10 Basic Tips for Improving WordPress Themes

10 Tips for Improving WordPress Themes

A lot of people use WordPress as their blogging platform. After installing WordPress, newly christened WordPress users will usually try to find and download WordPress themes that they can use so that their site looks different from the default theme. Whether a WordPress theme is free or premium, there are plenty of ways to improve them. The following WordPress theme tips cover basic customization, styling and optimization.

1. Reduce the Size of Theme Images

Images are an important part of every WordPress theme, yet WordPress theme developers sometimes forget about optimizing them. Images in a WordPress theme include CSS background images, template logos, default stock images, icons, and so on.

Optimizing images can save you in bandwidth consumption and can improve page response times for your blog readers.

Photoshop, for example, offers a Save for Web feature that optimizes images for the web. What I usually do is lower the quality settings of the image until I start to see changes in color or quality.

Furthermore, you can use a lossless image optimization tool like that will squeeze out excess file size without loss in image quality. You can find more image optimization tools here.

Reduce the Size of Theme ImagesYahoo! is a lossless compression tool.

Learn all about web image optimization via this guide to saving images for the web.

2. Use a Custom Favicon

Some WordPress themes don’t come with a default favicon (the icon that represents a website that you can see in browser tabs and browser web address bars).

Add a FaviconThe Design Instruct favicon displayed in Firefox 3.6. The site uses WordPress as a publishing platform.

When a website doesn’t have a favicon, it can look unprofessional. Make sure that your WordPress theme has a favicon. You can check out this list of favicon generators to help you design your own.

To reference your WordPress icon, simply place the following code inside header.php, which can be found inside your theme’s directory:

<link rel="icon" href="favicon.ico" type="image/x-icon" />

Modify the href attribute value to point to the location of your favicon file.

3. Style WordPress Image Captions

When you upload and post an image in a blog post, you can give them image captions to describe it.

Every good WordPress theme should include default styles for image captions. To style the default caption, you can use the .wp-caption class in your styles.css.

Here is an example of styling the image caption (using some CSS3 properties):

.wp-caption {
  background-color: #f3f3f3;
  border: 1px solid #ddd;
  -khtml-border-radius: 3px;
  -moz-border-radius: 3px;
  -webkit-border-radius: 3px;
  border-radius: 3px; /* optional rounded corners for browsers that support it */
  margin: 10px;
  padding-top: 4px;
  text-align: center;
.wp-caption img {
  border: 0 none;
  margin: 0;
  padding: 0;
.wp-caption p.wp-caption-text {
  font-size: 11px;
  line-height: 17px;
  margin: 0;
  padding: 0 4px 5px;

Here is the result of the style rules above:

Style WordPress Image Captions

4. Use PHP Flush

By calling the PHP flush function right after your header, you will be able to speed up your WordPress blog. Simply add this line to your header.php file after the closing </head> tag:

<?php flush(); ?>

This code simply forces your web server to send your website’s header before sending the rest of the content. By using the flush function, the browser has time to download all the stylesheets referenced in the header while waiting for the other parts of the web page.

5. Use Shorthand CSS in Your Theme’s Stylesheet

The CSS files of WordPress themes contain lots and lots of code to cover all sorts of situations and usage. In order to reduce the size of the file, you can use shorthand CSS. Some WordPress theme designers will make it easier for less advanced users to tweak the styles by not using shorthand properties, but if you’re an experienced CSS coder, you can write/re-write the styles using shorthand properties.

For example, if you find style rules in your theme that look like this:

.post {

You could reduce them to their shorthand equivalent as such:

.post { padding: 3px 10px 5px 2px; }

This will effectively reduce the size of your stylesheet. Changing this won’t make that much of a difference, but every bit of optimization brings you a little closer to a faster WordPress theme.

6. Minify Your WordPress Theme Files

Congruent with using shorthand properties for CSS to optimize styles.css, if your theme’s CSS and JavaScript files aren’t minified, you can minify them to reduce their file sizes. Minification will take out unneeded characters from your files such as spaces and tabs.

For JavaScript, you can use JavaScript Compressor, a free web-based tool that you can use to minify your JavaScript files.

