Category Archives: WordPress Tips

Master List of Spam Referral Sources

This post is no longer in use because there is a built in Google feature you can enable on the view settings of each account.

These are to be added to iThemes as blocked user agents.



Post-Hack Procedures

Reset FTP passwords

Reset all admin passwords

Reset database password

Reset WordPress SALTs

Check to see if any new users have been added

Replace all WordPress core files outside of Wp-content, except for WP-config.php.  Visually check over this file, if you are unsure then copy the database specs to the wp-config-sample.php and rename it.

Within WP-content.

Manually go through all of the folders within the uploads folder.

Manually review all files in the active theme folder.

Delete the cache folder it is there.  Delete unneeded themes.  Remove unneeded or unused plugins.  For any remaining plugins delete the folder and redownload them from the repository.

Run WordFence scan.



Configure iThemes Security

Within Global Settings:
Write to Files: Allow iThemes Security to write to wp-config.php and .htaccess
Set notification email and backup email to web@ address
Send Digest Email
Enable Blacklist Repeat Offender
Add Current IP to Whitelist
Enable Infinite WP Compatibility

Within Banned Users:
Enable Ban Lists

Within System Tweaks:
Protect System Files
Disable Directory Browsing
Disable PHP in Uploads

Within WordPress Tweaks:
Remove the Windows Live Writer header
Remove the RSD Header
Reduce comment spam
Disable XML-RPC (unless using Jetpack)
Block Multiple Authentication Attempts per XML-RPC Request
Protect System Files

We also change the login URL, which is especially important if the site has a history of malware. This is in the Advanced Tab as Hide Backend. In this setting, you can change the login URL to anything you would like.

Website Launch Checklist

Before you launch

Update all plugins and WP core.

Before you run your testing make sure you update everything so you don’t have to retest it again later.

Cross browser testing

Cross browser testing should be done on all page templates (not necessary for all pages) on the following browsers/devices.

  • Internet Explorer 9, 10, 11
  • Latest Version of Firefox
  • Latest Version of Chrome
  • Safari running on a Mac
  • iPhone
  • Android Phone
  • Use Safari Developer mode to test Ipad view.
  • Use to check responsive view on major mobile screen sizes.

Make a backup of the old site

If it was a WordPress site make sure to grab all of the files in wp-content and a copy of the database.  If it was an HMTL site you can download all of the files and zip them up.  If you do not have FTP access to the old site use the program to download a copy of the site.


Check your 404 page by entering a random URL.  You should also perform and check the search template to make sure they look ok.

Before you switch the nameservers or change the @ record put the old nameservers or the old IP address into the password file in case you need to revert back to the old site.

Launching the site (After the DNS switches over)

You will need to change the site address in the wp-config.php file to reflect the live URL.  Do NOT include a trailing slash on the live domain.

Add the website to InfiniteWP by installing or deactivating and reactivating the IWP client plugin.  Create a backup and confirm that it worked before running search and replace.

Install the Better Search Replace plugin.  Do a search in all areas of the database for the development URL and replace it with the live URL.  Be careful not to include a slash on one URL and not the other.  See screenshot for recommended strings.

Screen Shot 2014-04-02 at 11.43.07 AM

Check common theme template files for hard coded links.  Note that Godaddys find and replace featured on managed wordpress often misses certain links, for example email links or sub domain links.  You should still run a find and replace on Godaddy managed wordpress.

Go to settings > reading and uncheck the box to allow search engines to crawl the website.  Use screaming frog to check of any broken links.  Fix any that you see.

Gravity Forms settings

If you are going to set up Google Analytics goals make sure you create a thankyou page and set the confirmation to go to the thank you page.

Set the send to email address to the client, we also BCC our info@ address so we have an extra copy of any forms.  Set the Send As address to the wordpress@ or other generic email that the client uses.

Change the subject of the form to include the name of the person who filled it out the form, not the title of the form itself.

Send a test message to the client and ask them to “forward this message back to me to confirm receipt”.  If they do not receive the form tell them to check their spam.  You may need to set up SMTP email if it is not getting through.

Install and Configure Security Plugin

Follow the instructions on the iThemes Better WordPress Security post.

Website Setup for SEO clients

Yoast Settings

Configure the SEO settings to no index sup pages of archives.  No index any post types or formats that are not being used as independant URL’s.  For example we may have a post type for SLIDES but these URL’s are not supposed to be viewed individually.  You should also noindex attachments.

You can noindex post formats, and tags if they are not being used.  You can disable the SEO meta box on any post types that are set to noindex.

301 redirects

Install the Simple 301 redirects plugin.  Do a search on Google for to return a list of all URL’s indexed by Google.  Go through each URL and create a redirect to a similar page on the new website.  If a page no longer exists then create a redirect to the home page.

