The What What?

Post Object. WordPress stores all post data (think content, author, tags, etc) in a single object, accessible to themes and plugins on each page load. Basically, this is the place you’re going to go to if you want to get some extra information about a post for whatever clever scheme you’ve got cooked up. Need to know how many “n”s are in this particular post? Talk to the post object. Not sure when this post was originally published? Post object. Looking for lawyers who ride? Now we’re talking – but you want the Law Tigers, not the $post object. Watch their commercials. You won’t regret it.

How do I get at this mystical post object?

Single Posts

The post object is available nearly everywhere you’re likely to be looking at a post. If you’re working with a single post page, or an actual page, you’ve got access to that post’s (or page’s) post object anywhere within your theme file. It’s all held in a variable named $post.

Multiple Posts

If you’re on a page with multiple posts, things are a little trickier but not much. If you’re inside the loop, you’ve got access to a $post object (named $post) referring to the current post in the loop.

Elsewhere

What if you want to get at a post that isn’t the one you’re looking at on a particular page – or what if you want to get at one from a plugin, or somewhere where there isn’t a current post explicitly defined? There’s a function for that:

$id = 41;
$mypost = get_post($id);
print_r($mypost);

get_post() to the rescue! There are, however, a couple of gotchas with get_post.

1. You have to pass it a variable – not an integer. See how in the example above, I set $id to 41, an then used $id as the argument to get_post(), instead of just saying get_post(41)? That’s important. If you try to pass an integer to get_post(), it will blow up. No Joke.
2. You probably shouldnt use the variable $post. Why not? Because WordPress uses $post all the time, and chances are you’ll either overwrite WordPress’ version of $post, or they’ll overwrite yours – either way, somebody is going to be mad. Choose something more clever than $post (like $mypost!). I know you can do it.

What if I don’t like getting the data back as an object? I’m an associative array kind of guy.

get_post() gets you. So do I. There’s a second, optional argument to get_post that determines what it spits out at you. It defaults to OBJECT, but you can also pass in ARRAY_A, or ARRAY_N to get an associative array or a numeric array version of the post data.

Ok, I’ve got a post object – what kind of data is in there?

Find out for yourself! The snippet above uses the function print_r() – it will show you the structure AND data of a particular post object – very useful stuff. Surround it in a <pre> tag, and you’ll be in even better shape – it will display nicely in your browser.

I’m too lazy for that. Didn’t I come here for you to teach me about this?

Well played. Here’s a quick rundown on the data the post object gives you:

Whew!

I think that about covers it. One last question you might have:
How do I get WordPress to spit out properly formatted post content?

Good luck!

Over the past few weeks, I’ve been absolutely inundated with requests to clean up hacks that have exploited the much publicized Timthumb.php vulnerability. I have to assume that the reason most people aren’t plugging up this security hole on their sites is either

1. They don’t feel confident in their ability to find the problem
2. They feel like the process to fix it is too complicated

To combat this, I took a couple of hours this morning to write a plugin that will do the dirty work for you. The WordPress Timthumb Vulnerability Scanner will check your entire wp-content directory (including all themes, plugins, and uploads) for any vulnerable (pre-2.0) instances of the timthumb script, and give you a one-click upgrade to upgrade each script to the latest, secure version.

The process is simple:

1. Download the plugin here:
   http://wordpress.org/extend/plugins/timthumb-vulnerability-scanner/
2. Install and activate using either FTP, or the built in WordPress uploader
3. Go to the “Timthumb Scanner” page, under the “Tools” menu
4. 
   Click the “Scan” button.

5. View your scan results
   
   In this case, I’ve got one vulnerable (outdated) file, and 2 that have been updated, and are safe. I’m going to want to upgrade that one vulnerable file – to do that, I just need to hit the “Fix” button next to it.
   You may not have any instances of timthumb on your site, or all of yours may be upgraded – if so, you’re all done!
6. After hitting “Fix” for my one problem file, I’m showing “No Vulnerabilities Found”, which means I’m all set.

Just like that, you’re done. Quick and painless.