For CSS, check out this list of CSS optimizers.

It will be trickier to minify your HTML since the theme’s markup is spread amongst several files and they will have PHP code interspersed with them. However, there are plugins like W3 Total Cache that will minify all of your front-end code as well as perform other optimization processes such as caching your blog posts to improve site speed.

7. Secure the Theme

One easy way to protect your theme is to remove the generic WordPress generator code that is placed inside your theme’s <head> tags. The reason behind this is that if a malicious user knows your WordPress version, it’s a lot easier for him to attack it using version-specific vulnerabilities. In order to remove this, you have to take two steps.

First, go to your theme’s header.php file and check to see if there is a line like this:

<meta name="generator" content="WordPress <?php bloginfo(’version’); ?>" />

If that’s the case, then remove the line. This line prints out your WordPress version number as a <meta> tag.

Next, in order to ensure that it doesn’t show up via the wp_head() hook, simply paste this code into the functions.php file (if functions.php doesn’t exist, you can just create one using your favorite source code editor):

<?php remove_action('wp_head', 'wp_generator'); ?>

8. Hide Dashboard Login Errors

Another way to protect your WordPress theme is to hide login errors. The reason is that whenever you are trying to login using the correct username but with the wrong password, a message will show up saying "Error: Incorrect Password." You’ve now given a clue that the username entered is in the system, and that they simply need to crack its password.

Hide Dashboard Login Errors

Similarly, whenever you enter an unavailable username, a message appears stating "Error: Invalid username". This of course reveals that the username is non-existent and becomes one less permutation that needs to be checked.

In order to keep this from happening, you need to add this code to your functions.php file:

add_filter('login_errors', create_function('$a', "return null;"));

This filter will remove the standard WordPress error by displaying nothing when a login is incorrect.

9. Replace the Theme’s Search Feature

Most themes you download will use the default search function in WordPress core, specifically because it is a best practice recommended by WordPress core developers for developing and distributing WordPress themes.

However, the core search function, at the moment, is not as robust and accurate as a third-party search service such as Google Custom Search, Yahoo! Search BOSS, or the Bing API. For example, in the WordPress core search function, typing a blog post author’s name will not yield a result (unless you include it in your posts as a custom field).

Replace the Theme's Search Feature with Google Custom Search

On the other hand, using web services provided by Google, Yahoo!, and Microsoft’s Bing will not only take advantage of their expertise in search, but can also help reduce your server load for searches.

For integrating Google Custom Search to your WordPress theme, check out the Google Custom Search Plugin or this tutorial called Integrate Google Search on your WordPress blog.

For Yahoo! Search BOSS, see the Yahoo BOSS WordPress plugin or this tutorial entitled Create a Yahoo BOSS powered Site Search Engine.

Finally, if you’re interested in the Bing API (which is being currently used for one of the largest WordPress blogs in the world, Mashable), have a look at this tutorial named Bing Search API wrapper for PHP.

10. Reduce Function Calls and Hooks for Static Content

Theme files for mass consumption and use under diverse situations need to be flexible. As such, there are plenty of dynamic function calls and hooks to make the theme work in multiple ways and situations.

However, this can lead to lower performance and page speeds because every time a page is generated, it needs to make multiple function calls to render the page.

Look out for things that don’t need to be function calls; pay attention to things that are unlikely to change.

For example, in header.php, you might find a line that looks like this:

<title><?php bloginfo('name'); ?></title>

This line prints out your blog’s name in the browser’s title bar. Your blog’s name probably won’t change often, if at all, so you could reduce a needed function call by replacing it with your blog name, like so:

<title>Your Blog Name</title>

Here’s another example (again, usually found in header.php):

<link rel="stylesheet" href="<?php bloginfo('stylesheet_url'); ?>" type="text/css" />

The above example references the URL of your stylesheet. However, it’s unlikely this URL will change, so you can just directly write the URL like so:

<link rel="stylesheet" href=" /wp-content/themes/themename/style.css" type="text/css" />

There are plenty of these function calls for non-custom WordPress themes, and collectively, they can contribute to the sluggishness of your WordPress blog, especially when you aren’t using a caching plugin.