Setup Google analytics.

Create a Google account. See this post for more details. as well as this post for setting up Goals.

Be sure to share Google analytics with the SEO account manager (charlie.strickler) and the info@boom email address.

Setup Webmaster tools

Add a site to Google WMT and share with the SEO account manager (charlie.strickler) and the info@boom email address.

Create a Microsoft account and add a site to Bing webmaster tools.


Add to tracking spreadsheets and monitors

Add site to technical spreadsheet on Google docs. Add to backup schedule on InfiniteWP, Add to uptime monitor on Infinite WP, Add to update group.

Final Steps

Delete any development plugins.  This often includes search and replace, regenerate thumbnails.  If you are moving the site from a different host you can delete the old development files.

Run screaming frog.  Examine the results for broken links, hashtag links, and any URL’s that still point to the development site (check external links as well).

Download W3 total cache or use infinity cache for WP Touch websites.  See this post for how to configure W3 total cache. –

Run a sitespeed test using  Add any issues with page load speed to your notes about the launch.

Make a backup on Infinite WP called “PostLaunch”.

Add to Hosting and Updates spreadsheet.

How to setup on click goals in Google analytics

Use the Google Analytics Event Tracking Code Generator to create the onclick goal. Note that if you are logged in and the analytics code is hidden then clicking the link will produce an error. To test the goal make sure you are logged out.

Screen Shot 2014-03-27 at 5.00.13 PM

Click to call codeNote that we are only adding one category name when we setup the goal but we fill out several more variables in the onclick code. We do this because the onclick code requires a category, an action and a value.

Goals do NOT register immediately so after you set one up you will have to click on the phone number, then check a few days later to make sure it was recorded.

Be sure to note if the site is using an old classic analytics code you should upgrade to universal analytics.

Running backups on Infinite WP

The backups on Infinite WP are really easy. You can select backup now from the site menu on the left of the page, give the backup a name, and press the backup button. For many sites you may not want to backup all your websites files because many of them don’t change very often. For example the wp-includes and wp-admin folders can easily be downloaded.

wp-admin, wp-includes

Keep in mind that you may have more than one website folder on your webserver and you should also ignore a secondary website and do that backup separately.

Screen Shot 2014-03-27 at 4.52.36 PM

We usually only keep 3 backups on file because most web hosting companies do a daily backup of all their sites that we can retrieve in an emergency. We run our backups before and after we update our WordPress core and plugins so usually our backups are like this.

  • PostUpdate – older
  • PreUpdate – before the most recent update
  • PostUpdate – After the the most recent update

Set the # of Backups to 4 when you run the backup and it will delete older backups from the folder automatically. Unfortuneately InfiniteWP does not seem to remember what number you set this to so you will have to change it every time you run an update.

Build a lightweight slider from a custom post type

Start by adding to your theme’s function.php file. We need to add the custom post type for the slides, a custom thumbnail size for the slider, and we need to add the slider script to the header.

/**add slider script to header*/

function my_scripts_method() {
		get_stylesheet_directory_uri() . '/js/responsiveslides.min.js',
		array( 'jquery' )

add_action( 'wp_enqueue_scripts', 'my_scripts_method' );

/**custom post type for slider*/

register_post_type('slides', array(
'label' => __('Slides'),
'singular_label' => __('Slides'),
'public' => true,
'show_ui' => true,
'capability_type' => 'post',
'hierarchical' => false,
'rewrite' => false,	'query_var' => true,
'supports' => array('title', 'editor', 'thumbnail'),
'taxonomies' => array( 'post_tag')

/**add slider thumbnail size*/

if ( function_exists( 'add_image_size' ) ) { 
	//add_image_size( 'category-thumb', 300, 9999 ); //300 pixels wide (and unlimited height)
	add_image_size( 'homepage-slider', 960, 320, true ); //(cropped)

/**add slider thumbnail size*/
add_filter('post_thumbnail_html','remove_thumbnail_dimensions', 10 );
add_filter('image_send_to_editor','remove_thumbnail_dimensions', 10 );

function remove_thumbnail_dimensions( $html ) {
    $html = preg_replace( '/(width|height)=\"\d*\"\s/', "", $html );
    return $html;

Modify the front page template to loop through the custom post type and use the format needed for the slider. We are taking our slider code from

<ul class="rslides">
$my_secondary_loop = new WP_Query('post_type=slides');
if( $my_secondary_loop->have_posts() ): while( $my_secondary_loop->have_posts() ): $my_secondary_loop->the_post(); ?>
     <div class="slider-overlay">
     <div class="slider-content">
     <?php the_title(); ?>
     <?php the_content(); ?>
	<?php the_post_thumbnail('homepage-slider');   ?>
    endwhile; ?>
<ul id="rslides-pager">
<?php while( $my_secondary_loop->have_posts() ): $my_secondary_loop->the_post();
       //The secondary loop
      <li class="slidebtn"><a href="#">&nbsp;</a></li>    
    endwhile; ?>
<?php endif;

We have added the initialization and settings javascript into the slider script file.

