One reason for this is that the more plugins installed on a blog, the more that can slow down the loading time of that blog. If you can hard-code a function into the template, it’s almost always preferable to using a plugin. Plus many of the plugins or widgets I looked at gave very little control over things like styling or where the list appears in the template or even how they even figured out what was “related”. What if you want them to be related by tag instead of category or vice versa? What if you just want other posts by the same author?

After doing some more googling and modifying some of the code I found I figured out how to do everything I wanted to and more. My client was extremely pleased with the results and was amazed that I’d even been able to implement it without using a plugin or the widget she had originally wanted:

“It IS cool! A zillion people are going to see it now and want it on their WP blogs! Thanks!”

Which leads us to this post. I thought I would share my findings so that you can implement the same feature on your own WordPress blog. Below I will show you how to add related posts by category, tag or author. I will preface this by saying you should probably have some very basic knowledge about how to edit a template in WordPress, but for the most part, you can copy the code directly and paste it into your template. That’s it. For people with more advanced knowledge I’ll point out things that you can edit further and customize to your liking.

Where to add the code:

To start, you should figure out where you want your related posts to show up. Generally, you are going to want to include this on your single post page, which is the page that has the full post including comments. In your WP admin, click on Appearance>Editor and look for the template called Single Post or single.php. You may also want it to show up on your main page (index.php) and your archives (archive.php). If you do want this to show up on all three templates, generally you can just copy and paste the same code in the same spot on all of them, but some themes may have the archives or index page formatted differently. When in doubt just put it on the single post template and that’s probably enough.

There will be two separate pieces of code and two different places you need to find in your template to insert them. The first is the beginning of the WP loop and the second is the spot that you want the related posts to show up.

The beginning of your loop is going to look like either of these:

The first code snippet should be inserted directly above this line. It’s very important that it’s above because you want it to be outside of the loop. It can create some very weird behavior otherwise, which I found out in the trial and error of testing all of this.

The other code snippet will be inserted inside the loop in the place where you want the related posts to appear on your page. If you’re not sure where it should go generally you are going to want it at the bottom of the post either after the post ends or after the comment link (assuming that’s at the bottom of your post). Look in your template for something that looks like this and insert the code somewhere underneath. You can always move it around until it appears in the place you want it to.

Adding Thumbnails:

If you want to display thumbnails, you will have to go one step further and add a thumbnail image custom field to your posts. If you want, you can just start doing this on your most recent post, but you may want to go back through previous posts and add thumbnails to them as well (at least the last 5 posts or however many you want to display). Until you have a bunch of posts with thumbnails assigned, it won’t have too much to choose from when displaying the related post list.

Adding a custom field is simple. If you haven’t already, upload your photo in WordPress. If you’ve already uploaded the image you want to use, open the uploader and choose the image you want from the gallery. The WP uploader will have created different sizes for you. By Alignment, choose Left and by Size, choose Thumbnail and click the ‘Insert into Post’ button. Copy the entire code snippet and scroll down the post page to the box that says Custom Fields. Under “Add new custom field” click on the “Enter New” link. Under “Name” type: thumbnail. Paste your image code into the large box under “Value”. Click on the button that says “Add Custom Field”. That’s it. Finish and publish your post like normal.

See it in Action:

Below is the code you need to implement these functions on your blog. Copy it into your template and you’ll have a simple unordered list without thumbnails. Read the further customization section for what you need to change to make it display thumbnails and other customizations like changing the number of posts or what order they appear in.

But before you see the code (which I realize may just look like a bunch of gibberish to some people), here are some examples of it in action:

Related by Category, with thumbnails:

• Chickens in the Road
• Back to the Cutting Board

Related by Tag: Look at the bottom of this very post (or any of the posts on this blog) to see the related post list using this function.

Skip Directly to the section you want:

• Related Posts by Category
• Related Posts by Tag
• Related Posts by Author

Related Posts by Category

Via DarrenHoyt.com

This code searches other posts in the same category and returns the title of 5 random posts in list form.

Insert this above your loop:

Insert this in the spot that you want the list to show up:

Further Customization

Change the number of posts that show up:

1. On Line 14 of the first snippet, change the number ’6′ to the number of posts you want plus one. So if you want 10 posts, put in 11.

2. On Line 21 change the number ’5′ to the number of posts you want to show.

Change the order of posts that show up:

1. On Line 14 change orderby=rand to any of the following:

• orderby=author
• orderby=date
• orderby=title
• orderby=modified
• orderby=ID

Display thumbnails, with post title underneath:

1. Change Line 14 to:

This tells it to only search for posts with a thumbnails. If all your posts have thumbnails, then you can skip this step.

2. Change Line 23 to:

This is the formatting. Both the thumbnail and the post title below it link to the post’s permalink.

