Here is how to add custom JavaScript to WordPress admin area (dashboard):

Just copy code below and paste it to your themes functions.php file.

Dont forget to change "your-theme/assets/js/CustomJS.js" with path to your JS file.

// Add Custom JS to WordPress Admin Area Footer
function custom_admin_js() {
   echo '';
}
add_action('admin_footer', 'custom_admin_js');

// Add Custom JS to WordPress Admin Area Header
function custom_admin_js() {
    echo '';
}
add_action('admin_head', 'custom_admin_js');

The post WordPress add JavaScript to admin first appeared on Milos Spasic - web developer.

// setup one language for admin and the other for theme
// must be called before load_theme_textdomain()

function set_my_locale($locale) {
     $locale = ( is_admin() ) ? "en_US" : "sr_RS";
     setlocale(LC_ALL, $locale );
     return $locale;
}
add_filter( 'locale', 'set_my_locale' );

First language is for admin area, and second one is for theme and entire WordPress front end.

This must be called before: load_theme_textdomain()

If you have problems with plugins translation, check out function: load_plugin_textdomain()

The post WordPress setup one language for admin and the other for theme first appeared on Milos Spasic - web developer.

Securing WordPress – six primary rules:

1. Use unique database prefix
2. Update wp-config.php to the newest version
3. Edit your theme’s functions.php file to remove some risky messages
4. Use .htaccess to secure wp-config.php and .htaccess file itself
5. Install two great WordPress security plugins
6. Keep your WordPress up to date

Use unique WordPress database table prefix for your installation

WordPress database table prefix is the default weakness for all WordPress blogs, because nobody ever bothers to change it. Hackers know this very well and they use it to massively deface WordPress sites. Don’t be lazy and change this. Only problem with this is that you must change it before you have installed your WordPress.

Open your wp-config.php file and find the default WordPress database table prefix. It looks like this:

$table_prefix  = 'wp_';

Change it to something unique and hard to guess(only numbers, letters, and underscores):

$table_prefix  = 'm3x7q_';

Save the wp-config.php and upload it to the host by overwriting the old file. And that was it, you are now ready to continue with the installation.

If you already have installed your blog with the default WordPress database table prefix, don’t worry. There is a solution for that as well.

Changing default table prefix after installing WordPress

Before changing your table prefix, make a backup of your database and be aware that your site is going to be down for a few minutes. Then open your wp-config.php and change your database table prefix as I described for the new installation.

Go to your database using phpMyAdmin, select your WordPress database, click on the SQL tab and paste the SQL commands bellow to rename all WordPress table prefixes from wp_ to whatever you specified in your wp-config.php file.

SQL commands to rename the eleven default WordPress database tables:

RENAME table `wp_commentmeta` TO `m3x7q_commentmeta`;
RENAME table `wp_comments` TO `m3x7q_comments`;
RENAME table `wp_links` TO `m3x7q_links`;
RENAME table `wp_options` TO `m3x7q_options`;
RENAME table `wp_postmeta` TO `m3x7q_postmeta`;
RENAME table `wp_posts` TO `m3x7q_posts`;
RENAME table `wp_terms` TO `m3x7q_terms`;
RENAME table `wp_term_relationships` TO `m3x7q_term_relationships`;
RENAME table `wp_term_taxonomy` TO `m3x7q_term_taxonomy`;
RENAME table `wp_usermeta` TO `m3x7q_usermeta`;
RENAME table `wp_users` TO `m3x7q_users`;

If there are any other tables beside defaults, from plugins or whatever, rename them also using the same method.

Next step is to search the options table for any instances of the old database prefix. To accomplish this, enter the following SQL query in the SQL tab:

SELECT * FROM `m3x7q_options` WHERE `option_name` LIKE '%wp_%'

If you find any options created by plugins, custom scripts, etc. that begin with wp_ rename them to the new prefix. You will be able to change it by clicking on the edit button for each record.

Now search the usermeta table for all instances of the old wp_ prefix. Here is an SQL command:

SELECT * FROM `m3x7q_usermeta` WHERE `meta_key` LIKE '%wp_%'

Rename any entry that begins with the default WordPress table prefix wp_ to the new prefix.

Once you have completed all above steps, check your site for the proper functionality. Test the Admin, pages, posts, search etc. If your site is working normally, you have successfully changed WordPress database table prefix and you can move on to other security tweaks. And for just an case, make another database backup. Top of Page

Update wp-config.php to the newest version

What does this mean? When you are updating your WordPress, wp-config.php stays from your old installation. It doesn’t change because it contains essential information’s for your site, so it can communicate with the database. So why to change it? Because WordPress have drastically improved security in its newer versions and some of that security improvements are contained in the new wp-config.php wich comes with fresh installation.

OK, so how can I upgrade my wp-config.php to the newest version? If we assume that your WordPress is up to date, go and get the latest version of WordPress. Unpack the archive and find the file wp-config-sample.php, rename it to wp-config.php and open it with some editor. Now download your current wp-config.php from the host, and open it with the editor.

In the new wp-config.php find this variables:

/** The name of the database for WordPress */
define('DB_NAME', 'database_name_here');

/** MySQL database username */
define('DB_USER', 'username_here');

/** MySQL database password */
define('DB_PASSWORD', 'password_here');

/** MySQL hostname */
define('DB_HOST', 'localhost');

$table_prefix  = 'wp_';

Replace variables above with the values from your old wp-config.php file.