Share your own tips for improving WordPress themes in the comments.

Related Content

About the Author

Julius Kuhn-Regnier is an Internet marketer and blogger. Read more of his work on his Internet marketing blog, And Break, where he aims to teach people ways you can make a living online. He has also created a great guide about speeding up WordPress.

This was published on Oct 14, 2010


Gouri Shankar Oct 14 2010

Nice Tips.

Joshua Chase Oct 14 2010

Awesome article. There are some great tips in here and some that I haven’t thought of. Especially around the changes for static content. Usually site names don’t change, so why not just hard code it?

Thanks for the great article….


hi Julius, what a great post! I’ve just tried the “” stuff and it works like magic!!!!

Thank you so much for sharing these precious info

I meant the “php flush” stuff :)

Andy King Oct 14 2010

Thank you very much for the post. Very helpful information!

Dave Wright Oct 14 2010

A couple of new ones for me in there, phpflush and the dashboard login errors will be part of my armoury from now in, cheers!

Kenson Martz Oct 14 2010

Nice! Thanks!

AreLam Oct 14 2010

Maybe remove the WP version on this site? *hint*

Also, I wonder if the PHP flush function will do any good on Drupal.. though I have gotten a fairly fast site with Varnish.

Filip Oct 14 2010

Great article!

Moses Adrien Oct 14 2010

Great post. Especially like the tip about PHP Flush. Need to incorporate that into my wordpress blogs.

Craig Pennings Oct 14 2010

Good tips, thanks for sharing

John G Oct 14 2010

Wow that php flush is an awesome tip. Gonna put this into use right away. I’m coming up with a new header anyway so this is right on time.

Jason Oct 14 2010

I’ve head that flushing can interfere with caching plugins. So it’s an either-or thing…

Young Oct 14 2010

Very well done. Just in time when I got some new WP projects…thanks for the flush tip. Seems like it’s a native PHP function… why doesn’t WP code this in as default? Any drawbacks?

Ryan Rosado Oct 14 2010

I really like these tips. But a lot of them require a self-hosted WordPress blog, correct? I’m a newbie to the blogging world so I’m still figuring out what I should look to add once I get my blog self-hosted. Good post though :D !

Kenneth Oct 14 2010

Great article!

I would add though, that the single most powerful thing that will make your WordPress website faster is to be on a quality web hosting account.

Just because a host offers WordPress hosting doesn’t mean it will be good hosting.

The absolute bottom line is this: How much processor power and RAM is available for your hosting account and its installation of WordPress. Period.

WordPress is moderately resource hungry, and needs a good bit of processor power and RAM available.

I learned to optimize the hell out of every aspect of my WordPress installations, and it turned out that the entire slowness problem was the web hosting account itself; it was in an under-powered shared hosting environment.

I now host all of my clients’ WordPress sites at a new host for the last full year+ ( and every single one of those sites load and run extremely fast.

I also check up on the performance of every single one of my clients’ 100+ WordPress sites using the services of (free web site uptime monitor service server and network failure alerts) to monitor DNS, Uptime, Time to First/Last Byte and more.

Even without doing any performance tweaking, my sites all run super quickly — because of the quality web hosting account.

One of my personal WordPress sites ( recently had a burst of press — over 300,000 page views in a few days, and the response time and performance of the account didn’t budge. The average page load time stayed at less than one second.

You should test your website efficiency using Yslow, and a third party uptime monitor such as Basic State.

You may find that a better web host is the answer to a better performing WordPress installation.

Hope this all helps.

ValeraZ Oct 14 2010

Hello Julius,
Tnx for good tips, useful!

Manuel Ignacio López Quintero Oct 14 2010

Great artcile! Personally I’m using Blogger but when I’ve to install WP I’ll recommend this tips to my clients!


