Handy image plugins to keep you sane.

I’ve been meaning to write a post about a few handy plugins that I use all the time. Some of these have saved me tons of time and effort.

My favourite one, and I’m sure lots of developers will agree, is Regenerate thumbnails. While working a theme, if you decide to change an image size of aspect ratio, this plugin will simply go through all of the images in your media library and resize them at once. Fantastic tool.

A new one I discovered a few months ago via twitter, is Imsanity. This tool is brilliant and makes so much sense. I’ve had clients upload 8MB images in the pass and these just end up clogging up the server. This plugin automatically resizes huge uploads to a decent more reasonable large size.

I’ve been a huge fan of the image widget plugin for a very long time. I’m not sure if there’s a better one out there, but this one does exactly what it says, very simply and elegantly. I love it.

Finally, this new plugin, hilariously called My Eyes are Up Here allows you to control how thumbnails are cropped based on face control. I haven’t had the chance to play with it much, but it looks like a great plugin and the authors are stellar developers. I’m guessing this one will soon be everyone’s favourite.

What image plugin have you found awesome? Care to share?

FAQ Manager Plugin

One of my favourite aspect of WordPress is the fact that custom post types can be created for just about anything. Movies, projects, testimonials, books etc… These are easy enough to do if you’re a developer but a bit tricky if your just learning. A common request by many clients is the ability to have an FAQ section. Again, this is a great use of custom post types and easy peasy to set up.

However, I recently discovered that all that work is not even necessary. Andrew Norcross has developed a plugin that manages FAQ really simply and is super easy to use.

Simply download the plugin, activate it, enter your questions and answers and then choose the shortcode you wish to display on your FAQ page. Andrew has thought of everything and given you lots of display options. The FAQ manager plugin is definitely on my list of favourites and has reduced my workload.

These are a few of my favourite plugins

At a recent WordPress Meetup, someone asked if there was a list of plugins that one should use. Such a list, of course, is not available and also impossible to put together. Every site has different needs, themes rely on various functionality and everyone is bound to have their favourites. This question was followed by everyone offering their favourite and I thought I would continue this discussion and post my list. First, let me stress that this list is made up of MY favourites. They are NOT the best (they might be, but I can’t say for sure), nor are they the ones I think YOU should use. They are simply the ones I find useful and use all the time.
Read more…

Setting up Custom Content Types using Stresslimit Custom Content Types plugin

When Custom Post Types (CPT) became available with the release of WordPress 3.0 everyone was super excited about this new features and many tutorials came out explaining how to use them. These were super helpful and helped us get started and I must admit, CPT have made building WordPress sites truly pleasurable.

Some folks did point out though, that to set these up, the code needed was quite cumbersome. Of course smart folks came up with handy tools and plugins to solve this.

I was reluctant at first and didn’t think that the extra code needed was that difficult to manage, but Joey introduced me to the Stresslimit Custom Content Types plugin and I’ve been hooked on it ever since. It’s super easy to use. The plugin is designed for developers, so it doesn’t simply work out of the box, but once installed all you do is add the following to your functions.php:

sld_register_post_type( 'your-post-type' );

This new function simply extends register_post_type().

So for example, if you wanted to create a new content type called Products, you would use:

sld_register_post_type( 'product' );

It also supports the same arguments as register_post_type() so if you wanted to override the default ones, you could use something like this:

$product_args = array(
	'supports' => array( 'title', 'thumbnail' ),
	'menu_icon' => get_template_directory_uri() . '/images/admin-product.png',
	'public' => false,
sld_register_post_type( 'slide', $product_args );

This function works perfectly and displays a nice custom content type in our admin panel with a new icon which we’ve added to our theme file.

Things do go wrong though if you’ve omitted to upload the plugin or it gets deactivated accidentally. If that happens, you get the following error on your site:

Fatal error: Call to undefined function sld_register_post_type() in ...