Note: If you’ve already been hacked, this will NOT clean up your site. This plugin fixes your door lock – which doesn’t matter if the burglars are already in your house.

Let me know of any problems or questions you have in the comments.

Good luck!

EDIT
Looking for a solution to scan a whole server, or a site not running on WordPress? By sort-of-popular demand, here it is:
http://codegarage.com/plugins/timthumb-full-server-vulnerability-scanner.zip
It’s much less polished, and much less tested, so use at your own risk.

With all of the hubbub around the recent timthumb vulnerability, lots of people are looking for some easy instructions on how to get it taken care of. You should be, because I’ve cleaned up more hacks in the past 2 weeks related to this vulnerability than I have in the last 2 months – people ARE getting hacked due to this.

Unfortunately, if you’re not totally comfortable with code, upgrading this file can be a little scary. Good news, I’m here to help.

How do I know if I’m using timthumb?

This one isn’t too hard – the easiest way to figure this out is to use a scanner of some sort to search your server for the timthumb script. I’ve written a timthumb scanner that runs as a WordPress Plugin – you can find that here.

If you’re not comfortable with that process, you might be able to just give your blog a once over and figure it out yourself. Are you showing thumbnails on the homepage? If so, you might be using timthumb. Right click one of the thumbnails, and click “open image in new tab” (or the equivalent – that’s what it says on chrome on a mac).
In the new tab that opens, check out the url bar – does it say timthumb.php anywhere in the url (check the text right before the question mark, if there is one)? Note – this might also just say “thumb.php”

How do I know if my timthumb script is vulnerable?

Fortunately, this one is pretty easy. Open up the file in the wordpress theme editor, or using FTP (it’s probably in your theme directory, called timthumb.php or thumb.php – the previous step should tell you that). Look for this code, near the top:

// external domains that are allowed to be displayed on your website
$allowedSites = array (
	'flickr.com',
	'picasa.com',
	'blogger.com',
	'wordpress.com',
	'img.youtube.com',
	'upload.wikimedia.org',
);

// STOP MODIFYING HERE!
// --------------------

To clarify (or make things more confusing): If you see this:

// If ALLOW_EXTERNAL is true and ALLOW_ALL_EXTERNAL_SITES is false, then external images will only be fetched from these domains and their subdomains.
if(! isset($ALLOWED_SITES)){
	$ALLOWED_SITES = array (
			'flickr.com',
			'picasa.com',
			'img.youtube.com',
			'upload.wikimedia.org',
			'photobucket.com',
			'imgur.com',
			'imageshack.us',
			'tinypic.com'
	);
}
// -------------------------------------------------------------
// -------------- STOP EDITING CONFIGURATION HERE --------------
// -------------------------------------------------------------

You’re ok. $allowedSites = Bad, $ALLOWED_SITES = Good. For another way to check, if you look up near the top of the file and see this:

define ('VERSION', '2.8');										// Version of this script

You’re good. Version 2.0 and greater are safe to use.

If it doesnt look like you’re using the right version, it’s time to clean it up!

How do I fix it?

400 words later, we finally get back to the question posed in the title. Can I just replace the old, vulnerable code with new, safe code, and have everything still work? Yes, you can.
From the previous step, you’ve got the file open in your WordPress theme editor. All you need to do is replace the entire contents of the file with the code found here:

http://timthumb.googlecode.com/svn/trunk/timthumb.php

Save the file, and you’re done! Your thumbnails still work, and you can sleep a little easier at night.

Plug Time: I do this service for subscribers to my WordPress backup and security monitoring service – so if you’re not sure you want to take it on yourself, have a look here. If you just have a question, or need some guidance, I’m happy to give that away for free. Get in touch with me at peter@codegarage.com. Good luck!

Yesterday we talked about how to access your WordPress site via FTP – today, we’ll talk about something more important: Upgrading or reinstalling WordPress using FTP instead of the WordPress backend.

Why?

