15 Useful .htaccess Snippets for Your WordPress Site

Having a well-configured .htaccess file is crucial if you want to increase security and reduce vulnerabilities on your WordPress site. Usually, the main goal of creating a custom .htaccess file is to prevent your site from being hacked but it’s also an excellent way to handle redirects and manage cache-related tasks.

.htaccess is a configuration file used on Apache web servers. Most WordPress sites run on an Apache server, although a small portion is powered by Nginx. In this article, you can find a collection of .htaccess code snippets, most of which you can use to secure your website while the rest implements other useful features.

Don’t forget to back up the .htaccess file before you edit it so that you can always return to the previous version if something goes wrong.

And, if you’re someone who rather not touch configuration files I recommend you the BulletProof Security plugin which is the most reliable (and probably the oldest) free .htaccess security plugin on the market.

Create the default WP .htaccess

.htaccess works on a per-directory basis which means that each directory can have its own .htaccess file. It can easily happen that your WordPress site doesn’t have a .htaccess file yet. If you don’t find a .htaccess file in your root directory create an empty text file and name it to .htaccess.

Below, you can find the default .htaccess WordPress uses. Whenever you need this code you can quickly look it up in the WordPress Codex. Note that there is a different .htaccess for WP Multisite.

# BEGIN WordPress

RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# END WordPress

The lines beginning with # are comments. Don’t edit anything between the lines # BEGIN WordPress and # END WordPress. Add your custom .htaccess rules below these default rules.

All code snippets you can find in this article go to the core .htaccess file found in your root directory.

1. Deny access to all .htaccess files

The code below denies access to all .htaccess files you have installed in your WordPress. This way you can prevent people from seeing your web server configurations.

# Denies access to all .htaccess files
<Files ~ "^.*\.([Hh][Tt][Aa])">
Order Allow,Deny
Deny from all
Satisfy all
</Files>

2. Protect your WP configuration

The wp-config.php file contains all your WP configurations, including your database login and password. You can either deny it from everyone or give permission to admins to access it.

If you choose the latter comment out the # Allow from xx.xx.xx.xxx line (remove # from the beginning of the line) and insert the admin’s IP address in place of xx.xx.xx.xxx.

# Protects wp-config
<Files wp-config.php>
Order Allow,Deny
# Allow from xx.xx.xx.xxx
# Allow from yy.yy.yy.yyy
Deny from all
</Files>

3. Prevent XML-RPC DDoS attack

WordPress supports XML-RPC by default, which is an interface that makes remote publishing possible. However, while it’s a great feature, it’s also one of WP’s biggest security vulnerability as hackers may exploit it for DDoS attacks.

If you don’t want to use this feature it’s better to just disable it. Just like before, you can add exceptions by commenting out the # Allow from xx.xx.xx.xxx line and adding the IPs of your admin(s).

# Protects XML-RPC, prevents DDoS attack
<FilesMatch "^(xmlrpc\.php)">
Order Deny,Allow
# Allow from xx.xx.xx.xxx
# Allow from yy.yy.yy.yyy
Deny from all
</FilesMatch>

4. Protect your admin area

It’s also a good idea to protect the admin area by giving access only to administrators. Here, don’t forget to add at least one “Allow” exception otherwise you won’t be able to access your admin at all.

# Protects admin area by IP
AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "WordPress Admin Access Control"
AuthType Basic
<LIMIT GET>
Order Deny,Allow
Deny from all
Allow from xx.xx.xx.xxx
Allow from yy.yy.yy.yyy
</LIMIT>

5. Prevent directory listing

Most WordPress sites don’t disable directory listing, which means anyone can browse their folders and files, including media uploads and plugin files. It’s needless to say that this is a huge security vulnerability.

Below, you can see how a typical WordPress directory listing looks like.

Luckily, you just need one line of code to block this feature. This code snippet will return a 403 error message to anyone who wants to access your directories.

# Prevents directory listing
Options -Indexes

6. Prevent username enumeration

If WP permalinks are enabled, it’s quite easy to enumerate usernames using the author archives. The revealed usernames (including the admin’s username) then can be used in brute force attacks.

