Friday, 30 May 2014

How to enable errors tracking and more in WordPress config - Abilitazione errori in wp-config.php

In //wordpress/wp-config.php modify from false to true the following statement:

define('WP_DEBUG', false);
define('WP_DEBUG', true);

Plus, add these lines of code:

/** Error reporting */
ini_set('display_errors', 1);

With these, WordPress will show all PHP notices, warnings and fatal errors on video. This is useful in case you don't have access to your error.log on your hosting server.

After finding the error you're searching for, don't forget to change back to false.

Another useful change you might set in wp-config, in order to avoid further errors specially if there's a big sized database, could be to increase the memory size. The default value is 64M. Here's the line of code to change:

/** Memory Limit: now set to 256 MB */
define('WP_MEMORY_LIMIT', '256M');

Friday, 2 May 2014

Protezione iniziale di un progetto Web

Se possibile, è meglio evitare di lavorare direttamente su un sito Web in produzione, ma nel caso non sia possibile fare altrimenti, ecco alcuni consigli.

Per impedire ai motori di ricerca di indicizzare una o più pagine del sito, inserire il seguente meta tag nella sezione <head> della indice Html:

 <meta name="robots" content="noindex, nofollow">

Per tutto il sito, utilizzare il file robots.txt con queste due righe:

User-agent: *
Disallow: /

Oppure è possibile proteggere il sito in sviluppo attraverso una password:

AuthUserFile /web/htdocs/
AuthName "Sito in costruzione"
AuthType Basic
require valid-user nomevostroutente

Il path assoluto nell'esempio è basato su Aruba. Per trovarlo sul server si può scrivere un semplice file con l'istruzione:
echo  "Path fisico: ". $_SERVER["DOCUMENT_ROOT"];

(per generare la password:

Informazioni aggiuntive:

Plugin et al.

Esistono anche plugin per la gestione del sito under development:

WP Maintenance  -
WP Private Only e WP Private Only Feed

Nel caso infine si abbia bisogno di spostare Wordpress in un'altra cartella può essere utile guardare qui:

Wednesday, 30 April 2014

Effettuare il backup del database e del sito


Esempio su Aruba
• Andare su
• Entrare in PHPMyAdmin
• Selezionare il database che serve tra quelli disponibili nella barra a sinistra
• Cliccare su Esporta e salvare il file in un luogo sicuro (meglio se su cloud)

• Accedere al proprio hosting tramite ftp (usando ad es. WinSCP o simili)
• Fare il download di tutto il contenuto del sito remoto sul proprio hard disk (meglio se su cloud). 

Friday, 11 April 2014

Htaccess & WordPress


Configure .htaccess:

The .htaccess file is a configuration file that allows you to control files and folders in the current directory, and all sub-directories. The filename is a shortened name for hypertext access and is supported by most servers.
For many WordPress users, their first meeting with the .htaccess file is when they customize their website’s permalink settings. To get those pretty permalinks that we all know and love (e.g. instead of, we need to add something like this to the .htaccess file:
# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress
If no .htaccess file exists, you can create one yourself and upload it. All you have to do is create a blank text file, save it as .htaccess and upload it to the root of your WordPress installation. Be sure to include the period at the start of the filename (i.e. save the file as .htaccess and not htaccess).
You also need to ensure your .htaccess file is writeable so that WordPress can add the appropriate permalink code to your .htaccess file. advises file permissions of 644 for the .htaccess file.
Htaccess File is Hidden
The .htaccess file is a hidden file. You therefore need to ensure your FTP client or file manager is configured to display the file in your directory.
The .htaccess file is not only used for permalinks. The file is better known for its ability to strengthen the security of a website. Millions of WordPress users use the .htaccess file to protect their websites from spammers, hackers, and other known threats.
In this article, I would like to share with you several snippets for .htaccess that will make your website secure. I have also included a few additional snippets that I believe you will find useful.
You may have noticed in my permalink example above that the code begins with # BEGIN WordPress and ends with # END WordPress. WordPress can update any code that is placed within those tags. You should therefore add the snippets shown in this article at the top or bottom of your .htaccess file (i.e. before # BEGIN WordPress or after # END WordPress).

