Although WordPress is an awesome CMS (Content Management System), it’s not without flaws. Every system has can happen to act weird from time to time. In the end, it’s just a piece of software with thousands of lines of code, written by human.

One of the possible WordPress errors that will for sure cause most trouble and broken keyboards, is so called “White screen of death”. This one is my favourite, in negative way. We will it in this article along with some other common errors.

Error 1. White Screen of Death

As mentioned earlier, this one is the most infamous error of them all. It will just show blank (white) page. No errors, no nothing. Even with debugging mode enabled, in most cases it will show nothing.

Most experienced developers agree that the cause of white screen of death could be down to one (or all of them) of these three things:

• exhausted memory
• broken plugin
• broken theme

If you have multiple sites on different hosts, and problem occurs on websites hosted by the same hosting provider, you can safely assume that the problem is with your hosting provider (poorly configured server, low memory etc). But if problem occurs on most of your websites, hosted by different hosting provider, than the problem is definitely on your side and with the website itself.

Exhausted Memory

This means your website (or some process used by another script) used all memory allowed and reached memory limit. Although this memory limit is defined on the server, it may differ from the value in your wp-config.php file.

You can contact your hosting provider and ask about memory limit value and change the value within your wp-config.php file.

Open your wp-config.php file with whatever code editor you re using, and add this line of code, which will increase memory limit of your WordPress website to 128 MB:

define('WP_MEMORY_LIMIT', '128M');

Make sure that the value is not higher than the max value of the server, defined by your hosting provider.

If this doesn’t help, you can go even with a higher value.

If increasing memory doesn’t help, than the cause of the problem can be narrowed to a plugin or a theme.

Broken Plugin

In most cases when white screen of death occurs, you will not have access to your WordPress dashboard. But if you do, login to your admin account, go to plugins section and deactivate all plugins. If your website start working again, activate plugins one by one, and check if your website is working properly after every plugin activated.

If the problem is solved by deactivating some of the plugins, update or remove the plugin that caused the problem. You can also write to author of the plugin and ask for help.

If you can’t access your WordPress dashboard, you can also deactivate plugins via FTP. If you are using some of the FTP clients, navigate to wp-content/plugins and change the name of the plugins folder. This will deactivate all the plugins at once. You can also rename the folder of each plugin, which will deactivate only that plugin in particular.

All in all, if plugin caused the problem, replaced it with a newer version or use some more recent plugin which will do the work.

Broken Theme

You’ve tried to solve the problem by locating the plugin that might have caused it, but no success. Now you can do the same thing with themes. Try with deactivating the theme in use. If your website start working after you deactivated the theme, you can simply delete it or update it with newer version.

You can check theme’s function.php file to determine if poor coding is causing the problem. If you’re not confident with going trough some php code, try contacting theme theme author and ask for help.

Buying themes from trustworthy authors is always advisable, since they usually provide some kind of support.

If you’re still stuck with the white screen of death, enable debug mode and see if that will give you some insight of where the problem might be.

Enable Debug Mode

This option is fairly easy to enable and it can show some useful information on the issue. However, fixing this kind of issue might require some advanced codding skills.

First of all, go and open your wp-config.php file and locate the following line of code:

define('WP_DEBUG', false);

Place “//” at the beginning, so it becomes:

//define('WP_DEBUG', false);

With the above statement being commented out, you can place the following lines of code right bellow it:

define('WP_DEBUG', true);

define('WP_DEBUG_LOG', true);

define('WP_DEBUG_DISPLAY', false);

@ini_set('display_errors',0);

This will create a file called error.log in wp-content folder and all the error information will be saved to that file. If the file is not there, you might not have permissions to create new files within wp-content folder. You can either change permissions of the wp-content folder to 755, or you can manually create file called error.log inside wp-content folder and give it permission of 666.

Once the file is filled with error information, open it with any text editor and look for any php errors. If you are not familiar with php, it’s advisable to ask for some help.

Error 2. Internal Server Error

This one is like the beast with seven heads. One name for countless number of possibilities. Cause of this error may be absolutely everything you can and you can not think of. The good news is that most of troubleshooting is the same as described above.

Broken Plugin(s) or a Theme and Exhausted Memory

Troubleshooting for this part is absolutely the same as described under Error 1 part of this article. There’s nothing to take and nothing to add. Just follow the same steps.

Broken or Corrupted .htaccess file

So we checked everything from plugins and themes to wp-config.php file and the problem is still there. Now it is time to check if our .htaccess file is bad.

First of all, make a copy of current .htaccess file as a backup and name it .htaccess-backup or whatever you want.

.htaccess file is places in WordPress directory base root where wp-config.php, index.php and other files are, in most cases under /public_html. If you can’t see the file it means you have to enable “view hidden files option”. How to enable this option depends on how you access your files.

If you are accessing your files via cPanel file manager, when you click “File Manager” icon make sure that option “Show Hidden Files” is checked.

If you are using some FTP client, options may vary. For example, in FileZilla click Server > Show Hidden Files.

Now create new .htaccess file and insert the following code:

# BEGIN WordPress

RewriteEngine On

RewriteBase /

RewriteRule ^index\.php$ - [L]

RewriteCond %{REQUEST_FILENAME} !-f

RewriteCond %{REQUEST_FILENAME} !-d

RewriteRule . /index.php [L]

# END WordPress

This is default .htaccess code for WordPress. You can find it at WordPress Codex.

Save the changes and see if it worked.

Debug Mode

We covered this in the above section under “Enable Debug Mode”, so once again follow those steps.

Error 3. Error Establishing Database Connection

This is not scary as it sounds. The reason for this error to appear is only because of these three reasons:

• Server error
• Wrong database username and password in wp-config.php
• Wrong database host address

One important thing to check when you see this error is to make sure that the same error message appear on both front-end and back-end.