Like this neat and easy to understand tips.Flush is one i must try to. I have a second thought on removing the error notification since there instance that the user really forget their password or username. Its makes them to guess whichever the two is incorrect. Just an opinion but i really like this. :)

Jacob Gube Oct 14 2010

@Kenneth: Since you’re talking about RAM and CPU, I’m assuming you’re on a VPS or dedicated server? If that’s the case, not everyone can deploy a site in those types of environments since they are self-managed most of the time. But, I would have to agree with you that no matter what you do, you will hit a wall of optimization where the next thing you can do to optimize perf is move to a VPS or even a dedicated server.

In the first year of Six Revisions, many of you may not know this, but I had to migrate the site (if I remember correctly) 4 times before conceding to the fact that in order to allow the site to run in high-burst traffic loads without crashing, that I’d need to either go on a VPS or dedicated server. Either way, I needed to learn how to set up a web server, which was easy for someone like me who has a background in the Unix file system and web development, but for someone who’s not — would be a terribly difficult way to host a (secure) site.

In any event, if Kenneth’s comment intrigued you, mosey on down to our complete guide to VPS, as well as read this (a little old, but still very relevant) review of top VPS hosts for web developers.

seriocomic Oct 14 2010

I’d second the comments about being wary with php_flush. If you’re not using any caching plugins (why wouldn’t you be?) then it’s not an issue.

I’d strongly recommend WordPress users taking a look at W3-Total-Cache to remarkably speed up their website – not just the front-end (minification built in, CDN support, gzipping) but also database optimization so common database calls are also cached.

It’s worth pointing out also that 80% of speed/performance bottlenecks are front-end related – in that it’s the HTML/CSS/JS and how they are delivered that’s the issue. You’ll normally only see a small increase in server performance through optimizing the back-end (still worth doing and I strongly recommend a good host or a VPS solution).

Also, search is mentioned. I can say that after years of trying different addons and plugins and custom search hacks, that the single best hands-down plugin out there for WordPress – that actually works – is “relevanssi” (search for it).

Joaquin Poggi Oct 14 2010

The biggest problems in slow sites are using to much plug-ins, becouse this use a lot of RAM memory. there is posible to avoid some plug-ins or change them for others.

WordPress websites need more Ram than CPU power. Always!

Kimcool Oct 14 2010

That’s useful for me.but I want to know how to show the wordpress shortlink in the post page,I want the viewer can copy the short link to share.

Kenneth Oct 14 2010

Hi Jacob,

No, I’m describing a regular web hosting account there; regular cPanel control panel, with one-click WordPress install — nothing to configure at all.

There’s no question that for a serious WordPress powered website that expects high (10-20,000+ unique visitors everyday day) traffic levels, you should consider a more professional level hosting set up.

But I’d imagine that the vast majority of WordPress websites/blogs will never, ever, ever get traffic like that.

But that doesn’t mean they should have a slow, unresponsive experience.

I’m not trying to promote any one specific web hosting company here; just rather pointing out that the hosting server quality is hugely important.

There’s no doubt that optimizing images, compressing/gzipping files, minimizing CSS, using a simple CDN, can increase efficiency. But I’d tried ALL of that and it made exactly no difference.

Once I got on a better set of web hosting accounts, the sites all flew.

I already mentioned the company I use. I have become a reseller there (for my own clients only) because their hosting accounts are absolutely fabulous for WordPress powered sites, and I won’t sell anything less to my clients.

It’s all about the servers, and the resources made available for the accounts on them.

Here’s the Basic State report for one of my higher traffic clients’ WordPress powered website:

(I hope this formatting looks okay once this posts.)
date uptime dns connect request ttfb ttlb

2010-10-13 100.00 0.021 0.091 0.091 0.809 0.850
2010-10-12 100.00 0.071 0.139 0.139 0.887 0.937
2010-10-11 100.00 0.134 0.237 0.237 1.031 1.074
2010-10-10 100.00 0.017 0.085 0.085 0.795 0.839
2010-10-09 100.00 0.011 0.079 0.079 0.843 0.889
2010-10-08 100.00 0.083 0.149 0.149 0.942 0.990
2010-10-07 100.00 0.139 0.207 0.207 0.947 0.993
2010-10-06 100.00 0.018 0.085 0.085 0.857 0.902
2010-10-05 100.00 0.022 0.091 0.091 0.811 0.856
2010-10-04 100.00 0.032 0.101 0.101 0.815 0.868
2010-10-03 100.00 0.019 0.087 0.087 0.802 0.849
2010-10-02 100.00 0.013 0.080 0.080 0.787 0.831
2010-10-01 100.00 0.017 0.118 0.118 0.894 0.939
2010-09-30 100.00 0.023 0.091 0.091 0.801 0.852

minimum 100.00 0.011 0.079 0.079 0.787 0.831
maximum 100.00 0.139 0.237 0.237 1.031 1.074
average 100.00 0.044 0.117 0.117 0.859 0.905