Insert the code below into your .htaccess file to prevent username enumeration.

# Prevents username  enumeration
RewriteCond %{QUERY_STRING} author=d
RewriteRule ^ /? [L,R=301]

….

https://www.hongkiat.com/blog/useful-htaccess-snippets-for-wordpress/

15 wp-config Snippets to Configure WordPress Site

WordPress admin makes it easy to manage configurations without touching a line of code. These basic configuration settings are then stored in the wp-options table inside the database. But, WordPress also has a separate configuration file, called wp-config.php, that can be used for further customizations.

Wp-config is the file where your custom hosting data (database name, database host, etc.) is saved when you install a self-hosted WordPress site. You can also add other configuration options to this file, with which you can enable or disable features such as debugging, cache, multisite, SSL login, automatic updates, and many others.

Localize and edit wp-config

When you download WordPress, the wp-config.php file is not yet present inside the install folder. However, there’s a file called wp-config-sample.php that you need to copy and rename to wp-config.php. Then, you need to add your basic connection data (database name, database username, database password, hostname, security keys) to this file.

If your hosting provider uses the Softaculous auto installer (most do so) this process is automated for you and you will find a wp-config.php and a wp-config-sample.php file in your root folder when you connect your server via FTP.

Note that the order of settings matters, so don’t rearrange them. When editing the wp-config file, always use a code editor such as Sublime Text, Atom, Notepad++, Visual Studio Code, or TextMate. Word processors (Microsoft Office, Google Docs, LibreOffice, etc.) will mess your file up, never use them to edit code files.

The settings saved into wp-config override the database, in case the same type of configuration is present at both (e.g. home URL)

Where to place the code snippets

In this article, you can find 20 code snippets with which you can use to customize your wp-config.php file.

Most of these configuration options don’t exist in wp-config by default. If you want to use them you need to add them below the starting <?php tag and code comments, but above the MySQL settings.

1. Turn on WP debugger

You can turn the WordPress debugger on and off in the wp-config file. The first snippet below does exist by default in wp-config (below the database configurations) but its value is set to false. To turn the debugger on, change its value to true.

The second snippet turns on the frontend debugger that allows you to debug CSS and JavaScript scripts. Use the debuggers only on development sites never in production.

https://www.hongkiat.com/blog/wpconfig-snippets-configure-wordpress/

10 Useful Code Snippets for WordPress Users

We know that plugins can be used to extend the functionality of WordPress. But what if you can do some smaller things in WordPress without installing them? Say, you dislike the admin bar at the top and wish to eliminate it? Yes, that can be accomplished by means of code snippets for WordPress.

Basically, code snippets for WordPress are used to do certain actions that might otherwise require a dedicated smaller plugin. Furthermore, such code snippets are placed in one of the WordPress core or theme files (generally the functions.php file of your theme).

In this article, we have listed some very useful code snippets for WordPress users:

10 Useful Code Snippets for WordPress Users

Word of Caution!

As you might have guessed, code snippets for WordPress, while really useful, tend to alter the default functionality. There can be a small margin of error with each snippet. Generally, such issues tend to arise due to incompatible plugins and/or themes and tend to disappear once you eliminate the said theme/plugin or decide not to use the said snippet.

However, to be on the safer side, be very sure to take proper backups of your WordPress website before making any changes by means of snippets. Also, if you encounter any error or performance issues, rollback your site and check for any plugins or incompatible theme issues.

Now, on to the code snippets for WordPress users!

1. Allow Contributors to Upload Images

By default, WordPress does not permit contributor accounts to upload images. You can, of course, promote that particular account to Author or Editor and this will give them the rights to upload and modify images, However, it will also grant them additional rights, such as the ability to publish their own articles (as opposed to submission for review).

This particular code snippet allows contributor accounts to upload images to their articles, without granting them any additional privileges or rights. Paste it in the functions.php file of your theme:

if ( current_user_can('contributor') && !current_user_can('upload_files') )
     add_action('admin_init', 'allow_contributor_uploads');      
     function allow_contributor_uploads() {
          $contributor = get_role('contributor');
          $contributor->add_cap('upload_files');
     }

2. Show Popular Posts Without Plugins

This one is a little trickier. However, if you are not too keen on installing an extra plugin to showcase popular posts (say, you have limited server memory or disk space), follow this snippet.