If you see different error messages on front-end and back-end, but you notice something like “The database may need to be repaired” in between the lines, than you should add the following code to your wp-config.php file:

define('WP_ALLOW_REPAIR', true);

Now save the changes and go to this link:

http://www.examplesite.com/wp-admin/maint/repair.php

You should get an option to repair your WordPress database. Once you do it and the database have been repaired, remove the code from wp-config.php file you previously added.

Wrong Database Login/Host Details

If you have changed your database login details (username and password), make sure to enter new ones into wp-config.php file. Make sure that those information are correct.

Find the following code and insert new login details:

define('DB_NAME', 'database-name');

define('DB_USER', 'database-username');

define('DB_PASSWORD', 'database-password');

define('DB_HOST', 'localhost');

In most cases and with most hosting providers, database host (DB_HOST) will be localhost. But if you are not sure, you can contact your hosting support and ask them about it.

It is important that all of these information match the ones on the server. Otherwise, your WordPress will not be able to connect to it’s database and thus it will not work.

Communicate With Your Hosting Provider

In some cases, you will see some error messages simply because your hosting account exceeded it’s resources. It is most advisable to talk with your hosting provider’s support about this as they will give more detailed information on the matter and propose you with the best solution.

Further Reading

We have covered the most common errors and cases on how to troubleshoot and solve them. Since there may be more rare issues caused by the same errors, we recommend you to visit WordPress Codes page for Common WordPress Errors.

Where to Start with Planning and Choosing

Only a few pieces of advice should be followed in order to fit in the selection of the conditions, opportunities, time and money. If you manage to do that, it wan’t be hard for you to make your web site visually defined and recognizable. The guidelines which you will read are simple, logical, and also the ones that many neglect. If someone stays on your site just because he found solutions for his problems, it doesn’t mean that someone else will come simply because he likes the wallpaper or visual style. It would be ideal if you blend some practical texts with a pleasant unique design.

WordPress Themes

A good example can be taken from the default WordPress themes. For some tastes, they are too simple and uninspiring. For others they are completely sufficient for the expression of creativity through text, picture and video material. Who is right?

Default WordPress themes have the determined and already familiar position of the header, with the blog title and the subheading, position of the text, sidebar and footer. These elements connected in a simple form make blog, conditionally speaking, visually poor, but perfectly recognizable and easy to remember. The visitor who comes to one such blog, already has in mind what he will find there, where to find the interesting text from the last visit, and knows where he can find form for contacting the author or sharing to social networks. That is exactly what each theme must satisfy.

Such an example can serve as a test method. When you want to assess your work and look at it from another angle, change theme to one of the themes that comes along with WordPress. If you notice that your blog has lost an essential element and as a result your texts doesn’t come in the first plan, that means that at some point (or from the beginning) you have got into the misconception that the appearance is more important than the content itself. Of course, appearance is important, but only if it is built on the basis of quality and well thought out material.

Current Trends in Web Design

Contrary to other social trends, this one has to rely on details such as software and hardware development, but also to monitor the habits and wishes of majority of users. To respect the trend and variety of designs in order to fit within its borders does not leave much room for errors. However, do not rush forward. Leave extremely futuristic trends for the brave ones. For a serious and stable operation of the website it’s enough to choose a simple and functional solution that follows the proven steps of progress.

If you followed the predictions, you have read that the most attention in 2015 was dedicated to responsive features of the site, the beauty of fonts, user experience, large images in the background and much better support for mobile devices and smaller screens. Be sure to consider all the details, especially when customizing for mobile devices. Never take drastic measures and steps that may give the impression that you don’t know what you want to achieve.

Release Date and Theme Updates

WordPress theme updates is a feature that can be linked to the trend. It refers to the date of theme creation – its age, but mostly its maintenance and compliance with the latest standards. The problem is not if the theme is few years old, the problem is if the theme has not been updated for all those years. When choosing the themes, make sure to check the date of the last update to ensure the functionality and compliance with latest web technologies.

Theme Security is in Website’s Security Domain

The problem may occur when because of ignorance, you unwittingly download a theme that contains malicious code, malware. How can malicious code get into WordPress theme? There are many different intentions and motives to inject such a code. The point is that people that make malware choose the most popular premium themes, which you can’t get for free, and they built software that can record your activity, to reveal your password, passwords of other authors, e-mail addresses of users of your blog, and everything that can be used to earn money or simply ruin someone’s effort, while training hacking skills. Premium themes like these are usually downloaded via torrent or websites that offers file sharing services. The only way to keep yourself safe is to only download from trusted services only or directly from theme makers. Nevertheless, you can scan and inspect the theme with WordPress plugins , such as:

• Theme Authenticity Checker
• Antivirus For WordPress
• Sucuri Security

Trends, updates and security are the basis for which is recommended to be met at the start, but here’s what else you can take into consideration when choosing a theme for your site.

Premium, Ready-made or Custom Themes

Buying WordPress themes is easy. It’s hard to fit it in and adjust to meet all of our requirements, and this is something where WizzPress can help. Even if paid themes have high quality and intuitive methods of customization, starting with drag and drop option and up to programmer’s support, it is recommended that you talk to a programmer or team that develops WordPress themes before buying it. In this way, they will point out the best solutions that will help your idea to be presented in the best way. Even better, but more expensive way is to order ”custom made” theme. For more money you can get a unique, recognizable theme that allows for every detail to fit in with the theme, plans and marketing.

The best known and proven places to buy themes:

• Theme Forest
• Mojo Themes
• ElegantThemes

Base Themes and Frameworks for Advanced Users

If you are a beginner, you might as well stay away from the base themes because they require a lot of work and knowledge to achieve their usefulness, whether it comes to visual or functional usability. Of course, if you’re someone who knows the structure of WordPress and you know exactly what you want to achieve, this solution can be better than a ready-made theme. From that point of view, it looks great because you are probably already in the web design waters so you can base your earnings on that. Again, if you are not prone to programming and want to make money on the Internet in other areas, look for the ready-made theme or order one that is customized for you and it fits your requirements.

