All posts by Dave

About Dave

Designing websites since 1998.

Creating a WordPress Child Theme

Overview

WordPress LogoSave yourself some heartburn, do not modify WordPress templates directly … create child templates. Creating a child template will allow you to update a theme without having to re-work it to include your change.

To create a child theme, you need to do the following:

  • Create a child theme directory
  • Place a new style.css file in your child theme directory
  • Add a functions.php file to the child theme directory
  • Add copies of files you plan to modify in the new child theme directory

Create a child theme directory

Go tot he themes diretory (wp-content/themes), create a subdirectory with the name othe original theme, but, append “-child’ to the directory name. Example, if you want a child them for the twentyfifteen theme, create a subdirectory twentyfifteen-child.

In the twentyfifteen-child directory, create a file style.css. In the style.css file, you must have the following minimum header.


/*
 Theme Name:   Western Way Realty
 Theme URI:    http://example.com/western-way-realty/
 Description:  This is a Child Theme of twentyfifteen for the Nomad Realty
 Author:       John Doe
 Author URI:   http://example.com
 Template:     twentyfifteen
 Version:      1.0.0
 License:      GNU General Public License v2 or later
 License URI:  http://www.gnu.org/licenses/gpl-2.0.html
 Tags:         light, dark, two-columns, right-sidebar, responsive-layout, accessibility-ready
 Text Domain:  twenty-fifteen-child
*/

 

When creating the header for the style.css file, include the

  • Them Name: followed by the name of your new child theme
  • Theme URI: followed by the location of updates for the theme
  • Description: followed by the description of the template and remember to reference the name of the parent theme to assure user remembers to include the parent theam.
  • Author: followed by your name (or the name of the developer of the new child template)
  • Author URI: followed by the URI of the authors website.
  • Template: followed by the name of the parent template
  • Version: followed by the version number you want for the child template
  • License: followed by the software license that is used to release this template
  • License URI: followed by the address of a copy of the release license.

Following the style.css header, you may now add any new CSS that will be needed in your theme.

Create a function.php file

In the child theme directory, create a file function.php. The original theme function will provide all functions you need, but, this function.php can be used to override the function.php function or to include new function.php content for the child theme.

At minimum, the functions.php file should include the following:


    add_action( 'wp_enqueue_scripts', 'theme_enqueue_styles' );
    function theme_enqueue_styles() {
        wp_enqueue_style( 'parent-style', get_template_directory_uri() . '/style.css' );
        wp_enqueue_style( 'child-style',
            get_stylesheet_directory_uri() . '/style.css',
            array('parent-style')
    );
}

 

The above code assure that the parent style.css file is loaded, and it assure that the new style.css file is loaded for the new theme.

With the creation of the functions.php file in your child directory, you are ready to go…

Keep Going

Keep going creating your new child theme. Add new child themes functions to the new functions.php. Add the new CSS content to the new style.css file. If you need to modify other files, such as header.php, footer.php, template.php or any other file … copy it to your new child theme directory and make your mods in the new child themes directory.

Protect Your Website from Hackers (and Spammers) 2

Recently, I mentioned that you should be concerned about hackers (and spammers). I listed a number of items that you can do to increase the security of your website, and I listed reasons you should be concerned about security. However, I didn’t take the time to explain how to perform the protective activities. This article and following articles will give explanations that will help you perform those protective activities listed. Today, I’ll explain how to:

  • Check your site regularly for potential security problems.
  • Keep your website software up-to-date.
  • Monitor your site for unauthorized attempts to login by unauthorized people
  • Hide your login page
  • limit login attempts
  • never use the default administrator name
  • randomize your password

There are several WordPress plugins that will allow you to monitor for potential hackers and spammers. Personally, I find WordFence and Lockdown WP to be two exceptional plugins to help monitoring a WordPress site. Install WordFence and Lockdown WP and you’ll find an incredible set of tools to monitor your site.

Your first steps will be to configure these two plugins.