Paste the following in functions.php:

function count_post_visits() {
    if( is_single() ) {
        global $post;
        $views = get_post_meta( $post->ID, 'my_post_viewed', true );
        if( $views == '' ) {
            update_post_meta( $post->ID, 'my_post_viewed', '1' );   
        } else {
            $views_no = intval( $views );
            update_post_meta( $post->ID, 'my_post_viewed', ++$views_no );
        }
    }
}
add_action( 'wp_head', 'count_post_visits' );

Thereafter, paste the following wherever in your template files that you wish to display the popular posts:

$popular_posts_args = array(
    'posts_per_page' => 3,
    'meta_key' => 'my_post_viewed',
    'orderby' => 'meta_value_num',
    'order'=> 'DESC'
);
$popular_posts_loop = new WP_Query( $popular_posts_args );
  while( $popular_posts_loop->have_posts() ):
    $popular_posts_loop->the_post();
    // Loop continues
endwhile;
wp_reset_query();

3. Disable Search in WordPress

The search feature of WordPress has been around for a long time. However, if your website does not need it, or you do not want users to “search” through your website for some reason, you can use this code snippet.

Essentially, it is a custom function that simply nullifies the search feature. Not just the search bar in your sidebar or the menu, but the entire concept of native WP search is gone. Why can this be useful? Again, it can help if you are running your website on low spec server and do not have content that needs to be searched (probably you aren’t running a blog).

Again, add this to the functions.php file:

function fb_filter_query( $query, $error = true ) {
if ( is_search() ) {
$query->is_search = false;
$query->query_vars[s] = false;
$query->query[s] = false;
// to error
if ( $error == true )
$query->is_404 = true;
}
}
add_action( 'parse_query', 'fb_filter_query' );
add_filter( 'get_search_form', create_function( '$a', "return null;" ) );

4. Protect Your Site from Malicious Requests

There are various ways to secure your website. You can install a security plugin, turn on a firewall or opt for a free feature such as Jetpack Protect that blocks brute force attacks on your website.

The following code snippet, once placed in your functions.php file, rejects all malicious URL requests:

global $user_ID; if($user_ID) {
    if(!current_user_can('administrator')) {
        if (strlen($_SERVER['REQUEST_URI']) > 255 ||
            stripos($_SERVER['REQUEST_URI'], "eval(") ||
            stripos($_SERVER['REQUEST_URI'], "CONCAT") ||
            stripos($_SERVER['REQUEST_URI'], "UNION+SELECT") ||
            stripos($_SERVER['REQUEST_URI'], "base64")) {
                @header("HTTP/1.1 414 Request-URI Too Long");
                @header("Status: 414 Request-URI Too Long");
                @header("Connection: Close");
                @exit;
        }
    }
}

5. Paginate Your Site Without Plugins

Good pagination is very useful for allowing users to browse through your website. Rather than “previous” or “next” links. This is where another one of our code snippets for WordPress comes into play – it adds good pagination to your content.

In functions.php:

global $wp_query;
$total = $wp_query->max_num_pages;
// only bother with the rest if we have more than 1 page!
if ( $total > 1 )  {
     // get the current page
     if ( !$current_page = get_query_var('paged') )
          $current_page = 1;
     // structure of "format" depends on whether we're using pretty permalinks
     $format = empty( get_option('permalink_structure') ) ? '&page=%#%' : 'page/%#%/';
     echo paginate_links(array(
          'base' => get_pagenum_link(1) . '%_%',
          'format' => $format,
          'current' => $current_page,
          'total' => $total,
          'mid_size' => 4,
          'type' => 'list'
     ));
}

6. Disable the Admin Bar

The WordPress Admin Bar provides handy links to several key functions such as the ability to add new posts and pages, etc. However, if you find no use for it and wish to remove it, simply paste the following code snippet to your functions.php file:

// Remove the admin bar from the front end
add_filter( 'show_admin_bar', '__return_false' );

7. Show Post Thumbnails in RSS Feed

If you wish to show post thumbnail images in your blog’s RSS feed, the following code snippet for WordPress can be useful.