The most used examples of basic topics are:

• Whiteboard
• Gantry
• The Genesis Framework ($59.95)

Free Themes and Their Prices

Anyone who has tried Google search in terms of this topic knows what confusion arises when a user asks for free WordPress themes. There are a lot of sources for free themes, and some of them are really good quality to those that are not usable or they are outdated. Definitely avoid premium themes that were modified, which allows free of use. The use of such themes is illegal as per law, and by moral issue. Place where you can find proven WordPress theme is the official source that you have access directly from the control panel. In addition, many developers who develop themes offer free themes in addition to those which are not. To them, it comes in handy for promotional purposes, and for you as a verified source. Free themes are not so open in terms of features and settings in the graphical interface, but depending on your needs and knowledge can be fully usable. Here are some good sources:

• The official site for download WordPress themes
• Site5 Premium WordPress Themes
• ThemeGrill

Adjusting to the Audience Always Brings Better Results

If you are in a clearly defined topic, make sure to choose a theme that will be easy to present exactly what your site is promoting. Integrating visual experience for visitors with what they’re looking for can be a key in having the same visitors coming back to your site. The point is to be remembered and to get out from the crowd and to not run into a group of similar web sites. The moment when you realize that functionality of your site supports visual experience and all you have to offer to your visitors, you can count that you have performed a significant part of the work then.

Even with its basic install and without any tweaking, it is very secure and optimized, but it’s always recommended to do some tweaking and change some of the default settings, which will greatly improve its performance and security.

The tweaks we’re going to write about are applicable on self hosted WordPress website, and not on any other service like WordPress.com.

Assuming that you are running your WordPress on a Linux platform hosted server with Apache as a web server, we’ll continue with the tweaks list.

Change Uploads Folder Location

All images and files you upload trough media uploader are stored in the wp-content/uploads folder, by default. It is very advisable to change the physical location of the folder and move it outside the main WordPress folder, where the rest of the core files and folders are located.

To achieve this, you must add some lines to your wp-config.php file. So, let’s go and open wp-config.php and add the following lines of code to change the location of wp-content folder:

define( 'WP_CONTENT_URL',
'http://domain.com/media' );
define(
'WP_CONTENT_DIR', $_SERVER['HOME'] . '/domain.com/media' );

And you’re done. Save changes and upload new wp-config.php file.

WordPress Header Meta Tags Removal

This is one of my essential secure hardening tweaks. It’s simple, but it means a lot. If you inspect your WordPress website source code, you’ll notice some meta tags that are not really required to be there and you can safely remove them.

First thing to notice is meta tag that shows WordPress version. This information is very important for hackers. If they know which version of WordPress you run, they will know how to hack it. So, you can locate this line of code at your source header and remove it:

<meta name="generator" content="WordPress 4.1" />

Additionally, just to make sure you’ve removed all unnecessary info from your source, you can add this lines of code to your functions.php file:

remove_action( 'wp_head', 'wp_generator' ) ;
remove_action( 'wp_head', 'wlwmanifest_link' ) ;
remove_action( 'wp_head', 'rsd_link' ) ;

Block Folder Browsing

Naturally, every WordPress installation has its default folder structure. It’s mandatory to prevent people to browse files and folders of your website using explorer view in web browser.

You can accomplish this by adding this line of code you .htaccess file:

Options All -Indexes

Block HTML in WordPress Comments

By default, WordPress comments box allows use of HTML tags and hyperlinks. Comments are rel=nofollow by default, but if you want to completely disallow HTML in comments, you can do it by adding this code to your functions.php file:

add_filter(
'pre_comment_content', 'esc_html' );

Turn off Post Revisions in WordPress

Post Revision is an awesome feature as it let you keep track of post changes and let you revert back some post to some of the previous versions. Each post revision creates an additional row in your WordPress installation database and increase the size of wp_posts table.

You can disable this option by adding the following line to your wp-config.php file:

define(
'WP_POST_REVISIONS', false);

However, if you want to keep post revisions but limit its number, you can add the following code in your wp-config.php file instead:

define( 'WP_POST_REVISIONS', 3);

Modify Post Auto-Save Interval

When you’re editing a post in WordPress you must have notice that the post is automatically saved after some time. Every 60 seconds, actually. The WordPress will auto-save your post every 60 seconds, and by default it will be saved as a draft.

You can change the value of auto-save interval, for example to 2 minutes (120 seconds) by adding following line of code to your wp-config.php file:

define( 'AUTOSAVE_INTERVAL', 120 );

Remove WordPress Login Hints

If you happen to miss your WordPress account password or type non-existing username while trying to login, WordPress will show detailed notification on whether you missed your password or you typed wrong username.

This kind of information is essential to hackers that are trying to brake into your WordPress website. The good news is you can disable this warning by adding the following code to your functions.php file:

function no_wordpress_errors(){
return 'LEAVE MY WORDPRESS ALONE!';
}
add_filter( 'login_errors',
'no_wordpress_errors' );

WordPress Two-factor Authentication?

I, personally, am not a fan for two-factor authentication. Contradictory to my opinion, this option is generally highly recommended. Why? Well, the answer is simple: if someone find out your username and password, they will be unable to login to your account if they don’t have your cell phone and receive a text message with random confirmation code, for example.

This option is not default and it’s not included in WordPress core, but you can use Authy plugin to enable it.

Hide Extra WordPress RSS Feeds

Your WordPress installation will create multiple RSS feeds such as: blog feed, category feeds, archive feeds, post feeds, comments feed etc. Those can be seen by viewing your HTML source code as they are included in the header of the page as <link> meta tag.

It’s perfectly fine to maintain your main RSS feed and hide others. Simply add the following lines of code to your functions.php file:

remove_action( 'wp_head', 'feed_links', 2 );
remove_action( 'wp_head', 'feed_links_extra', 3
);

Modify Default Permalink Structure

Default WordPress permalink structure is completely useless for SEO. It is a must to change this structure to SEO friendly permalink structure.