Again – this all comes down to saving your own butt. If an automatic upgrade fails in the middle, you’re in trouble – chances are that some, but not all of the files necessary have been reinstalled/updated. Because of this, the Dashboard is often left inaccessible, and you have to fall back on your old friend FTP.

Other reasons you might do this:

1. You got hacked, and you want to make sure your core WP files are clean.
2. You started tinkering with Core WordPress files, and now the site doesn’t work
3. You uploaded a shady plugin which modified core WordPress files, and now the site doesn’t work

Public Service Announcement

Back up your site before you do this. Please. If you mess it up, and lose all your uploads, you’re going to be really mad, maybe at me. Don’t have a backup service? Good news – I have one that I can shamelessly plug. Check it out at the front page.

Lets get to it. Since we already understand how to access WordPress via FTP, we can get started without fear.

Step 1: Download WordPress

WordPress.org has a handy feature: the latest version of WordPress is always available at:

http://wordpress.org/latest.zip

If you ever need a copy, just enter that address in the url, and it will start downloading. The more traditional page for finding your download is here:

http://wordpress.org/download/

Need an old version of WordPress? They’re nice enough to keep those around too:

http://wordpress.org/download/release-archive/

So you’ve downloaded the version of WordPress you need. Good work!

Step 2: Unzip it

Next, you need to extract the zip you downloaded. Hopefully this isn’t too tricky – as long as you know where your downloads end up. In most cases, it’s as simple as finding the zip file and double clicking it. You should end up with a folder titled “WordPress”, which has the entirety of a WordPress install inside of it.

Step 3: Upload it

All that’s left is to upload. Now – you need to take some special consideration before you just go uploading all these files. Make sure you’re:

• Uploading the right things
• To the right place
Simple, right? Here’s what we need to do: We want to upload the contents of the WordPress folder (which we just extracted) to the directory on our web server where wordpress is installed, with one important caveat:

We don’t want to overwrite wp-content

That deserved to be bolded. The wp-content folder holds your themes, plugins, and uploads – and we don’t want to overwrite it with the default wordpress content. So, we’re going to upload everything except that.




Upload Everything BUT wp-content


Now that we’re ready to upload, we’ll just click and drag that mess into filezilla – making sure that in filezilla, we’re looking at the current wordpress install (you should be looking at the inside of a directory that has wp-load.php in it).

When it asks if you’d like to overwrite files, go ahead and check “Overwite”, as well as “Always use this action” and click “Ok”. Before clicking “Ok” would be a good time to double check that you’ve backed up, adn you’re not overwriting wp-content.

Now, this is going to take a while – WordPress has a lot of files. Go eat a sandwich, it will be done when you get back.

All done. Now what?

Now head back over to your site and get a feel for your handiwork. If you were just trying to fix a problem, ideally at this point your site is working again. If the upload went ok, and your site still isn’t working, the problem lies somewhere else – check your plugins and themes if you haven’t already.

If you were doing this to upgrade your WordPress install, you’ve got one more step. Head over to yoursite.com/wp-admin, and you should be presented with a screen saying you need to upgrade your database. Go ahead and approve that, give it a minute to think, and you should be redirected to the login page – and you’re done!

]]> http://codegarage.com/blog/2011/08/upgrading-or-uploading-wordpress-via-ftp/feed/ 0 http://codegarage.com/blog/2011/08/upgrading-or-uploading-wordpress-via-ftp/ http://feedproxy.google.com/~r/CodeGarage/~3/IwNuN8N8bgE/ http://codegarage.com/blog/2011/08/wordpress-ftp-access-not-as-scary-as-it-sounds/#comments Tue, 16 Aug 2011 23:27:03 +0000 Peter http://codegarage.com/blog/?p=324

What is FTP?

FTP is short for File Transfer Protocol. Pretty self explanatory – you have files on your computer, you want them on your website, so you transfer them. FTP facilitates this.

When and Why do I need to use it?

