The first problem is an XSS vulnerability in Press This discovered by Benjamin Flesch. The second problem, discovered by Dawid Golunski, is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations. Thanks to Benjamin and Dawid for finding and reporting these.

The upgrade is as usual available through various means with the two most popular ones being through an automatic update in the Wordpress admin interface and the second trough a download from the official Wordpress website. The first is faster and more comfortable while the second offers more control to the user especially if something goes wrong.

This Wordpress update does not require an update of the Wordpress database. It is however recommended to perform a backup of both the Wordpress files on the web server and the MySQL database to be prepared if the update should fail for any reason.

Related posts

• Wordpress 2.8.5 Security Update (4)
• Wordpress 2.8.2 Security Patch (1)
• Wordpress 2.6.5 Security Update (0)
• Wordpress 2.6.1 released (1)
• Wordpress 2.8.3 (1)

The most important changes in Wordpress 2.8.5 are therefor:

• A fix for the Trackback Denial-of-Service attack that is currently being seen.
• Removal of areas within the code where php code in variables was evaluated.
• Switched the file upload functionality to be whitelisted for all users including Admins.
• Retiring of the two importers of Tag data from old plugins.

Wordpress blogs are currently not announcing the new release. It is expected that this will change in the next hours so that the automatic update option becomes available for Wordpress webmasters who use it to update their website. Webmasters who manually update their blog can visit the Wordpress page to download the latest version of Wordpress. Additional information about the security release are available in the blog post that announced the upgrade.

Related posts

• Wordpress 2.8.6 Security Update (5)
• Wordpress 2.8.2 Security Patch (1)
• Wordpress 2.6.5 Security Update (0)
• Wordpress 2.6.1 released (1)
• Don’t upgrade to Wordpress 2.3 yet (3)

The developer’s of Lifestream Backup have developed their service for that reason. Lifestream Backup is a solution to backup data that is stored at various popular online services. The list of supported services reads like the who is who of the most popular online services:

• Twitter
• Facebook
• Basecamp
• Gmail
• Google Docs
• Delicious
• FriendFeed
• Flickr
• Photobucket
• Zoho Writer
• Wordpress

Youtube and Blogger will soon be added to that portfolio raising the supported online services to 13. The principle is simple. All that user’s need to do is to authorize the Lifestream Backup service. This is either done by authorizing them directly at a service or by providing the username and password to that service. Lifestream Backup will start to backup data on a daily or weekly schedule. Email notifications can be send to inform the user that a backup has been performed (emails can be send after every backup or as digests).

Backups that have been created are accessible in the archives section of the backup service.Data backups are usually offered as xml files or as multimedia files. Each file can be viewed online or downloaded to the local computer system. An option to download all backed up data of a service would come in handy, especially for services like Flickr where the file count can easily reach a hundred and more.

To give one real life example: A Twitter backup consists of updates, mentions, received and send direct messages, favorites, friends and followers. The backed up data is offered in seven different XML files. No information about the data that gets backed up is available before the first backup. The developer’s should definitely add information about the data that gets backed up by their service. This usually includes the most important data but it is always better to see it in writing before configuring a backup for a specific service.

The Wordpress backup option is different from most other options. A plugin needs to be installed on the blog and a key configured so that the backups can be performed.

Invites:

The developer’s of Lifestream Backup were nice enough to provide Ghacks readers with a free one year account that can store up to 2 Gigabytes of data. These accounts are sold for $29 regularly but free for the next 24 hours if you visit the signup page that has been created for Ghacks.

Related posts

• Snapfoo Mobile Photo Blogging (6)
• Use Gmail as a drive in Windows (11)
• Stumbleupon URL Shortening Service Su.pr Out Of Beta (0)
• Social Network Status Generator (3)
• Public Beta Test Of New Yahoo Homepage (0)

According to Mashable there are two clues that your blog has been successfully attacked by the computer worm:

There are two clues that your WordPress site has been attacked.

There are strange additions to the pretty permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. The keywords are “eval” and “base64_decode.”

The second clue is that a “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize. You will probably be unable to access that account.

Webmasters are asked to update their blogs to the latest version of Wordpress immediately. Those that have been hit by the computer worm should backup all files, export their settings, and do a clean install of Wordpress. More help is offered at the Wordpress website.

