Forgive me if this isn't the right environment to pose a question of this nature.
I've just been assigned a project to create a site in WordPress based off of a purchased theme of similar structure. This is my first time working with WP, so I'm a bit overwhelmed with where to start.
I'm used to only working through a text editor, but WP obviously has a dev portal online that formatting and content can be built through.
So far I only have my theme imported and activated on WP and the PSDs for the site-to-be.
Should I be doing my editing/formatting/content-building through this online portal? My text editor? A combination?
Thanks in advance for any knowledge you can shed or articles you share!
If you're talking about using the Appearance Editor, use extreme caution. If you mess up a .php file, you can blank your whole website:
Be very careful editing PHP files of your current theme. The editor does not make backup copies. If you introduce an error that crashes your site, you cannot use the editor to fix the problem.
I would strongly recommend that you only use your text editor, and upload your changes to your WP server. Also, make sure you have backups, so that you can revert to a working copy if something goes wrong.
One article that I found on the topic:
Editing your WordPress Site 101
Repeat with me: Never use the built-in WordPress file editor. I won't bore you with all the reasons the built-in editor is a bad idea, but here’s the #1 reason: If you get a white screen of death, there's no way to access your site via wp-admin anymore.
It's a bit of a paradigm shift moving from standard text editor web development into the world of WP. Here are some points to help you along:
You should download/install a plugin called Synchi. This will make the WordPress text editor much more robust. It also allows you the ability to access and modify the WP theme files directly thru the dashboard (Appearance > Editor).
You can use an external text editor and jump back and forth, but I find it easier to stay inside the WP dashboard once you have Synchi installed. I only use Visual Studio if I'm coding something more complex and I want to see Intellisense.
If you are going to be making major changes to your base WP theme, you should create a "Child Theme" and work off of that. http://codex.wordpress.org/Child_Themes
There are millions of articles on how to get started with WP, so I'll let you Bing/Google that. Just keep in mind there's a bit of a learning curve so just BE PATIENT - you'll figure it out quickly enough!
I have to agree with the above response - you should avoid using the Wordpress editor for modifying theme files. Use the editor for creating pages and posts, only.
If you truly need to understand Wordpress, you should begin by understanding how it works. Unlike a static html site, Wordpress is created by a combination of php files which create parts of the final page (displayed to the user). Understanding the basics of how wordpress loads files will really help you get started. (tons of resources online)
Find a good text editor (or a free code editor like NetBeans), then learn how to sftp or ssh into your webserver so that you can edit theme files in your code editor.
Once you have that figured out, and understand how Wordpress loads files, you can begin modifying the theme to your PSDs, or create a child theme and do the same.
The point made by the above poster is quite valid... if you miss a tag or some other php error causes a 'white screen of death', you'll not be able to load the wordpress editor (because it's broken) to fix it. Whereas with an sftp connection you can still modify the file, then push it back to the server and reaccess your admin editor.
Related
I've just started doing some website work for a local business, and I noticed today that there's a very unwanted link at the bottom of their site, which is a wordpress site.
The site makes use of a woo theme called 'whiteLight', as well as woocommerce. I've tried disabling and reenabling all plugins that aren't well known and integral to the site's functioning, and I've sifted through a lot of the theme's files.
I can't find where this line is being added to the site. The line "<center>*bad link here*</center>" is being inserted right after the header and right before the closing body tag, on the home page only. The link in question is actually linking to naughty files inside a directory within the wordpress installation. It's not even taking users to an ouside site as far as I can tell.
I don't have FTP access to the wordpress directory yet, but I've requested it. I have very little experience with wordpress hooks etc, and am hoping someone can help me find a starting point in weeding out this unwanted link.
Thanks in advance!
WordFence is the best security plugin for WordPress. I'd recommend you follow the instructions at https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/
Another good resource to read is https://codex.wordpress.org/FAQ_My_site_was_hacked
I recommend you search all the files as norlesh suggested. If this was my problem I'd use Jetbrains PHPStorm to search all the files. Another much cheaper solution would be to use Textpad - https://www.textpad.com/
It's also possible that the link has been inserted into your database. If so you won't find it in your files. You'll have to search the database. Use a program like phpMyAdmin or MySQL Workbench to export the whole database to your machine. Then search the sql file for the URL. Alternatively use https://interconnectit.com/products/search-and-replace-for-wordpress-databases/ which is a handy tool you upload to the server. From there you enter db login details and search the database. Note if you use this script you should delete if off your server when you've finished using it, it's a huge security risk.
What's the best way to work on a WP theme on a live site? So that the users see the current theme and I can see the one I'm working on. I know WP has a preview theme option, which works, but it has a sidebar that lets you go back to the WP management page, which means when I try to inspect the source it has lots of extra stuff that the actual theme wouldn't have.
Any ideas? Thanks.
Working on a live site is not a good idea. All changes you make will be viewable to your users.
You have two options here. The first option is to create a subdomain like test.example.com and install wordpress there. From there you can do changes to the theme without worrying about the live site. Once done, you can just move your theme over to the live site.
The second and best option is to install wordpress locally on your pc. I use xammplite for that purpose. It works the same as a live install, but it is faster making changes to a theme. Also, if you make a mistake somewhere like a syntax error, you can correct it quickly, no need to ftp a file backwards and forwards between pc and live site.