Like I said, WordPress continues it’s relentless path toward becoming completely free of scary acronyms like FTP, but there are still times when you need it – mostly when things go wrong:

• Your WordPress site broke during an upgrade, now you can’t get in.
• You’ve got a broken plugin that has made your site inaccessible
• You were tinkering with your theme, and now you’ve got a big error message on every page of your site – or worse, just a scary blank screen
• You keep getting errors and notices about “Permissions” issues

Ok, so Maybe I Need It. Now what?

Step 1: Get an FTP client.
“FTP Client” is just nerdy talk for “Program you use to upload your files to your website”. There are as many FTP clients as there are fish in the sea, but I’m just going to tell you to use FileZilla, because it’s free, and easy to use. Download and install it, and get back here.

Step 2: Figure out your FTP credentials.
More nerd speak – you just need the login and password (and maybe ftp url) your host gave you for FTP access. This information is often in your “Welcome to your new hosting account” email.

Step 3: Connect!
Alright – fire up your FTP Client (See? You’re talking like a real nerd! Drop that one on your boss. He’ll give you a raise and a new job title.) In filezilla, we’re just going to use the “QuickConnect” bar –
Host: This is usually your site’s url (like codegarage.com), but sometimes it’s something different. If it’s different, they’d have told you in the same place you found your username and password. You did find your username and password already, right?
Username: Your username. Take note: you might have to include the domain name afterward, like an email address (like peter@codegarage.com).
Password: Your Password.

Next stop, the “Quickconnect” button. Go ahead, click it. You’re not in a position to break anything. Yet.

You’re In!

Hopefully. If not, you’ve probably got one of those fields wrong – host, username, or password. Do some tinkering.
If you got in, you’ll see the window on the bottom right corner of the screen fill up with some folders (or maybe just a few). These are the files on your server! Go ahead, do some exploring. When you’re ready to upload a file (send it from your computer to the website), just drag it on into that window on the right, and it will get sent to the website.

That’s it! Good work!

]]> http://codegarage.com/blog/2011/08/wordpress-ftp-access-not-as-scary-as-it-sounds/feed/ 4 http://codegarage.com/blog/2011/08/wordpress-ftp-access-not-as-scary-as-it-sounds/ http://feedproxy.google.com/~r/CodeGarage/~3/8G3BQ9q30-4/ http://codegarage.com/blog/2011/08/how-to-change-your-wordpress-table-prefix/#comments Wed, 03 Aug 2011 17:30:12 +0000 Peter http://codegarage.com/blog/?p=311 Lately, WordPress users seem to have had an increased interest in security – and with good reasons. Yesterday’s timthumb.php vulnerability, plus a slew of others in the past few months have really put most site owners on edge.

Often it’s recommended that as a WordPress site owner, you change your WordPress database table prefix to something other than wp_. It’s not a bad idea – in certain situations, doing so might prevent a hacker from gaining more access to your site, or limit his destructive capability, and it’s a very easy thing to change.

If You’re Installing WordPress

If you’re installing WordPress, and you havent run through the install process, changing your table prefix is incredibly simple. During the install process, just set the Table Prefix to anything you’d like:


If You’ve Already Installed WordPress

If you’ve already installed WordPress, you can still change your table prefix, but it’s a little more complicated. You’re going to need to have access to your database through PHPMyAdmin or a similar system.

1. First, open your wp-config.php file (You’ll need to download this via FTP, or get at it from your host’s file manager). This file is usually located in the web root of your site.
2. Now, scan down until you see a line that starts with ‘$table_prefix’. It will look something like this:

   /**
    * WordPress Database Table prefix.
    *
    * You can have multiple installations in one database if you give each a unique
    * prefix. Only numbers, letters, and underscores please!
    */
   $table_prefix  = 'wp_';
   

   Change the value between the quotes (after the = sign) to whatever you’d like:

   /**
    * WordPress Database Table prefix.
    *
    * You can have multiple installations in one database if you give each a unique
    * prefix. Only numbers, letters, and underscores please!
    */
   $table_prefix  = 'mysecretprefix_';
   

3. Upload the file to your site, replacing the old wp-config.php file (If you made these changes from the built in file editor for your host – like cPanel, you just need to click the “save” button).

