress site you can select a user role for them. This user role defines what they can do on your WordPress site.

    Assigning incorrect user role can give people more capabilities than they need. To avoid this you need to understand what capabilities come with different user roles in WordPress. For more on this topic see our beginner’s guide to WordPress user roles and permissions.

    13. Limit Dashboard Access

    Some WordPress sites have certain users who need access to the dashboard and some users who don’t. However, by default they can all access the admin area.

    To fix this, you need to install and activate the Remove Dashboard Accessplugin. Upon activation, go to Settings » Dashboard Access page and select which users roles will have access to the admin area on your site.

    For more detailed instructions, see our guide on how to limit dashboard access in WordPress.

    14. Log out Idle Users

    Idle user logout

    WordPress does not automatically log out users until they explicitly log out or close their browser window. This can be a concern for WordPress sites with sensitive information. That’s why financial institution websites and apps automatically log out users if they haven’t been active.

    To fix this, you can install and activate the Idle User Logout plugin. Upon activation, go to Settings » Idle User Logout page and enter the time after which you want users to be automatically logged out.

    For more details, see our article on how to automatically log out idle users in WordPress.

    We hope this article helped you learn some new tips and hacks to protect your WordPress admin area. You may also want to see our ultimate step by step WordPress security guide for beginners.

    If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

include_date
Include the post’s date after the post title. The default format is (7/30/12), but this can be customized using the ‚date_format’ parameter.
Default: empty
Example

include_excerpt
Include the post’s excerpt after the title (and date if provided).
Default: empty
Example:

include_title
Include the post’s title
Default: true
Example:

meta_key
Specify a meta key, for meta queries or ordering
Default: empty
Example:

meta_value
Specify a meta value, for meta queries
Default: empty
Example:

no_posts_message
Specify a message to display if no posts are found
Default: empty
Example:

Sorry, no items are currently on sale

offset
The number of posts to pass over
Default: 0
Example:

order
Specify whether posts are ordered in descending order (DESC) or ascending order (ASC).
Default: DESC
Example:

orderby
Specify what the posts are ordered by. See the available parameters here.
Default: date
Example:

post_parent
Display the pages that are a child of a certain page. You can either specify an ID or ‚current’, which displays the children of the current page.
Default: empty
Example:

post_status
Show posts associated with a certain post status
Default: publish
Example:

post_type
Specify which post type to use. You can use a default one (post or page), or a custom post type you’ve created.
Default: post
Example:

posts_per_page
How many posts to display.
Default: 10
Example:

tag
Display posts from a specific tag, or tags. You must use the tag slug(ex: example-tag), not the tag’s name (ex: Example Tag).
Default: empty
Example:

taxonomy, tax_term, and tax_operator
Use these parameters to do advanced taxonomy queries. Use ‚taxonomy’ for the taxonomy you’d like to query, ‚tax_term’ for the term slug (or terms) you’d like to include, and ‚operator’ to change how the query uses those terms (most likely this field will not be needed). See Multiple Taxonomy Queries
Default: ‚taxonomy’ = empty , ‚tax_term’ = empty , ‚tax_operator’ = ‚IN’
Example:

time
Specify the time, to be used in a date query. More info on Date Queries
Default: empty
Example:

title
Give the list of posts a title heading
Default: empty
Example:

wrapper
What type of HTML should be used to display the listings. It can be an unordered list (ul), ordered list (ol), or divs (div) which you can then style yourself.
Default: ul
Example:

  1. Własne tłumaczenie jakiegoś wyrażenia w woocommerce
  2. Google Analytics: Alert o wzroście odwiedzin stron 404
  3. Likbuilding
  4. Prawidłowa budowa strony 404
  5. Jak najszybciej odindeksować podstronę, której nie chcemy w wynikach organicznych?
  6. Tworzenie stron statycznych z cmsów
  7. Cache WordPress – polecany plugin
  8. Wtyczki dla bezpieczeństwa wordpressa
  9. Blokada IP przez .htaccess
  10. 14 tips to protect wordpress

wrapper_class
Class applied to the wrapper tag for custom css formatting for this instance.
Default: display-posts-listing
Example:

wrapper_id
Specify an unique ID to be used on the wrapper of this listing
Default: empty
Example:

Reklamy

Skomentuj

Wprowadź swoje dane lub kliknij jedną z tych ikon, aby się zalogować:

Logo WordPress.com

Komentujesz korzystając z konta WordPress.com. Wyloguj / Zmień )

Zdjęcie z Twittera

Komentujesz korzystając z konta Twitter. Wyloguj / Zmień )

Zdjęcie na Facebooku

Komentujesz korzystając z konta Facebook. Wyloguj / Zmień )

Zdjęcie na Google+

Komentujesz korzystając z konta Google+. Wyloguj / Zmień )

Connecting to %s