Rant:

It’s Sunday and it is time for a little rant. Webmasters who do not update their blogs as soon as a new version of their blogging software is released are acting stupid. A Wordpress update usually takes less than ten minutes and ensures that the blog and server is protected from attacks like these. Webmasters who do not have the time to perform these updates should consider switching to a hosted blogging platform like that at Blogger or Wordpress.com. The automatic update option that has been introduced in recent Wordpress versions makes it even easier to update the blog as soon as a new version is released. Webmasters who cannot do this should not operate a self hosted blog, period.

Related posts

• Wordpress Remote Admin Password Reset Vulnerability (13)
• Wordpress 2.8.4 Security Update (7)
• Wordpress 2.8 (5)
• Wordpress 2.8.3 (1)
• Wordpress 2.8.2 Security Patch (1)

Among other things, it allows you to add category lists, show comment ID-s, show comment authors, display next image links, add a dropdown box of categories anywhere, useful, and basically “drag and drop”. There is however another great Wordpress reference which is a bit more obscure, but also contains a huge load of functions for some other tasks you might have around your site. The Wordpress Function Reference section of the codex lists at least 250-300 functions for pages, authors, plugin usage, comments, users, etc, in short, encompassing the whole blog platform, as opposed to more blog post oriented functions in the Template Tags section.

The page is chock full of things like “in_category()”, which if passed a post ID and a category, will tell you if that post is in the category or not. Great if you want to display category specific content on your main page for example. It also gives you real power, with functions like “wp_insert_post()”, which you can use to insert posts “manually”, by passing an array of info to the function. Similarly you can use wp_insert_user() to add a user, with the parameters you want. Very useful for creating some custom sign up forms, custom permissions and so on.

What I’ve come to appreciate while using these functions is how very well Wordpress is thought out. I sort of knew this 3 years ago when I started, but when I began to use these functions I realized why. For example, wp_insert_user() will insert a new user, and will return the new user’s ID. It returns 0 if there is an error, but more importantly, if you pass an existing user’s ID, it will update that user, instead of creating a new one. There is a separate wp_update_user() function, but the action they perform is so close, it’s very handy that inserting a user is so flexible.

If you’re just jumping into these functions you’ll find them quite easy to use, while giving you a lot of control. If you’re an experienced PHP programmer you’ll find you’ll program less, and you’ll also appreciate the work going into Wordpress a lot more!

Related posts

• Wordpress template tags you should know (4)
• Zoundry Raven portable Blog Editor (6)
• Wordpress: Your attempt to edit this post has failed (8)
• Wordpress SEO: Advanced Nofollow (3)
• Wordpress Remote Admin Password Reset Vulnerability (13)

One of the main strengths of WordPress is its huge developer community, something that is unmatched by most of its competitors. With this great third party support comes thousands of plugins and themes. So without further ado, I’ll name out a couple WordPress plugins that every user of the blogging platform should use.

All in one SEO

WordPress has the reputation of being the best SEO optimized blogging/CMS platform out of the box. But even with that it still could use a little work. That’s where “All in one SEO” comes in. Basically it allows you to control the SEO aspect of every post, page or tag on your blog as well as override the default WordPress features.

Customizing the plugin is easy and the readme file helps with any problems you might have. There is a reason why it has well over 2 million downloads. So if you haven’t checked it out, I suggest you do so. If you are looking for something a little more advanced you can check out the Headspace2 plugin which is also popular (at the time of this writing it had over 200,000 downloads).

Broken Link Checker

I didn’t know how much I needed this plugin until I got it and since there I have installed it on all my blogs. As the name suggests, this plugin checks your blog at intervals (user defined) for links that might be broken. I cannot stress how important this plugin is for those who run political, tech or news blogs as it is extremely vital at notifying you if your links are active or leading to 404 error pages.

WP-DB-Backup

If it were not for hackers and hard drive failures, this plugin would be obsolete. But thanks to these and many other problems, database failures are prevalent. At least there are options to help keep your database safe.

WP-DB-Backup is one of those plugins which offers users the ability to backup their WordPress databases instantly or have monthly, weekly, daily or hourly backups. The backups can either be sent to a specified email address or can be downloaded instantly. While this plugin is mainly built for those who carry large amounts of traffic on their websites, I would recommend it for everyone including personal bloggers.

Beware that this only backs up the database and not information stored on the server such as download files, pictures and such. That will require another program.