Configure Lockdown WP

Lockdown WP has only a few configurables, but the configurables are some of the most important items you can configure. Using Lockdown WP, you will make it harder for the hacker to find your administration area. To do this, configure Lockdown WP by:

  • Selecting to hide the administration area from those that are not logged into the site. To do that, check the option box next to ” Yes, please hide WP Admin from the user when they aren’t logged in.” Anyone not logged in attempting to access the administration area will receive a page not found 404 error message.
  • Setting a new WordPress Login URL. Normally, access to administration is accessed at the location www.example.com/wp-login.php. Using lockdown WP, set the access point to ANYTHING other than wp-login.php. Set the access point to an unusual, unique access location with a name that has no bearing on your site purpose or function, such as www.example.com/fish201. If you reconfigure this access point, hackers that attempt to login your site will have trouble guessing where you have “moved” the login access, and therefore will have more trouble attempting to hack your login. Anyone that attempts to access at www.example.com/wp-login.php will clearly be a hacker and you will be informed hackers attempt to access this 404 location.

Configure WordFence

WordFence has a large number of important features to configure. Using WordFence, review all the configurable items. The following list has an “X” beside options that should be checked. When a text string should be entered, suggested answers are provided. Make certain that at minimum you set the following configurable:

Basic Options:

  • X Enable firewall
  • X Enable login security
  • X Enable Live Traffic View
  • X Enable automatic scheduled scans
  • X Update Wordfence automatically when a new version is released
  • Where to email alerts: your@email.com

Advanced Options:

  • X Alert on critical problems
  • X Alert on warnings
  • X Alert when an IP address is blocked
  • X Alert when someone is locked out from login
  • X Alert me when a non-admin user signs in

Scans to include:

  • X Scan for the HeartBleed vulnerability?
  • X Scan theme files against repository versions for changes
  • X Scan plugin files against repository versions for changes
  • X Scan for signatures of known malicious files
  • X Scan file contents for backdoors, trojans and suspicious code
  • X Scan posts for known dangerous URLs and suspicious content
  • X Scan comments for known dangerous URLs and suspicious content
  • X Scan for out of date plugins, themes and WordPress versions
  • X Check the strength of passwords
  • X Scan options table
  • X Monitor disk space
  • X Scan for unauthorized DNS changes
  • X Scan files outside your WordPress installation
  • X Scan image files as if they were executable

Firewall Rules:

  • If a crawler’s pages not found (404s) exceed: 5 per minute then block it
  • If a human’s pages not found (404s) exceed: 5 per minute then block it
  • If 404’s for known vulnerable URL’s exceed: 1 per minute then block it
  • How long is an IP address blocked when it breaks a rule: 30 minutes

Login Security Options:

  • Enforce strong passwords? TRUE
  • Lock out after how many login failures : 3
  • Lock out after how many forgot password attempts: 3
  • Count failures over what time period: 10 minutes
  • Amount of time a user is locked out: 30 minutes
  • X Immediately lock out invalid usernames
  • X Don’t let WordPress reveal valid users in login errors
  • X Prevent users registering ‘admin’ username if it doesn’t exist
  • X Prevent discovery of usernames through ‘?/author=N’ scans

Other Options:

  • X Hide WordPress version
  • X Hold anonymous comments using member emails for moderation
  • X Filter comments for malware and phishing URL’s
  • X Check password strength on profile update
  • X Participate in the Real-Time WordPress Security Network

Your second step will be to use WordFence to monitor for hackers on a regular basis

Assuming your have configured according to the list above, you should be well on the way to a safer website. Given the configuration above, hackers will have trouble seeing your administration login page, you will be using more secure passwords, hackers will be blocked if they attempt to access protected areas of your site and your WordPress site will be continually scanned for viruses.

However you can not walk away from the site and assume it is safe. Daily, you will want to check your site reports in WordFence. Under WordFence Life Traffic, check the reports for Pages Not Found, Login & Logouts, and 404 Errors. Each of these reports will identify the page being accessed, visitors home country, and visitors IP address (among other things).

Examine the Pages Not Found and 404 error list. Unless you have broken links, you should have no pages not found. With the exception of a few people that accidentally attempt to access a page and enter a typo, accesses to pages not found should be reviewd carefullly. If you can not rationalize why a person might have attempted to access a page that can not be found. block that person from further access.

Examine the Login & Logout report. Look at the list, scanning for records of people attempting to access with an invalid user name, or show access from a country or area that is not reasonable. If you have no one that should be accessing your administrative area from Arizona or China and records indicate an attempt to access from those areas, block that IP address.

Wordfence will remind you as new versions of your plugins appear. Be diligent and update those plugins. Wordfence will notify you in the event that WordPress has a newer version available. Update WordPress and modules as they come available.

