Here is a quick way to add an automatic logout feature to your WordPress powered website. Add this code to your child themes functions.php file. Don’t know what a child theme is? Click here.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
<?php /** * Auto logout ajax. */ add_action( 'wp_ajax_auto_logout', 'auto_logout' ); add_action( 'wp_ajax_nopriv_auto_logout', 'auto_logout' ); function auto_logout(){ wp_verify_nonce($_POST['security', 'secure-my-logout'); echo "Logged Out."; if ($_POST['time']) { wp_clear_auth_cookie(); die(); } die(); } |
Put this javascript in a separate file. Note its file path as you will need to enqueue the script later.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 |
"use strict"; jQuery(document).ready(function() { if( jQuery('body').hasClass('logged-in') ) { auto_logout.init(); } }); var auto_logout = { timeoutID : 0, init : function() { document.addEventListener("mousemove", auto_logout.resetTimer, false); document.addEventListener("mousedown", auto_logout.resetTimer, false); document.addEventListener("keypress", auto_logout.resetTimer, false); document.addEventListener("DOMMouseScroll", auto_logout.resetTimer, false); document.addEventListener("mousewheel", auto_logout.resetTimer, false); document.addEventListener("touchmove", auto_logout.resetTimer, false); document.addEventListener("MSPointerMove", auto_logout.resetTimer, false); }, startTimer : function() { auto_logout.timeoutID = window.setTimeoutauto_logout.goInactive, 180000); }, resetTimer : function() { window.clearTimeout(auto_logout.timeoutID); auto_logout.goActive(); }, endTimmer : function() { document.removeEventListener("mousemove", auto_logout.resetTimer, false); document.removeEventListener("mousedown", auto_logout.resetTimer, false); document.removeEventListener("keypress", auto_logout.resetTimer, false); document.removeEventListener("DOMMouseScroll", auto_logout.resetTimer, false); document.removeEventListener("mousewheel", auto_logout.resetTimer, false); document.removeEventListener("touchmove", auto_logout.resetTimer, false); document.removeEventListener("MSPointerMove", auto_logout.resetTimer, false); }, goInactive : function() { var data = { 'action': 'auto_logout', 'time': true, 'ajaxsecurity': ajax_object.logout_nonce, }; jQuery.post(ajax_object.ajax_url, data, function(response) { auto_logout.endTimmer(); alert('You have been logged out due to inactivity.'); window.location.href = "/login/"; }); }, goActive : function() { auto_logout.startTimer(); }, }; |
Don’t forget to enqueue the script and localize it for the ajax to work. Do this in your child theme’s functions.php file. You are using one of those right?
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
// Action to enqueue style/scripts. add_action( 'wp_enqueue_scripts', 'prefix_enqueue_scripts' ); function prefix_enqueue_scripts(){ wp_enqueue_script( 'auto-logout', 'path to your auto-logout.js file', array('jquery'), '', true ); // Object properties are accessed as ajax_object.ajax_url, ajax_object.we_value. wp_localize_script( 'auto-logout', 'ajax_object', array( 'ajax_url' => admin_url( 'admin-ajax.php' ), 'security' => wp_create_nonce('secure-my-logout') ) } |
I recently had the opportunity to join a great group of people building websites using the CodeIgniter framework. After building websites with WordPress for several years I was looking forward to learning a new framework and was interested to know how it would compare in both speed of development and quality of the Website build.
It is important to note that CodeIgniter is not for beginning web developers. The CodeIgniter framework requires significant knowledge of PHP, javascript, mySQL, CSS, and html. Knowledge of application architecture is also required for best performance and scaleability.
For websites that have low traffic volume and for which high speed response times are not critical, WordPress can not be beat. It’s ease of installation and user friendly updates are great for the beginner to intermediate web developer. When the correct method for making customizations is followed, WordPress can be a very effective and competitive framework to use. (this website is WordPress)
When using WordPress for enterprise level web applications, WordPress becomes more of a PHP framework that is customized similar to any PHP framework. Developers dissect the application and use only in house plugins and themes that are streamlined for the specific application. This improves the efficiency of the application and removes all the unnecessary code bloat and bugs that come with third party plugins and themes. The core files are not altered and major core updates can still occur.