Redirection

When I first started using WordPress I decided to go with the default permalink structure as I was not versed in customizing .htaccess files. That changed a few months later and by that time my blog had boasted well over 150 posts. I needed to do some major on site SEO but was stuck with the fact that if I changed the permalink structure to something more search engine (SE) friendly, visitors who came to my site from backlines would be left with a 404 page error.

Well after a little Google expedition I came across the Redirection plugin which did exactly what it sounds like, redirects old links to the new location. I was extremely happy and I didn’t lose SERPS because of my updated permalink structure.

Even if you are not in the same position I suggest you get this plugin because it is well worth it and it requires very little configuration.

NextGEN Gallery

It’s not everyday that a plugin crosses the 1 million download mark. But Alex Rabe has struck gold with his plugin. For those who are familiar with the WordPress, it is clear that while 2.7 did fix a lot of issues, the built in media library fails to say the least. It’s OK for basic media but managing gallery’s, albums and such is impossible.

That’s where NextGEN Gallery comes in by providing the best photo gallery plugin for the platform. While it still lacks in certain areas, it is light years ahead of the built-in functions of WordPress. Plus with the numerous plugins that expand its features it is quite a beast. If you would like an excellent example of the plugin in action, check out TechCrunch.com.

cformsII

It used to be the top downloaded plugin on wordpress.org until someone brought to the attention of the WordPress community that its license agreement did not match the requirements of wordpress.org. Since then it has been removed, but even with that it still continues to be an excellent plugin.

Basically cformsII allows you to create contact forms, contest forms and anything else your heart desires. Although it is not the easiest plugin to use, it’s powerful and extremely customizable as the CSS file can be edited to meet any requirement.

The only drawback to this plugin is since it’s no longer available on wordpress.org, those wishing to use it have to install and update it manually. That said I still would recommend using it but if you cannot be bothered with the hassle for the extra features, you can always check out Contact Form 7 which carries many of the features but still lacks in the customizability department.

I’m sure there are many others out there but these are the ones that I have found out to be the most useful and would recommend for every WordPress blog. But if you think I left one out, hit me up in the comments below.

Related posts

• Wordpress 2.6.5 Security Update (0)
• Wordpress 2.5.1 released (1)
• List of Wordpress Plugins installed (4)
• Flash 10 Breaks Wordpress Flash File Uploader (3)
• Zoundry Raven portable Blog Editor (6)

A fix was released with the announcement of the vulnerability which consisted of one line of code that had to be edited in the wp-login.php file of the Wordpress installation. Wordpress installations with the fix are safe from these kinds of attacks.

The Wordpress team has nevertheless released Wordpress 2.8.4. as a response to the security vulnerability. The new release patches this vulnerability and is a recommended update for every Wordpress installation. The Wordpress developers are providing additional information about the vulnerability in the announcement post as well.

It was only possible to reset a password of the first user account without a key according to this post which usually is the admin account of the Wordpress installation. Wordpress is not showing the new version in its interface. This may change in the next hours.

Wordpress admins should head over to the Wordpress website to download the new version as of now.

Related posts

• Wordpress Remote Admin Password Reset Vulnerability (13)
• Computer Worm Attacks Not Updated Wordpress Blogs (20)
• Zoundry Raven portable Blog Editor (6)
• Wordpress: Your attempt to edit this post has failed (8)
• Wordpress Blogs: Create Custom Tag Pages (5)

A new post appeared on the Wordpress discussion list today revealing more details about the process. Everyone is apparently able to reset a Wordpress password if the email address of the Wordpress user is known. All that needs to be done is to point the web browser at http://www.domain.com/wp-login.php?action=lostpassword to reset the password. The email address of the account holder has to be supplied in the form. Wordpress usually will send a confirmation email first asking the email account owner if the password should be reset. The vulnerability manipulates the query to skip this step.

It is not possible to exploit this vulnerability further which means attackers cannot get access to the user account. It can however be theoretically be used to reset the password regularly to lock the user or admin out of the Wordpress blog.

A temporary fix for the remote admin password reset vulnerability was posted. Wordpress administrators need to change one line of code in the wp-login.php file of the Wordpress installation to protect their blog from the attack.

Replace

if ( empty( $key ) )

With

if ( empty( $key ) || is_array( $key ) )

It is advised to apply the temporary fix as soon as possible to Wordpress installations.