Login to your WordPress dashboard and go to Settings > Permalinks and change it something like this:

http://domain.com/%postname%/

http://domain.com/category/%postname%/

Block Indexing of WordPress Scripts

As much as Google robot algorithm is smart, it can detect and index various PHP scripts and other files. You will make its job much easier if you tell it where NOT to look and crawl files.

This can be easily done via robots.txt file, so go and create it manually in your WordPress website root folder if you don’t have it already.

Now add this lines of code which will tell bots not to index back-end files and folders of WordPress:

User-agent: *
Disallow: /wp-admin/
Disallow: /wp-includes/
Disallow: /wp-content/plugins/
Disallow: /wp-content/themes/
Disallow: /feed/
Disallow: */feed/

Hide XML Sitemaps

Don’t be scared, we all know how XML sitemaps are important for search engines. This option will not really hide XML sitemaps, but it will prevent search engines from showing it within search results.

Add the following code to your .htaccess file:

<IfModule mod_rewrite.c>
<Files sitemap.xml>
Header set X-Robots-Tag "noindex"
</Files>
</IfModule>

Add Password Protection to wp-admin

I know what most of you will say: Great, another username/password combination to remember. Well, I kinda agree with that, but it’s not so hard to remember this additional information in order to protect an important folder.

You can do it via cPanel if your hosting have it (the option is called Password Protect Directories) or via any other control panel used by your hosting provider.

Include 404 Errors Log in Google Analytics

When an 404 Error page is served, it means that visitor tried to access the page that doesn’t exist or it did existed but it’s not there anymore (deleted post/page, changed linked or something like that).

This kind of information can be very important to you because it will tell you details about referring website and how is requested paged linked from referring blog, or what post/page was redirected to.

Simply add the following code to 404.php file:

<? if (is_404()) { ?>
_gaq.push(['_trackEvent', '404',
document.location.pathname +
document.location.search,
document.referrer, 0, true]);
<? } ?>

Remove Themes and Plugins That You Don’t Use

Themes and plugins that are not active and you don’t use do not affect your WordPress website performance. However, if those files are outdated, they can be used for exploiting your website. So it’s always recommended to delete those.

You will also gain some extra free space on your hosting account.

Prevent WordPress from Guessing URLs

By default, WordPress will try to guess misspelled url and take you to the actual page. And in most cases it’s unsuccessful.

For example, if you request domain.com/most-awesome-post and that page does not exist, WordPress will take you to domain.com/awesome-pictures just because it has some common words.

Best practice is to prevent WordPress from guessing urls, but serve 404 pages instead. Put this code in functions.php:

add_filter('redirect_canonical',
'stop_guessing');
function stop_guessing($url) {
if (is_404()) {
return false;
}
return $url;
}

Disable File Editing from the Dashboard

Editing WordPress core/theme/plugin files isn’t a thing that most people enjoy. Myself included. When you login as admin, you can edit PHP files directly from dashboard. But the environment is horrible. No row numbers, code guessing etc.

If you don’t like it too, just disable that option. You will make resource usage on the server a bit lower.

Add the following code to your wp-config.php file:

define( 'DISALLOW_FILE_EDIT', true );

Remove Admin Bar on the Front-end

This is one of the things I do right away after a fresh WordPress install. It’s just annoying to see some kind of options bar at the top of the page when you are logged in. Not to mention that it brakes some pages when it’s used with some themes or custom templates.

You can use some of the very simple plugins that will remove the admin bar, but I prefer adding one line of code to my functions.php file:

add_filter('show_admin_bar', '__return_false');

Prolong Remember Me Period When Logged In

When you login to your WordPress account and check “Remember me” checkbox, WordPress will keep you logged in for 2 weeks.

This is useful if you’re accessing your WordPress from your home or work computer. Your don’t have to type your username and password every time you need to check something in the dashboard.

You can extend the expiry date of authorization login cookie by adding the following code to functions.php file:

add_filter( 'auth_cookie_expiration',
'stay_logged_in_for_1_year' );
function stay_logged_in_for_1_year( $expire ) {
return 31556926; // 1 year in seconds
}

Install Security Plugin

Safety first. One of the most important things to do after you finished installing WordPress is getting some of the security plugins. There are many free and paid plugins out there and most of the them will do the work.

Of course, there are plugins that are most widely used and have much options than some less popular ones.

The most popular security plugins are:

• iThemes Security
• WordFence Security
• BulltProof Security
• Sucuri Security

We recommend iThemes Security and we have a nice article on how to set it up.

More Tips?

This is the list of most common hacks used to disable or modify some of default options in WordPress. There are much more modifications you can do and they really depend on the needs of the website and webmaster’s behalf.

What hacks do you use and why? Do you have better way to achieve something we already mentioned here? Feel free to leave your suggestions in the comments section below.

Hire Us!

Most people are not comfortable with messing with code or simply don’t have time for it. Our WordPress team can do these and man other modifications for you.

Send Inquiry  for any WordPress related task.

Let’s cover some basic notes about WordPress Multisite first.

What is WordPress Multisite

WordPress Multisite is WordPress feature which has been available since WordPress 3.0, continuing WPMU or WordPress MultiUser. WPMU was a separate WordPress project which is now implemented into WordPress core. WordPress Multisite allows you to create a network of websites on a single WordPress installation.

Some of WordPress Multisite features:

• Run multiple WordPress blogs on a single WordPress installation
• Organize network of subdomains or subfolders
• Allow other users to sign up and create their own WordPress blogs
• Super Admin user can add themes and plugins and make them available for all websites under its network. Other admins can’t install themes and plugins
• Super Admin can make changes to thems on all websites, but other admins can’t

These features are not the only differences from a single WordPress installation, but they are the main ones.

Let’s get back on track with moving WordPress Multisite.

Things You’re Going to Need

While following this article, make sure to have all of the following:

• A WordPress installation with some themes and plugins running, and some content – pages, posts, images
• Multisite activated
• Second location where you want to move existing installation
• FTP client and code editor
• phpMyAdmin access

Difference from Moving a Single WordPress Website

First of all, WordPress Multisite has the same elements as single WordPress installation: themes, plugins and other files, and WordPress core itself.