When a developer has reached the need for this level of sophistication and customization it is time to question whether WordPress is the best framework to use. Since the developer is no longer using the things that sped up development (namely third party plugins) why not consider using a framework that is truly light weight in structure yet provides all the necessary classes for building a truly performant application?
The main reason this does not happen is the organization has built in-house “plugins” or codes snippets that speed their web development process up. Copying large sections of code for reuse is common practice in all types of application development and web development is no different. When an organization has built a large in house library using one framework, the upfront cost of starting over with another framework seems too great.
It is this cycle that causes an organization to get stuck in one framework. If the organization has started small using WordPress and grows into needing to providing high performance, scalable web applications it may run into problems making the transition to large scale enterprise level web applications as the cost of a transition is seen as too high. Not wanting to spend the extra money on sophisticated developers or take the time to learn a new process.
In the end my experience with both WordPress and CodeIgniter has led me to believe the best choice depends on your clients needs (go figure?). WordPress is slow. Too slow for enterprise level websites out of the box. It is perfect for low to medium traffic web sites and keeps build costs low initially.
While WordPress is used by many enterprise level web sites the level of necessary customization to reach acceptable performance levels is on par with any other framework. So for the enterprise level website my vote goes to CodeIgniter.
There are different ways to migrate a WordPress website. Installing some free plugins can make this task a simple operation for the intermediate WordPress user. There are some pitfalls that can cost you a lot of time and headache. This is step by step guide is one I have used to move a WordPress website from one server to another.
When building a website it is important to take into consideration the difference between relative paths and absolute paths. You should build your website using relative paths for image urls and links. If you do not use relative paths, moving your site will cause these links to no longer work. Each link will have to be corrected using the new domain name or better yet, made into a relative link. This occurs often when a subdomain is used as the development environment.
If you are not the original site creator and you have inherited a site that has used absolute urls. You may want to consider using a plugin like Better Search and Replace. This plugin is very powerful and can render your site inoperable if you search and replace the wrong things. Make absolutely sure you know what you are doing and BACK UP you site.
If you simply copy all the files from one server to the other without using a plugin to export the site you will have problems with your site. Themes and Plugins utilize the built in WordPress API to store their customization settings. This API uses a serialized array to store these values. The challenge with a serialized array is to change the data in it (like the domain name) you must un-serialize it, change the data, then re-serialize the data or the data will be corrupted. For many Themes if they are unable to read their settings and customizations they will revert to the default settings. This will cause all of your changes to be lost. Remember your backup? Did you export the Theme settings?
As I mentioned before there are several plugins that will handle this for you. A lack of sufficient server memory can cause the migration to halt. This can be overcome by making sure your hosting account has more than one gig of memory available. That is usually enough to migrate a small to medium sized website.
On the destination site, choose the import selection in the All In One Migration plugin settings and import the zip file you downloaded from the original site. After clicking the import button it will start to upload.
When it is done uploading you will be prompted with a warning saying you will lose the current database and site. Click ‘ok’ (because it is just a default WordPress install) and it will begin installing the site. This can take some time so be patient.
When it finishes save your permalinks twice. This will ensure that the migration has set the correct permalinks in the database.
Changing the DNS records to point to the new server is the final step and has its own pitfalls. Changing the Nameserver domains can cause email accounts to stop working if they are hosted on the old server. By changing the A records only you are able to continue using your old email server but your domain will be pointed to your new server. So make sure you have your email situation taken care of before you change the DNS settings. This change takes some time to take effect so in the mean time you can look for errors on the new site. You may have to view it through the ip address or by using a Tor browser.
It can take up to 24 hours for the DNS changes to take effect so be patient. DNS records are stored in your browser as well so it may help to clear your DNS cache in your browser and computer.
If you are able to view your site look for broken images and links that don’t work. Test all contact forms etc. Sometimes contact forms will continue to use the old domain ( http://subdomain.domain.com ). If it was a sub-domain than the email will no longer get sent to you. So you will want to make sure these settings have been changed.
If you are lucky everything should work fine. If not you will have to begin to trouble shoot the problems.
