WordPress is the most popular CMSwebsite development platform. Although the developers are adding new features and security fixes frequently, WordPress always has room for more improvements. You can use the following tips and tricks to achieve the design goals and make your website more secure.
Usage of webhooks
The hooks are one of the most used functions to develop plugins, create themes, and solve problems. You can run additional code lines before, right off, or after an event using webhooks. This enables users to run the necessary tasks without touching WordPress core files. You can use the webhooks by following the steps below:
add_action(string $hook_name, callable $callback, int $priority = 10, int $accepted_args = 1);Parameters
- $hook_name (string) (Required) The name of the action to add the callback to.
- $callback (callable) (Required) The callback runs when the action is called.
- $priority (int) (Optional) Used to specify the order in which the functions associated with a particular action are executed. Lower numbers correspond with earlier execution, and functions with the same priority are executed in the order they were added to the action. Default value: 10
- $accepted_args (int) (Optional) The number of arguments the function accepts. Default value: 1
The $hook_name and $callback from the parameters above are required, but the other two are optional.
Creating a child theme
The developers of WordPress mostly need to make some changes in the themes. As you shape the theme with additional codes, your changes disappear as you update the theme; it rewrites the files you have changed or added new lines of codes. Using child theme prevents this unpleasant situation. That’s why we advise you to create a child theme before making changes to the theme itself.
How to create a child theme?
If the theme you are using has no option to create a child theme automatically, you can do it by yourself. Just go to /wp-content/themes/ in FTP and create a new folder with the same name but with adding -child to the end (e.g. /wp-content/themes/XXX-child). You can also copy the screenshot.png file from the original folder to create a thumbnail in the WordPress themes interface. Then, follow the steps below:
- Create a new file named functions.php in the child theme folder
- Copy the following codes into the functions.php files by changing the cloud7 phrases with your theme and child theme folders:
add_action( 'wp_enqueue_scripts', 'c7_theme_enqueue_styles' ); function c7_theme_enqueue_styles() { wp_enqueue_style( 'cloud7', get_template_directory_uri() . '/style.css' ); wp_enqueue_style( 'cloud7-child', get_stylesheet_uri()); } - Create a new file named style.css in the child theme folder
- Edit and copy the following codes into the style.css file. Be careful while renaming the Template line; you need to put the original theme folder’s name and it is case sensitive:
/* Theme Name: Cloud7 Child Description: This theme child file is created by Cloud7. Author: Cloud7 Team Author URI: https://cloud7.news/ Template: cloud7 Version: 1.0 Tags: light, dark, two-columns, right-sidebar, responsive-layout, accessibility-ready */ - Activate your child theme from the Themes interface in WordPress.
Changing the /wp-admin/ path
One of the most important security measures for WordPress is changing the default admin path. By doing that, you can avoid some attacking techniques such as brute force and SQL injection. You can change the admin path by installing and using the following plugins:
All In One WP Security & Firewall
Database optimization
You should be aware of the sizes of the databases in your WordPress websites since they might become unmanageable as they grow. One of the main reasons for it is rapidly installing, trying, and deleting plugins. Do not try the plugins in the live websites, but in a demo environment. Trying plugins might also cause some security risks.
Backing up in WordPress
You might find yourself in very unpleasant situations by accidentally deleting some necessary files. Even worse, a hacker might use a zero-day attack to delete all of the files in your files on the website. If you are not backing up your website, it will likely ruin your day, or maybe a month, or even a year. Use the following plugin to backup your website regularly. It is advised to back up the files in third-party applications such as cloud services.
Delete the unnecessary files that load on every page
The files of your theme and plugins are being loaded on all of the pages of your website. This situation drastically affects the performance of your website. You can prevent this by using Asset CleanUp: Page Speed Booster plugin by Gabe Livan. It enables admins to disable some .js and .css from selected pages. And that will improve the performance.
Asset CleanUp: Page Speed Booster
Use Query Monitor
Query Monitor is an open-source WordPress debugging plugin. It is quite handy while debugging database queries, PHP errors, hooks and actions, enqueued scripts and styles, theme template files, languages and translations, rewrite rules, block editor blocks, and HTTP API calls errors.