Be Careful

The .htaccess file is one of the most temperamental files you will encounter when using WordPress. It only takes one character to be out of place for the code to be incorrect. When that happens, it will usually cause your whole website to go down. It is therefore vital that you copy the code noted in this article correctly to your own .htaccess file.
Even if you are cautious, accidents can happen, and they frequently do.
Do not cut any corners when working with the .htaccess file. Before you begin, make a backup of your current working version of .htaccess. Store it in a safe place on your computer, and if possible, in another location such as a USB flash drive or on cloud storage.
Whenever you update your .htaccess file on your server, refresh your website to see if your website is still live. Do not skip this step as it is vital that you verify your website is still working correctly. If your website returns a blank screen, immediately revert back to your saved copy of .htaccess by uploading it over the version with errors.
If you cannot locate your backup file, either upload a blank .htaccess file or delete the .htaccess file altogether. This will get your website back online; which will obviously be your priority when your website goes offline.
Do not take any chances with .htaccess. Always have a back up. You have been warned :)

1. Protect .htaccess

Due to how much control .htaccess has over your whole website, it is important to protect the file from unauthorised users. The following snippet will stop hackers from accessing your .htaccess file. You can, of course, still edit the file yourself via FTP and through your hosting control panel’s file manager.
order allow,deny
deny from all
satisfy all

2. Protect WP-Config.php

Another important file is wp-config.php. This configuration file contains the login information for your WordPress database as well as other important maintenance settings. It is therefore advisable to disable access to it.
order allow,deny
deny from all

3. Protect /Wp-Content/

The wp-content directory is one of the most important areas of your WordPress website. It is where vital files are located such as your themes, plugins, uploaded media (images and videos), and cached files.
Due to this, it is one of the main targets of hackers. When a spammer managed to compromise an old website of mine last year, he did it by uploading a mail script to my uploads folder. He then proceeded to send out spam mail using my server; which subsequently placed my server on spam blacklists.
You can tackle threats like this by creating a separate .htaccess file and adding the following code to it:
Order deny,allow
    Deny from all
    Allow from all
You then need to upload this separate .htaccess file to the main wp-content directory i.e. Doing this will allow media files to be uploaded including XML, CSS, JPG, JPEG, PNG, Gif, and Javascript. All other file types will be denied.

4. Block Include-Only Files

There are certain files that never have to be accessed by the user. You can block access to these files by adding the following code to your .htaccess file:
# Block the include-only files.
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]

5. Restrict Access to the Admin Area

Another entry point for hackers is the WordPress admin area. If they gain access to this area, they can do almost anything to your website.
To make this area more secure, create a new .htaccess file and add the code below to it:
# Limit logins and admin by IP
order deny,allow
deny from all
allow from
Be sure to change to your own IP address (you can find out your IP address at What Is My IP?). Then upload the file to your website’s /wp-admin/ folder i.e.
This will allow you to access your WordPress admin area, but will block everyone else.
Additional IP addresses can be added for other administrators and staff. You can do this by adding additional allow lines or listing their IP addresses in the main allow line and separating them using commas. For example:
allow from,,

6. Ban Someone From Your Website

If you know the IP address of a malicious party, you can completely ban them from your website using the snippet below. For example, you could ban someone who always leaves abusive comments or someone who has attempted to access your admin area.
order allow,deny
deny from 123.456.78.9
deny from 987.654.32.1
allow from all

7. Send Visitors to a Maintenance Page

Maintenance plugins such as Ultimate Maintenance Mode and Maintenance are useful for displaying a temporary message to visitors when you are developing a website, or when working in the background to update your website.
Unfortunately, maintenance plugins are of little help if you face the infamous WordPress White Screen of Death. They only function correctly if your website is working correctly.
If you want to prepare for the worst, I recommend creating a basic HTML page named maintenance.html that advises visitors that you are currently experiencing problems with your website, but will be back online soon. When your website does go down because of a hacking attempt or because of the White Screen of Death, simply add the snippet below to your .htaccess file to direct all traffic to your message at maintenance.html.
RewriteEngine on
RewriteCond %{REQUEST_URI} !/maintenance.html$
RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.123
RewriteRule $ /maintenance.html [R=302,L]
You need to configure the above code for your own website. Change the html filename to the name and location of your own maintenance file in the second and fourth row. You also need to add your own IP address to the third row to ensure that you can access your website whilst the maintenance message is being displayed to others. The code uses a 302 redirect ensure that the maintenance page itself is not indexed.