Place it in your functions.php file:

// Put post thumbnails into rss feed
function wpfme_feed_post_thumbnail($content) {
global $post;
if(has_post_thumbnail($post->ID)) {
$content = '' . $content;
}
return $content;
}
add_filter('the_excerpt_rss', 'wpfme_feed_post_thumbnail');
add_filter('the_content_feed', 'wpfme_feed_post_thumbnail');

8. Change the Author Permalink Structure

By default, WordPress shows author profiles as yoursite.com/author/name. However, you can change it to anything that you like, such as yoursite.com/writer/name

The following code snippet needs to be pasted in the functions.php file. Then, it changes the author permalink structure to “/profile/name”:

add_action('init', 'cng_author_base');
function cng_author_base() {
    global $wp_rewrite;
    $author_slug = 'profile'; // change slug name
    $wp_rewrite->author_base = $author_slug;
}

9. Automatically Link to Twitter Usernames in Content

This is especially useful if you are running a website that focuses a lot on Twitter (probably a viral content site, etc.) The following code snippet for functions.php converts all @ mentions in your content to their respective Twitter profiles.

For example, an @happy mention in your content will be converted to a link to the Twitter account “twitter.com/happy” (“happy” being the username):

function content_twitter_mention($content) {
return preg_replace('/([^a-zA-Z0-9-_&])@([0-9a-zA-Z_]+)/', "$1<a href=\"http://twitter.com/$2\" target=\"_blank\" rel=\"nofollow\">@$2</a>", $content);
}
add_filter('the_content', 'content_twitter_mention');   
add_filter('comment_text', 'content_twitter_mention');

10. Create a PayPal Donation Shortcode

If you are using the PayPal Donate function to accept donations from your website’s visitors, you can use this code snippet to create a shortcode, and thus make donating easier. First, paste the following in your functions.php file:

function donate_shortcode( $atts, $content = null) {
global $post;extract(shortcode_atts(array(
'account' => 'your-paypal-email-address',
'for' => $post->post_title,
'onHover' => '',
), $atts));
if(empty($content)) $content='Make A Donation';
return '<a href="https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business='.$account.'&item_name=Donation for '.$for.'" title="'.$onHover.'">'.$content.'</a>';
}
add_shortcode('donate', 'donate_shortcode');

Then, you can easily use the

[donate] shortcode, such as:

[donate]My Text Here[/donate]

How to Add Code Snippets?

As mentioned with each code snippet, you just need to add the said snippet to the required file. Mostly, you would only need to add code snippets to the functions.php file (in some cases, it can differ).

However, what if you are just not comfortable editing your theme’s files? If that is the case, have no fear. The Code Snippets plugin can help you out!

It is a simple plugin that lets you add code snippets to your functions.php without any manual file editing. It treats code snippets as individual plugins of their own – you add the code and hit save … and the rest is handled by the Code Snippets plugin.

Once you activate the plugin, you will find a Snippets menu right under “Plugins.” Head to Snippets » Add New:

Add a name for your snippet, paste the snippet in the code area, and then provide a description for your own reference. Once done, activate the snippet and you’re good to go! Even if you change the theme, the code snippet remains functional.

This way, you can add and delete code snippets as if they were posts or pages without having to edit theme files at all.

So there you have it, useful code snippets for WordPress as well as a helpful plugin to add them all! Got a special code snippet for WordPress that you like? Share it in the comments below!

20 Snippets & Hacks to Make WordPress Easier for Your Clients

Out-of-the-box, WordPress is a fairly simple CMS for anyone to learn. But for your non-tech savvy clients it could be a nightmare and a potential disaster to the site you have just built. By simplifying the system and adding some quick hacks to disable or hide certain areas of the CMS you can not only help clients you will also give yourself piece-of-mind knowing that that the site is safe by removing any potential disaster.

The snippets below will allow you to control almost all aspects of WordPress` Admin area and customize it to benefit your clients level of tech comfort.

There are of course many plugins that will achieve the same as these snippets, but with code you get the added control and security, and, in most cases, will not need to be updated.