3. You may also want to style your thumbnails (add a border, spacing between them, etc.). The alignleft class should already be in your stylesheet if you have any kind of standard WP theme, but if you don’t see it listed, add this to the end of style.css for some basic styling:

Related Posts by Tag

I combined code from DarrenHoyt.com and Techie Blues for this function.

This code searches other posts with the same tags and returns the title of 5 random posts in list form.

Insert this above your loop:

Insert this in the spot that you want the list to show up:

Further Customization

Change the number of posts that show up:

1. On Line 13 from the first snippet, change the number ’5′ to the number of posts you want to show.

Change the order of posts that show up:

1. On Line 14 change ‘orderby’=>rand, to any of the following:

• ‘orderby’=>author,
• ‘orderby’=>date,
• ‘orderby’=>title,
• ‘orderby’=>modified,
• ‘orderby’=>ID,

Display thumbnails, with post title underneath:

1. Under Line 13 add:

This tells it to only search for posts with a thumbnails. If all your posts have thumbnails, then you can skip this step.

2. Change Line 22 to:

This is the formatting. Both the thumbnail and the post title below it link to the post’s permalink.

3. You may also want to style your thumbnails (add a border, spacing between them, etc.). The alignleft class should already be in your stylesheet if you have any kind of standard WP theme, but if you don’t see it listed, add this to the end of style.css for some basic styling:

Related Posts by Author

Via DarrenHoyt.com

This code searches other posts by the same author and returns the title of 5 random posts in list form.

Insert this above your loop:

Insert this in the spot that you want the list to show up:

Further Customization

Change the number of posts that show up:

1. On Line 9 of the first snippet, change the number ’6′ to the number of posts you want plus one. So if you want 10 posts, put in 11.

2. On Line 17 change the number ’5′ to the number of posts you want to show.

Change the order of posts that show up:

1. On Line 9 change to orderby=rand to any of the following:

• orderby=date
• orderby=title
• orderby=modified
• orderby=ID

Display thumbnails, with post title underneath:

1. Change Line 9 to:

This tells it to only search for posts with a thumbnails. If all your posts have thumbnails, then you can skip this step.

2. Change Line 19 to:

This is the formatting. Both the thumbnail and the post title below it link to the post’s permalink.

3. You may also want to style your thumbnails (add a border, spacing between them, etc.). The alignleft class should already be in your stylesheet if you have any kind of standard WP theme, but if you don’t see it listed, add this to the end of style.css for some basic styling:

The post How to add Related Posts with (or without) Thumbnails to your WP Blog appeared first on Swank Web Design.

DON’T FORGET ABOUT YOUR PLUGINS! Security vulnerabilities can be just as much of an issue with plugins so they need to be updated, too. The newest version of WP makes this easier than ever. It tells you when you have a plugin that needs updating (a bubble pops up on the plugins link like it does for new comments) and all you have to do is press on “upgrade automatically”. On many servers, you don’t need to do anything it will upload and install the plugin in seconds. If your server isn’t set up that way, then you just need to put in your ftp host (in most cases, ftp.yourdomain.com), username and password. Your host would have sent all this info to you, so you should have it. If you don’t then get it, this is really important information to have.

ADD SECRET KEYS TO YOUR WP-CONFIG.PHP. As of WP 2.5 and then later in 2.6, they introduced the addition of several keys that can be added to increase security for your blog. Open up wp-config.php and find this line:

define(‘DB_HOST’, ‘localhost’); // 99% chance you won’t need to change this value

Under it add these:

define(‘SECRET_KEY’, ‘PuT-in-A-bunCh-of-ranDom-leTTers,NumBers-and-syMbolS’);

define(‘AUTH_KEY’, ‘PuT-in-A-bunCh-of-ranDom-leTTers,NumBers-and-syMbolS’);

define(‘SECURE_AUTH_KEY’, ‘PuT-in-A-bunCh-of-ranDom-leTTers,NumBers-and-syMbolS’);

define(‘LOGGED_IN_KEY’, ‘PuT-in-A-bunCh-of-ranDom-leTTers,NumBers-and-syMbolS’);

You need to put a different random string of characters in each line. You will never have to remember these, so make them as long and as random as possible. This handy site will generate a random string for your every time you refresh the page.

EDIT UNSECURE TEMPLATE TAGS.

In search.php or searchform.php find this:

<?php echo $_SERVER ['PHP_SELF']; ?>

And replace it with this:

<?php bloginfo ('home'); ?>

That makes it so it can only search your blog and not your entire server.