The main difference between single WordPress installation and Multisite is that Multisite doesn’t store content in the same folder as the single WordPress installation does. Multisite creates an additional folder under wp-content/uploads directory, called /sites. All the plugins and other uploads for each site on the network are stored in this folder. As long as you move this folder, you’re fine.

Important note: If you have installed WordPress prior to version 3.5, your sites folder will not be at the same location. You’ll have blogs.dir folder inside wp-content folder.

Moving WordPress Multisite depends on the following:

• Did you set it up for sites to use subdomains or subdirectories?
• Is domain mapping set up and do all sites use their own custom domains?
• Are you planning to move all the websites on the network, with the same domain and setting, or only some of them?

To help you get going with this, we’ll work in stages. We’ll show you how to migrate the whole Multisite installation and then we’ll check subdomains. After that we’re going to walk you through migrating Multisite that have its own domains set up.

At the Beginning

Update your WordPress Installation

As we’re going to run the latest WordPress installation it’s very important we’re on the same page. So we’re going to update our site’s WordPress to match the latest version before we start the migration process.

If your site was created with WordPress version older than 3.5, this step is very important because your installation has blogs.dir folder. If you leave it like that, your WordPress will run in compatibility mode. This means you can keep old folder structure and move files as they are.

To ensure compatibility we advise you to do the update.

Backup

No matter how big is website you are migrating, it is a must to do a backup first. Before you start with moving your website, make sure to backup:

• uploads folder
• themes and plugins in use
• blogs.dir folder
• database

It is on you to decide whether you move themes and plugins files manually, or just install fresh ones in the new installation. If you decide to install the fresh ones, make sure to do it before moving the database. This is just in case your themes/plugins have some data in wp_options table related to them, and this way WordPress will recognize the plugins and its settings.

We’re going to use cPanel hosting with phpMyAdmin. If your hosting provider doesn’t provide those, you can use alternative tools they have. If you’re going with a local web server, you can use tools that come with server bundles like XAMPP, WAMP, MAMP etc.

Moving “Vanilla” Installation

This one is the most familiar to moving basic WordPress installation and it’s easiest of all.

Turn Off Pretty Permalinks

Login to your old site’s dashboard and go to Settings > Permalinks. Select Default option and Save changes.

This step is not so important, but can save you a lot of time and trouble if permalinks on new site are not setup properly.

Files and Database Backup

There are multiple ways to create a database backup, but the two are most used:

• using phpMyAdmin (this one will let you download an .sql file)
• using some of the backup plugins, such as WP-DB-backup (it will download or email the database)

We’re going to use phpMyAdmin, so login to your cPanel (or whatever control panel you’re using) and login to phpMyAdmin. Select the database you are going to backup from the left panel and click Export at the top menu. You’ll see some options, but you can leave everything default and just click Go button to start database download.

You might need to edit this file if you’re changing the domain name or if you’re moving from your local computer (localhost). Make sure to make the copy of the .sql file and rename it to something like database_old.sql, which will serve as the backup of the backup, while you’ll going to edit the original file.

The next step is to download files of your site, which you can do with File Manager in your cPanel, or by using some FTP client like FileZilla.

Installing WordPress Multisite on New Location

It’s time to install WordPress on the server where you want to move your existing installation.

The most important thing to do during and after the installation is to install WordPress Multisite with the same settings as old Multisite installation. If you decide to switch from subdirectories structure to subdomains structure, and vice versa, all links will be broken.

Also, make sure to check wp-config.php and .htaccess files on both locations. It’s very important for those to be exactly the same.

Uploading Files to the New Location

To mention at the beginning, upload your themes and plugins files if you downloaded them, or install fresh ones if you haven’t.

Upload all previously downloaded files from the wp-content directory to wp-content directory of the WordPress multisite installation, preserving folder structure on the way.

Important note: If you had blogs.dir directory on the old site and you updated it to the latest versions, upload everything as it is.

Database Edit

Using some code editor (ex. SublimeText, Coda, Notepad++ etc.), open the original database you have downloaded from your old website. Edit the code by replacing old domain instances with the new domain name: if your old domain was muwebsite-old.com, replace it with muwebsite-new.com.

You could speed up the procedure of replacing domain name by using some kind of Search and Replace function, depending on the code editor you are using.

After you’re done, save the changes.

Create Database for New Site

• Login to your cPanel and click MySQL Databases icon to jump to a page where you can create new database and its user, and assign privileges. After you have created the database, you’re going to import old database content to it:
• login to phpMyAdmin
• select the database you have created from the left
• click Import in the top menu
• click Choose File button and select the database file you have previously edited and click Choose or Ok
• confirm action by clicking Go button

After some amount of time (depending on database file size) you should get the following success message:

Finishing Up

Make sure to clear your browser’s cache before you finish. This way you’ll avoid the situation where your browser has cached content from the old site and served it instead of the new one.

Now you can login to your new site with the same login details as on the old site. Even if you entered new login details during the new site installation, they would be overridden with the imported database.

Pretty Permalinks

Go to Settings > Permalinks and activate pretty permalinks structure.

Widgets

If you have been using any widgets, make sure to check if they are all working as they did on the old website.

Moving WordPress Multisite With Subdomain Structure

This one is a bit trickier, but nothing scary. If your old website url was http://muwebsite-old.com and you had child site on http://blog.muwebsite-old.com, make sure to replace muwebsite-old.com with muwebsite-new.com.

Moving WordPress Multisite With Domain Mapping Setup

If you were using Domain Mapping Plugin on your old site, than you also have some domain entries in your WordPress database that relate to your mapped domains and not your main domain.

Example:

There is a site called awesome under your installation and it’s located under http://muwebsite-old.com/awesome. But you also have domain awesome.com mapped and pointing to http://muwebsite-old.com/awesome

All the links on it, generated by WordPress, will use the main domain where Multisite installation is.