This article is very good and the comments are good as well. The only thing that I would have added to this is that optimizing your images and load speed also greatly effect your ranking on Search Engines. Google especially takes load time into account when ranking your website.

The PHP flush is also a very good idea. I will have to see how that works, though it does interfere a bit with caching plugins.

@Kenneth, jacob:
I am intrigued by Kenneths post. I’m new to webdesign and hosting etc. I used to have a shared hosting plan with godaddy, but recently after reading the “complete guide to vps” article here, i decided i would have to move sooner or later so i made the plunge, and so far no problems. so far i’m hosting two sites, one wordpress blog (which the owners have still not used yet due to their laziness) and a concrete5 site. I know having only three sites does not really warrant using a vps but i see it as a learning by “jumping in the deep end” experience.
anyway, although i like the vps article, i still think it didn’t really give much information adbout how to manage or optimize it. I would like to see an article about basic vps optimization for beginners.
Anyway cheers for all the great articles.

Kenneth Oct 15 2010

Wow, I can ramble.

In a nutshell, my point is this:

If you have a small to medium sized WordPress website, and your pages load slow — then it’s probably more that your web hosting account is under-powered for WordPress, and less that you need to optimize or tweak your WP installation.

That is all.

Mark Scott Oct 15 2010

#8 you shouldn’t remove the error! It’s important, instead run the error through a replace looking for ‘username’ or ‘password’ and return ‘username/password’, that way the user knows when their failing.

Elaine Oct 15 2010

Very easy to follow, nicely done! I’m especially eager to try phpflush :)

fintan74 Oct 15 2010

Thanks for the tips. I implemented the dashboard login errors fix (nr 8), but it needed one more thing in my case.

My login page was still showing an empty red warning block above the form in some cases. That was removed by cleaning up the div-markup following the ‘if ( !empty($errors) )’ in wp-login.php in the root-folder. Now it works like a charm!

Jacob Gube Oct 15 2010

@Kenneth: So a shared hosting account that actually is pretty good? You know what happens to those guys, right? People hear about them and they get overcrowded. And eventually, you’ll have to move again.

But aside from my snarky comment — directed not to you, but more so to the web hosts that have disappointed me in the past, putting you in an awkwardly painful situation of having to migrate 50 sites because they didn’t cap and they oversold — I wholehearted agree with you. At the end of the day, it’s hardware that will limit you. But once you throw enough hardware into it, then it’s front-end perf, MySQL tuning, PHP caching that will lead to bigger gains.

Here’s my performance priority:
1) Get a decent hosting solution. No matter what you do, if you have bad hosting, you’re not going to get anywhere. And then go with a CDN if you serve content-heavy pages — it will be cheaper than getting a bigger hosting plan, though it will be some more work on your end since instead of one tidy box, you have to manage your web server and your CDN stuff. Once you hit your resource limit (i.e. it’s the best host you can get for your budget)…

2) Front end performance. Stuff mentioned here like optimizing images and other stuff like using sprites to reduce HTTP requests, and writing markup smartly so that the page *feels* more responsive (reference CSS first, write efficient CSS, serve JS last, etc.)

3) This is where a VPS or dedicated server comes in handy: MySQL tuning, PHP caching, web server settings tweaks.

That method above works for me, though many sys admins will probably say you should do #3 first. But not everyone has access to their web servers. And, to be frank, and this has been studied to death, front-end perf is where the bottleneck will be and where you will get the most bang for your buck.

In short, #1 is good only up to a certain point. Afterwards, #2 will be the bottleneck, and #3 for sites that have lots of read/write’s.

