WordPress Hacks and Tricks
How to Remove WordPress Admin Bar
I never use the WP Admin Bar and have this code as part of my WordPress themes.
If your theme doesn’t already have the option to disable the WordPress Admin Bar add this code to your functions.php file.
<?php
add_filter('show_admin_bar', '__return_false');
?>How to Add Custom Content to WordPress Login Page
Want to display a customized message as you login to WordPress, add the following code to your functions.php file.
<?php function str_custom_login( $message ) {
if ( empty($message) ){
return '<p class="message">Totally Rad Message Here...</p>';
} else {
return $message;
}
}
add_filter( 'login_message', 'str_custom_login' );
?>
Cleaning up the wp_head() Output
In my Stallion SEO WordPress and Stallion Responsive Themes there’s options to disable items from the head of a page. For your average WordPress site you should NOT remove them all, in my SEO themes the first options are by default set to OFF (remove the code) and the remaining set to ON (do not remove the code).
Click the image to the right to see the Stallion Responsive options page with defaults set.
For example you do want to turn off the wp_generator (adds nothing useful), but should NOT turn off rel_canonical. Here’s the default options from the Stallion Responsive theme and what they do:
wp_generator Off: Hides WordPress version number security issue (OFF).
wp_shortlink_wp_head Off: Removes Shortlinks (OFF).
start_post_rel_link Off: Removes relational link to first ever post (OFF).
adjacent_posts_rel_link_wp_head Off: Removes relational link to Previous and Next posts (OFF).
index_rel_link Off: Removes relational link to home (OFF).
parent_post_rel_link Off: Removes relational link to Parent Page (OFF).
wlwmanifest_link Off: Removes the Windows Live Writer link (OFF).
rsd_link Off: Removes Really Simple Discovery Links (OFF).
automatic-feed-links Off: Removes Automatic Feed Links (OFF).
wp_no_robots Off: Removes noindex,nofollow robots meta tag (OFF)
wp_enqueue_scripts Off: Prevents WordPress from adding javascript to a site. (ON).
wp_print_head_scripts Off: Prevents plugins from adding javascript to a site. (ON).
wp_print_styles Off: Prevents plugins from adding stylesheets to a site. (ON).
feed_links Off: Removes main RSS feed links (ON).
feed_links_extra Off: Removes extra RSS feed links (ON).
rel_canonical Off: Removes canonical URLs (ON).
And the Corresponding WordPress code for turning the code off.
The first 9 are safe for most WordPress blogs.
<?php remove_action('wp_head', 'wp_generator'); ?>
<?php remove_action('wp_head', 'wp_shortlink_wp_head'); ?>
<?php remove_action('wp_head', 'start_post_rel_link'); ?>
<?php remove_action('wp_head', 'adjacent_posts_rel_link_wp_head'); ?>
<?php remove_action('wp_head', 'index_rel_link'); ?>
<?php remove_action('wp_head', 'parent_post_rel_link', 10, 0); ?>
<?php remove_action('wp_head', 'wlwmanifest_link'); ?>
<?php remove_action('wp_head', 'rsd_link'); ?>
<?php remove_action('wp_head', 'wp_no_robots'); ?>Do Not Use the code below unless you have a good reason.
<?php remove_action('wp_head', 'wp_enqueue_scripts', 1); ?>
<?php remove_action('wp_head', 'wp_print_head_scripts', 9); ?>
<?php remove_action('wp_head', 'wp_print_styles', 8); ?>
<?php remove_action('wp_head', 'feed_links', 2); ?>
<?php remove_action('wp_head', 'feed_links_extra', 3); ?>
<?php remove_action('wp_head', 'rel_canonical'); ?>
<?php add_theme_support('automatic-feed-links'); ?>Remember the above code is built into Stallion WordPress SEO and Stallion Responsive, a small amount of it (the ones that should be set to off) is also part of Talian 5.5. So if you are one of my theme users, do not add this code to Stallion or Talian.
David Law
Website - SEO Gold
WordPress Responsive Child Theme
Hi David,
I’ve just found a simple way to create a responsive theme out of an existing one using a child theme.
Thought you were interested in adding this feature to the current and future versions of Talian and Stalion themes.
As you know, responsive theme design respond well to different screen sizes, such as – smartphones, mobile phones, tablets and wide variety of desktop screen sizes.
So, here are the links to the tutorial – looks simple.
Two links:
Child theme –
Images responsive –
That’s it.
I am going to test it this week.
WordPress Responsive Child Theme
WordPress Custom CSS
I am trying to add some custom CSS and editing the style.css is not doing anything.
Which CSS file to I have to edit?
Editing WordPress Theme CSS Files
The style.css file isn’t used by Stallion, all the CSS files are under the /stallion-seo-theme/colors/ folder.
Two CSS files are used a layout file layout-***.css and a colour file style-***.css.
The Layout file is set under Stallion Layout Options and the Colour file set under Stallion Colour Options.