Also check search.php, searchform.php or header.php for this:

<?php echo $s; ?>

This allows malicious code injection so replace it with this:

<?php echo wp_specialchars($s, 1); ?>

MAKE IT IMPOSSIBLE FOR SEARCH ENGINES TO INDEX WORDPRESS FILES. It’s not a good idea to let search engines like google index every single part of your site, specifically your WordPress files. Say that a vulnerability is discovered in one of the files in the wp-admin folder. A hacker could just google that file name and the first site at the top of the list is the one he’s going to hack today. To prevent this simply open up notepad or an HTML/text editor and add this:

User-agent: *
Disallow: /*/feed/
Disallow: /*/feed/rss/
Disallow: /*/trackback/
Disallow: /wp-
Disallow: /feed/
Disallow: /trackback/
Disallow: /tag/

Name it robots.txt and upload the file to your WordPress directory (same place where you should find wp-config.php and .htaccess). This not only disallows search engines from indexing private WP files, but also prevents them from indexing redundant files (which search engines can read as trying to spam them).

DON’T ADVERTISE WHAT VERSION YOU ARE RUNNING. If all your blog pages say “Powered by WordPress 2.5″ (when the current version is 2.6.2), then you are just asking to be hacked. Take that version out of your template. In most cases this is going to either be in the sidebar.php or footer.php files. Look for either of these template tags and delete them:

<?php get_bloginfo('version'); ?>
<?php bloginfo('version'); ?>

Also, check header.php, look for this line and delete it:

<meta name="generator" content="WordPress 2.5" />

Unfortunately, in 2.5+ WordPress has started inserting this automatically. This is bad because hackers only need to put that line into a search engine to find people using old versions of WP. If you have your robots.txt in place then this is not a major issue, because your template won’t be showing up. But if you are still uncomfortable with having your version so public (they only need to view the page source to see it), then open up notepad or an HTML/text editor and paste this in:

<?php remove_action( 'wp_head', 'wp_generator' ); ?>

Save as functions.php and upload it to your theme folder. If you have widgetized sidebars, then you probably already have a functions.php, so just edit the file and insert that code in there.

*Hat tip to Binary Moon for this.

MAKE SURE YOUR DATABASE PASSWORD IS NOT THE SAME AS ANY OTHERS. Your wp-config.php is a very easy file to find. It has your database password sitting right inside it. You absolutely must make sure that your database password is completely different from your WordPress password and your FTP/cpanel password. If you are using the same password for all, a hacker can easily find this file and get in everywhere. If it is the same, then it will probably be simpler for you to change your WP and FTP passwords. But changing your database password isn’t too hard through cpanel (click on MySQL and add a new user and password, then assign that user to your WP database, then go and update your wp-config.php file with the new user info).

DON’T USE THE DEFAULT SETTINGS. Most of the time, when you install WordPress it automatically gives you the username ‘admin’. Hackers know this, so it can be unsafe because then all they have to do to get in is guess the password. Go to Users and add a new username for yourself. For the role, choose Administrator. Once you’ve added your new username, log out and log in as the new user. It’s better to have your nickname (what is displayed publicly on your blog) be different from your username, so you might want to edit your new user profile to change that. Then check the box next to the admin username and delete it. It will ask if you want to attribute all of admin’s posts to someone else, choose your new username. This will transfer all your posts over to the new username.

CHANGE THE DATABASE PREFIX. This is really a recommendation for when you are setting up a new installation of WordPress. It’s not recommended for already installed blogs, especially for beginners as you can severely mess up your blog. But if you are setting up a new WP blog, it’s a simple thing you can do to help increase security. In the wp-config file, just look for the line that says:

// You can have multiple installations in one database if you give each a unique prefix
$table_prefix = ‘wp_’; // Only numbers, letters, and underscores please!

wp_ is the default prefix and hackers know this, so this is just another case of changing the default WP options. Change it to anything you want, though you’ll probably want to keep it short and random like kb_, cc_, ibc_, aba_, etc.

The plugin I mentioned in my previous post, WP Security Scan, will actually change the prefix for an already installed blog, but proceed with caution and make sure to backup your database before you try it.

Here are some other plugins I know of that can help make your blog more secure:

AskApache Password Protect – The author describes this plugins as creating a virtual wall around your blog to stop attackers from exploiting any kind of vulnerabilities. Has some server requirements, though, so make sure you have those before installing.

Login Lockdown – Records the IP of every failed login attempt of your blog, the IP gets locked out after a certain number of failed attempts. You can set this number and how long they get locked out, but the default is 3 failed attempts locks them out for an hour.

Stealth Login – You can customize the login and registration URLs of your blog. Just another example of changing the default options, making it harder for hackers to get in.

Secure WordPress – This plugin removes the error info on the login page (so it doesn’t say “Wrong Password” anymore when you try to log in), removes the WP version from your theme and adds an index file to your plugin directory, so it can’t be accessed directly.

The post Web 101: Fixed a hacked site and prevent it from happening again – Part 2 appeared first on Swank Web Design.