8. Disable Directory Browsing

Allowing unauthorised individuals to look at your files and folders can be a major security risk. To disable browsing of your directories, simply add this small piece of code to your .htaccess file:
# disable directory browsing
Options All -Indexes

9. Enable Browser Caching

Browser Caching is something I recently discussed in my article “Optimize Your WordPress Website Using These Simple Tips“. Once enabled, browser caching will allow visitors to save items from your web page so that they do not need to be downloaded again.
It is used for design elements such as CSS stylesheets and media items such as images. It is a practical solution as when someone uploads an image to a website, the image is rarely updated again. Browser caching would therefore allow visitors to load the image saved on their computer rather than your server. This reduces bandwidth and increases page loading times.
To enabling browsing caching, all you need to do is add this code to your .htaccess file:
ExpiresActive On
ExpiresByType image/jpg "access 1 year"
ExpiresByType image/jpeg "access 1 year"
ExpiresByType image/gif "access 1 year"
ExpiresByType image/png "access 1 year"
ExpiresByType text/css "access 1 month"
ExpiresByType application/pdf "access 1 month"
ExpiresByType text/x-javascript "access 1 month"
ExpiresByType application/x-shockwave-flash "access 1 month"
ExpiresByType image/x-icon "access 1 year"
ExpiresDefault "access 2 days"

10. Redirect a URL

301 redirects allow you to inform search engines that a URL has permanently moved to a new location. They can be used to redirect a page, folder, or even a completely new website.
They are therefore used whenever the URL of a page changes. This can be due to changing a domain, changing the permalink structure of your website, or simply changing the page slug (e.g. changing the page slug of an article from my-news to mygreatnews).
To redirect a location, all you need to do is add a line with Redirect 301, followed by the old location and then the new location. You can see how this works in practice below:
Redirect 301 /oldpage.html
Redirect 301 /oldfolder/page2.html /folder3/page7.html
Redirect 301 /

11. Disable Hotlinking

Hotlinking is a practice in which someone shares an image from your website by linking directly to the image URL. It commonly occurs on discussion forums, but many website owners still do it too (which is a mistake as it means images can be removed from your content at any time). Hotlinking can have a negative effect on your website. In addition to slowing your website down, it can also significantly increase your bandwidth costs with your hosting company.
You can prevent hotlinking by only allowing your own website, and any others you own, to execute image files. Add the code below to your .htaccess file to stop others from hotlinking your images. Be sure to replace the URL’s below with your own website addresses.
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)? [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)? [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ [NC,R,L]
When someone now views an image of yours at another URL, they will instead be shown the image denoted in the last line of code. This image can be changed to whatever you want.
* Note that disabling hotlinking may cause some RSS readers to have problems displaying your images from your RSS feed.
I hope you have enjoyed this list of tips and tricks for the .htaccess file. As you can see, it is a versatile configuration file that can be used for many things.
If you enjoyed this article, I encourage you to subscribe to the Elegant Themes Blog.

By  Kevin Muldoon (E.T.)

Addendum (no-ref)For useful information on WordPress, please visit:

Monday, 7 April 2014

Landing Pages: una Pricing Table

Articolo tratto da:

Ho notato che i professionisti del web marketing difficilmente inseriscono il prezzo dei servizi nelle landing page.
Questo perché, nella maggior parte dei casi, i servizi che ruotano intorno a questo settore sono legati alle particolarità del singolo cliente. Ma non sempre è così.

Pensa al webwriting. Fissare un prezzo per la pianificazione di una blog strategy o per lo studio del naming è impossibile. In altri casi, invece, i prezzi sono già definiti.
Io, ad esempio, offro tre tipi di pacchetti blogging: basic, premium e gold. Li ho elencati in una bullet list e li ho spiegati con parole semplici, ma sulla landing c’è ancora poca chiarezza.

Manca qualcosa. Ma cosa?

Eureka! Manca un confronto chiaro tra i diversi pacchetti, un confronto visuale che per ora è stato declinato solo con il copy.

In altre parole, manca il design della sezione pricing. E per migliorarla voglio utilizzare un box con i diversi pacchetti e i servizi compresi nel prezzo. Ecco qualche esempio:


(Continua sua MySocialWeb...)

Personalizzare i menu di Wordpress

Articolo originale:

Da un punto di vista strutturale, per WordPress un menu di navigazione è una semplice lista non ordinata di collegamenti ipertestuali. Naturalmente, esigenze specifiche di sviluppo possono richiedere la creazione di menu complessi, per i quali la struttura predefinita non è sufficiente. A partire da WordPress 3 è, però, possibile personalizzare i menu predefiniti in modo avanzato e senza grandi difficoltà.
Il framework permette infatti di creare sistemi di navigazione alternativi, mega-menu, ed elenchi arricchiti da elementi grafici non gestibili con i soli fogli di stile.