If you are diligent monitoring your site, you should feel significantly more secure in the area of vulnerability

Protect Your Website from Hackers (and Spammers)

Are you worried about your website and hackers? If you are not worried, you should be worried or at least virulent. There are people out in the cold cruel internet that are looking at your website. Some of these people are comedians (mostly harmless), and some are very vicious. These people are examining your site daily for chinks in your armor, and ways to get into your site without you noticing.

If your attitude is; I’m not worried, I have nothing important on my site … you are a prime target. Some hackers do damage, bring a site down, some simply create a comical behavior in your site, others hack and remain invisible. If you are a lucky person and the hacker does some damage (either vicious or comical), you are lucky because you know you have a problem to resolve. Some hackers do activities that them them invisible to you, but, are causing problems … very bad problems.

In the last year, I have assisted dozens of site recover from hacked states. Some, site owners knew they are hacked, some did not have the slightest idea they were in trouble. Among the sites recovered last year included sites that:

  • Had been taken off-line hackers file.
  • Had cosmetic (artistic) changes done to their pages appearance
  • Were redirecting visitors away from the site by 301 redirect
  • Were hit by usage overloads and ultimately Denial of Access problems
  • Had viruses inserted on the site
  • Had logging software added to there site to catch personal information of visitors
  • Had hidden storefronts setup within the site and alternate business was being perform to the surprise of the site owner.
  • Had been set up to send out spam email

Clearly, the first few problems are visible to the site owner, but, some of the site hacks could potentially go on indefinitely if the site owner is not vigilant. In the case of the last few hacks, the site owners were alerted to the problems on their site by visitors that accidentally feel into the “alternate business pages,” received spam from the site or had problems with personal information distribution. These last few hacks can have a devastation affect on your site, its credibility and your visitors.

On top of the obvious problem that your site is being used in a manner that you do not intend (redirecting people, steals information from visitors, etc), your site can be identified as a blacklisted site … blacklisted as danger. If your site has been blacklisted by Google, virus protect software or any of a hundred other sources, you will find it incredibly hard to dig yourself out of the blacklist.

So, what can you do to help protect your site?>

  • Keep your website software up-to-date, never let a site go on operating with software with a known security risk
  • Keep security permissions correct on your files and directories
  • Check your site regularly for potential security problems, don’t let the site run on autopilot (without your attention)
  • Monitor your site for attempts to login by unauthorized people
  • Hide your administration login page
  • Limit login attempts
  • Never use the default administrator name for a CMS
  • Use thoroughly randomized and secure passwords for administration areas
  • Monitor your site for people attempting to access suspicious areas of your website
  • Monitor you activity log for any strange behavior
  • Find tools to help you block accesses from addresses you determine are suspicious.
  • Assure you use security validation for all form input fields
  • Assure your SSL encryption is functioning if you are sending sensitive data off site.
  • Do security scans of your site for malware
  • Backup your site and database regularly

The next article on this blog will explain how you can follow the recommendations listed above.

Snippet: Popups

The following is code to create popups. To use this code:

  1. Create a div that contains the pop up content and add an id tag to the div.
  2. Create a div or image that will be used to open the popup, and add a class tag.
  3. Add a div or image to the popup content that may be pressed to close the popup, add a class to the div or image

Add the following JavaScript code …


    <script src="//ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js">
    <script type="text/javascript">
        $(function() {
            if (!$("#dr_pop_div").length )  $("body").prepend( "<div id='dr_pop_div' ></div>" ) ;
                function dr_pop(config) {
                    var dr_tag    = (config.msg) ? config.msg : "#msg" ;  /* tagged div that will pop up */
                    var dr_open   = (config.open)? config.open : ".info_open"  ;  /* element to click to open    */
                    var dr_close  = (config.close)? config.close : ".info_close"  ;  /* element to click to close   */
                    var dr_toggle = (config.toggle)? config.toggle : ".info_toggle"  ; /* element to click to toggle */

                    $("#dr_pop_div" ).append($(dr_tag));
                    $("#dr_pop_div").addClass("dr_pop_hide") ; 
                    $(dr_tag).addClass("dr_pop_hide") ;