After you have finshed that, in your new wp-config.php find these lines:

define('AUTH_KEY',         'put your unique phrase here');
define('SECURE_AUTH_KEY',  'put your unique phrase here');
define('LOGGED_IN_KEY',    'put your unique phrase here');
define('NONCE_KEY',        'put your unique phrase here');
define('AUTH_SALT',        'put your unique phrase here');
define('SECURE_AUTH_SALT', 'put your unique phrase here');
define('LOGGED_IN_SALT',   'put your unique phrase here');
define('NONCE_SALT',       'put your unique phrase here');

Go to the WordPress.org secret-key service, copy all you see there and replace the lines above with the new values.

Save your new wp-config.php file, and upload it to the server by overwriting the old file.(first backup the old file for just in case)

Go to your site, if you done everything correctly, you should see the front page. If not, you will see the warning that WordPress cannot connect to the database. If that happens, don’t panic, you have just missed to copy some of the variables from your old to the new wp-config.php. Go and check everything once more, I’m sure you will find the missed variable. Top of Page

Edit your theme’s functions.php file to remove some risky messages

By default, WordPress displays its version in the head of your site:

That is bad, because if hackers find out what is the version of your software, they can hack it more easily.

To remove that version notification from the head add these lines to your themes functions.php file:

Also, when someone illegally try to log on to your admin area, WordPress by default displays error messages about wrong password or user name etc. That is bad! You don’t want to make things easier to attacker to hack in to the you admin area. Remove these error messages by adding these lines to your themes functions.php file:

That is all, save your functions.php and upload it to the host by overwriting the old file. Top of Page

Use .htaccess to secure wp-config.php and .htaccess file itself and to disable directory browsing

If someone have their eyes on your wp-config.php file, your site is history, there is no need to give further explanation about this. And if someone get hold of your .htaccess, he could redirect your site to some phishing website. That is also catastrophic situation. Also its not a good idea let someone to view your directory content. So how can we protect these two vitally important files for our WordPress site and prevent directory browsing?

Solution is very simple, download the .htaccess file from your host and open it with the Notepad. If you are using custom permalinks, you should see this:

# BEGIN WordPress

RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# END WordPress

Add these lines of code before code above:

# disable directory browsing
Options All -Indexes
# secure wp-config.php

order allow,deny
deny from all

# secure htaccess file

order allow,deny
deny from all

When you are finshed, your .htaccess file should look like this:

# disable directory browsing
Options All -Indexes
# secure wp-config.php

order allow,deny
deny from all

# secure htaccess file

order allow,deny
deny from all

# BEGIN WordPress

RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# END WordPress

Save your .htaccess and upload it to the host by overwriting the old file. Go to your site and check if everything is working normally. Top of Page

Install two great WordPress security plugins

All WP experts these days advice us to use plugins that are scanning our site for traces of malicious code. My approach is slightly different, I like to stop bad things before they even have a chance to happen.

I recommend you to install and use these two great WordPress security plugins:

1. Limit Login Attempts
2. Block Bad Queries (BBQ)

I will not go into details about how these plugins work and what is their purpose, you can read all about that on links above. Trust me, they are must have. Top of Page

Keep your WordPress up to date

One of the most basic things about WordPress security is to keep things up to date. There is no perfect software without security holes in it, but WordPress community is doing a great job about fixing this holes constantly.

So please, update your WordPress regularly. You can do automatic Update or manual update.

Remember, your plugins and themes should be also updated regularly. By doing regular updates you can save your self hours or days of work if your site gets hacked.

A few more security tips

Read about file permissions in WordPress, and set up them wisely. Bad file permissions can easily lead to be hacked.

Also if have default admin user on your blog, delete it and assign his posts to some other user name. Regulars backups of database, wp-content and uploads folder are also the things that you must never forget to do.

Conclusion

If you follow these WordPress securing instructions, you reduce the probability to be hacked at some minimum level. I follow these rules so long and so far I have never failed.

OK people, that’s all about Securing WordPress for now. If have any comments, suggestions or questions, feel free to post them below. I’ll be glad to answer you.

The post Securing WordPress first appeared on Milos Spasic - web developer.

A little off topic – my laptop is Toshiba Satellite A100-01Q.
You can download all drivers for Windows Vista and
Windows 7 32 bit / 64 bit on this link.

So, my laptop died and suddenly I have a free time, but I feel bad… It crossed my mind that I can try to feel better if I write something, so I decided to write the first blog post on this site. Some would say that I am crazy because I’m writing under these circumstances but I think that in every bad situation there is something good. So you see, by writing this post, I’m trying to make something good from today’s event.

OK, enough with the intro, let’s go to the essence of this post. I will going to use this site to write mainly about Web design, WordPress etc. From time to time, maybe I post something personal, but I will try not to be boring. So, if you want to follow my work or if you want to keep up with trends in web design or WordPress tips and tricks, this blog is the right place for you.

You are probably here because of my web development skills. You must keep in mind that sites that are on my Portfolio page are only the 5 chosen ones. I have made many more through the years of freelancing. But I didn’t want to choke you with the ton of content, you can see my skills just fine by looking at that five.

For future articles I plan a tons of interesting topics and tips from my web developing experience. So, stay tuned, we are just starting to have fun. Oh yes, perhaps you want to subcribe via RSS or email, for just in case.

The post The circumstances forced me to write the first post first appeared on Milos Spasic - web developer.