@dan: Not to let the cat out of the bag, but we have that in the works. It’s been a couple of months in the making, actually. Not sure when that will be completed. It’s just a difficult subject to cover in a complete beginner’s viewpoint. There’s some web-developer-friendly articles out there that do an amazing job at this though, but if you’re a designer in the traditional sense that you do web page layout and HTML/CSS, it might be tough to follow along. For example, check out the articles on Slicehost. These are web-developer-friendly because a background in programming, and preferably Unix, as well as basic knowledge of things like FTP, security, file and directory permissions, and an interest in these sorts of things, helps tremendously in following along those guides. Would I say a designer could do it? Yes. Would there be a very high learning curve? Yes.

Agilworld Oct 15 2010

Your tips is very useful for me. Another way to improve wordpress, I used to WP Plugin, such as WP Total Cache or Super Cache, for this,i prefer use WP Total Cache for optimizing CSS file, JS file, DB connection.

Thank a lot for your great post! I will share it.

Lee Gustin Oct 15 2010

Thanks! Added a couple of those tips to my blog :)

Ahmedij Oct 15 2010


“Reduce Function Calls and Hooks for Static Content”
is the best tip for me :)

Amen to: Reduce the Size of Theme Images.

I love The work there is amazing as well as a great source of inspiration but some (many) of the themes are enormous in file size due to images.

If you golf or know a golfer you’ve maybe heard of “Drive for show, putt for dough”. Same applies to websites. “Graphics for show, traffic for dough”…

Sparsh Oct 16 2010

Thanks for the tips. i will try it in my wordpress blog site.

Arafat Ashraf Oct 18 2010

It is very interesting and informative post which has delivered me a good knowledge. Thanks for the tips.

Dom Crook Oct 18 2010

Some great tips there! Don’t forget you could also use css image sprites to reduce the number of http requests.

satrya Oct 18 2010

Really useful article, thank you.

Bookmarked !

Tom Mahoney Oct 19 2010

As in #7, I added to the functions.php file. The result: a blank page.

Mitch Oct 19 2010

I love #3 and #8. Added both of those, and I love the speed my blog loads now. Have to test the password thing at some point, but I’m sure it’s going to work great as well.

Simon Oct 19 2010

I loved this post. Have used the favicon information to design my own one and it looks great. Thanks :0)

subhamay Oct 20 2010

Thank you for those tips.wonderful’s really help me.

Florian Oct 21 2010

Thanks for the idea with hiding the generator-meta-tag in functions.php!

imatiler Oct 21 2010

I wanted to add a blog section to my site and found this great advice.
php Flush… Will try this immediately!
Image optimisation is high on my list as well. Especially now that google is ranking page speed :P

Look forward to more from you Julius.

Thanks again

Reed Botwright Oct 21 2010

I was hoping #10 was going to be “Switch to Drupal”! ;)

All kidding aside, great post. Very useful, even for a Drupal shop. (We still run some WP sites.)

Jeorge Peter Oct 21 2010

I think these tips will be helpful for me, but the css and php part will be a problem ’cause im not that familiar in programming.

Ahmed Oct 28 2010

Very useful tips, thank you!

flapane Oct 29 2010

Anybody knows if php flush() can create any issues with the plugin Global Translator who cashes the translated versions of the posts?

Carl Bertossi Nov 11 2010

Okay My blog is but I haven’t both any other packages.
I did my favicon.ico in PS I save like .ico but,
– how to export now this my favicon.ico in to blog ?
– do I need upgrade my blog ?
– how to do my on layout ?
– how to export ?
– how to become a bloger ?
Sorry guys for my poor language and knowledge abut it.
Thanks for All.

Front-end optimization tricks you mention here work to a certain point and are fairly easy to implement. Unfortunately, many sites rely on overloaded host boxes and that you will have little control over (aside from moving).

Nice Article, very good tips, Thanks

Keith Davis Dec 18 2010

Hi Julius

Lots of useful WordPress info.

First time that I’ve actually understood…
“Reduce Function Calls and Hooks for Static Content”

Your explanation was simple and straightforward, even for me.