Example:

Menu item “Portfolio” will have link value of http://muwebsite-old.com/awesome/portfolio

There could also be links in the database with value of http://awesome.com/portfolio which may be manually added by administrators.

Update Domain Mapping

This part depends on how your domain mapping was previously configured:

• Parked Domains: if parked domains in your cPanel to redirect to main Multisite domain, you will need to update nameservers to point to the new server. When you’re done with nameservers change, wait for 1-2 hours until domains propagation is over. Then you’ll be able to park those domain in cPanel, but make sure to check Wild Card Redirect in order for internal links to work.
• CNAME records: if you used CNAME records to redirect domains, than you’ll have to change those records within cPanel or domain registrar.
• A records: in order to make A records change, you’ll need the new server IP address, which you can get from your hosting provider or see it in cPanel/WHM. After that update IP address in the domain mapping settings of new site and update A record for every domain.

Conclusion

Well, we have drunk multiple cups of coffee while writing this tutorial. But it was worth it. It’s a bit longer than standard WordPress migration because there are multiple variations and options to take care of.

If you were patient to read all of it, you’ll be able to move WordPress Multisite to a new server.

Dealing with hacked WordPress website can be a real pain sometimes. There are couple of things to deal with depending on penetration level, and sometimes it’s required to take care of them in some particular order.

So, you just found out that your website is hacked. What should you do? Response time is very important, so let’s get to it.

How Did My WordPress Website Got Hacked

This is the first question you should ask yourself or your webmaster. Even your web hosting provider support can check this for you, so you can also contact them.

This question can have many answers, but none of the answers is “because WordPress is not safe”. WordPress is one of the safest and most secure CMS platforms. Of course, there’s not such thing as 100% secure, but WordPress is closest to that. One of the main reasons is huge community of developers and contributors which are able to detect and patch every vulnerability in the first 24 hours.

Let’s get back to the question: How Did My WordPress Website Got Hacked? As mentioned, there are more than one answer and these are the most common ones:

Security Flaw On WordPress Itself

Although WordPress always have alfa and beta releases prior to final version, there are always some vulnerabilities that went unnoticed, which can be used by hackers to get access to your website or web hosting account.

Security Flaw On a WordPress Plugin

This is the most common reason for having a WordPress website hacked. There are thousand of third party plugins for WordPress and if you happen to have one that has a security whole (especially if the plugin is outdated) it’s just a matter of time when it will be exploited.

Security Flaw On Your Computer

Your computer can easily be infected by a virus or trojan, which can pick up your passwords and send them to it’s author. You can download and email with virus, you can get it by clicking some fake links on the Internet, you can get it through your browser…there are hundreds of ways to get infected.

Security Flaw On the Server

If you are an advanced user, than you know what am I talking about. But if you are beginner, you should know that WordPress isn’t the only software that runs your website. Your web server requires some operating system that will run all dependencies, and it can be infected with some virus the same way as your computer. WordPress requires PHP and MySQL, among other software, in order to be installed and run. Even a small security flaw in one of those can allow hackers to bring down your website.

What Are You Supposed To Do When You’re Hacked

There is absolutely no time to lose once you have noticed that your website is hacked. It’s time to take action and to get your website back.

Activate Offline Mode

This is the first thing to do.Your visitors will be unable to view your website, but you have to agree that this is much better from seeing a hacked page. Put your website in offline or maintenance mode. You can use one of many WordPress plugins in order to achieve that, or you can do it via hosting control panel.

Contact Your Hosting Provider’s Support

It is always useful to notify your hosting provider about the problem and ask them for details. They can help you with some finding out about from where the attack came, what really happened, what was the cause etc.  If you find out that attack came through one of the themes or a plugin, make sure to delete it before anything else.

Check Your Backups and Restore the Healthiest One

Always try with the latest backup and restore it if backup file is not infected. If you’re not sure about it, you’ll have to download a couple of backups and check the files inside them.  If you haven’t done any backups by now, it’s time to start doing it. It is extremely important to schedule frequent backups of your website.

Find the Cause and Take Action

The most important part of solving the hacking problem is to detect files/plugin/theme that was used for attack. When you do that, the best would be to delete those. But if you need that particular plugin, check on the Internet if more people reported the problem and offered a solution.

You can also contact the author of the plugin/theme and ask for help. If the problem is unknown, they will be happy to know about it and find the solution.

Delete The Files That Are Left Behind

Check every folder of your website and search for unknown files that are left behind and delete them. You’ll prevent having your website hacked again by using the same exploit.

Check Everything Again and Go Live

Let’s sum up everything:

• Be calm and stop for a second
• Put your website offline
• Check the backups
• Restore the healthiest backup
• Contact support and ask for details
• Fix or delete infected files
• Update everything (WordPress, plugins, themes)
• Go live

Staying Safe Further On

Too many times after I send them a suspension notice, I’ve heard clients saying “My website was built 3 years ago and nothing is touched since than. How is it possible I got hacked? It’s your fault.” – well there’s the problem. The part of the sentence that says “nothing is touched for 3 years” tells you everything:

• Outdated WordPress core
• Outdated Plugins
• Outdated Themes
• Outdated Database

It sure is client’s or his webmaster’s fault for not updating all of those and letting hackers use security holes of the outdated files.

When you don’t update WordPress itself or it’s plugins and themes, you are practically decline to patch security vulnerabilities and agree to be hacker’s target.

WordPress now supports automatic minor updates – ex. 4.0.1 to 4.0.2 – but you still have to do major updates manually – ex. 4.1 to 4.2.

Make sure to always update WordPress core and plugins and themes that you use to latest versions. It’s mandatory if you want to be safe and not get hacked.

Delete Plugins and Themes That You Don’t Use

If you happen to have a plugin installed, but not activated, it means you don’t use it. It doesn’t matter if the plugin is activated through WordPress dashboard or not, it’s files are there in wp-content/plugins and they can be used to hack your website.

Delete those and you’ll have less to worry about when it comes to updating. You’re also freeing up resources of your hosting account. So it’s a double win situation.