Unfortunately, this can happen to anyone and there are a myriad of ways that a hacker can get into your site.  I believe in this instance that the hacker was able to guess her password, which was a very simple name.  So what is one to do if your site is hacked?  My client had no clue and I know that not everyone has a trusted designer or tech support that they can email with problems such as these (plus speed is key, so waiting around for help can be frustrating), so I thought I’d write up a checklist of things you should do to remove malicious code from your hacked site and prevent it from happening again (or ever if it hasn’t happened yet).  I’m specifically going to be using WordPress blogs as an example since almost my entire clientele uses WordPress, but most of these things can be applied to all content management systems.

CHANGE YOUR PASSWORDS. First things first when you discover your site has been hacked is to change your passwords FOR EVERYTHING.  You’ll absolutely want to change your blog password and your FTP/control panel passwords (if they aren’t the same).  But if you use the same or similar password for your email or anywhere else, you are going to want to change them as well.  Even if you’ve never been hacked, it’s good practice to change your passwords regularly, at the very least yearly.  Make your passwords as secure as possible and try not to use the same password for everything:

• Use a combination of letters and numbers as well as lowercase and uppercase and possibly even some symbols
• Try not to use recognizable names or dates/numbers
• 6-8 characters is a good length (though the longer the better)

Here’s a password trick I learned a while back that has been invaluable to me.  It’s a way to make every password for every site you visit different, but also something that you can remember.  First think of a good base using the rules I mentioned above, like: Xd5ye8*K

It may be hard to remember at first, but you are going to be typing it over and over so you should have no problem memorizing it eventually.  Next, you’re going to add an identifier of the site your password is for, so you need to come up with a system.  Examples of this could be the first four letters of the site name or the first two and last two.  It doesn’t really matter how you want to do it, just come up with a rule that can be applied to all sites.  Once you’ve done that add the letters to front or back of the base password you already came up with.

So for flickr, you password would be: flicXd5ye8*K.  For gmail it would be gmaiXd5ye8*K. For facebook faceXd5ye8*K, and so on.

DELETE/CHANGE YOUR USERS’ PASSWORDS. The hacker could have registered themselves as a user on you blog so that they could get in again.  Or they could have changed the password for one of your users so they could log in under that username.  Click on Users in your WP admin and look over the list of registered users.  If you have too many users and don’t want to have to change them all, you might consider deleting them all (except for yourself, of course).  People can always re-register.

Look for users with suspicious or spammy looking emails and delete them.  Many of my blogs have been getting a lot of registration spam lately.  Delete these users immediately, specifically if any of the users have an email address like xzy@mail.ru or anything else that looks random or generic.

If you don’t have a lot of users, then if may just be better in the long run to turn that option off altogether.  Go to Settings and under Membership, un-check the box next to “Anyone can register”.

SEARCH YOUR THEME FILES.  Next you’ll need to find whatever the hacker added and take it out.  The first place to look, especially if you are a WordPress user, is your template.  In your WP admin, click on Design and then Theme Editor.  A list of all your theme files will be down the right side.  The main ones you want to check are header.php, sidebar.php, footer.php and index.php, but you will want to check every single file listed for anything suspicious.

So what is suspicious code?  Look for anything that looks like a bunch of garbled text/code, or maybe a bunch of links to spammy-looking sites.  Specifically look for anything that uses the eval() command, base64_decode(), k1b0rg or keymachine.de and delete these lines of code. (You may want to back up your theme files before doing this in case you accidentally remove something important.)

UPGRADE/REPLACE YOUR WORDPRESS FILES.  If you don’t have the most recent version of WordPress, upgrade immediately.  Here’s a tutorial I wrote if you need help. Even if you are current, you should replace all your files with a fresh install in case the hacker modified any of the files or added any new files to your WP folders.  This means completely removing your wp-admin and wp-includes folders and all of the wp-something.php files that are in the main WP directory.  DO NOT remove wp-config.php or the wp-content folder. Everything else is replaceable, though.

CHECK FOR SUSPICIOUS FILES IN (AND AROUND) YOUR WORDPRESS DIRECTORY.  You can access this via FTP or through your control panel file manager.  First look at your .htaccess file, which is in the main WP directory (or root as it’s called).  If you have nice permalinks (links to posts look like http://yoursite.com/2008/09/08/post-title/) it should look like this:

# BEGIN WordPress

RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# END WordPress

There probably won’t be much else in there unless you’ve specifically added something.  Though some plugins like WP-Super Cache or feed/site redirecting plugins do add things to this file, so just be careful about if you delete anything from this (again make sure you have a backup).

