There’s no denying the popularity of WordPress. Tens of millions of sites rely on it as a blog platform, content management system, and even social networks. It’s easy to become overwhelmed by all that it does and how to make things work exactly the way you want. Over the years, I have seen thousands of different WordPress sites and installations. There are some very useful and easy to implement features that even today, people seem to overlook.
This is probably the most common feature I see overlooked by people using WordPress. Just about anyone putting out content will run into a situation where they want to embed a video, image, tweet, or podcast into a post. Most services like YouTube and Vimeo include a nice little embed code on the video page that you can copy and paste into anywhere that you want to drop a video. That’s great, but it’s actually much easier if you use WordPress’ built in Embeds feature.
Here’s how you take advantage of these embeds:
- Copy the URL of for the page that the video, image, etc. is on.
- Paste the URL into where you want the video, image, etc. to show up in WordPress
That’s it. Nothing complicated. No hunting down an embed code. No right clicking on an image to copy the URL so you can drop an image tag into your page and hoping someone doesn’t block it from being linked externally (or worse…stealing the image by downloading it).
New services are continuously added to the list, which currently covers the majority of popular sources that allow embeds. If you only want to enable certain providers from the list, you can use the wp_oembed_add_provider function to add to the list or wp_oembed_remove_provider to remove providers if your theme enables all providers by default. If there’s a service missing that you need, you can even create your own.
Custom “Read More…” For Each Post
Most people using WordPress on a regular basis know about the read more tag, which sets a break point for post excerpts. When output to a blog homepage or archive page, this typically results in something like a link with “Read more…” as the anchor text. Theme developers typically understand how to customize that text, which can be helpful but ends up applying those customizations across all “more…” links.
What you may not know about is that you can easily customize the anchor text on a post-by-post basis. This allows you to craft a link specific to each post that can help entice a user to click more often than your typical “Read more…” generic link.
Customizing this text is simple. Just add your custom text after
more in the read more tag and WordPress will take it from there.
For example, this:
Will output this:
It’s a simple, easy to use feature that I think more people should be taking advantage of.
Your wp-config.php File Can Do More Than Database Settings
Anyone who has set up a new WordPress installation has created a wp-config.php file with their database credentials and (hopefully) added secure keys and salts. Maybe you’ve thrown some code in there to enable caching or change memory limits. Those are pretty common. Here are a few more lines you can add to your wp-config.php file that will improve your WordPress site’s overall security.
Disallow File Edits
define( 'DISALLOW_FILE_EDIT', true );
This will disable the theme and plugin editors within the WordPress admin. In my opinion, there’s absolutely no reason you should be editing these files directly on the server through the admin. I’m sure there is/was a use case for it, but you’re better off not accidentally blowing things up and then trying to wade through to figure out where things went wrong in a weak file editor. This also keeps nosy admin users (*cough* clients *cough*) from poking around and accidentally breaking things.
Force SSL Logins
define( 'FORCE_SSL_LOGIN', true );
This will force your login page to be secure so you avoid sending passwords through clear text to the server while allowing non-SSL sessions in the rest of the admin. If you suspect SSL is causing slowness on your server, this is a setting you may want to use as long as you have SSL set up. Realistically, it can be a self-signed certificate as long as you’re only using SSL for the admin. Some hosting companies will generate one of these for you at no cost or you can do it yourself.
Force SSL For Your Entire Admin
define( 'FORCE_SSL_ADMIN', true );
Use this instead of FORCE_SSL_LOGIN if you want to force your login and entire admin area to be secured. These days, this is really the way you should be going as SSL isn’t going to be so much slower that someone using the admin would care.
Enable Automatic WordPress Updates
define( 'WP_AUTO_UPDATE_CORE', true );
This will enable all WordPress core updates to happen automatically. Gone are the days where core updates seemed to lead to white screen of death more often than not. As long as you’re keeping up with updates and your theme doesn’t suck, there shouldn’t be a lot of issues. If you’re really worried about it, set up some cheap uptime monitoring (such as Binary Canary) and track specific text that should be showing up on your site. If the site blows up after an auto update, you’ll be alerted quickly and can go fix whatever broke. Trust me, that’s a lot easier than fixing a hacked site.
I rarely see people taking advantage of these, but there’s really no reason most of them shouldn’t be used for most installs.
Don’t be afraid to learn more
WordPress has a ton of features that very few people ever learn about. Some are simple, some are complex, but the more you know about the publishing platform you’re using, the better your site will be. The features here are what I typically see being missed the most by webmasters, bloggers, and site admins. None are difficult to implement, so add these to your arsenal of knowledge and create better sites.