37
List values of custom taxonomy on a per-Post basis
This code is useful for displaying all of the terms associated with a particular
taxonomy for a given post. Simply place the following snippet where you would
like to display the comma-separated series of tag links:
<?php echo get_the_term_list($post->ID, 'people', 'People: ', ', ', ''); ?>
For each of your posts, the output of this particular example will display all of
the tags associated with the “people” taxonomy. You can change this up to any
taxonomy you want by editing the first instance of the term “people” in the
code. The last three parameters tell WordPress what to place before the tag links,
between each link, and after the tag links, respectively.
2.5.1 Users and Administrators
If you have installed WordPress, then you have set up at least one user. Each user is
basically an “account” on WordPress. When you go through WordPress installation,
you pick your own username and password. That username and password is one
user, but you are not limited to that. You can manually add new accounts, assign
privileges, and even enable visitors to register as users themselves.
Even if your theme doesn’t display
author names on the site itself, author
names are still used in the RSS feed.
Using a properly displayed name is
a nice touch when reading through
RSS. If you don’t want to use your
real name, even something like Site
Manager is nicer looking than the
default “admin.”
38
Neutering the Admin Account
Hey, thanks! Too much information?
WordPress tries to be as helpful as possible on its login screen. Like
any good web application, it tells you when you have an incorrect

password. WordPress does something else though, something that
many people feel gives away too much information. It tells you if
the username you are attempting to use exists or not.
The problem here is that anyone can access your login screen, try
to log in with the “admin” username, and be awarded with the
knowledge that the user does indeed exist, even if they get the
password wrong. Prior to WordPress 3.0, "admin" was the default
username and had full privileges so breaking into that account
would be ideal for them.
We suggest leaving an "admin" account active, but neutering its
privileges. That way, you can keep the baddies guessing, and even if
they do break in, they get nothing.
If your account is currently "admin", create a new user with a new
username, then delete the current "admin" account being careful
to attribute all posts to the new account. Then create the "admin"
account again, only make it a "Subscriber" level user, which has no
add/edit/delete privileges.
Your Login page is a public-facing portal to your Admin area. Obviously, if your
login was somehow compromised, an intruder could do serious harm to your
site, damaging themes, deleting content, and worse. A brute-force password
hack is probably the rarest of ways your site could be compromised, but you
should still have an extremely secure password
• Don’t use something obvious like “password” or “1234”
• Use a combination of letters and numbers
• Shoot for 8 characters or longer
• Don’t use the same password you use for anything else
— This one is just too important!
Extremely Secure Passwords
39
2.5.2 Add a New Account for Yourself

One thing that you cannot ever change, once an account is created, is the
username. That means that the “admin” account will have a user name of “admin”
forever. We recommend not using this account as your regular account. Instead,
set up a new account for yourself right away, using a username that is more
memorable and specific to yourself, but of course with an extremely
secure password.
To do this, go to Users > Add New, fill out all the required fields, and be sure to
choose “Administrator” as your role. Then log out and back in again with your
brand new account. Now go back to Users > Authors & Users, hover over your
existing account, and click “Edit.” You will now enjoy some additional options that
weren’t available when you initially created the account.
With your new account, you can cosmetically change the look of the Admin area
by selecting a new color scheme. More importantly, you can change public-facing
details about your profile. We suggest changing your “Display Name” to something
more sightly, like your real name, for example. You can also edit your biographical
information, preferred URL, and other personal details. This information may then
be displayed on your web pages by calling the information from your theme files.
Old Themes
As you redesign your site over
the years, you should leave your
old themes in the wp-content
folder. It’s kinda fun sometimes
to go throwback. Maybe
your blog could dress up as a
previous version of itself for
Halloween.
40
2.6.1 Choosing the Perfect Theme
With everything that you will learn about WordPress from this book and
elsewhere, it is our hope that you will develop your own themes. Creating your

own theme enables you to get everything looking and working exactly how you
want it, right down to the last detail. But certainly, there is no shame in using
a pre-made theme as you begin your journey with WordPress. After all, many
top WordPress developers (including us!) used pre-fabbed themes as a starting
point. Using someone else’s theme is an excellent way to dig into the process of
customizing and eventually building your own.
2.6.2 Where to Find Awesome Themes
“There are two kinds of themes in this world,” my daddy always told me: “free
themes, and paid themes.” Paid themes often call themselves “premium” themes.
In general, paid themes are going to have nicer designs, be coded a little better,
and may offer fancy theme options. But then he also warned me: “there are
some amazing, high-quality free themes, and there are some downright-bad paid
themes.” We can give you some general things to look for, but you are just going
to have to use your best horse-sense when making the final call.
Free theme resources
• WordPress.org Theme Library -
Straight from the motherland. Themes ahoy!
• The Mighty Google -
Searching Google will work long after this book has been recycled.
• Digging Into WordPress - can you guess the URL?
Besides the ones that come with this book, we offer some free themes in our
Theme Clubhouse />• Smashing Magazine -
You might need to use their search form, but they offer a number of nice high-
quality free themes.
41
Places to buy premium themes
• ThemeForest - />• WooThemes - />• ElegantThemes - />• WPBest - />2.6.3 Previewing Themes
A lot of themes you find around the internet will be accompanied by a demo,
enabling you to see how the theme looks and works before you commit to
it. But even if the theme doesn’t have a demo, you can demo it yourself, on