Bill Wood Dec 22 2010

For point #10 as long as you use a good caching plugin it really isn’t necessary. A good caching program will convert all of the site contents to static HTML and the only time the dynamic content is used is when a cache object is being replaced or initially generated.

I use caching to get GREAT performance on my site and I have several plugins too.

Overall great post though!

Rajesh Namase Dec 27 2010

Great article, Thank you. I have used your tricks for my website.

Guido Dec 27 2010

@seriocomic Thanks for that suggestion. Relevanssi is indeed fantastic!

Also, I use W3-Total-Cache, but I don’t really see that much of a speed increase, to be honest. And I find it a bit annoying that I have to turn off the plugin after having changed a design element in the site; if I don’t the cache ‘image’ will be shown, not the new design.

David Salahi Dec 31 2010

I’m puzzled by your recommendation of the Google Custom Search plug-in. When I tried it, it searched the entire web, not my blog. When I searched for keywords that occur in my blog they didn’t even show up in the results. So, why would I want to use Google Custom Search? If someone wants to do a Google search I’m sure they know where to find Google. Meanwhile, I’d just be sending visitors away from my blog.

Jacob Jan 08 2011

Great post with tips!

One comment I would like to add is to “8. Hide Dashboard Login Errors”. Adding filter to the funtions.php still shows the error box – emty though :). To completely remove the box delete line 112 and 113 in wp-login.php (in WP v3.0.3). If you are using another version of WP look for (and delete):

if ( !empty($errors) )
echo '' . apply_filters('login_errors', $errors) . "\n";

Jeorge Peter Jan 09 2011

I like the idea of hidding the dashboard login errors, that will make it more secure for the users.

Hadie Danker Jan 10 2011

I like it, before i never anything about your tips, but your tips inspiring me to be better and improve my wordpress theme

Very nice tips

fintan74 Jan 14 2011

In addition to my message of 15 October regarding option 8… If you remove the following code from the username input’s ‘value’-field around line 590 of the wp-login.php, the username field is always cleared on an unsuccesful login attempt:

If left in place, the username field on the login screen will remain populated if the correct username is guessed with a wrong password. That would still pave the way for brute force attacks.

fintan74 Jan 14 2011

Oops, the code was deleted from the post. The above concerns the PHP-tag with this code:

echo esc_attr($user_login);

David Feb 02 2011

Enable Nested comments? I’m guessing you know the function to do that.

The only comment I had about hardcoding static content is remembering you did in case one keeps a local copy, or changes domains/host or other in the future. For me, I keep my working copy local and upload it, so hardcoding would give me problems. (PS. What if I created a variable $path = http://localhost/website… and just change that variable when upload/download. would that be quicker than calling a function?

Oh, do you think you could add a subscribe to comments feature? I’m totally going to forget to check back for the answer. Thanks!

Leazes Terrace Feb 09 2011

Cheers for the tips!

I’m implementing them right now.

Kuzey Güney Jun 17 2011

I like it, before i never anything about your tips, but your tips inspiring me to be better and improve my wordpress theme

igi ladera Jun 25 2011

Excellent TIPS….

Anthony Aug 10 2011

when i tried 7. Secure the Theme
I now can’t change anything in my header i get an error:

Warning: Cannot modify header information – headers already sent by (output started at /home/late/public_html/wp-content/themes/suffusion/functions.php:1963) in /home/late/public_html/wp-includes/pluggable.php on line 934

now I can’t see my background image either. I wanted to just load the original function.php file but i was afraid of doing that because I am not sure if that would mess up my theme/website.

please help

Nathan Aug 15 2011

@Anthony I had the same problems running WP 3.2.1 & WP Super Cache. I don’t know which one caused the fault but I had to reupload the original header.php and functions.php from my theme to get it working again. No major problems from that but the site was new so I hadn’t made serious changes yet.

Hope it works for you, good luck!

Techaroma Nov 07 2011

Thanks for the informative post. Using your tips to improve my blog.

Thanks, Julius. This is very helpful. :-)

This comment section is closed. Please contact us if you have important new information about this post.