37 List values of custom taxonomy on a per-Post basis This code is useful for displaying all of the terms associated with a particular taxonomy for a given post. Simply place the following snippet where you would like to display the comma-separated series of tag links: <?php echo get_the_term_list($post->ID, 'people', 'People: ', ', ', ''); ?> For each of your posts, the output of this particular example will display all of the tags associated with the “people” taxonomy. You can change this up to any taxonomy you want by editing the first instance of the term “people” in the code. The last three parameters tell WordPress what to place before the tag links, between each link, and after the tag links, respectively. 2.5.1 Users and Administrators If you have installed WordPress, then you have set up at least one user. Each user is basically an “account” on WordPress. When you go through WordPress installation, you pick your own username and password. That username and password is one user, but you are not limited to that. You can manually add new accounts, assign privileges, and even enable visitors to register as users themselves. Even if your theme doesn’t display author names on the site itself, author names are still used in the RSS feed. Using a properly displayed name is a nice touch when reading through RSS. If you don’t want to use your real name, even something like Site Manager is nicer looking than the default “admin.” 38 Neutering the Admin Account Hey, thanks! Too much information? WordPress tries to be as helpful as possible on its login screen. Like any good web application, it tells you when you have an incorrect password. WordPress does something else though, something that many people feel gives away too much information. It tells you if the username you are attempting to use exists or not. The problem here is that anyone can access your login screen, try to log in with the “admin” username, and be awarded with the knowledge that the user does indeed exist, even if they get the password wrong. Prior to WordPress 3.0, "admin" was the default username and had full privileges so breaking into that account would be ideal for them. We suggest leaving an "admin" account active, but neutering its privileges. That way, you can keep the baddies guessing, and even if they do break in, they get nothing. If your account is currently "admin", create a new user with a new username, then delete the current "admin" account being careful to attribute all posts to the new account. Then create the "admin" account again, only make it a "Subscriber" level user, which has no add/edit/delete privileges. Your Login page is a public-facing portal to your Admin area. Obviously, if your login was somehow compromised, an intruder could do serious harm to your site, damaging themes, deleting content, and worse. A brute-force password hack is probably the rarest of ways your site could be compromised, but you should still have an extremely secure password • Don’t use something obvious like “password” or “1234” • Use a combination of letters and numbers • Shoot for 8 characters or longer • Don’t use the same password you use for anything else — This one is just too important! Extremely Secure Passwords 39 2.5.2 Add a New Account for Yourself One thing that you cannot ever change, once an account is created, is the username. That means that the “admin” account will have a user name of “admin” forever. We recommend not using this account as your regular account. Instead, set up a new account for yourself right away, using a username that is more memorable and specific to yourself, but of course with an extremely secure password. To do this, go to Users > Add New, fill out all the required fields, and be sure to choose “Administrator” as your role. Then log out and back in again with your brand new account. Now go back to Users > Authors & Users, hover over your existing account, and click “Edit.” You will now enjoy some additional options that weren’t available when you initially created the account. With your new account, you can cosmetically change the look of the Admin area by selecting a new color scheme. More importantly, you can change public-facing details about your profile. We suggest changing your “Display Name” to something more sightly, like your real name, for example. You can also edit your biographical information, preferred URL, and other personal details. This information may then be displayed on your web pages by calling the information from your theme files. Old Themes As you redesign your site over the years, you should leave your old themes in the wp-content folder. It’s kinda fun sometimes to go throwback. Maybe your blog could dress up as a previous version of itself for Halloween. 40 2.6.1 Choosing the Perfect Theme With everything that you will learn about WordPress from this book and elsewhere, it is our hope that you will develop your own themes. Creating your own theme enables you to get everything looking and working exactly how you want it, right down to the last detail. But certainly, there is no shame in using a pre-made theme as you begin your journey with WordPress. After all, many top WordPress developers (including us!) used pre-fabbed themes as a starting point. Using someone else’s theme is an excellent way to dig into the process of customizing and eventually building your own. 2.6.2 Where to Find Awesome Themes “There are two kinds of themes in this world,” my daddy always told me: “free themes, and paid themes.” Paid themes often call themselves “premium” themes. In general, paid themes are going to have nicer designs, be coded a little better, and may offer fancy theme options. But then he also warned me: “there are some amazing, high-quality free themes, and there are some downright-bad paid themes.” We can give you some general things to look for, but you are just going to have to use your best horse-sense when making the final call. Free theme resources • WordPress.org Theme Library - http://digwp.com/u/20 Straight from the motherland. Themes ahoy! • The Mighty Google - http://digwp.com/u/21 Searching Google will work long after this book has been recycled. • Digging Into WordPress - can you guess the URL? Besides the ones that come with this book, we offer some free themes in our Theme Clubhouse http://digwp.com/u/384 • Smashing Magazine - http://digwp.com/u/22 You might need to use their search form, but they offer a number of nice high- quality free themes. 