Remove extra header tags

WordPress generates a handful of <meta> tags that are not always used by a theme, so here’s a trick to remove some or all of them:

* code #5 - removes excess WordPress header tags from default themes. 
* feel free to customize the options to suit your own needs.
function clean_wp_header() {
	remove_action('wp_head', 'wp_generator');
	remove_action('wp_head', 'rel_canonical');
	remove_action('wp_head', 'rsd_link');
	remove_action('wp_head', 'feed_links',2);
	remove_action('wp_head', 'feed_links_extra',3);
	remove_action('wp_head', 'wlwmanifest_link');
	remove_action('wp_head', 'wp_shortlink_wp_head', 10, 0);
	remove_action('wp_head', 'adjacent_posts_rel_link_wp_head', 10, 0);
add_action('init', 'clean_wp_header');

There’s more of it in this collection.

Secure WordPress upgrades

I’m sure that like a lot of bloggers out there, you’re using WordPress to power your blogs. And because WordPress is now the de facto choice for self–hosted blogging apps, it is now a favorite target for various security attacks. It’s like every ill–willed hacker is busy trying to find vulnerabilities in it.

The recent news of a fake WordPress site distributing a backdoored and fake WP 2.6.4 version is a significant concern for all users of the application. However, it seems that someway, somehow, someone will find a way to maliciously exploit WordPress. Here are some tips to avoid exposing yourself to problems like this:

  • Upgrade the application as often as there are new versions. This includes even point releases that may seem unnecessary, updates are there for a reason.
  • Download only from This becomes even more important if you can hardly understand code. Get your updates from legitimate sources only.
  • Only use trustworthy themes and plugins. Now this is not exactly easy, but knowing where to get them is half the battle. Always start your search from WordPress Extend and reliable third–party sources like WTC.
  • Update your plugins. And themes too. As everyone tries to make WordPress useful to others, some tend to release not–too–ready code. Some of these introduce vulnerabilities, but are typically updated prompty. Don’t forget to upgrade.
  • Deactivate unused plugins and delete them. Unused plugins do nothing, and they just increase the load WordPress puts on your server processes. The less plugins, the better. And make sure you delete them, even deactivated plugins can be executed without you knowing it!

Now those are just some tips to keep in mind. If you have other reminders for fellow WordPress users, share them by leaving a comment.

WordPress themes made for developers

Looking for WordPress themes that are best suited for your customized designs? Here’s a list of custom themes for us developers that should help us get our blog designs running almost instantly.

The best about these themes, especially Sandbox, is that there already are several themes and designs based off it and you can use these “mods” to as a base for your customizations.

Are there other themes and frameworks you could recommend?

First step in using WordPress 2.6

Every other sites has reported on the release of WordPress 2.6, just like I did in my other blog. However, there’s something we are all overlooking — what are we supposed to do once we install/upgrade to 2.6?

Well here’s my first step: go to Settings → Writing and under the Remote Publishing options, make sure you uncheck the two fields named Atom Publishing Protocol and XML-RPC (you can’t miss them, there’s only two of them) if you don’t use them at all. If you have no clue what they’re there for, chances are you don’t need or use them at all and you can safely keep them disabled. This step is a must to reduce any possible security holes in your site as they have been a favorite target for hackers since the early days of WordPress.

WordPress 2.5.1 + more fixes

Not too long after WordPress 2.5 was released, update 2.5.1 followed soon thereafter containing significant updates for the lots of new things in the 2.5 series. But even just after 2.5.1, some problems were exposed, notably the one that requires you manually resetting your passwords because the password recovery links wouldn’t work as designed. The patched files can be downloaded from the user who discovered the problem, and used on your site, replacing the 2.5.1 versions.

Additionally, there is also a fix to allow users to revert to the old image uploader if a browser is not flash enabled. This can be very helpful especially if you update your blog using different PCs with various configurations. The fix is now available as a plugin.

WordPress MU 1.3 is now out

WordPress MU logo.

The latest multi–user version of WordPress is now out. WordPress MU 1.3 contains several MU–specific changes, as listed by Donncha:

  • Better admin controls for the signup page. It can be disabled in various ways.
  • Upload space functions have been fixed.
  • The signup form is now hidden from search engines which will help avoid certain types of spamming.
  • Profile page now allows you to select your primary blog.
  • Database tables are now UTF-8 from the start.
  • If you’re using virtual hosts, the main blog doesn’t live at /blog/ any more.
  • The WordPress importer now assigns posts to other users on a blog.
  • A taxonomy sync script is included in mu-plugins but commented out. It hasn’t been tested much but if your site has many hundreds of blogs it might be worth spending some time on a test server. Replicate normal traffic patterns and see if the server can cope with the upgrade process. If not, then look at the sync script, uncomment it and iterate over all your blogs with a script.

WordPress MU is the base of the code is used on, and allows anyone to publish their own hosted blog service quite easily.

WordPress 2.3 coming September 24

WordPress logo. With the weekly update to the 2.3 beta, WordPress 2.3 will be available as a final release on the 24th of September. Several bugs were fixed in the period between Beta 1 and Beta 2, and more should surface and be fixed before the final release is made available for public download.

WordPress users will be pleased with additions and improvements in this version, namely:

  • Tagging
  • Improved Post and Draft Management using filters
  • Improved publishing workflow with a new post status of Pending Review
  • WordPress and plugins upgrades available notification

To help in the beta program, download the latest beta and report any bugs or problems you may find. For developers, note that there are some database changes for this version, and plugin compatibility should be checked. Here are more notes on WordPress 2.3.

Structure of a WordPress Plugin

Are you writing your first WordPress plugin? One way of the best ways to learn how is to read other plugins’ code; most of which you need to do has probably been written by someone else before. You can also use this code generator that produces a template for your WordPress plugin, which you can fill with your code and distribute to the community.

But why would you want to write a WordPress plugin? There are enough reasons to get you started, not to mention that it’s fun and quite easy to do with all the resources available.

WordPress Monkey

WordPress is really the “in thing” nowadays that even old school favorite webmonkey has a site building article using the popular blogging software. Theme installation and customization is pretty much covered along with a brief intro on WordPress plugins, nifty little extensions that could make or break (literally!) your site.

This new article almost coincides with the recent release of WordPress 2.0.3 which addresses several bugs and important security concerns. If you’re running the WP2 codebase on your site, be sure to get this maintenance release.

WordPress’s query_posts() function

The growth of WordPress has been overwhelming, and now almost everyone is blogging using WP as their platform of choice, or writing on The upsurge in usage and interest has spawned the development of various themes and plugins, allowing for use of WP in an entirely different form.

The query_posts() function is one you’re very likely to encounter when heavily playing with the application’s themes and pages. This function is essential in your arsenal in customizing your WP install and making it behave just the way you want it to.