Aggiungere un menu ad un tema di WordPress

Quando si sviluppa o si modifica un tema, per inserire un menu in una specifica area della pagina, bisogna eseguire due operazioni: per prima cosa il menu va registrato nel file functions.php, grazie alla funzione
function register_my_custom_menu() {
    register_nav_menu( 'custom', __( 'Custom Menu' ) );
add_action( 'init', 'register_my_custom_menu' );

(continua su

Saturday, 22 March 2014

Eight Useful Code Snippets for WordPress

WordPress will automatically clear out your trash every thirty days, however this can be reduced by adding the following line of code to your wp-config.php file (this file is located in the root of your WordPress installation):
define ('EMPTY_TRASH_DAYS', 7);
If you want to optimize your database further so that no unnecessary items are stored in your database, you can disable the trash system altogether by adding this line of code to your wp-config.php file:
define ('EMPTY_TRASH_DAYS', 0);

The WordPress revision system saves a draft of your posts and pages each time you save an article. This feature is important to bloggers as it allows them to refer to earlier drafts and stops any work being lost in the event of a lost connection.
To address this issue, you can reduce the number of post revisions to a more sensible number by adding the following code to your wp-config.php file:
define( 'WP_POST_REVISIONS', 3 );
If you would prefer to disable the post revision system altogether, simply add this code to your wp-config.php file:
define( 'WP_POST_REVISIONS', false );

WordPress also autosaves your posts and pages every sixty seconds. The interval in which posts are saved can be modified by adding the following code to your wp-config.php file:
define( 'AUTOSAVE_INTERVAL', 160 ); // Seconds

Move Your WP-Content Folders

The wp-content folder contains your themes, plugins and uploads. Certain plugins, such as caching plugins, also use the wp-content folder to store data.
Due to this, the wp-content folder is frequently a target for hackers, particularly those that insert malware into your theme files. You can make it difficult for people to find your wp-content directory by moving it to another area of your website.
If you want to simply move the wp-content folder to another location, you can add this code to your wp-config.php file:
* Notice the wp-content folder does not have a trailing slash
define( 'WP_CONTENT_DIR', dirname(__FILE__) . '/newlocation/wp-content' );
If you prefer, you can define the new location using the URL:
define( 'WP_CONTENT_URL', '' );
WordPress also allows you to rename your wp-content folder using:
define ('WP_CONTENT_FOLDERNAME', 'newfoldername');
Renakming your wp-content folder can make WordPress website even safer, however it is unfortunately not always practical to do so because many WordPress plugin developers continue to hard code “wp-content” into their plugin code. It may still be worth doing if security is a top priority, though be aware that it may require you to manually update the code of many plugins you use (and these would have to be manually updated every time you updated the plugin).

Thursday, 20 March 2014

Temi per WordPress (aggiornato)


Installazione e configurazione di WordPress - 1 (categorie + menu)

Step 1 - Categorie
Inserire tutte le categorie e sottocategorie inclusa la descrizione e l'eventuale associazione alla categoria "genitore".
Step 2 - Menu
Creare un nuovo menu dandogli un nome (ad es. main menu)
Inserire i blocchi gerarchichi correttamente

Le novità di WordPress 3.9

di Claudio Garau per

Se WordPress 3.7 era caratterizzato in particolare dall’introduzione di alcune funzionalità dedicate ad incrementare il livello di affidabilità dell’applicazione, come per esempio gli aggiornamenti automatici in background, la release 3.8 del Blog engine/CMS Open Source ha presentato invece novità riguardanti soprattutto l’interfaccia utente e l’area di amministrazione, con l’inclusione nel core di features sviluppate inizialmente sotto forma di plugin, si pensi per esempio all’estensione MP6 adottata per la nuova Admin User Interface.
Con la major release WordPress 3.9, gli sviluppatori del progetto sembrerebbero aver deciso di proseguire sulla base del modello d’implementazione incentrato sull’approccio denominato plugins-as-features che, come anticipato, costituiva l’elemento peculiare dell’aggiornamento precedente; in sostanza però, l’ultima versione presenta quasi esclusivamente delle migliorie a carico di strumenti già disponibili in precedenza e poche funzionalità addizionali, quasi volesse proporsi come rilascio interlocutorio prima di quelle che dovrebbero essere le ben più importanti novità previste per la serie 4.x.