If this doesn't cut it, your last least favored option is to download a maintanance plugin and put your site in maintainance mode. You will be able to see and test your site, and everyone else will see a maintainance notice
I just uploaded a Wordpress theme onto my Website.
I get url redirects to website when I am browsing though my website.
The malicious site it links to clickbank.com.
I have scanned all my files with TAC and exploit scanner, but it did not pick up anything.
this picture may help you to find the problem from Entries RSS.
check function.php or search for windows.location code in all project repo
you can search all code by notepad++
While this may not be a direct and final answer, because there are many possibilities.
You may also tell us what is your theme or installed plugins too if they are free for download, we may try.
You seems to be testing in localhost., IMO you may try to eliminate all possible factors first.
Did you install any plugins? (if so)Did you test also the plugins?
Did you scan your database for this link?
Sometimes this kind of problem also appear from Database side since some problematic plugin may put those link in DB, apart from using exploit scanner, you might have to manually check once.
After all, did you also try a clean install to test the theme?
In addition, if it is a very Wordpress specific questions, you may consider posting in Wordpress Stackexchange
There are thousands of plugins and themes available at wordpress.org and many other third parties. There is every possibility of bad plugins and themes being uploaded, which once uploaded could send info about the site to its owner. It could also send the information in the wp-config.php (A high security risk).
Please tell me how to protect wordpress sites from this other than by reading the code line by line. Also tell me if plugins and themes at wordpress.org are analyzed by the wordpress developers for threats like this before making it available to public.
Thank you.
Peace to All....
As with any code you run on your own server(s), WordPress plugins are caveat emptor.
That said, popular plugins have probably had a fair number of eyes on their code, making it unlikely that they're doing something shady. You probably don't need to go over them with a fine-tooth comb before installing them.
Lesser-known/used plugins, however, should probably be looked over before you install them on a site/server that you care about.
WordPress.org does not review every bit of code that goes into plugins - the only time they even do any review at all is when the plugin is initially submitted to the plugin directory, and that's cursory at best (mostly just to avoid spam). A plugin's code can change drastically after it's initially submitted.
Typically I will look at the feedback the plugin received on wordpress.org What kind of rating does it have? What comments/questions are asked in the 'what others are saying' section.
After making the decision to install the plugin, BACKUP YOUR DATA PRIOR TO THE ACTUAL INSTALLATION.
This is just good practice in any case, whether it's a wordpress core installation, plugin installation, or theme. If something breaks, you will have something to go back to.
Also making sure to keep frequent backups is a must. If you do get infected, you will want a snapshot.
There is a good article about the safety and security of themes that best plugins for wordpress put together. Also you can go some off of the rating given by the community straight from the wordpress plugin site. If you keep with plugins that have a 4-5 star rating and lots of downloads/ratings, you will most likely be ok. However, because this is an open source project, there is really not a 100% way to keep hackers and "bad people" from putting code in a what appears to be good theme/plugin that you are describing.
In this case if you have concern of a theme or plugin, I would always look over the code very carefully and make sure that it all looks good to you. Of course this is always time consuming and if you are not comfortable with code, this may not be an option. If you have questions about a certain set of plugins/themes, im sure if you post them here, there are many people that have used the plugin and maybe the theme before that can help you out.
From "Best Plugins for Wordpress"
1 TAC (Theme Authenticity Checker) Plugin
A very simple and straight forward plugin that will scan all files within your theme to >>check for any malicious or unwanted code.
2 Theme-Check Plugin
You may notice that a lot of free themes aren’t available directly from WordPress.org, >>the main reason for this is that most free themes don’t pass the tests that WordPress.org subjects them too. This nifty plugin will provide you with all the testing tools you will need to conduct the same tests that WordPress.org does. It’s also useful for theme developers who want to make sure their theme supports the latest standards.
3 Exploit Scanner Plugin
This plugin isn’t just for themes, it’s for your entire site, so it’s worth keeping once you’ve checked out the theme you’ve decided to use on your site. It scans all files, posts and comments on your site for any possible exploits or anything that looks suspicious, please note however that this plugin will not remove any files.
How can you start making changes inside a WP theme and then keep track of them for future them updates ?
You can use some sort of version control software like subversion to track updates. Also in terms of just "hacking", it is all based in PHP so you can just drop into your theme and make changes as needed to any of the files as they pertain to what you want to do. For example in order to make any sort of changes to the header, typically you would edit the header.php file.
One way would be a version control system like Subversion.
My experience has shown that it is best to go with a very well developed and customizable theme (occasionally paid) that allows you to make the majority of changes within the theme's settings rather than hard coding them. When the theme is updated by the author, while not impossible, I find it is rare they've butchered something from a previous version. If they did, they'll often offer not only a reason but a possible work-around.
Another think would be to have a testing environment where you can try out new releases of a theme without risking harm to your live site. Just google 'wordpress testing environment' and that should point you in the right direction. For the record, I run XAMPP on a spare windows pc for this process.
Last bit of advice: if you do make any changes to your theme, back the theme files up regularly. In the event something does go haywire, you wont have to design the site from scratch.