Related posts

• Wordpress 2.8.4 Security Update (7)
• Computer Worm Attacks Not Updated Wordpress Blogs (20)
• Zoundry Raven portable Blog Editor (6)
• Wordpress: Your attempt to edit this post has failed (8)
• Wordpress Blogs: Create Custom Tag Pages (5)

The upgrade fixes a few security issues that have been overlooked in the Wordpress 2.8.1 release but discovered by security researchers in the Wordpress community.

Unfortunately, I missed some places when fixing the privilege escalation issues for 2.8.1. Luckily, the entire WordPress community has our backs. Several folks in the community dug deeper and discovered areas that were overlooked. With their help, the remaining issues are fixed in 2.8.3. Since this is a security release, upgrading is highly recommended.

Point your web browser to the official Wordpress download page to download the release if you want to perform a manual upgrade.

Related posts

• Wordpress 2.8.2 Security Patch (1)
• Wordpress 2.8 (5)
• Wordpress 2.7 (7)
• Wordpress 2.6.5 Security Update (0)
• Wordpress 2.6.1 released (1)

It is therefor essential for webmasters to regularly check the links that are posted on their websites and blogs to make sure that they are still pointing to the initial resource and do not return a 404 not found instead.

One of the best ways for Wordpress webmasters is to install the Wordpress plugin Broken Link Checker which will automatically check all posted links in all blog posts regularly to ensure that the links are valid. The initial lookup can take between a few minutes to several hours depending on the amount of posts and links on the blog. It took about 10 hours to find and check all links that have been posted at Ghacks.

The broken link count will be updated all the time and it is possible to deal with those links right away even if the plugin is still having links in the work queue. A click on the broken link count will open a table that displays 20 broken links per page.

The webmaster can display details about the link which will list the date of the link check and the error code that was returned. It is possible to delink right from the table which will remove the a tag from the link and keep the anchor name. Other possibilities are to exclude the link from future checks (good for false positives), to edit the url or to edit the post itself.

The plugin will automatically line-through broken links that have not been dealt with by the webmaster to inform visitors that the links are not working. The Broken Link Checker plugin is an excellent way of finding and removing broken links from a Wordpress blog.

Related posts

• Website Caching Enabled (6)
• Free Anti Spam Plugin Antispam Bee For Wordpress (18)
• Computer Worm Attacks Not Updated Wordpress Blogs (20)
• Check For Broken Links on Websites (2)
• Zoundry Raven portable Blog Editor (6)

The XSS vulnerability could be used to create comment author urls that would redirect the system administrator away from the blog’s website to another site to exploit the situation. Wordpress webmasters are encouraged to update their blogs as soon as possible to patch the security vulnerability.

Updates are available directly from within the Wordpress interface if the correct server login information are supplied or by updating the traditional way which would mean to download the Wordpress release from the Wordpress website, upload it to the web server and run the upgrade command manually. The release information should also be displayed prominently in the Wordpress admin interface with a link to the automatic update script of Wordpress.

Related posts

• Wordpress 2.8 (5)
• Wordpress 2.6.5 Security Update (0)
• Wordpress 2.6.1 released (1)
• Wordpress 2.8.6 Security Update (5)
• Wordpress 2.8.5 Security Update (4)

The bad news is that it might not work with all Wordpress blogs and that the user who wants to exclude the categories needs to know their category ID. The first problem is easier to solve. Excluding categories from Wordpress feeds works if the Wordpress blog is not using the Feedburner feed redirection plugin or a comparable plugin. The feed redirection plugin redirects all feed requests (no matter if they are category specific or the full feed) to an RSS service like Feedburner. This prevents that users can create individual feeds based on categories, authors or tags. It also prevents the exclusion of categories in the feed.

Finding out the category IDs of a Wordpress blog is the second obstacle. Most webmasters use pretty permalinks which do not display IDs on the website. The only way to find out without asking the website owner is trial and error. Is is possible to open categories with their IDs in Wordpress even if the Pretty Permalinks option is enabled. To open a category with a category ID one would open the following url in a web browser:

http://www.ghacks.net/index.php?cat=23

This would open the Linux category here at Ghacks. This can be a very time consuming process as I have seen categories with five digits. So its probably best to ask the administrator about the category IDs. (Feel free to post additional solutions in the comments).