Since you didn’t delete your wp-content folder, you will need to check this for suspicious files as well.  The main place to look will be your uploads folder, where the pictures you upload to your blog are stored.  For most WP blogs this is in wp-content>uploads though some older blogs may not have the uploads folder.  They might also be separated into year and month folders.  Look through all the files and make sure they are the right file extensions.  Picture file extensions are .jpg, .gif, .png and bmp.  Delete anything that isn’t one of these extensions unless you uploaded it yourself.  Nothing with a .php file extension should be in your uploads folder.  Those kinds of files are most certainly bad.  Besides looking for weird file extensions, look for files that have strange/random names that you know you did not upload.  If you see a folder called js_cache with a file in it starting with tinymce_, that is supposed to be there, so don’t delete that.

After checking your uploads folder go through and also check your plugins and themes folders for the same kind of files.  Make sure to check the images folder in your themes.  You may want to reinstall all your plugins as well to make sure none of them had been modified either. (I’ve never seen that happen, but you never know).  I have seen and heard of files being added the cache folder if you have WP Super Cache or the image-headlines folder if you using that plugin (or ones like it), so those are definitely ones to delete and reinstall if you have them. Also, be sure to check any and all other folders and files in your root directory for anything suspicious that you know you did not put there.

Checking all these things may sound tedious, but if you know the exact day the hack happened, you can look for things that were added/modified on that day.

CHECK AGAIN. So you went through all your files and you think you got everything bad removed, but how can you be sure?  That’s where these handy plugins come in:

WordPress Exploit Scanner – This will scan your files and your database for suspicious activity.

WP Security Scan – This will scan your site and show you any vulnerabilities you have.  This is for more advanced users, as it doesn’t always tell you how to fix these vulnerabilities (it assumes you already know).  I’ll talk more in my next post about some of the simpler things that you can do to make your site more secure.

Also check out this article which goes into a bit more depth about some of the specific hacks that can happen to WordPress users and some fixes for them. (There’s some good tips in the comments as well.)

NOTIFY GOOGLE THAT YOUR SITE IS SAFE. Now that you’ve gotten everything removed and your site is safe again, how do you get google to remove that warning?  When I visited my client’s hacked site in Firefox 3, it wouldn’t let me view it.  It gave me a big red screen saying the site was dangerous.  Unfortunately, this doesn’t automatically go away once you remove the malicious files.  You need to notify google to re-scan your site and verify that it is safe again.  You can do this by putting in your URL here: http://www.google.com/safebrowsing/report_error/?tpl=mozilla

You can also request a review using Google Webmaster Tools.  You have to register and verify your site first, so it’s a little more involved, but I think you may get faster results if you go through the effort. Here’s some more info about that straight from Google.

In my next post I will talk about some of the things you can do to keep your site secure and prevent it from being hacked.

Go to Part 2.

The post Web 101: Fixed a hacked site and prevent it from happening again – Part 1 appeared first on Swank Web Design.

What you need

1. You’ll need advanced template access in Typepad.
2. A Share This script for your registered blog.
3. Some HTML knowledge.

Basics

The Typepad foundation uses Moveable Type tags. You’ll see a tag called < MT Entries > that surrounds your posts. These tags are what list the posts on the page. There is an tag to close the post area. You’ll need to use these tags to place the ShareThis script in each post.

If you look in your Main Index Advanced Template, you will see a tag < $MTWeblogIncludeModule module=”entry-list-sticky”$ >. This is where your < MT Entries > ……. < /MT Entries > tag actually lives on the front page. In other pages (Individual, Date Archive, etc) we’ll be modifying a similar, but slightly different, entry list module. So it’s not going to be as obvious about where to place the script. We’ll need to do a teeny tiny hack to get it to display at each post.

The Hack

1. Log in to your Advanced Templates and choose your current design. Feel free to create a backup copy of your current design and mess with that one. This has saved me several (hundred) times.

2. Go to the Create New Template Module. Name it something helpful and obvious. We’ll be making two new modules, one for the main index page and one for the individual entry pages. I’m naming my main page module entry-list-addthis-main.

3. Open a new tab (or window) and copy the Featured Post code.

4. Paste your code in to the new entry-list-addthis-main module.

5. Copy your Addthis Script and place it just below the < p class=”entry-footer-info” > < $MTEntryPostFooter$ > Tag.

6. Publish your template.

7. Open your Main Index Template and look for the original < $MTWeblogIncludeModule module=”entry-list-sticky”$ > and replace it with < $MTInclude module=”entry-list-addthis-main”$ > (be sure to put the name of your main module if you chose a different name! And there shouldn’t be any spaced in the tags.)

8. Save and Publish your templates.

(As an aside…. Feel free to place < p > tags (no spaces) around the script if you want it on its own line like this..)

Individual Archive Pages

Only slightly different since we’ll be using the Individual Entries tag, you’ll create another module (I called mine entry-lists-individual. Such Genius.) Copy and Paste the code from the individual entries tag in to the template. Place your script in the same location (under the < div class=”entry-footer” > < MTIfNonEmpty tag=”MTEntryPostFooter” > < p class=”entry-footer-info” > tags) placing a < br / > between them if you’d prefer. (Click Save) Go back to your Individual Archive template and replace < $MTWeblogIncludeModule module=”entry-individual”$ > with < $MTInclude module=”entry-list-individual”$ >. (Click Save)

Publish your posts.