You might also like these useful .htaccess snippets & hacks, these WordPress SQL Query Snippets, or these snippets that make WordPress user-friendly for your clients.

Disabling WordPress Plugin Deactivation

This snippet is particularly useful if you have given a client plugin activation/deactivation privileges (allowing them to add new plugins themselves), but the site you have built requires some core plugins to function and should never be deactivated.

The code below will remove the ‘Deactivate’ links from whichever plugins you deem fundamental as well as removing the ‘Edit’ links from all plugins.

Paste this into your functions.php:

add_filter( 'plugin_action_links', 'slt_lock_plugins', 10, 4 );
function slt_lock_plugins( $actions, $plugin_file, $plugin_data, $context ) {
	// Remove edit link for all
	if ( array_key_exists( 'edit', $actions ) )
		unset( $actions['edit'] );
	// Remove deactivate link for crucial plugins
	if ( array_key_exists( 'deactivate', $actions ) && in_array( $plugin_file, array(
		'slt-custom-fields/slt-custom-fields.php',
		'slt-file-select/slt-file-select.php',
		'slt-simple-events/slt-simple-events.php',
		'slt-widgets/slt-widgets.php'
	)))
		unset( $actions['deactivate'] );
	return $actions;
}

Disabling WordPress Theme Changing

Just like the Plugin Disabling code above, you really don’t want your clients tinkering or experimenting with any theme changes. The code below will remove the ‘Appearance’ menu option from the Dashboard.

Paste this snippet into your functions.php:

add_action( 'admin_init', 'slt_lock_theme' );
function slt_lock_theme() {
	global $submenu, $userdata;
	get_currentuserinfo();
	if ( $userdata->ID != 1 ) {
		unset( $submenu['themes.php'][5] );
		unset( $submenu['themes.php'][15] );
	}
}

Disable Top-Level Menus from the WordPress Admin Panel

Depending on your client, you may need to take disabling/hiding WordPress menu options even further. With this snippet you can hide whichever Top-Level Menu (Posts, Media, Links, Tools…) you need to.

Paste this into your functions.php:

function remove_menus () {
global $menu;
	$restricted = array(__('Dashboard'), __('Posts'), __('Media'), __('Links'), __('Pages'), __('Appearance'), __('Tools'), __('Users'), __('Settings'), __('Comments'), __('Plugins'));
	end ($menu);
	while (prev($menu)){
		$value = explode(' ',$menu[key($menu)][0]);
		if(in_array($value[0] != NULL?$value[0]:"" , $restricted)){unset($menu[key($menu)]);}
	}
}
add_action('admin_menu', 'remove_menus');

Disable Submenus from the WordPress Admin Panel

Maybe your client doesn’t need the drastic action taken by the above snippets, and only needs some key sub-menu items disabled/hidden. This code will help.

Paste this into your functions.php:

function remove_submenus() {
  global $submenu;
    unset($submenu['index.php'][10]); // Removes 'Updates'.
    unset($submenu['themes.php'][5]); // Removes 'Themes'.  
    unset($submenu['options-general.php'][15]); // Removes 'Writing'.
    unset($submenu['options-general.php'][25]); // Removes 'Discussion'.       
}
add_action('admin_menu', 'remove_submenus');

Restrict WordPress Admin Menu Items Based on Username

Say you want to restrict client access to certain Top-Level menu items, but you still want to maintain the full menu for the main administrator, this snippet will help.

Replace ‘clients-username’ and paste this code into your functions.php:

function remove_menus()
{
    global $menu;
    global $current_user;
    get_currentuserinfo();

    if($current_user->user_login == 'clients-username')
    {
        $restricted = array(__('Posts'),
                            __('Media'),
                            __('Links'),
                            __('Pages'),
                            __('Comments'),
                            __('Appearance'),
                            __('Plugins'),
                            __('Users'),
                            __('Tools'),
                            __('Settings')
        );
        end ($menu);
        while (prev($menu)){
            $value = explode(' ',$menu[key($menu)][0]);
            if(in_array($value[0] != NULL?$value[0]:"" , $restricted)){unset($menu[key($menu)]);}
        }// end while

    }// end if
}
add_action('admin_menu', 'remove_menus');

Remove WordPress Meta-Boxes from Posts & Pages Editor Screens

Publishing posts and pages are more than likely key to your clients business and probably the main reason you chose WordPress for them in the first place. To help avoid any confusion from within the posts/pages editor screens it could be helpful to remove unused meta-boxes (custom fields, recent comments, post tags…).