Use Security Plugins

WordPress itself doesn’t have some sort of security scan and report utility. The reason for that is to maximise server compatibility and lower resource usage. This is where security plugins becomes handy.

There are many free and premium choices and you can’t really miss while choosing the one for you.

Some of the most popular security plugins are:

• Wordfence Security
• BulletProof Security
• iThemes Security
• Sucuri Security

All of those mentioned above are high-end products, used and tested by millions of WordPress users. Read their descriptions and get familiar with the features they offer and pick one that feats you the most.

Don’t Use Cracked Plugins and Themes

If you belong to a group of people that don’t want to pay $40-$70 for a plugin or a theme, than use free versions. Don’t use “nulled” versions of premium plugins and themes.

Many cracked scripts happen to have a security hole or a “backdoor” left by hacker itself that cracked it. He did that on purpose, uploaded it on multiply websites and offered it as safe and free to download.

No imagine a website with millions of views a month and add nulled versions of the most popular WordPress theme, It will have hundreds of downloads in no time. That’s hundreds of WordPress websites easily hacked and exploited.

So, if you want to pay for couple of hundreds of dollars for malware removal and security hardening, than go for it and download it.

But if you want to stay safe and get support for a plugin you use, open your wallet and pay $40-$70 for a license directly from developers.

Conclusion

Things like this happen from time to time. The most important thing is not to panic and to take action. It’s an unpleasant experience, but doing nothing much worse.

Anyway, you will be much experienced and you will learn how to handle things and how to take precautions, so don’t read this just in a bad way.

Having said that, every developer’s priority must be website’s security. There are many ways of securing your WordPress website and you can use some of the many plugins to do that.

The biggest dilemma is which plugin to use between paid and free ones. WordPress plugin repository and many blog reviews can help you with your decision. We will go through most common settings of iThemes Security plugin (formerly know as Better WP Security) and some security tips.

Plugin Overview

If you go to plugin’s homepage on WordPress’s websites you can see it has been downloaded more than 4 million times and it has 4.7 user’s rating (out of max. 5). That makes it #1 security plugin for WordPress.

It has both free and paid versions, but free version has all the options you are gonna need to protect small to medium sized websites.

For a testing purpose I have downloaded the free version and installed it on a testing website.

Installing the Plugin

If you ever installed a fresh copy of WordPress than you know how to install a plugin. You can do it either manually by downloading it from website and uploading to your hosting, or automatically from WordPress plugin’s dashboard.

After the installation is finished, go to Plugins page. Above the plugins list you will see a notification from iThemes Security plugin.

Now you can go and click “Secure Your Site Now” button. You’ll see a new box with multiple choices:

If you are a first time user of iThemes security plugin, we’ll explain these options:

• Back up your site: This option will save your current settings and content as it is, so you can revert to it if some errors occurs. We strongly recommend you either to make a snapshot by using this option, or to create a backup trough your cPanel.
• Allow File Updates: By clicking this option you allow iThemes Security plugin to work with core files (.htaccess, wp-config.php etc.).
• Secure Your Site: This will enable recommended settings to secure your website with only one click.
• Help Us Improve: If you want to send your data to plugin developers in order to improve the plugin, you can click this button. It’s totally anonymous.

After this is done, you can go to your WordPress dashboard.

Dashboard

The plugin’s dashboard page is pretty simple. You can review options that needs to be fixed and check security status of the website.

Options are divided into four groups:

• High Priority
• Medium Priority
• Low Priority
• Completed Items

For best performance it’s strongly recommended to fix items in High and Medium Priority groups. Low Priority items are not mandatory, but you can check them as well if you thinks it’s improve your website’s security.

Settings Tab

There are lots of options here and a lot of descriptions for each of them. Make sure you read those before you do any changes.

Options are divided into sections:

• Global Settings – shows the basic plugin settings
• 404 Detection – this will lockout visitors that got too many 404 pages
• Away Mode – here you can disable the dashboard at the times you don’t use it
• Banned Users – you can see who got banner from your website
• Brute Force Protection – locks out users after too many login attempts
• Database Backups – you can schedule backups (can be sent to your email, remote ftp or any other locations you choose)
• File Change Detection – this will send you notification when changes have been made to certain files
• Hide Login Area – you can hide default login page from automated attacks
• Secure Socket Layers (SSL) – you can choose SSL to be used to some pages
• Strong Passwords – users will be forced to choose strong (complicated) passwords
• System Tweaks – minor modification to hosting environment
• WordPress Tweaks – userful and best practice WordPress tweaks

Advanced Tab

This page does not include a variety of options like you might expect, but it has only three important tools to improve website’s security.

These tools are:

• Change Admin User: Most common admin user name is simply “admin”, and default admin user ID in WordPress database is “1”. If you let these values stay like this you will make hacker’s job much easier. It is strongly recommended you use this option and to change admin’s username and ID.
• Change Content Directory: With variety of tools that hackers use, your website can be scanned to find vulnerable files to attack. Let’s say you have an old version of some plugin that has a security hole, hackers can track it down trough your wp-content folder and use it upload malicious files. This option will let you change the name of wp-content folder.
• Change Database Prefix: This tool will change default WordPress database prefix, which is “wp_”. This is very useful if there is security hole on the server that will allow hackers to infiltrate the system and search for database tables.

Make sure to always backup your database before changing any of these options. If something goes wrong it can prevent you from loging to your database or even break the database itself.

Additional Tips to Improve Security

Your website can never be 100% secure, but you can do everything you can to achieve 99.99%. Beside using security plugins, you can apply these tips as well:

• Carefully choose hosting provider: Don’t be lazy and do some research for safest hosting providers, with secured and stable servers, and fast and reliable support.
• Use SSL: iThemes Security will let you use an SSL, but you must purchase SSL certificate first. Your hosting provider can assist you with it, so don’t be afraid to contact them.
• Computer Security: Install anti virus and anti malware software. Hackers will even send a virus to your email account or inject it trough a web page you have just visited and hijack your login data while you type it.