$(function() {
auto: true,             // Boolean: Animate automatically, true or false
speed: 500,            // Integer: Speed of the transition, in milliseconds
timeout: 4000,          // Integer: Time between slide transitions, in milliseconds
pager: true,           // Boolean: Show pager, true or false
nav: false,             // Boolean: Show navigation, true or false
random: false,          // Boolean: Randomize the order of the slides, true or false
  pause: false,           // Boolean: Pause on hover, true or false
  pauseControls: true,    // Boolean: Pause when hovering controls, true or false
  prevText: "Previous",   // String: Text for the "previous" button
  nextText: "Next",       // String: Text for the "next" button
  maxwidth: "",           // Integer: Max-width of the slideshow, in pixels
  navContainer: "",       // Selector: Where controls should be appended to, default is after the 'ul'
  manualControls: "#rslides-pager",     // Selector: Declare custom pager navigation
  namespace: "rslides",   // String: Change the default namespace used
  before: function(){},   // Function: Before callback
  after: function(){}     // Function: After callback

Add the slider CSS to the theme’s CSS file

/* =slider styles
-------------------------------------------------------------- */

	position: absolute;
	background-color: rgba(0,0,0,0.39);


	padding: 15%;

	position: absolute;
	margin-left: -25px;
	margin-top: -45px;


#rslides-pager a{
	display: block;
	text-decoration: none;

#rslides-pager li.rslides_here {
  background: #fff;

#rslides-pager li{
background-image: none;
background-color: #0e1939;
border-radius: 10px;
width: 12px;
height: 12px;
margin: 0 2px;

.rslides {
  position: relative;
  list-style: none;
  overflow: hidden;
  width: 100%;
  padding: 0;
  margin: 0 0 25px 0;

.rslides li {
  -webkit-backface-visibility: hidden;
  position: absolute;
  display: none;
  width: 100%;
  left: 0;
  top: 0;

.rslides li:first-child {
  position: relative;
  display: block;
  float: left;

.rslides img {
  display: block;
  height: auto;
  float: left;
  width: 100%;
  border: 0;

Custom styles for the slider will need to be applied from here but the slider should be working.

Customizing WordPress Image Sizes

Images on a website are often cut to exact size by a developer or designer while building a website.  Its easy to forget that you can easily customize the standard thumbnail sizes in the WordPress Media Settings.

Screen Shot 2013-12-14 at 4.37.17 PM

One of the most useful techniques is to set the large size to the width of the content area of the website so you can easily insert full width images.

You can create additional image sizes and edit the WordPress default image sizes in the functions file.

if ( function_exists( 'add_theme_support' ) ) {
add_theme_support( 'post-thumbnails' );
set_post_thumbnail_size( 150, 150 ); // default Post Thumbnail dimensions

if ( function_exists( 'add_image_size' ) ) {
add_image_size( 'category-thumb', 300, 9999 ); //300 pixels wide (and unlimited height)
add_image_size( 'homepage-thumb', 220, 180, true ); //(cropped)

You can also add these new image sizes to the visual editor so users can select the thumbnail size when they are inserting it into a page.

add_filter( 'image_size_names_choose', 'my_custom_sizes' );

function my_custom_sizes( $sizes ) {
    return array_merge( $sizes, array(
        'your-custom-size' => __('Your Custom Size Name'),
    ) );

This snippet and more information about cropping options are in the WordPress Codex for Image Sizes

Customizing WordPress User Permissions, Roles, Capabilities

When you are showing a person how to use WordPress for the first time it is a good idea to make them an Editor role instead of an Administrator. You can use a plugin called Capability Manager Enhanced to give the Editor Role more than its usual permissions.

By default the editor cannot edit widgets, theme options, page builders, slider plugins or other types of plugins. The user manager plugin can give an editor access to many of these.

Note that editors can see all users, but cannot create other editors. They can only create users at the author level.

Recommended Editor Capabilities
Screen Shot 2013-12-14 at 4.26.35 PM

How to configure WP Super Cache

When you first install and activate WP-Super Cache plugin it does almost nothing to increase your site speed.  In this video we show you how to adjust the settings for WP Super Cache so that it serves up the website faster for users, while still allowing administrators to see their updates without refreshing the cache.

Note that in the video I set preload mode to load every 120 minutes. We now recommend setting this to 360 minutes.

See also “How does a cache make my website faster“.