Paste this into your functions.php and edit as required:

function remove_extra_meta_boxes() {
remove_meta_box( 'postcustom' , 'post' , 'normal' ); // custom fields for posts
remove_meta_box( 'postcustom' , 'page' , 'normal' ); // custom fields for pages
remove_meta_box( 'postexcerpt' , 'post' , 'normal' ); // post excerpts
remove_meta_box( 'postexcerpt' , 'page' , 'normal' ); // page excerpts
remove_meta_box( 'commentsdiv' , 'post' , 'normal' ); // recent comments for posts
remove_meta_box( 'commentsdiv' , 'page' , 'normal' ); // recent comments for pages
remove_meta_box( 'tagsdiv-post_tag' , 'post' , 'side' ); // post tags
remove_meta_box( 'tagsdiv-post_tag' , 'page' , 'side' ); // page tags
remove_meta_box( 'trackbacksdiv' , 'post' , 'normal' ); // post trackbacks
remove_meta_box( 'trackbacksdiv' , 'page' , 'normal' ); // page trackbacks
remove_meta_box( 'commentstatusdiv' , 'post' , 'normal' ); // allow comments for posts
remove_meta_box( 'commentstatusdiv' , 'page' , 'normal' ); // allow comments for pages
remove_meta_box('slugdiv','post','normal'); // post slug
remove_meta_box('slugdiv','page','normal'); // page slug
remove_meta_box('pageparentdiv','page','side'); // Page Parent
}
add_action( 'admin_menu' , 'remove_extra_meta_boxes' );

Remove WordPress Pages Columns

Adding this code allows you to remove whichever column from the ‘Pages’ page you feel are not necessary to your client.

Edit as required and paste this snippet into your functions.php:

function remove_pages_columns($defaults) {
  unset($defaults['comments']); 
  return $defaults;    
} 
add_filter('manage_pages_columns', 'remove_pages_columns');

Remove WordPress Posts Columns

Similar to the snippet above, this code will remove columns from the posts page.

Edit as required and paste this code into your functions.php:

function remove_post_columns($defaults) {
  unset($defaults['comments']);
  return $defaults;    
} 
add_filter('manage_posts_columns', 'remove_post_columns');

Removing Default Widgets from the WordPress Dashboard

The majority of the default Dashboard widgets may not be necessary to your non-tech client and could potentially be a disastrous distraction. This snippet will remove whichever widget you define from the Dashboard.

Paste this into your functions.php:

// Create the function to use in the action hook
function example_remove_dashboard_widgets() {
	// Globalize the metaboxes array, this holds all the widgets for wp-admin
 
	global $wp_meta_boxes;
 
	// Remove the incomming links widget
	unset($wp_meta_boxes['dashboard']['normal']['core']['dashboard_incoming_links']);	
 
	// Remove right now
	unset($wp_meta_boxes['dashboard']['normal']['core']['dashboard_right_now']);
	unset($wp_meta_boxes['dashboard']['side']['core']['dashboard_primary']);
	unset($wp_meta_boxes['dashboard']['side']['core']['dashboard_secondary']);
}
 
// Hoook into the 'wp_dashboard_setup' action to register our function
add_action('wp_dashboard_setup', 'example_remove_dashboard_widgets' );

To view each widget’s call have a look at the Dashboard Widgets API page on the Codex.

Create Personalized WordPress Dashboard Widgets

When building themes for clients it could be useful, and appreciated, to create a personalized ‘Welcome’ widget on the Dashboard. This snippet will create a simple ‘Hello World’ widget, and can be easily edited to your own specifications.