   At this point, your site will totally stop working. Yikes! Fortunately, we can fix that by changing some things in the database (Remember how you were supposed to make sure you had database access before we started? If you don’t, change wp_config.php back to the way it was, quick!).

4. Fire up PHPMyAdmin (or the MySQL client of your choice), and connect to the database for this WordPress install.
5. Run through each table starting with wp, and rename it, as follows:
   1. Click on the table name in the left sidebar
   2. Click on the “Operations” tab
   3. Change “wp_” to “mysecretprefix_” in the upper right field
   4. Repeat for each table

   At this point, your site should be working properly again, with one important caveat: You get a permissions error when you try to log in. That leads us to our last set of steps:

   Choose the mysecretprefix_usermeta table, and look for a row with a user_id of 1 (or whatever your user’s id is – it’s probably 1), and a “meta_key” value of “wp_capabilities”. Once you’ve found this. Click the pencil toward the left (edit)

   5. Replace the wp_ in the meta_key row to “mysecretprefix_”
      
   6. You need to make this same change to 2 more records – wp_user_level (located in wp_usermeta – again, make sure you’re changing it for the right user), and wp_user_roles, which is in the mysecretprefix_options table. Both of them should have wp_ replaced with mysecretprefix_.
   7. All done!

   If You’re Installing WordPress, and You’re Not Interested in all that Hassle:

   This one probably should have gone first: The plugin WP Security Scan from WebsiteDefender will do all the dirty work for you in most cases. Just go to the “Database” page, and switch your prefix.
   

   ]]> http://codegarage.com/blog/2011/08/how-to-change-your-wordpress-table-prefix/feed/ 3 http://codegarage.com/blog/2011/08/how-to-change-your-wordpress-table-prefix/ http://feedproxy.google.com/~r/CodeGarage/~3/n7dTMdX5On0/ http://codegarage.com/blog/2011/08/how-to-clean-up-the-timthumb-security-vulnerability/#comments Tue, 02 Aug 2011 16:56:25 +0000 Peter http://codegarage.com/blog/?p=300 Yesterday, Mark Maunder over at markmaunder.com managed to track down the source of a pretty clever hack on his site, where the hacker gained access through the massively popular TimThumb image thumbnail creation library. You can read his full post on the matter here:
   Zero Day Vulnerability in Many WordPress Themes
   He’s made an interesting post detailing the work he did to catch the hack – If you have the time, give it a read.

   More importantly – this hack has the potential to affect hundreds of thousands of WordPress installs. Unfortunately, because the timthumb library is generally included in themes (both free and premium), it’s not going to be very easy to get patched. Premium theme sellers will no doubt release updates and notify their users, but free theme users are less likely to have such good luck. As such, it’s going to be a good idea to check your site out for this vulnerability, and fix it as soon as possible.

   (Note – Subscribers to Locker have had their sites scanned for this vulnerability, and are being automatically notified if they’ve got a problem right now.)

   How do I know if I’m vulnerable?

   Nearly anyone using the timthumb library, who downloaded it before yesterday (8/1/11) is likely to be vulnerable. How do you know if you’re using timthumb? The easiest way is probably to check out your theme folders for a file called timthumb.php, using FTP, or your host’s file browser. If you’re using a host with cPanel (like Hostgator), it’s very easy – just load up the file manager, and then use the “Find” box in the upper right corner to search for timthumb.php. No results? Chances are good that you’re safe.
   
   Make sure you check every folder in your theme – it’s likely that if your theme has a lot of included files, this file would be in a directory inside your main theme folder.

   Ok, the file is there – now what?

   Fortunately, thanks to the hard work of Mark in finding this and bringing it to light, Ben (the creator of TimThumb), and a few other folks, there is a more secure version of the script now available for download here:
   http://timthumb.googlecode.com/svn/trunk/timthumb.php
   To secure your site, save that file (File->Save Page As in most browsers) to your computer, and then upload it to your site via FTP, replacing every instance of timthumb.php with the new version you just downloaded. If that’s beyond you, or you want to be absolutely sure that you’ve closed the hole up, send me an email at peter@codegarage.com, or hit me on twitter @peterbutler, and I’ll help get you straightened out.