your own blog. Upload it to your /wp-content/themes folder, and navigate to
the “Appearance” page of your Admin area. There, you find thumbnails and
descriptions of your site’s currently available themes. Locate the theme that you
would like to preview from among the crowd and click on its thumbnail. A popup
window will then show you what your site will look like when running that
particular theme. You can even click around and check things out without actually
activating it. Once you are satisfied and would like to use the theme, click on the
“Activate” link in the upper right-hand corner of the screen and you’re all set.
2.6.4 Key Things to Look For in a Theme
When choosing that perfect theme for your site, you want to focus on how it looks
and how it works. Does it rock your browser’s very existence? Does it deliver your
content on a silver platter for your visitors? Does it make you want to scream in
ecstasy and dance the jig? If so, then you know it’s the right theme for you. There
is no reason to settle for anything less than absolutely perfect, especially given
the vast menu of awesome themes available to you. If you find something close to
perfect that could use a little tweaking, remember that it is much easier to change
things like color and font size than the underlying structure and functionality.
That said, here are some key things to look for when searching for the ideal theme:
42
Navigation
Take a look at what the navigation is like on the theme. Then think about how
you picture the navigation working best on your site. Do categories need to be
prominently displayed? Are pages more important? Do you need a dropdown
menu system? Is there room for you to build your own navigation if needed? Does
it support the WordPress 3.0 menu system?
Theme options
Some themes come equipped with theme options, literally an extra area of settings
in the Admin area for customizing the theme. These options can range from
simple, like altering colors, to complex, like integrating social media into your
theme. Sometimes these theme options can be very compelling, so look around to

see if anything catches your eye.
Widget ready?
When developing a theme, a designer may establish certain areas as “widget-
ready.” A widget-ready section in your theme enables you to quickly and easily
customize its appearance and functionality. A commonly seen widget-ready area
is the theme’s sidebar. In a widget-enabled theme, there is a special place in the
Admin area where you can configure widgets without messing with any code. For
example, you can drop in a mini-calendar, a chat feature, or some administrative
links. Within the comfort of your Admin area, you can specify options and even
drag the widgets around to adjust the order in which they appear on your web
pages. If you can picture yourself benefitting from widgets, you should ensure that
your theme is widget-ready.
Extra functionality
When it comes to functionality, the sky is the limit when it comes to WordPress
themes. Some themes really go nuts with functionality that extends far beyond
WordPress. For example, a theme may be built to integrate a photo-sharing service
such as Flickr, a statistical application such as Google Analytics, or even a database
interface such as phpMyAdmin.
43
Frameworks
WordPress theme “frameworks” are ever-growing in popularity. These frameworks
can add a little extra to the learning curve of WordPress, but once you are
comfortable with one, they can greatly facilitate the theme-building process by
providing all of the core features and options generally used within the theme.
This isn’t the time or place to go into detail, but you may want to look into some of
the more popular frameworks:
• Thematic (free)
• Hybrid (free, with optional paid support) />• Thesis ($87) />Comes with source files?
It is likely that, even if you find a theme that you really like, you’ll want to be
doing some customization. If that involves modifying the theme’s images, it’s really

nice if the theme includes the source files from which it was created. These could
be Photoshop/Fireworks files, vector resources, icons, full-resolution images, etc.
Linkage
Flickr:
/>
Google Analytics:
/>
phpMyAdmin:
/>Of course we hope that you develop the chops
to build your own themes, but in a pinch,
services like WPCoder are great for turning
designs into real themes.

Drama
There was much web drama
related to the Thesis theme
creator and the WordPress
creators regarding Thesis
being not licensed under the
same (required) licence as
WordPress is under (GPL).
Thankfully this is over and
Thesis is now GPL!
44
2.7.1 Getting Started with Plugins
Part of the genius and magic of WordPress is the plugin system. These plugins
extend and enhance what WordPress is able to do in very specific ways. Anyone
is able to write a plugin for WordPress, and even include it in the official plugin
library, otherwise known as the WordPress Plugin Repository
Let’s explore some essential information for getting started with plugins.