To exclude categories from RSS feeds in Wordpress one would use the following syntax:

http://www.ghacks.net/feed/?cat=-23

This removes category 23 from the main feed of the website. It is possible to exclude multiple categories from the feed, simply append an & and another cat=-xx in the end:

http://www.ghacks.net/feed/?cat=-23&cat=-9592

This excludes the Linux and Mac categories from the RSS feed.

Related posts

• Wordpress SEO: Advanced Nofollow (3)
• Wordpress Hack: Change Number Of Comments Per Page In Admin Interface (4)
• Wordpress Blogs: Create Custom Tag Pages (5)
• We passed the 10000 RSS Subscribers Mark (16)
• RSS Feed Filter Feedrinse (3)

Other concerns were that Akismet was not really a free anti spam plugin as webmasters who made more than $500 per month had to order a commercial version for $55 a year. The last concern was probably the most important one as data is send to Akismet servers including the commenter’s IP, user agent or referrer.

One of the main advantages of Antispam Bee is that it does not have to communicate with external servers for the anti spam protection. It is an all in one solution that detects spam not only in comments but also in trackbacks and pings.

The anti spam plugin runs out of the box after activation in the Wordpress interface unlike Akismet which requires the Wordpress api key. A few options of the free anti spam plugin can be configured in the Wordpress settings. Antispam Bee will delete spam messages automatically when they are detected. This can be changed to mark them as spam and keep them for a limited time in the Wordpress spam folder. Great for the first time of usage to monitor the performance of the anti spam software.

The main benefits of using Antispam Bee are twofold. It does increase the privacy of the users who comment on the blog as it does not submit data to third party servers which in turn reduces system resource usage which could be noticeable for blogs that receive many spam comments per day (Ghacks receives about a thousand a day).

We have been testing Antispam Bee for the last days and like the performance and spam detection rate a lot. Only one legit comment was flagged as spam by the anti spam plugin. Even better was the fact that comments from users who were usually flagged as spammers (jojo for example) were not moved to the spam folder at all.

Antispam Bee can be downloaded from the website of the developer. The Wordpress plugin itself is multi-lingual (at least German and English).

Related posts

• How To Handle Bulk Spam As A Webmaster (7)
• Wordpress Broken Link Checker (5)
• Website Caching Enabled (6)
• Zoundry Raven portable Blog Editor (6)
• Wordpress: Your attempt to edit this post has failed (8)

Some changes that Wordpress admins will notice right away are speed improvements in the admin interface and the ability to change more aspects of the layout than before. Wordpress will for instance automatically adjust the layout according to the screen size of the web browser window with options to change the amount of columns and what is being displayed on the screen.

It is now possible to remove or add information when viewing posts, pages or comments in the admin interface with the additional option to change the number of items that are displayed on the screen. It is now therefor possible to change the default number of comments that are displayed on screen which could have been achieved before only by hacking system files.

Other improvements include a new theme installer which allows the webmaster to search for and install themes right from the Wordpress admin interface without leaving the website. This is a similar feature to the automatic plugin installation that was added in earlier versions.

The Wordpress Codex contains a list of all changes and additions that have been added to Wordpress 2.8. The new version can be downloaded from the main Wordpress site.

Related posts

• Wordpress 2.8.2 Security Patch (1)
• Computer Worm Attacks Not Updated Wordpress Blogs (20)
• Wordpress 2.8.3 (1)
• Wordpress 2.7 (7)
• Wordpress 2.6.5 Security Update (0)

Advanced tips are not that easy to come by and most websites running a Wordpress blog do not have them implemented. This article will list some options that center around the nofollow tag. Nofollow basically tells search engines like Google to not count the link vote that is usually being passed when linking on the Internet. Why is that beneficial? A website has a certain linking power. Each link that is pointing to internal and external resources gets a piece of that linking power. Not all pages should be treated equally however which is what this article is about. It makes for example no sense to pass linking power to internal pages that you do not want to link for, think of privacy policies, contact pages, login, log off or social bookmarking links.