Paste this code into your functions.php:

// Create the function to output the contents of our Dashboard Widget
function example_dashboard_widget_function() {
	// Display whatever it is you want to show
	echo "Hello World, I'm a great Dashboard Widget";
} 
 
// Create the function use in the action hook
function example_add_dashboard_widgets() {
	wp_add_dashboard_widget('example_dashboard_widget', 'Example Dashboard Widget', 'example_dashboard_widget_function');
}
// Hoook into the 'wp_dashboard_setup' action to register our other functions
add_action('wp_dashboard_setup', 'example_add_dashboard_widgets' );

Add, Remove & Reorder Dashboard Widgets By Role

You may have a client that needs the WordPress Dashboard customized depending on user roles, by restricting editors or authors to all of admins details. This code will get rid of the ‘Incoming Links’ widget for authors and editors and then clean up some of the other boxes for everyone.

Paste this into your functions.php:

function tidy_dashboard()
{
  global $wp_meta_boxes, $current_user;
 
  // remove incoming links info for authors or editors
  if(in_array('author', $current_user->roles) || in_array('editor', $current_user->roles))
  {
    unset($wp_meta_boxes['dashboard']['normal ']['core']['dashboard_incoming_links']);
  }
   
  // remove the plugins info and news feeds for everyone
  unset($wp_meta_boxes['dashboard']['normal']['core']['dashboard_plugins']);
  unset($wp_meta_boxes['dashboard']['side']['core']['dashboard_primary']);
  unset($wp_meta_boxes['dashboard']['side']['core']['dashboard_secondary']);
 
}
//add our function to the dashboard setup hook
add_action('wp_dashboard_setup', 'tidy_dashboard');

Here’s a list of how to unset each of the current default dashboard widgets:

/Right Now - Comments, Posts, Pages at a glance
unset($wp_meta_boxes['dashboard']['normal']['core']['dashboard_right_now']);
//Recent Comments
unset($wp_meta_boxes['dashboard']['normal']['core']['dashboard_recent_comments']);
//Incoming Links
unset($wp_meta_boxes['dashboard']['normal']['core']['dashboard_incoming_links']);
//Plugins - Popular, New and Recently updated WordPress Plugins
unset($wp_meta_boxes['dashboard']['normal']['core']['dashboard_plugins']);

//Wordpress Development Blog Feed
unset($wp_meta_boxes['dashboard']['side']['core']['dashboard_primary']);
//Other WordPress News Feed
unset($wp_meta_boxes['dashboard']['side']['core']['dashboard_secondary']);
//Quick Press Form
unset($wp_meta_boxes['dashboard']['side']['core']['dashboard_quick_press']);
//Recent Drafts List
unset($wp_meta_boxes['dashboard']['side']['core']['dashboard_recent_drafts']);

Remove Author Metabox/Options & Move to Publish MetaBox

This code will remove the Author MetaBox and Screen Options and then add those option into the publish metabox.

Paste this into your functions.php:

// MOVE THE AUTHOR METABOX INTO THE PUBLISH METABOX
add_action( 'admin_menu', 'remove_author_metabox' );
add_action( 'post_submitbox_misc_actions', 'move_author_to_publish_metabox' );
function remove_author_metabox() {
    remove_meta_box( 'authordiv', 'post', 'normal' );
}
function move_author_to_publish_metabox() {
    global $post_ID;
    $post = get_post( $post_ID );
    echo '<div id="author" class="misc-pub-section" style="border-top-style:solid; border-top-width:1px; border-top-color:#EEEEEE; border-bottom-width:0px;">Author: ';
    post_author_meta_box( $post );
    echo '</div>';
}

Add or Remove Links From the WordPress Admin Bar

The WordPress Admin Bar gives you quick access to all of the main areas of your site, like creating a new post or page, moderating comments or modifying widgets. The snippets below will allow you to add or remove any links.