Good luck!
These directions are slightly different if you are going from a development subdomain to a live domain (same server). More on that in another post.
FYI – I now use a different method involving the command line almost exclusively. It is not for the average user.
It is important to keep your WordPress installation updated for many reasons. Security is at the top of the list. Updating your plugins, themes, and core files to the latest versions is the best thing you can do to avoid security problems with your website. In fact having your website fully updated is the single most important factor in preventing malicious activity.
WordPress comes with a feature called automatic updates built in. When you first install WordPress minor core automatic security updates are set by default. This means that any updates to the core files of WordPress will be automatically updated when they are released. This is a great for security reasons and peace of mind. If there is a security patch released the patch will automatically install without you having to do anything at all.
The default automatic updates are only the bare minimum of what is possible with the WordPress automatic update options. There are other update features that come with WordPress that are not turned on by default. You can turn these on programmatically or you can download a plugin that will allow you the flexibility to set all the options available. The program I wrote and use is called L7 Automatic Updates.
L7 Automatic Updates allows you to choose which plugins you want to update and which ones you don’t. This is a handy feature that I use on many sites I have inherited.
Keeping all of your plugins, themes, and core files updated to the latest versions not only keeps your site running smoothly, it is the greatest security measure you can take.
Filter hooks do exactly what the word sounds like they do, they remove or change material (filter it). They take an input and ‘filter’ it through the hooked function which returns the filtered input. You can hook your function and change the text of a post before it goes into the database or at different hook events throughout the websites execution.
Filter hooks sit at certain execution points either going into the database or being output to the browser screen. A list of all the available WordPress filter hooks is available here.
The WordPress codex shows the add_filter function as follows,
|
1 |
add_filter ( 'hook_name', 'your_filter', [priority], [accepted_args] ); |
Here is an example of a filter I used in my plugin L7 Login Customizer. I use the add_filter function in the constructor of the plugin’s main class, I have to use the
|
1 |
array( $this, 'l7wc_logo_link_change') |
because the function I am hooking is located in the same class.
|
1 |
add_filter( 'login_headerurl', array( $this, 'l7wc_logo_link_change' ), 15 ); |
The function l7wc_logo_link_change is now connected to the login_headerurl filter hook. Now when the login_headerurl filter hook is executed my filter function will filter the data which in this case is the logo link url and change it to the new url. There could be more than one filter hooked to the same filter hook. The ‘priority’ argument decides which filter goes first. Lower numbers are executed earlier.
The l7wc_logo_link_change function is here,
|
1 2 3 |
function l7wc_logo_link_change(){ return $this-l7wc_default_settings( 'link_url' ); } |
Notice that this function does not take an argument to filter. This function simply returns the value set in the settings array with the key ‘link_url’. We could change this function to look like this,
|
1 2 3 |
function l7wc_logo_link_change( $input ){ return $input . 'something'; } |
This would return the default WordPress link URL with the word ‘something’ appended to it. Of course this link would get a 404 but it is a good example of how this works.
For filters you find the filter hook that executes with the data you want to change and hook your function to it. Take the input, do what you want with it, and return it.
Plugins are small programs that are easily added to Wordpress to expand it’s functionality. By design WordPress is delivered in a “bare bones” state. Rather than have WordPress come with all the possibilities available, many of which a person would not use, the software lets you add what you need resulting in a much leaner and faster website or blog.
WordPress has over 41,000 free plugins to choose from. The popularity of WordPress gives the user a larger number of options when it comes to adding the custom functionality you are looking for.
From WordPress.org:
“Plugins are ways to extend and add to the functionality that already exists in WordPress.”
“The core of WordPress is designed to be lean and lightweight, to maximize flexibility and minimize code bloat. Plugins then offer custom functions and features so that each user can tailor their site to their specific needs.”
If you want to know more about how plugins work and where to get them try WordPress.org.
There are many reasons to use WordPress as your content management system. Security, reliability, usability, popularity (41,000 plugins), its flexibility, and its long standing history with a great group of dedicated volunteer developers at its core.
For small to medium sized companies WordPress is a perfect solution. It gives companies the ability to make minor updates to their site internally. Which can save money and time.