Wordpress themes come with a surprising amount of links, the majority of which is not set to nofollow. Here are a few areas where you should consider placing the nofollow link tag in a Wordpress blog:

• The more (read more) tag. The page is already linked from the title of the post properly.
• Wordpress meta data
• Pages like Privacy Policies, Contact Us
• Social Bookmarking links

To add the nofollow link one would simply add the rel="nofollow"
tag to the link structure which is not a problem if the link is displayed in the source code of the theme, for example:

<a href="http://www.example.com/" rel="nofollow">Example Link</a>

There are however links (like the previously mentioned more tag) that cannot be manipulated in the theme source as the link is created by a php function.

Here is how you make the more tag in Wordpress nofollow:

• Open the file post-template.php in the wp-includes folder.
• Locate the following line beginning with:

  $output .= ‘ <a href="’. get_permalink()..

• Replace it with:

  $output .= ‘ <a href="’. get_permalink() . "#more-$id\" class=\"more-link\" rel=\"nofollow\">$more_link_text</a>";

• You basically add the rel=\"nofollow\" tag to the line

This ensures that all more tags will be nofollow from then on.

Related posts

• Wordpress Hack: Change Number Of Comments Per Page In Admin Interface (4)
• Wordpress Blogs: Create Custom Tag Pages (5)
• Search Engine Position Check (8)
• Exclude Categories From Wordpress Feeds (4)
• An Advice on Buying and Selling Websites (0)

The message “The XML page cannot be displayed. Cannot view XML input using XSL style sheet. Please correct the error and then click the Refresh button, or try again later.” was displayed instead. The feed did however work fine in other web browsers that we tested immediately including Mozilla Firefox.

This led to the conclusion that the error had to be Internet Explorer specific. It could have been a plugin that was running on the website itself, some incompatible code in the theme that was causing Internet Explorer 8 to throw that error message or a problem at the hoster of the feed Feedburner.

The first thing that came to my mind was to validate the feed using an official resource like the Feed Validation Service at W3C. This service validates a feed and displays validation errors and warnings including their location in the code. One error was displayed: Your feed is not well formed according to the XML specification

It turned out that one of the articles published lately contained the char & which was responsible for the feed validation error and the error in Internet Explorer 8.

Escaping that character with & a m p ; (remove the spaces) was the solution that fixed the error. The feed did validate correctly afterwards (after the new article had been cached by the feed hosting service) and Internet Explorer 8 was displaying the feed correctly.

This does mean however that webmasters have to always escape certain characters in the articles that they publish on their websites if they want their feed to be working in Internet Explorer 8.

This is actually not the fault of Internet Explorer 8. The web browser is strictly following the rules in this case. It’s time to look for a plugin that will automatically escape those chars so that the feed will validate and display correctly in Internet Explorer 8.

Related posts

• Zoundry Raven portable Blog Editor (6)
• Wordpress Issues (16)
• Wordpress 2.6.1 released (1)
• Testing A New Theme (51)
• Netvibes Feed Problem (0)

The tag we need is called “wp_list_categories()” and by default it lists all your categories in alphabetical order. All we need to do is add some arguments to it to modify the default values and we’re done! We need to limit the number of items shown to five, we also want to show the post counts in the categories and we want to order the list by the post count, in descending order.

The “number” argument actually has no default value. The reason for this is that it limits the SQL query directly, so there is no need for it by default. We can add it though to impose a limit, so our first argument will be “number=5″. We also want to show the post counts, so we use “show_count=1″ to enable this (show_count=0 is the default).

We also want to order the list by the post count, so we use “orderby=count” to achieve this. By default lists are sorted ascending, meaning that the lowest post count would show up first. To make the list descending, we can use “order=DESC”.

I also use one last argument in there, which is “title_li=”. This sets the title of the list to be nothing, by default the list is presented with a title. I like to hard code my titles for a few reasons, but feel free to change this as you like. So here is the complete code I used, one simple line to do a seemingly hard task, enjoy

<?php wp_list_categories(’number=5&show_count=1&orderby=count&order=DESC&title_li=’) ?>

If you’d like to read some similar articles, take a look at Scriptastique, a blog all about web development and coding, with great tips on CSS, HTML, PHP, MySQL and Javascript and tutorials and screencasts coming soon! You can follow us on our RSS feed, or Twitter where we’re posting 3-4 short tips daily now!