   Good luck!

   Resources

   • Timthumb Project Homepage
   • Original Post about the vulnerability (there’s some interesting discussion in the comments – have a look)
   ]]> http://codegarage.com/blog/2011/08/how-to-clean-up-the-timthumb-security-vulnerability/feed/ 15 http://codegarage.com/blog/2011/08/how-to-clean-up-the-timthumb-security-vulnerability/ http://feedproxy.google.com/~r/CodeGarage/~3/5VJjMMB-V_g/ http://codegarage.com/blog/2011/05/dealing-with-curly-quotes-in-wordpress-by-changing-your-sites-character-encoding/#comments Sat, 21 May 2011 17:30:04 +0000 Peter http://codegarage.com/blog/?p=294 Here’s a problem I run into every few months with a customer: Their site is suddenly showing strange characters (strange question marks, accented characters, general gibberish) in place of quotation marks, dashes, etc. Oftentimes this happens after a move, but it could also be the result of a few other things.

   The Problem

   The problem is generally a result of pasting straight from Microsoft Word (or similar) into WordPress. Word generates lots of evil characters that WordPress and web servers don’t deal with properly. As a result, you end up with gibberish. And frustration.

   The Solution

   The best solution is to stop pasting formatted text from Word into WordPress. That is, however, not useful if you’re already dealing with the problem. You could manually replace the problem characters, but that takes FOREVER, and writing a script to get into the database and do it for you is a chore I havent been confident enough to take on, because of the relative obscurity of the problem ( and how difficult it is to find every problem instance ). So, I generally take the easy way out, which is this:

   Change your site’s character encoding

   Yep. Just trick wordpress/web browsers to treat the content with Microsoft’s character set, brush your hands off, and be on your way. Here’s how:

   1. Navigate to yoursite.com/wp-admin/options.php
      You’re goign to have to type this in, there are no links from the WP backend to this page.
   2. Seach for “blog_charset”:
   3. Change the value to “windows-1252″ and save.
   4. Move on to more interesting problems

   There you go: Band aid applied. Again, this isn’t an ideal solution, it’s more like the “quick, dirty, I’m tired of dealing with it solution”.

   ]]> http://codegarage.com/blog/2011/05/dealing-with-curly-quotes-in-wordpress-by-changing-your-sites-character-encoding/feed/ 0 http://codegarage.com/blog/2011/05/dealing-with-curly-quotes-in-wordpress-by-changing-your-sites-character-encoding/ http://feedproxy.google.com/~r/CodeGarage/~3/tO4vBHTnTGw/ http://codegarage.com/blog/2011/03/how-to-301-redirect-all-subdomains/#comments Tue, 15 Mar 2011 15:00:14 +0000 Peter http://yourcodegarage.com/blog/?p=288 Just a quick post – I recently had a friend who was moving from a WP MultiUser setup, where each blog had its own subdomain, to one consolidated blog. He wanted to maintain links pointed to his old blogs, so he needed to 301 redirect all the pages on the old subdomains to the appropriate pages on the main domain using his .htaccess file. The code to put it together wasn’t too tricky:

   RewriteEngine On
   RewriteBase /
   RewriteCond %{HTTP_HOST} !^yourdomain.com$ [NC]
   RewriteRule ^(.*)$ http://yourdomain.com/$1 [L,R=301]
   

   This will take any request your site receives, and make sure that the url starts (after the http://) with yourdomain.com. If it starts with anything else (say blog.yourdomain.com, or even www.yourdomain.com), it will be redirected to http://yourdomain.com. This code also allows for deep redirection – that is, if the user typed in

   blog.yourdomain.com/my-favorite-page/

   they’ll be redirected to

   yourdomain.com/my-favorite-page/

   which is definitely what you want.