Viola!

(Special thanks to Asha for the module tips.)

(Created and originally posted on Mrs. Flinger)

The post Adding ShareThis plugin to Advanced Typepad Templates appeared first on Swank Web Design.

What I find funny is his rationalizing of why it’s okay for some blogs (*ahem* the one he’s writing on) to use partial feeds. The only instance in which I think it’s okay to offer a partial feed is if you offer a full feed as well. I have seen several blogs that offered a full feed with ads and a partial feed without ads. I have no problem with that, it even kind of makes sense. Although, I can’t imagine there are an overwhelming number of people that hate ads so much they would put up with the frustration of a partial feed. But different strokes, right?

You should respect your readers enough to let them choose how they want to view your site. Offering just a partial feed takes that choice away and more often than not, they won’t bother reading at all.

The post Web 101: Full vs Partial Feeds appeared first on Swank Web Design.

The problem is that many people don’t know how to go about installing plugin or think they are not technologically inclined enough to be able to. But these days most of the plugins available for WordPress only require one or two steps to get working so anyone can do it.

If you read my other tutorial about Upgrading WordPress then you will be familiar with the basics. You will need an FTP client to connect to your web space. If your host used cPanel, you can also use the file manager and upload plugins from there. Most plugins are installed in the same place, a folder called ‘plugins’ inside the wp-content directory.

To activate or deactivate a plugin, you just need to log into your WP admin and find Plugins in the top menu. This page lists all installed plugins.

The really great thing about the newest version of WordPress is that it will keep track of most of your plugins and let you know if they need to be updated.

Finding Plugins

Now let’s talk about where to find plugins. There are two big places to find pretty much all the WordPress plugins available:

First is the Plugins Directory on the main WordPress website. However this is still fairly new, so it may be a bit limited. But you’re going to find the newest version of plugins here and it will tell you what version of WP the plugin is compatible up to. This is where the updater in you WP admin culls from, so if you’re plugin isn’t in here, it’s not going to tell you when there’s an update available.

The other place is Plugins Database. This has been around for 3+ years, so it’s really extensive. The problem here is that some of the plugins are for REALLY old versions of WordPress and/or haven’t been updated in a long time. You could find the perfect plugin and find out that it doesn’t work anymore. It’s important to click on the Plugin Homepage link here because that will usually take you to a page that tells you if this plugin has been updated for the newest version of WP.

Another option is, of course, Google. Since WordPress is open source, it’s not uncommon that a new person will take a plugin that hasn’t been updated in a long time and take over the development of that plugin. So if you are struggling to find a plugin that does a specific thing or find out if someone has updated a certain plugin, Google can definitely be your friend. The WP Support forums are also a good place to find out info.

Installing Plugins

The main thing with installation is to follow the developer’s instructions. Some plugins may have really specific things you need to do. However, like I said above, most plugins these days have three steps:

1. Download and unzip the plugin.

2. Upload the plugin folder/files to your wp-content>plugins directory.

3. Activate plugin.

If a plugin has any kind of configuration options, these will usually appear in your WP admin under Options, though depending on the plugin could also appear under any of the other top menu items, like Manage.

Handy Plugins

I thought I’d go though some plugins that are really useful and add some great features to your website or blog.

Site and Admin plugins

1. First let’s talk about a plugin that already comes installed with WordPress. It’s called Akismet and it’s a spam prevention plugin. If your blog has comments you WILL get spam and this is the BEST spam prevention plugin available. There is absolutely no reason for you not to activate this plugin, in fact you are creating a big headache for yourself if you don’t.

In order to use Akismet, you need a WordPress API key. However, this is simple to get. If you ever had a WordPress.com blog or signed up for a username to comment on a WordPress.com user’s blog, then you already have one. Log into your WP.com account and find this under Users>Your Profile. If you don’t have a WordPress.com account or you don’t want one, don’t fear, you can just sign up for a username, which will give you an API key. Go to wordpress.com and click on Sign Up, then make sure to check the “just a username” option on the sign up form. You will be emailed your API key. Copy the key, go to your blog and activate Akismet, and put in your key where it asks you to. The newest version of Akismet has to option to automatically delete spam on older entries. I’ve found that MOST spam comes in on your oldest entries, so this is a really great option. Otherwise anything tagged as spam will appear under Comments>Akismet Spam and you can check to make sure no real comments have gotten tagged. If they have, just check next to ‘Not Spam’ and it shouldn’t tag that commenter as spam anymore.