This snippet will add links to the admin bar. Paste into your functions.php:

function my_admin_bar_link() {
	global $wp_admin_bar;
	if ( !is_super_admin() || !is_admin_bar_showing() )
		return;
	$wp_admin_bar->add_menu( array(
	'id' => 'diww',
	'parent' => 'my-blogs',
	'title' => __( 'Title of the link you want to add'),
	'href' => admin_url( 'http://mysitesurl.com/wp-admin.php' )
	) );
}
add_action('admin_bar_menu', 'my_admin_bar_link');

This snippet will remove links from the admin bar. Paste into your functions.php:

function remove_admin_bar_links() {
	global $wp_admin_bar;
	$wp_admin_bar->remove_menu('my-blogs');
	$wp_admin_bar->remove_menu('my-account-with-avatar');
}
add_action( 'wp_before_admin_bar_render', 'remove_admin_bar_links' );

Show an Urgent Message in the WordPress Admin

This snippet will allow you to shows a custom message to any logged in user. Particularly useful if you need to inform a client/user that they have done something wrong.

Firstly, paste this into your functions.php:

/**
 * Generic function to show a message to the user using WP's
 * standard CSS classes to make use of the already-defined
 * message colour scheme.
 *
 * @param $message The message you want to tell the user.
 * @param $errormsg If true, the message is an error, so use
 * the red message style. If false, the message is a status
  * message, so use the yellow information message style.
 */
function showMessage($message, $errormsg = false)
{
	if ($errormsg) {
		echo '<div id="message" class="error">';
	}
	else {
		echo '<div id="message" class="updated fade">';
	}

	echo "<p><strong>$message</strong></p></div>";

Next, add a hook to the admin notices function to show your custom message:

/**
 * Just show our message (with possible checking if we only want
 * to show message to certain users.
 */
function showAdminMessages()
{
    // Shows as an error message. You could add a link to the right page if you wanted.
    showMessage("You need to upgrade your database as soon as possible...", true);

    // Only show to admins
    if (user_can('manage_options') {
       showMessage("Hello admins!");
    }
}

/**
  * Call showAdminMessages() when showing other admin
  * messages. The message only gets shown in the admin
  * area, but not on the frontend of your WordPress site.
  */
add_action('admin_notices', 'showAdminMessages');

Hide the WordPress Upgrade Message

You may have clients who do not want to deal with any maintenance updates. For those clients, using this snippet, you can hide the WordPress Upgrade Message.

Paste this into your functions.php:

add_action('admin_menu','wphidenag');
function wphidenag() {
remove_action( 'admin_notices', 'update_nag', 3 );
}

Simpler WordPress Login URL

The default URL for logging into your WordPress powered site is: http://yoursite.com/wp-login.php. To make things easier, or at least more memorable, for a client you will need a cleaner URL like: http://yoursite.com/login

Paste this code in your .htaccess file before the default WordPress rewrite stuff:

RewriteRule ^login$ http://yoursite.com/wp-login.php [NC,L]

Change the Dashboard Footer Text

When building a site for a client, it can be useful to be able to customize the dashboard footer text. This little snippet will do the job.

Edit “Your own text” and paste this into your functions.php:

function remove_footer_admin () {
    echo "Your own text";
} 

add_filter('admin_footer_text', 'remove_footer_admin');

Changing the WordPress Login Logo

When building themes for clients, one of their expectations may be to have some sort of company branding within WPs admin. The first page a client will ever view is the login screen and its very easy to customize by simply replacing the default WordPress logo with your clients company logo.

The new logo should be 326×82 pixels and copy it to your themes ‘images’ folder.

Edit ‘companylogo.png’ and paste this code into your functions.php:

// login page logo
function custom_login_logo() {
	echo '<style type="text/css">h1 a { background: url('.get_bloginfo('template_directory').'/companylogo.png) 50% 50% no-repeat !important; }</style>';
}
add_action('login_head', 'custom_login_logo');

Adding a Custom WordPress Dashboard Logo

The next step in customizing WPs backend is to replace the Dashboards logo. You will need to create a transparent (.gif or .png) image of 30x31px. Then, save that image in your theme’s image folder (/wp-content/themes/theme-name/images) and name it whatever you like.

Edit ‘custom-logo.gif’ and paste this snippet into your functions.php:

//hook the administrative header output
add_action('admin_head', 'my_custom_logo');

function my_custom_logo() {
echo '
<style type="text/css">
#header-logo { background-image: url('.get_bloginfo('template_directory').'/images/custom-logo.gif) !important; }
</style>
';
}