Related posts

• Wordpress Blogs: Create Custom Tag Pages (5)
• Zoundry Raven portable Blog Editor (6)
• Wordpress: Your attempt to edit this post has failed (8)
• Wordpress template tags you should know (4)
• Wordpress Remote Admin Password Reset Vulnerability (13)

Webmasters can however utilize tag pages better in their Wordpress blogs by creating so called custom tag pages which can contain any information they want. If you open the page above you notice that it does not contain a listing of blog excerpts but a custom page for that tag.

Wordpress provides the means to create those custom tag pages easily. Custom tag pages can be created in the theme directory of the Wordpress directory by adding a new template file to the theme. This new template file needs to begin with tag followed by the post slug of the tag. In the case of the Windows 7 Download tag it would have to be named tag-windows-7-download.php.

Custom tag pages have a higher priority than the default ones that show only excerpts of the posts. The easiest way to fill the custom tag with content is the following:

Wordpress looks for the following files in order to create those tag pages:

• tag-slug.php
• tag.php
• archive.php
• index.php

Look into your theme folder and see if there is a tag.php file. If it is copy its contents and create a new php file that is using the tag-slug.php as its name. If ther eis no tag.php look for archive.php and finally index.php.

Now simply add content to the file. It might take some experimentation at the beginning but it can be really worth it in the long run. If you have any questions or additions let me know in the comments.

Related posts

• Wordpress: Your attempt to edit this post has failed (8)
• Wordpress 2.6.5 Security Update (0)
• How to show 5 top categories in Wordpress (9)
• Zoundry Raven portable Blog Editor (6)
• Wordpress SEO: Advanced Nofollow (3)

We would like to ask you to comment on the new theme and especially notify us if you encounter problems of any kind including page load errors, display errors and any other kind of error that is dampening your user experience. And we would of course like to listen to your opinion about the new theme.

Related posts

• Ghacks Wordpress Theme Instructions (22)
• Finally a new theme (39)
• Zoundry Raven portable Blog Editor (6)
• Wordpress Issues (16)
• Wordpress 2.6.1 released (1)

The great thing about these tags is that they are very well documented “see link above”, and that they are extremely simple to use. You don’t need to know anything about PHP, so let me explain their basic use in common sense language. Wordpress uses a loop, elegantly called “the loop” in “Wordpressian”, which cycles through the posts you have.

If you show 10 posts on your main page, the loop cycles through the latest 10 posts. This means that one the first loop it will pull in the data of your latest post, on the second pass it will look at the second and so on. All the data is pulled, all you need to do is specify what you want to display out of that data, let’s take a look at how.

First of all, you need to identify the start and the end of the loop. The loop starts with the following (there may be some variation) :

<?php if(have_posts()) : ?>
<?php while(have_posts()) : the_post(); ?>

And ends with a “<?php endwhile; ?> <?php endif; ?>”. This end statement is usually followed by the page navigation links which let you “turn the page” to the next or previous posts. Anything inside the loop gets executed as many times as the number of posts which are shown.

If all you want is to show your title, you just need to put “<?php the_title() ?>”, and you will get the titles of your first 10 posts. If you also want to show the tags you can add “<?php the_tags() ?>”. There are many others you can add, and don’t forget, you also need some HTML and CSS to make them look good.

Here’s a list of the most basic ones and what they do, but you can see the full list and expanded usage by clicking on the link above. Remember that the following should be put in the form: <?php function() ?>

• the_title() – outputs the title of the
• the_content() – displays the actual post body
• the_category() – displays the categories the post is in
• the_tags() – displays the tags for the post
• the_author – outputs the post author’s name
• the_author_url – outputs the link to the author’s page, used a lot in links with “the_author”
• the_time() – outputs the time of the post, you need to add the format in the parenthesis
• the_permalink – outputs the posts permalink, usually used in a link with “the_title”

While I use many others now and again, there are loads of designs that only use these 8, you can do a lot, with these alone. As you can see, adding to and modifying a Wordpress template is not such a big deal, why not try it yourself?

If you’d like to read some similar articles, take a look at Scriptastique, a blog all about web development and coding, with great tips on CSS, HTML, PHP, MySQL and Javasctipt and tutorials and screencasts coming soon! You can follow us on our RSS feed, or Twitter and Facebook!

Related posts

• Web Development: How does PHP work? (21)
• How to show 5 top categories in Wordpress (9)
• Do more with your Wordpress using the function reference (3)
• Zoundry Raven portable Blog Editor (6)
• Wordpress: Your attempt to edit this post has failed (8)