41 Places to buy premium themes • ThemeForest - http://digwp.com/u/385 • WooThemes - http://digwp.com/u/386 • ElegantThemes - http://digwp.com/u/387 • WPBest - http://digwp.com/u/388 2.6.3 Previewing Themes A lot of themes you find around the internet will be accompanied by a demo, enabling you to see how the theme looks and works before you commit to it. But even if the theme doesn’t have a demo, you can demo it yourself, on your own blog. Upload it to your /wp-content/themes folder, and navigate to the “Appearance” page of your Admin area. There, you find thumbnails and descriptions of your site’s currently available themes. Locate the theme that you would like to preview from among the crowd and click on its thumbnail. A popup window will then show you what your site will look like when running that particular theme. You can even click around and check things out without actually activating it. Once you are satisfied and would like to use the theme, click on the “Activate” link in the upper right-hand corner of the screen and you’re all set. 2.6.4 Key Things to Look For in a Theme When choosing that perfect theme for your site, you want to focus on how it looks and how it works. Does it rock your browser’s very existence? Does it deliver your content on a silver platter for your visitors? Does it make you want to scream in ecstasy and dance the jig? If so, then you know it’s the right theme for you. There is no reason to settle for anything less than absolutely perfect, especially given the vast menu of awesome themes available to you. If you find something close to perfect that could use a little tweaking, remember that it is much easier to change things like color and font size than the underlying structure and functionality. That said, here are some key things to look for when searching for the ideal theme: 42 Navigation Take a look at what the navigation is like on the theme. Then think about how you picture the navigation working best on your site. Do categories need to be prominently displayed? Are pages more important? Do you need a dropdown menu system? Is there room for you to build your own navigation if needed? Does it support the WordPress 3.0 menu system? Theme options Some themes come equipped with theme options, literally an extra area of settings in the Admin area for customizing the theme. These options can range from simple, like altering colors, to complex, like integrating social media into your theme. Sometimes these theme options can be very compelling, so look around to see if anything catches your eye. Widget ready? When developing a theme, a designer may establish certain areas as “widget- ready.” A widget-ready section in your theme enables you to quickly and easily customize its appearance and functionality. A commonly seen widget-ready area is the theme’s sidebar. In a widget-enabled theme, there is a special place in the Admin area where you can configure widgets without messing with any code. For example, you can drop in a mini-calendar, a chat feature, or some administrative links. Within the comfort of your Admin area, you can specify options and even drag the widgets around to adjust the order in which they appear on your web pages. If you can picture yourself benefitting from widgets, you should ensure that your theme is widget-ready. Extra functionality When it comes to functionality, the sky is the limit when it comes to WordPress themes. Some themes really go nuts with functionality that extends far beyond WordPress. For example, a theme may be built to integrate a photo-sharing service such as Flickr, a statistical application such as Google Analytics, or even a database interface such as phpMyAdmin. 43 Frameworks WordPress theme “frameworks” are ever-growing in popularity. These frameworks can add a little extra to the learning curve of WordPress, but once you are comfortable with one, they can greatly facilitate the theme-building process by providing all of the core features and options generally used within the theme. This isn’t the time or place to go into detail, but you may want to look into some of the more popular frameworks: • Thematic (free) http://digwp.com/u/392 • Hybrid (free, with optional paid support) http://digwp.com/u/393 • Thesis ($87) http://digwp.com/u/394 Comes with source files? It is likely that, even if you find a theme that you really like, you’ll want to be doing some customization. If that involves modifying the theme’s images, it’s really nice if the theme includes the source files from which it was created. These could be Photoshop/Fireworks files, vector resources, icons, full-resolution images, etc. Linkage Flickr: http://digwp.com/u/389 Google Analytics: http://digwp.com/u/390 phpMyAdmin: http://digwp.com/u/391 Of course we hope that you develop the chops to build your own themes, but in a pinch, services like WPCoder are great for turning designs into real themes. http://wpcoder.com Drama There was much web drama related to the Thesis theme creator and the WordPress creators regarding Thesis being not licensed under the same (required) licence as WordPress is under (GPL). Thankfully this is over and Thesis is now GPL! 44 2.7.1 Getting Started with Plugins Part of the genius and magic of WordPress is the plugin system. These plugins extend and enhance what WordPress is able to do in very specific ways. Anyone is able to write a plugin for WordPress, and even include it in the official plugin library, otherwise known as the WordPress Plugin Repository http://digwp.com/u/396. Let’s explore some essential information for getting started with plugins. 