Those are the files to edit, if you are using just one layout and colour scheme sitewide (so not set any layouts/colours under the Post edit screens) you would edit either the layout or the colour CSS file your site is using.
So if you have the layout set to “4 – Main Content 660px : Right Sidebar 310px” you would edit the file layout-310r.css. Or you could edit the colour file, if it’s set to “Stallion Delicate” edit the file style-delicate.css.
Since the Layout file is loaded first and the colour file loaded last code wise if your CSS overrides something Stallion already has CSS rules for it’s best to add it to the end of the colour CSS file not the layout file. CSS rules are run in order they are read code wise, so if you were setting the h1 text color to red and Stallion has it set to blue (which would be in the colour CSS file sincethat’s where colours are), if you added the red h1 code to the layout file Stallion would use the blue h1 code from the colour file because it was read last code wise.
David
Editing WordPress Theme CSS Files
How to Customize Theme?
How do we remove the horizontal lines that appear:
1) full width above the footer
2) partial width below the main content area?
How do we remove some of the horizontal lines that appear in the Widgets, above/below the widget titles. I am using the Coraline Colour Scheme.
CSS Borders
If I recall correctly those will be CSS border rules. The widget one is related to the “span.gat_widget” CSS code and the footer one “#footer_stallion” both rules are in the colour CSS file.
Not sure which the partial width one is, try the border bottom code related to “.post-meta, .commenthead”
To get rid of the borders you’d delete the relevant lines or set the color code to match the background colour.
David
CSS Borders
Remove CSS Borders
What files need to be edited and where are the files located? I would like to remove some of the borders.
How to Change WordPress Theme Borders
If you use the Stallion Responsive Theme probably (not knowing which borders can’t be 100% sure: assuming below you want to remove borders that have different colours to the background) no need to manually edit any files.
If a small amount of cosmetic changes, choose the Stallion Responsive Theme Colour and Fonts under “Stallion Theme” >> “Colour Options” that are close to what you want.
Set “Stallion Theme Font Scheme”
Set “Stallion Theme Colour Scheme”
When you have the main colour and font combination closest to what you want (there are hundreds of combinations: 20+ fonts, 30+ colour schemes: more to come), again under “Stallion Theme” >> “Colour Options”.
Set “Colour Scheme CSS Inline/File Creator Selector” to “Colour Scheme CSS Inline ON”.
This will add a new options page under “Appearance” >> “Colour Scheme CSS Inline”.
Here you can change the colour of almost everything including most borders. To remove a border match it’s colour to the background, a white border on a white background is hidden.
For example if you look at the bottom of this webpage the footer has a thin line above the footer copyright info, that’s a border which can be changed under “Appearance” >> “Colour Scheme CSS Inline”:
“Footer” >> “Footer Top and Bottom Border”.
If I set it to white (#ffffff) it would be hidden.
BTW Be more specific in what you are trying to achieve, there are a lot of ways to change things using Stallion Responsive, without knowing what you are trying to do it’s guess work trying to provide the best/easiest solutions.
David
PS The comment thread you replied to is quite old, Stallion has many new features since that time, the colour/font editor for example is new so where a user would manually edit a CSS file in older versions of Stallion, today it’s all built into Stallion Responsive. Almost everything can have it’s font/colour changed.
How to Change WordPress Theme Borders
WordPress Theme Hacked
Hello David,
I hope you got your PCs now and everything works fine with you.
After I installed your theme awhile, my blog has been hacked. Therefore, I am not sure if your theme is infected with any suspicious virus or not. Just wondering only.
I am now restored my blog already but there are a lot of work that I have to deal with.
Thank you,
WordPress Theme Hacked
WordPress Site Hacked How to Fix
Sorry to hear your WordPress site was hacked, did you figure out how it was hacked since there’s nearly always additional back doors left by the hackers so they can hack the site again after you fix the changes? for example they’ll modify your themes and plugins so they have additional hacking points into your site if you don’t clean it fully.
With WordPress many hacks tend not to be caused by malicious code per se (so not deliberate viruses or Trojans), but security exploits that give hackers access to a server so they can make changes and from those changes access your sites files and database.
See http://codex.wordpress.org/FAQ_My_site_was_hacked for pointers on how to fix a hacked WordPress site.
There’s definitely no virus infections or Trojans within the Stallion Responsive zip files. It’s also highly unlikely to be the Stallion Responsive theme at fault for a WordPress security exploit, spend a lot of time checking through the code I add to Stallion for potential security exploits (remember I run Stallion on over 100 domains, so don’t want my sites hacked because I was lazy), but hackers are innovative and what’s not a potential security threat today could be one in the future. So there are no guarantees with either a theme, plugin or the latest version of WordPress then there’s your own PC and your server/hosting.
If you keep track of WordPress updates you’ll notice there are regular security updates (hackers are finding new exploits all the time), so it’s important to update regularly. If WordPress is out of date it’s more likely to include a security exploit hackers will use to hack your site.