2. OneClick. The great thing about this plugin is that it makes other plugins and themes easier to install. You don’t need to use an FTP client to install plugins anymore. You don’t even have to upzip the plugins. Once this plugin is installed, you can upload and install plugins right from your WP admin. All you have to do it upload them and it does ALL the installation work for you. He even made a companion extension for FireFox users that makes the process even simpler.

3. WP-DB-Backup. If you read my tutorial about upgrading WP, you know how important your WordPress database is and how important it is to back it up regularly. With this plugin, you can do it straight from your WP admin.

4. Google XML Sitemaps. Having a sitemap is easiest way to set your site up for better search engine optimization and this plugin creates one for with a few clicks.

5. WP Super Cache – If you have an even slightly high traffic blog or website, this plugin will save you tons of money on bandwidth costs. It’s also really handy to guard against Digg or other social networking sites whose huge traffic spike could literally bring your site down.

6. Feedburner Feedsmith. Route your WP feed through Feedburner, a very handy service that keeps stats for your feed as well as adding a lot of really nice functionality. This plugin sets it up so all your feeds will automatically forward to your new feedburner address, so you won’t lose subscribers and you get the most extensive look at who is reading you via feedreader.

7. WP-Shortstat. One of my favorite stats plugins. This one has gone though many developers though the years and there are a few different versions floating around, but this is most recently updated.

Features or additional functionality

8. Simple Tags. Like the new tagging feature in WP 2.3 but frustrated with the lack of management for your tags? This plugin is all you need. It auto-suggests tags for your posts, lets you add/edit/delete tags, mass edit tags on ALL posts, add related posts on all your entries, tag clouds and much more.

9. Enhanced WP Contact Form. A very simple, but nice, contact form plugin with spam prevention option.

10. WP You Tube. Easily add videos from You Tube to your posts.

11. Sideblog. Very handy plugin for creating a miniblog/linkblog on your blog sidebar or even on another page of your website (like if you wanted to have “News” section on your main page or something like that).

12. Subscribe to Comments. Allows your commenters to subscribe to receive notice of additional comments. Very handy, especially if you have long comment threads.

13. Easy Gravatars. Adds gravatars to your comments, no template editing necessary.

14. Exec-PHP. Use PHP in your posts or pages. Really handy plugin, especially in addition to other plugins that require you to use special template tags or code in your posts or pages.

Advanced plugins

15. Secure Form Mailer Plugin. This is hands down the best contact form I’ve found. You can set up multiple forms on your site, and you can edit the form fields to your heart’s content using many many options, such as dropdown menus, radio buttons, check boxes, text areas, upload fields, plus it’s very secure and doesn’t let in spammers. This is probably more than some people need, but if you need an custom contact form, this is your best bet.

16. Custom Field GUI. This plugin is for more advanced users as it requires some basic configuration and template editing, but I’ve found it to be a really handy plugin. It lets you add custom fields to the Write Post page in your WP admin. Say for instance you have a weightloss blog and every day you post your weight or how many miles you ran. Or maybe you want to say what you are currently reading/doing/watching/feeling. You can add a field to make it easier to add this info to your posts. We’re using it in our portfolio to display information about each project (designer, CMS, launch date, etc.). This plugin allows us to add this info in a matter of minutes whereas if we had to hand code all that info for each project it would take a long time and adding to our portfolio would be a pain to do.

17. WP Mailing List. This plugin is not free (it costs $30 to download), but if you have a mailing list to run, I promise you it is 100% worth the cost. It’s extremely easy to install and set up, you can add multiple lists with multiple templates and it’s all controlled from your WP admin.

18. WP Shopping Cart. Another very easy to install plugin if you want to sell products on your site. Add and edit products right in your WP admin, create and assign templates for your product pages. It’s free, but does have paid upgrades which are worth the price (especially the DropShop and Gridview).

19. Simple Forum. Want a forum for your blog or website but don’t want to bother with trying to figure out how to set on up? This plugin integrates a forum right into WordPress using the inherent multiple user feature. Extremely easy install and set up. Custom templates are available or you can create one yourself. Control everything right from your WP admin.

Plugin Masters

20. Plugins by Lester Chan. There are too many plugins here to mention. Just click on the link and take a look. All of his plugins are really great and do fun as well as useful things. Plus he is a very active developer and usually updates all his plugins after every major WP release.

21. Plugins by Alex King. Another great plugin developer with lots of good plugins. My personal favs are WP-Grins and WP-Mobile Edition and Share This.

I could literally go on and on and on about all the great plugins there are out there. I tried to cover some big ones that do a variety of things in WordPress. Pretty much all of them can be installed and configured in a matter of minutes and they all add some great features for your blog or website.

What are your favorite WP plugins?

The post Beginners Guide to WordPress Plugins appeared first on Swank Web Design.