2.7.2 Installing and Activating Plugins Among the WordPress files on your server, there is a special directory, /wp-content/ plugins/, that contains all of your site’s plugins. The tried-and-true method for installing a plugin is to download it to your computer, and then upload it to your server into the plugins directory. After that, the plugin will appear in the Admin area on the Plugins page. By default, new plugins are inactive, so you will need to manually activate them before they take any effect. You can, at any time, deactivate a plugin in this same way. Do be aware, however, that plugins have serious power. Any time you activate or deactivate a plugin, you should do some thorough investigating of your site to make sure everything is looking and functioning as expected. Plugins can also be searched for and installed directly from the Admin area of your site. Just go to Plugins > Add New. The plugins available here are exactly the same as those available at the WordPress Plugin Repository. In order to take advantage Jason Santa Maria This idea of “art directing” articles online has been popularized by Jason. Check out his blog for some jaw- dropping examples of beautiful art direction in blog posts. http://digwp.com/u/242 His blog isn’t powered by WordPress, but interestingly enough, Jason designed both the WordPress Admin area and the WordPress.org website. You can do your own art direction of individual posts by being able to add custom CSS to specic posts. Check out: http://digwp.com/u/464 To the right you can see two plugins in the list, one active, one inactive. 45 of this direct web installation, your plugins directory must be “writeable” by the server. In a perfect world, giving write permissions to a directory would be absolutely safe, but in the hostile environment of today’s Web, you should definitely consider carefully whether or not such permission is truly necessary. The bonus of downloading plugins from the WordPress.org directory is that you can be sure that the plugin isn’t malicious in any way. There are certainly ways you can get yourself into trouble with plugins, but plugins obtained from the Repository are unlikely to damage your site or harass your visitors. There are plugins “out in the wild” available for download as well, but there are no guarantees as to what you will get, so be very conscious of the source when installing such plugins. 2.7.3 Dierence Between Disabling and Uninstalling Disabling a once-active plugin prevents it from functioning, but does not physically remove the plugin from your plugins directory. You could have a thousand disabled plugins doing nothing except for taking up space in your plugin folder. By actually uninstalling a plugin, you remove all files associated with it, and if possible also reverse any changes that the plugin might have made to the database. In the process of installation and operation, many plugins will automatically insert content into your WordPress database. Such plugins may add new tables or fields, modify existing data, and store information required for usage. Once made, these types of changes will persist even after the actual plugin files are deleted from your server. Well-built plugins will provide a complete uninstall option that does the work of cleaning up its database changes for you. Plugins that do not provide such convenience must be cleaned up manually. If this is the case for a plugin that you would like to completely uninstall, make sure that you really know what you are doing before making any changes to your database. And don’t forget to make a backup just in case something goes awry. File Permissions Refer to Chapter 9.1.3 to learn more about setting secure le permissions for WordPress. Function Exists? When you deactivate a plugin, you run the risk of a PHP function being present in your theme that doesn't exist. Essentially a disaster that will surely wreck your theme. Before calling plugin-specic functions in your theme, use a conditional to ensure it exists: <?php if (function_ exists('get_poll') { get_poll(); } ?> 46 2.7.4 Recommended Plugins The nature of plugins is that they provide WordPress with supplemental functionality that may not be needed by every site. Rather than try to squeeze a million features into the WordPress core, application-specific functionality is left to the awesome developers within the thriving WordPress community. Developers see a need (or an opportunity), create a plugin, and release it to users. If the plugin is popular enough, and makes sense to integrate into the WordPress core, the wizards behind the curtain will see that it happens. Even so, there remain a number of top-notch plugins that, for whatever reason, have yet to be swallowed up by the core. Here are some of the best that we find useful for virtually any type of WordPress-powered site: Google XML Sitemaps http://digwp.com/u/23 This plugin will create a Google-compliant XML-Sitemap of your WordPress blog. It supports all of the WordPress-generated pages as well as custom ones. Every time you edit or create a post, your sitemap is updated and all major search engines that support the sitemap protocol, like Google, MSN/Bing, Yahoo! and Ask.com, are notified about the update. This is a super easy activate-it-and-forget-it plugin that can help you by making sure search engines find every last corner of your site. VaultPress http://vaultpress.com VaultPress is a plugin and a paid service from Automattic, the creators of WordPress. Once set up, your entire blog is backed up to "the cloud" including all files on the server (WordPress itself, themes, plugins, images, etc) and the database. They have a Premium level which includes scanning all those files for possible security issues. . nice high- quality free themes. 41 Places to buy premium themes • ThemeForest - http://digwp.com/u/385 • WooThemes - http://digwp.com/u/3 86 • ElegantThemes - http://digwp.com/u/387 • WPBest - http://digwp.com/u/388 2 .6. 3. Sitemaps http://digwp.com/u/23 This plugin will create a Google-compliant XML-Sitemap of your WordPress blog. It supports all of the WordPress- generated pages as well as custom ones. Every time you. Plugins Part of the genius and magic of WordPress is the plugin system. These plugins extend and enhance what WordPress is able to do in very specific ways. Anyone is able to write a plugin for WordPress,