Delete all (and I do mean ALL) WordPress themes and plugins you are not using. A WordPres plugin or theme does NOT have to be active to give hackers access to a theme or plugins code, if you have a 3 year old plugin or theme you aren’t using that contains vulnerable code it’s a big risk. There are a lot of old themes and plugins with exploits and if you regularly test themes and plugins and leave them on your server they are a potential future entry point for hackers.
WordPress security rule is, if you aren’t using a theme or plugin, delete it.
BTW don’t assume the cause is WordPress, could be your host that’s got an exploit or a hackers has gained your WordPress password from your computer. I had a server hacked (about 6 years ago I think) and couldn’t find anything wrong with the server, did find an out of date Windows Internet Explorer Adobe plugin (I don’t use Internet Explorer often, so didn’t update often enough) and the way I used Filezilla might have (still not sure) given a hacker access to my PC and my list of Filezilla FTP passwords! Filezilla doesn’t encrypt saved passwords (dumb security failing on their part) and the Adobe plugin gave limited access to my PC.
So nothing wrong with my server, WordPress etc… I think the hacker gained access to my Filezilla FTP passwords file (an unencrypted xml file) from my own PC, popped the Filezilla file into their version of Filezilla and had all my sites login details!!!
David
WordPress Site Hacked How to Fix
Cleaning a Hacked WordPress Site
Thank you so much David,
I don’t know whether my blog is completely cleaned or not now because it was handled by my hosting supports. They said that they deleted the malicious file and they also scanned my server files to make sure there is no any malicious virus.
Sometimes as what you mentioned the hack would be probably leaked through my PC and FTP while I am now mostly using it. But I always am careful of the various into my PC. I think i should buy Mac so that there is no any virus into the PC.
I lost over 30 posts of my blog, affected by the hack. It changed all the words to what I could not understand so i decided to delete them.
Oh, I am wondering about the slider. Sometimes it works well but sometimes it does not work. Why?
I want to delete the main ads option in the homepage or archive page but i could not find the place to delete it. Then the main adsense will be displayed only in the single post. You know, your strategy you told me was not what i need to get ads display. I like it displaying inside the post, like the main adsense but what you told me, the ads shows at the top of the post. Not chachy !!
Therefore, i think if i just delete the code in the main home page and archive page, the ads will not appear but the single post will.
Thank you,
Cleaning a Hacked WordPress Site
WordPress Responsive Slider
The Stallion Responsive slider does sometimes act a bit weird at times, the images don’t fill the box and requires a refresh to work correctly. I don’t know what the cause is, but since sliders use a lot of javascript I would guess it’s something within the javascript (pretty much the only thing it could be).
I added the slider (to Stallion 6) because WordPress post sliders were popular at the time, but I personally don’t use them in 2014 for SEO reasons.
They require additional javascript code, this has an impact on pagespeed (how fast a page loads) which Google uses as a ranking factor.
Run your site through Google’s Pagespeed Insight Tool http://developers.google.com/speed/pagespeed/insights/ with and without the slider active and you’ll see the difference.
If you do the research you’ll find users tend not to click on sliders, so though they look nice they tend to be ignored. there’s an interesting discussion at https://yoast.com/opinion-on-sliders/
So cool feature, but has negative SEO impact and users apparently don’t click them. If stallion Responsive was only for my use I wouldn’t have kept the slider feature, but some users like them so made the best SEO version possible.
In the Stallion Responsive 8.0 release I modified the slider code from Stallion WordPress SEO 7.1 to be fully responsive and to use less resources: the responsive version has no images associated with it and the output is better SEO’d. But it still needs additional javascript files loading, so has the negative SEO pagespeed issue.
Compared to other sliders it’s much better SEO wise, most use images and have zero SEO built in, the links tend to have awful anchor text for example.
Though I don’t advise using WordPress sliders, if you do use the Stallion Responsive slider. If you disable the Stallion Responsive slider under the Stallion options pages it has no negative impact on SEO, when a Stallion Responsive feature is disabled via an options page it’s like the feature doesn’t exist (WordPress doesn’t load any of the resources).
David
WordPress Responsive Slider
Footer Copyright
I am using Stallion Responsive. I notice in the default footer where the © is located, when I go to the base/root url the year doesn’t show up, but when I go to a page, the year shows up. How do I make the footer consistent across the whole site?
WordPress Last Post Date
Hmm, I’m using this standard WordPress code for the footer area copyright sign and date:
The above is within the footer.php file (/wp-content/themes/stallion-responsive/footer.php).
The time bit looks at the date of the last WordPress Post or Page date and uses it for the date.
So for the home page it’s the year you last made a Post, for a Static Page and WordPress Post it’s the date it was posted.
If your WordPress site is new and you’ve deleted the Hello WordPress Post you won’t have any posts to grab the date from on the home page, so it would be blank until you post a post: guessing you’ve got no posts.
So it’s showing when the content was posted as it’s a copyright notice and that’s standard practice to use the date the content was posted.
If you wanted it static you could either change it to say 2015:
Or if you want the current year use PHP date:
The output would always show the current year.
David
WordPress Last Post Date