Strumenti per la creazione di playlist Audio/Video

Le playlist rappresentano un sistema semplice e veloce per organizzare e reperire all’interno di apposite raccolte i contenuti multimediali gestiti tramite WordPress; grazie alla release 3.9 sarà ora possibile suddividere i filmati e le tracce audio disponibili in diverse aree tematizzate arbitrariamente dall’utilizzatore che fungeranno da categorie.
Il sistema adottato per la gestione delle playlist è stato parzialmente mutuato da quello già in uso per la realizzazione delle gallerie di immagini ed è accessibile anche attraverso il pulsante “Add Media” fornito a corredo dell’editor per la creazione e la modifica di post e pagine. L’utente avrà a disposizione due voci distinte associate ai collegamenti “Create Playlist” (per i brani audio) e “Create Video Playlist” (per i filmati), ogni set generato sarà poi editabile tramite la feature “Edit playlist”; le playlist potranno essere popolate anche tramite Drag & Drop dei file desiderati nell’apposita area di trascinamento, infine, la stessa procedura potrà essere impiegata per il riordino personalizzato degli elementi raccolti.

Figura 1. Creazione di playlist in WordPress 3.9.
Creazione di playlist in WordPress 3.9 
Sempre per quanto riguarda l’ordinamento, saranno supportati e applicati automaticamente attraverso la selezione delle apposite opzioni. sia quello casuale che quello contrario alla sequenza di caricamento; ad ogni file potrà essere associato un titolo, una didascalia e una descrizione, inoltre, le playlist avranno a disposizione alcuni stili (attualmente “Light” e “Dark”) per la formattazione. L’applicazione cercherà di associare ad ogni file informazioni e contenuti addizionali, rilevati tramite i tags ID3, come per esempio copertine dei CD e i dati relativi all’album d’origine di una traccia.

Anteprime live dei Widget

Attraverso WordPress 3.9 si avrà la possibilità di visualizzare delle anteprime in tempo reale (live) dei Widget, tale operazione potrà essere effettuata tramite gli strumenti già disponibili per la personalizzazione dei temi; il sistema prevede l’accesso ad un Widget Customizer (feature sviluppata sotto forma di plugin all’interno del progetto “Widgets UI Refresh“) appositamente concepito per editare questi componenti, adattarli alle proprie esigenze e, eventualmente, crearne di nuovi.

Figura 2. Anteprime live dei Widget in WordPress 3.9.
Anteprime live dei Widget in WordPress 3.9 
Come anticipato, a differenza di quanto avveniva con le precedenti versioni dell’applicazione, gli effetti di tutte le procedure appena descritte potranno essere osservati in tempo reale, ciò permetterà di rendere più rapide le operazioni dedicate alla personalizzazione dei Widget.

Monday, 17 March 2014

Saturday, 1 February 2014

Come inserire il bottone "Mi piace" di Facebook su un sito ospitato da Blogger

Per inserire il bottone “Mi piace” all’interno dei post di Blogger bisogna aggiungere il codice preso da Facebook o disponibile sotto, manualmente. All'interno dell'editor HTML di Blogger, individuare il frammento di codice:


e subito sotto inserire il seguente codice relativo al "Mi piace" di Facebook:

<iframe allowTransparency='true' expr:src='"" + data:post.url + "&layout=standard&show_faces=true&width=100&action=like&font=arial&colorscheme=light"' frameborder='0' scrolling='no' style='border:none; overflow:hidden; width:450px; height:40px;' />

Cliccare su "Salva Modello".

Thursday, 16 January 2014

Testi e add-on fondamentali per sviluppatore HTML, CSS, PHP, WEB

Principi di Web Design, Joel Sklar, Apogeo, 2012

 Programmazione Web lato server (2a edizione aggiornata, che è praticamente la 3a, attenzione),  Vincenzo Della Mea, Luca di Gaspero, Ivan Scagnetto.
See more at:

HTML 5 e CSS 3, di Gabriele Gigliotti, "tecnico ma non troppo", è utile sia per chi vuole aggiornarsi alla prossima (ma già attuale) versione dei due linguaggi del Web, sia per un approccio iniziale all'argomento. (link)
- JQuery, Guida per lo sviluppatore, Rob Larsen e Cesar Otero. Un testo tecnico di ottimo livello per approfondire il "secondo" linguaggio del Web dopo quelli appena citati. (link)

Firebug per Firefox