Being small business owners though, means that some things must be compromised due to costs, and one of those things is often getting professional photographs of the products. While this is not recommended, I completely understand the decision.

When I came across this cool little gadget, I thought it was the perfect thing to recommend to my clients, as a lot of them were selling jewelry and small handmade items. It’s called the Table Top Photo Studio by HAMMACHER SCHLEMMER.

If you’ve used it in the past, I would love to hear your feedback!

The post Creating great photos for your online shop appeared first on Swank Web Design.

I think it is in our nature to love the comfort of familiar surroundings and people, which means that it usually takes a lot of strength to move against the grain. Very often when I ponder success, I wonder if I can handle the publicity, the criticism, the stress of always having to appear perfect, and I start to feel very overwhelmed, you see as much as I dream of being a recognizable success, my fear of it is becoming one of my biggest obstacles.

Successful people seem to have the ability to overcome their fears and inhibitions, the sensibility to move past the maliciousness of some, and the stamina to take endless risks.

I was working at a large corporation for about 6 years, where only the people on my team knew me, and I was so comfortable with being effectively invisible that when I decided to start my own business, it took me several months to get brave enough to even put up my portfolio. My insecurities are sometimes a challenge to overcome, but I am continually learning and being inspired by those around me, and I am slowly making my dream a reality.

Many times I am completely inspired by my own clients, most of whom are following their own dream, and taking chances to make it a reality. I found that as long as they were passionate about what they did, and able to learn from mistakes, their endeavors became successful. As Theodore Roosevelt said “The only one who never makes mistakes is the one who never does anything”…

Are your fears holding you back from achieving your dreams?

The post The Keys To Success: do you have it? appeared first on Swank Web Design.

The whole point of putting an external link on your site is to guide your audience to someone else’s site. It’s usually an act of kindness, not only toward the person you are linking to, but to the people reading your site, who you are sharing this link with. So isn’t it pretty hypocritical to make your links open in a new window? You’re saying “Here, go to this site, it’s awesome, but you’re not allowed to leave my site, because I’m more awesome.” If you don’t want people to leave your site, then you shouldn’t have external links at all. And if people want to stay on your site, then they will, they’re not going to stay just because you force them to leave the window open.

Not only that, but there are major usability issues with having your links open in new windows. I think a lot of people assume that everyone is on the same technological level as they are or maybe that most people know more than they do. “If I know how to do this, then everyone else does, too.” But that’s just not true. I’ve met people who think Internet Explorer is the internet (and it runs on a series of tubes…). No matter how simple a concept you think it is, there’s always someone that just can’t wrap their mind around it.

There are some things that most people understand, though. They understand what a link is and how it should work. When they click on a link they are expecting it to go to the new site. This is what they want to do, so by making the link open in a new window, you are actively ignoring their needs. People understand how the back button works, too. The back button is fundamental in any browser and most people use it liberally. What happens when you open a link in a new browser? Well, it resets the back button. You can’t go back. When someone clicks on a link they are expecting it to go to the new page and if they want to come back to your page they will just click the back button. This is how the internet is supposed to work. Instead a new window is going to pop up (which they are not expecting) and they are probably going to close the original window because who wants the clutter of having so many windows open? Then they’ll try to go back and realize they can’t because the back button doesn’t work anymore. So not only have you confused and frustrated someone, you’ve just lost a reader.

But, you say, “What about all the people who are technologically savy? They won’t be confused.” No, they won’t but I can bet that a lot will still be frustrated. If you are technologically savy then you already know how to make a link open up in a window, it’s very easy. So if people want to do that, then they will, they don’t need you to do it for them.

If you absolutely must have something open in a new window (there are a few instances where it may be necessary), then warn your readers about it so they’ll know what to expect. Make sure “opens in new window” is included in the actual link text (this is better for accessibility and usability). Add a little icon by the link to show that it will open in a new window. Give people a choice about it. Maybe the link works like normal, but the little icon opens in a new window. There are a lot of different options, just make sure your readers know what’s what.

In the end it’s always a bad idea to try to control how your readers view your site. People expect browsers to work a certain way and you shouldn’t try to change that. People will come back to your site if they want to, don’t make things more complicated for them.

The post Web 101: Why links shouldn’t be opened in new windows appeared first on Swank Web Design.

I cannot hire you. I cannot pay you.

What I can do is encourage you. Your designs are absolutely charming! They are well thought out, clear, easy to read, and perfectly balanced. I used to do DTP work before I became my mother’s sole caretaker, so I do have a bit of experience from which to draw.

I hope you continue with your work. Your style, the way you present the content … just everything about the samples says READ ME! I’m sure thousands will.

Please accept my compliments, even though I don’t have a project for you. I think your designs are absolutely amazing! Thank you for creating them.

- Linda Penner

The post From the Mailbox appeared first on Swank Web Design.