As a developer, that’s not a big issue. Most of us know how to read error messages and know how to fix them, but it’s much more troubling when clients accidentally get these messages. It’s happened to me in the past and I immediately got a phone call. An easy way to avoid this is to first do a check to see if the plugin is installed, then call the function. WordPress allows you to do this easily with function_exists(). The code for our Product CPT would thus be like so:

include_once( ABSPATH . 'wp-admin/includes/plugin.php' );

if (function_exists( 'sld_register_post_type' )) {

$product_args = array(
	'supports' => array( 'title', 'thumbnail' ),
	'menu_icon' => get_template_directory_uri() . '/images/admin-product.png',
	'public' => false,
sld_register_post_type( 'slide', $product_args );


That’s it. Next time you’re working on a site needing custom content type, check it out. It makes things much easier.

Dealing with hackers and spammers

Having a WordPress site is loads of fun. Being able to create content, make your own edits and upload images and documents without having to contact your web designer is an absolute delight. However, dealing with hackers and spammers is not that great. Granted hackers and spammers do attack non-WordPress sites, but they seem to be targeting these more frequently. There are of course ways to protect yourself.

How do you know if your site has been hacked? If you notice weird spammy words in your website content, in your Google search result or if you’re site redirects to a strange url, then you’ve been hacked. If you’re not 100% sure, try Sucuri SiteCheck. It will scan your site for malware, blacklisting and out-of-date software for free.

How did this happen? Hackers either managed to figure out your FTP password or they used a vulnerability in either the WordPress core files or a plugin.

Here are a few things you can do to prevent this from happening:

  1. When creating FTP passwords use a generated word that cannot be pronounced, uses a few symbols and a mixture of upper and lowercase letters. Of course these passwords will be more difficult to remember, but using a tool like 1Password or LastPassword can help.
  2. Make sure to upgrade your WordPress site every time a new version comes out. These updates usually include fixes to vulnerabilities and are very important.
  3. Make sure you upgrade your plugins as well for the same reason. If you have lots of plugins and aren’t using them all, don’t just deactivate them, delete them.

If you’re site has been hacked, then you’ll need to clean up the files. I normally delete the WordPress core files (everything but the wp-config.php and wp-content folder) and re-install everything. I also do a manual scan of the theme files to make sure that hackers haven’t messed anything up. If this feels a bit intimidating, you might want to contact Sucurri Security. For a small fee they can clean up infected sites and you can also hire them to scan your site and keep an eye on it annually.

If you’ve been blacklisted by Google or spammy words appear in Google search results, you’ll need to log into your Google webmaster tool and submit your site for reconsideration once it’s clean.

Although spammers are less harmful, they are equally as annoying. If you’re site is new and you haven’t publicized your email address, you might want to install the email address encoder plugin. This plugin will simply scramble your email address making it harder for harvesters to grab it. If on the other hand your email is already out there, then I’m afraid that once it’s on a spam list, there’s not much you can do.

Spam comments can also be detrimental with more and more evidence pointing to the fact that these are not simply generated by robots but actual people. The first thing to do is to install Akismet which will do it’s best to trap spam comments. But Akismet alone is insufficient.

Be warned against comments that seem harmless. They might praise your work or congratulate you on your blog and let you know that they are bookmarking it right now. These types of comments are simply tests to see if you will accept them or not. Once you’ve approved them, then they’ll attack your blog much more fiercely.

Finally, one of the most effective ways to reduce spam is simply to close comments after a few weeks. Most readers leave comments on newer posts. Closing off comments automatically after a few weeks is very simple. Log into your WordPress admin, go to settings > Discussion and check the box that says “Automatically close comments on articles older than __ days” and enter the number of days you want to use.

I just did this myself recently and the influx of spam comments has been reduced dramatically.

Protecting your email address from spam bots

With all the great things that came along with the Internet, spam is probably the worse downside. No one is immune to it and spam is simply part of everyday life. There are of course, a few things you can do to protect yourself.

Keeping your email address private, i.e. never putting it up anywhere is by far the best way to avoid spam, but that’s not always possible.

One way to make it harder for spam bots to harvest your email address is by encoding it. Encoding is simply the process of changing the email into code making it harder to robots to recognize.

A new WordPress plugin was released at the end of 2011 which does just that. Once installed and activated, the email address encoder plugin turns email addresses and mailto links into decimal and hexadecimal entities thus protecting them. The plugin works on email addresses throughout your WordPress site including comments.