2.7.2 Installing and Activating Plugins
Among the WordPress files on your server, there is a special directory, /wp-content/
plugins/, that contains all of your site’s plugins. The tried-and-true method for
installing a plugin is to download it to your computer, and then upload it to your
server into the plugins directory. After that, the plugin will appear in the Admin
area on the Plugins page. By default, new plugins are inactive, so you will need to
manually activate them before they take any effect.
You can, at any time, deactivate a plugin in this same way. Do be aware, however,
that plugins have serious power. Any time you activate or deactivate a plugin, you
should do some thorough investigating of your site to make sure everything is
looking and functioning as expected.
Plugins can also be searched for and installed directly from the Admin area of your
site. Just go to Plugins > Add New. The plugins available here are exactly the same
as those available at the WordPress Plugin Repository. In order to take advantage
Jason Santa Maria
This idea of “art directing”
articles online has been
popularized by Jason. Check
out his blog for some jaw-
dropping examples of beautiful
art direction in blog posts.
/>His blog isn’t powered by
WordPress, but interestingly
enough, Jason designed both
the WordPress Admin area
and the WordPress.org website.
You can do your own art
direction of individual posts by
being able to add custom CSS
to specic posts. Check out:

/>To the right you can see two
plugins in the list, one active,
one inactive.
45
of this direct web installation, your plugins directory must be “writeable” by
the server. In a perfect world, giving write permissions to a directory would
be absolutely safe, but in the hostile environment of today’s Web, you should
definitely consider carefully whether or not such permission is truly necessary.
The bonus of downloading plugins from the WordPress.org directory is that
you can be sure that the plugin isn’t malicious in any way. There are certainly
ways you can get yourself into trouble with plugins, but plugins obtained from
the Repository are unlikely to damage your site or harass your visitors. There
are plugins “out in the wild” available for download as well, but there are no
guarantees as to what you will get, so be very conscious of the source when
installing such plugins.
2.7.3 Dierence Between Disabling and Uninstalling
Disabling a once-active plugin prevents it from functioning, but does not physically
remove the plugin from your plugins directory. You could have a thousand
disabled plugins doing nothing except for taking up space in your plugin folder. By
actually uninstalling a plugin, you remove all files associated with it, and if possible
also reverse any changes that the plugin might have made to the database.
In the process of installation and operation, many plugins will automatically insert
content into your WordPress database. Such plugins may add new tables or fields,
modify existing data, and store information required for usage. Once made, these
types of changes will persist even after the actual plugin files are deleted from
your server.
Well-built plugins will provide a complete uninstall option that does the work
of cleaning up its database changes for you. Plugins that do not provide such
convenience must be cleaned up manually. If this is the case for a plugin that you
would like to completely uninstall, make sure that you really know what you are

doing before making any changes to your database. And don’t forget to make a
backup just in case something goes awry.
File Permissions
Refer to Chapter 9.1.3 to
learn more about setting secure
le permissions for WordPress.
Function Exists?
When you deactivate a plugin,
you run the risk of a PHP
function being present in
your theme that doesn't exist.
Essentially a disaster that
will surely wreck your theme.
Before calling plugin-specic
functions in your theme, use a
conditional to ensure it exists:
<?php
if (function_
exists('get_poll') {
get_poll();
}
?>
46
2.7.4 Recommended Plugins
The nature of plugins is that they provide WordPress with supplemental
functionality that may not be needed by every site. Rather than try to squeeze a
million features into the WordPress core, application-specific functionality is left
to the awesome developers within the thriving WordPress community. Developers
see a need (or an opportunity), create a plugin, and release it to users. If the plugin
is popular enough, and makes sense to integrate into the WordPress core, the

wizards behind the curtain will see that it happens.
Even so, there remain a number of top-notch plugins that, for whatever reason,
have yet to be swallowed up by the core. Here are some of the best that we find
useful for virtually any type of WordPress-powered site:
Google XML Sitemaps />This plugin will create a Google-compliant XML-Sitemap of your WordPress blog. It
supports all of the WordPress-generated pages as well as custom ones. Every time
you edit or create a post, your sitemap is updated and all major search engines that
support the sitemap protocol, like Google, MSN/Bing, Yahoo! and Ask.com, are
notified about the update. This is a super easy activate-it-and-forget-it plugin that
can help you by making sure search engines find every last corner of your site.
VaultPress
VaultPress is a plugin and a paid service from Automattic, the creators of
WordPress. Once set up, your entire blog is backed up to "the cloud" including all
files on the server (WordPress itself, themes, plugins, images, etc) and the database.
They have a Premium level which includes scanning all those files for possible
security issues.