Conclusion

As I mentioned before, there is no way to achieve absolute 100% security. But you can get to 99.99% with a nice security plugin and some tweaking. And never stop doing it.

By having iThemes Security plugin working for you, you can eliminate almost all threats.

The shortcode only requires one simple function that will return the contents of the wp_login_form() function.

We did this for a client who had a theme that already had its own registration functions, but the same goes for WordPress default function.

First thing you should look for is the file where theme keeps its shortcodes. Often times, that is shortcodes.php and it can be in theme folder or /inc, /includes etc folder.

Add this code to shortcodes.php:

add_shortcode('register', 'themex_register');

Basically, wherever you call out this shortcode, it will call themex_register function that displays registration form.

function themex_register( $atts, $content=null ) {
ob_start();
require 'register-code.php';
$return_string = ob_get_flush();
}

And the end result could look like this, with a bit of CSS styling:

This is much easier than installing a plugin to do this for you, concerning potentional plugin security issues, constant updates and simply, avoiding some unknown code gain access to your website.

The thing you could do now is extract the function in order to retrieve the URL where the user should be redirected after the login, or maybe add a check before the shortcode to see if the user is logged in, there is no need to display a registration form:

if (!is_user_logged_in())

Plain and simple.

What Does Optimization or SEO Mean?

You may have heard the acronym “SEO” before. That stands for Search Engine Optimization. The content of your blog post is created for the user or visitor to your site. When you optimize your blog posts for the search engines, you are making it easier for the search engine bots that crawl your website to serve up results that are relevant to what the user is searching for.

Optimization Checklist

If your WordPress theme doesn’t have a SEO option built in to the theme, we recommend adding one of many WordPress SEO plugins available. WordPress SEO, for example, will ask you for a “focus keyword” and then will check your page or post and make suggestions on how you can better improve the SEO of your post. Some of the common items you’ll want to include your “focus keyword” in are:

• The Title of Post
• The Article Heading
• The URL
• An H1 and H2 Tag
• The Alt Text for Images
• The Content
• The Meta Description

WordPress is a software blogging platform. WordPress.org is the organization which provides you with free WordPress software. WordPress.com is a commercial entity which provides WordPress as a blogging service. Sounds confusing? It isn’t really.

You can download and install a free version of WordPress from WordPress.org yourself. If you don’t want to do that, we’ll install and set it all up for you. This means that we are responsible for your WordPress installation. We’re going to do backups, security updates and any upgrades that are necessary.

The other option is using the WordPress blogging software hosted on WordPress.com. Although this option seems like a wonderful choice for someone that wants a very easy to use turnkey solution, there are a certain number of constraints.

1. You can’t modify the page structure

Although you can modify the HTML in the body of your page, you have no access to the HTML of the <head> and <footer> sections of your page. You also have no access to the PHP files, so no additional modifications can’t be made. This also means that you can’t add CSS or JavaScript links or blocks to your webpage as you normally would.

Any JavaScript code added to the body of your page is instantly removed when you update the page. So how can you add in that cool new JavaScript widget you use on all your other websites? You can’t. You are limited to whatever widgets WordPress.com provides you with.

That wasn’t enough? If you want to display multiple images, you only have two options – as a slide show and as a gallery.

Thinking of embedding an <iframe> from another site as a workaround? Nope. WordPress.com has a list of external sites it allows connections to and chances are your site is not one of them. You can choose from a list of embeddable options such as YouTube and Google Maps as well as a list of supported widgets. There are a number of widgets you can use but the list is by no means exhaustive.

2. Limited themes & plug-ins

Plugins are one of the many features that makes WordPress a pleasure to use. How about if you wanted to install some plugins? You can’t do it.

It’s as simple as that.

With a self-hosted WordPress.org site, you can install as many themes as you like and from any source such as Theme Forest. With WordPress.com you are constrained to the themes they allow.

There are 160 themes at the moment. Some are free and others are premium themes (cost money). With WordPress.org, the number of available themes is endless.

Because you can’t change the structure of the page, you are quite dependent on the structure of your theme and the features that the author allows you to change. This becomes an issue because each theme has different options you can and cannot change.

Some have footers you can change, some do not. Each has a different size header image. It can be quite tedious to find a theme that is both suitable in layout and functionality.

3. It Costs To Add Style

You’ve finally settled on a theme and now you want to change a few little things. On WordPress.com you need to purchase a Custom Design Upgrade to use customized CSS on your blog. Currently it sells for $30 per blog per year. It could get quite pricey depending on the number of blogs you want to customize.

For the $30 Custom Design Upgrade you get a simple text editor to update your CSS. There is no visual editor.

In addition, you are not allowed to hide the copyright information on your theme. This is fine for personal blogs but may not be for a business blog or if you are creating blogs for clients.

You also don’t have access to the mobile theme for your blog – even if you purchased the Custom Design Upgrade. This is fine if the mobile theme “just works.” But sometimes it doesn’t.

4. The Content and Copyright Issue

Actually, there is no issue about who “owns” the content on a WordPress.com site. Their TOS states clearly that they have royalty-free access to your data to promote your blog:

“By submitting Content to Automattic for inclusion on your Website, you grant Automattic a world-wide, royalty-free, and non-exclusive license to reproduce, modify, adapt and publish the Content solely for the purpose of displaying, distributing and promoting your blog. If you delete Content, Automattic will use reasonable efforts to remove it from the Website, but you acknowledge that caching or references to the Content may not be made immediately unavailable.”

There’s also the question about termination:

“Automattic may terminate your access to all or any part of the Website at any time, with or without cause, with or without notice, effective immediately.”

WordPress.com may also choose to place advertisements on your website. You can have these removed by paying $30 a blog per blog per year.

To sum it all up, using WordPress.com may be a great choice for someone that wants a turnkey solution that is very easy to use.

But be careful, a WordPress.com site is not under your control and there are some very serious design limitations.