                    $(dr_open).click(function()   {
                        if ($("#dr_pop_div").hasClass("dr_pop_hide"))   $("#dr_pop_div").removeClass("dr_pop_hide") ;
                        if ($(dr_tag).hasClass("dr_pop_hide")) 	        $(dr_tag).removeClass("dr_pop_hide") ;	
                        if (!$("#dr_pop_div").hasClass("dr_pop_show"))  $("#dr_pop_div").addClass("dr_pop_show") ;
                        if (!$(dr_tag).hasClass("dr_pop_show"))         $(dr_tag).addClass("dr_pop_show") ; 
                    }) ;
                    $(dr_close).click(function()  {
                        if ($(dr_tag).hasClass("dr_pop_show"))        $(dr_tag).removeClass("dr_pop_show") ;
                        if ($("#dr_pop_div").hasClass("dr_pop_show")) $("#dr_pop_div").removeClass("dr_pop_show") ;
				
                        if (!$(dr_tag).hasClass("dr_pop_hide"))        $(dr_tag).addClass("dr_pop_hide") ;
                        if (!$("#dr_pop_div").hasClass("dr_pop_hide")) $("#dr_pop_div").addClass("dr_pop_hide") ;
		    }) ;
                    $(dr_toggle).click(function() {
                        if ($("#dr_pop_div").hasClass("dr_pop_hide")) {
                            $("#dr_pop_div").removeClass("dr_pop_hide") ;
                            $(dr_tag).removeClass("dr_pop_hide") ;
                            if (!$("#dr_pop_div").hasClass("dr_pop_show")) { 
                                $("#dr_pop_div").addClass("dr_pop_show") ;
                                $(dr_tag).addClass("dr_pop_show") ;
                            }
                        } else {
                            if ($("#dr_pop_div").hasClass("dr_pop_show")) { 
                                $("#dr_pop_div").removeClass("dr_pop_show") ;
                                $(dr_tag).removeClass("dr_pop_show") ;
                            }
                            if (!$("#dr_pop_div").hasClass("dr_pop_hide")) {
                                $("#dr_pop_div").addClass("dr_pop_hide") ;
                                $(dr_tag).addClass("dr_pop_hide") ;
                            }
                        }		    
                    }) ;
                }
                var popup1 = new dr_pop({ "msg" : "#msg", "open" : ".info_open", "close" : ".info_close"  }) ; 
                /* ... more popup declarations go here */
            }) ;		  
	</script>

For each message popup, declare the popup by defining the labels that will be used for the popups. The definitions of the labels are done in the “dr_pop” statement. The dr_pop(config) is defined as follows:


    var pop = new dr_pop( {
       "msg" :  ,     
       "open" :  ,
       "close" : 
      }) ;
  Where:
      is the quoted id for the div that holds the message, example: "#msg"
      is the quoted id or class of the object to use as the open button. 
                (Example:  .info_open) 
      is the quoted id or class of the object to use as the close button.
                (example: .info_close)

 

Photoshop CS2

FREE Adobe Photoshop, Illustrator and more REALLY !!!

adobe-photoshop-cs2

Have you been a person that has always wanted Adobe Photoshop, Adobe Illustrator, etc, but, couldn’t afford the massive cost of buying the Adobe Suite. Well there is a partial solutions.

Adobe has a version called Adobe Suite CC, I can’t help you afford that. Previously, there was a version called Adobe Suite CS6, I can’t help you afford that. But, I can tell you how to get a version of Adobe Suite CS2, or it’s individual components. Adobe Suite CS2 has been retired. This version is no longer supported by Adobe, and may not work on computer OS systems in the future. However, it currently runs on Vista, Windows 7 and may work on Windows 8. You can find a copy of Adobe Suite CS2 for your computer at no charge as follow:

To get Adobe Creative Suite CS2 or its individual components:

  • Visit this Adobe link.
  • Login if you have a Adobe ID, or sign up for a new Adobe ID.

    If you sign up as a new user, when you fill in the registration info, you will be sent a verification email. After answering the verification email, you’ll be taken to the downloads page.

  • On the download page, scroll down to the section where it says ‘Creative Suite 2 (if you want the full suite of tools for CS2’ or ‘Photoshop CS2,’ if that is all you want.
  • Download the version of CS2 tailored for your operating system.
  • Save the serial number listed to the right next to the download, you’ll need it to activate the software.

That’s it, enjoy yourself