   ]]> http://codegarage.com/blog/2011/03/how-to-301-redirect-all-subdomains/feed/ 0 http://codegarage.com/blog/2011/03/how-to-301-redirect-all-subdomains/ http://feedproxy.google.com/~r/CodeGarage/~3/jB_kc4hVilI/ http://codegarage.com/blog/2011/03/customizing-wordpress-an-introduction/#comments Mon, 07 Mar 2011 16:00:42 +0000 Peter http://yourcodegarage.com/blog/?p=274 WordPress is an amazingly flexible, powerful content management system – it can do a lot of things for a lot of different people, and can can be contorted to match the requirements of impossibly different businesses. All for free.

   Right, but I just want to change my header

   Of course. Lets talk about how you can go about making small customizations to your WordPress based site. There are routes to take for people of all ability levels – so don’t be afraid if you’re still not exactly sure what “hosting” means.

   I’m going to give 2 paths here, one for people who don’t know html and css from arugula, and one for those who do, even if it’s just barely.

   The easy way out: Choosing a flexible theme

   Over the past 12-18 months, the WordPress community has exploded with a new class of themes – heavily customizable and easy to use, even for those with little or no html and css ability. I’m going to talk about 3 themes here – 2 paid, and one free. Feel free to chime in in the comments with your personal favorite.

   Headway

   Headway is my favorite. It’s not free, in fact, it’s not even cheap – but in my opinion, their visual editor is really fantastic – and just what a beginning WordPress user needs to get them up and running with a great looking, customized theme. Click here to visit Headway.

   Thesis

   Thesis has been around since the beginning of paid themes. It’s hugely popular and has a rabid following. It’s not my favorite for a number of reasons, but how wrong can 35,000 people be? Click here to visit Thesis

   Atahualpa

   Atahualpa is another tricky one. It’s very popular, and refreshingly, it’s free! However, there is a pretty steep learning curve that comes along with it. If you’ve got the patience to power through the learning stage, you’ll no doubt be very excited with the end product. Click here to visit the Atahualpa homepage

   The Road Less Travelled – Modifying theme code yourself

   The other option is a little less glamourous, and a lot more migraine inducing, but the possibilities are limitless. WordPress works on a templating system that is both easy to use, and robust enough to let you do anything you want it to. The kicker is: you need to learn how HTML, CSS, and even a little bit of PHP if you’re going to make this work. You don’t exactly need to be an expert in any of them to make small changes to an existing theme though. Here’s the quick overview, and some links to get you pointed in the right direction:

   WordPress Theme Files

   Nearly every WordPress theme consists of the same basic set of files, listed here:

   • index.php Index.php is your theme’s go-to guy. Traditionally, it controls the homepage (although if your theme has a file called “home.php”, that’s what will control your homepage). When all else fails, index.php is the file that WordPress looks to to generate your page.
   • header.php This one isn’t too tough. Header.php controls – wait for it – your header. In most themes, every single page on your site will share a header – so if you’re looking to add an image into your header, this is a good place to start your search.
   • footer.php Another no brainer. Looking for that hard to find copyright text? Start checking here.
   • sidebar.php More easy stuff – here’s where your sidebar code traditionally goes.
   • single.php This file is in charge of single post pages – like the one you’re looking at right now.
   • page.php This file is in charge of “Page” pages.
   • archive.php This file controls the layout of your archive pages – for example, the pages displayed when you click the “March 2011″ link on this blog, or one of the category links in the sidebar. A warning – categories are sometimes controlled by another file (category.php).
   • style.css Here’s where things get interesting. The style.css file is usually the single source of all CSS (which controls the actual look and feel of your blog – things like colors, layout, fonts, etc) on your theme. Get comfortable with this file, and the CSS that it uses.

   That is, unfortunately, not even close to a complete list. Fortunately, there’s a handy diagram at this page on wordpress.org.

   Now, you at least know where to start looking – all that’s left is to figure out what to do once you get there. Here are a couple of great tutorials to get you on your way:
   HTML Tutorial
   CSS Tutorial ]]> http://codegarage.com/blog/2011/03/customizing-wordpress-an-introduction/feed/ 0 http://codegarage.com/blog/2011/03/customizing-wordpress-an-introduction/