We came across an interesting situation while importing database of a WordPress website from one server to another that throws “WordPress Unknow Collation” error.
The error generated while importing the database (on destination server) which is downloaded from other (source) server simply halts the import process. This let only a few WordPress tables to get imported and remaining won’t get imported.
It says Unknown Collation and thus the database was not being able to get imported as the destination collation was not supported by the source database server. To fix this, we found a solution which runs a query on the database and update the collation.
If you have a similar error and want to give it a try, you can check this video and the link on description to download the file and run it on your server to Fix WordPress Unknow Collation While Importing Database in phpMyAdmin.
When we create an ecommerce store based on WordPress and WooCommerce, we have option to add product variation like size, color and price etc. Using these variations, we can create different pricing for different parameters we have set.
This let to a small change in how the product price is displayed on front end. For example if we set a price variation based on size where price is $10 for medium and $15 for large, the price displayed on front page is not $10 or $15 but $10-$15 by default.
If you would like to stop displaying the range and only lowest amount for the product, it can be done by adding the following code to functions.php file of your theme or child theme. It will stop displaying price as $10-$15 but will show $10. (more…)
Contact form 7 is one of the most popular and widely used WordPress Plugin for sending emails from a WordPress website. This plugin can be used to create simple to complex forms on a WordPress based websites which can send users data to site owner via email.
The setup of Contact form 7 is simple and takes less than 2 minutes. If you are looking for a video walkthrough of the process on how we can set up Contact form 7, here is it for you.
Out of many easy to migrate WordPress plugins which let us move a WordPress website from one domain to another or to a different URL.
Sometimes plugins come out as unreliable and we need to try the traditional method of moving a WordPress website from one domain to another or from one URL to another.
In order to achieve it, first the files are copied from source to destination server or directory.
Then the database backup from source is imported in the destination database wp-config file is updated and once the connection is made, the site starts working. However, it is required to edit the database to update the existing URLs to point to the new domain or destination instead of source URL. In order to do that, we need to go to phpmyadmin and run the following query. Just change the URL to your own url and that will complete the manual transfer of a WordPress site from one domain to another or from one URL to another. wordpress-sql-query-to-change-path-or-domain-name-or-a-website
You can move the wp-config.php file to the directory above your WordPress install. This means for a site installed in the root of your webspace, you can store wp-config.php outside the web-root folder.
Note: Some people assert that moving wp-config.php has minimal security benefits and, if not done carefully, may actually introduce serious vulnerabilities. Others disagree.
Note that wp-config.php can be stored ONE directory level above the WordPress (where wp-includes resides) installation. Also, make sure that only you (and the web server) can read this file (it generally means a 400 or 440 permission).
If you use a server with .htaccess, you can put this in that file (at the very top) to deny access to anyone surfing for it:
Disable File Editing
The WordPress Dashboard by default allows administrators to edit PHP files, such as plugin and theme files. This is often the first tool an attacker will use if able to login, since it allows code execution. WordPress has a constant to disable editing from Dashboard. Placing this line in wp-config.php is equivalent to removing the ‘edit_themes’, ‘edit_plugins’ and ‘edit_files’ capabilities of all users:
This will not prevent an attacker from uploading malicious files to your site, but might stop some attacks.
I am also a big fan of this, too often we’re seeing wp-admin credentials compromised and by allowing someone to edit within your admin panel you give the attack full access to all your files. The easiest way to avoid this is to disable the editor via your wp-config file:
Adding server-side password protection (such as BasicAuth) to /wp-admin/ adds a second layer of protection around your blog’s admin area, the login screen, and your files. This forces an attacker or bot to attack this second layer of protection instead of your actual admin files. Many WordPress attacks are carried out autonomously by malicious software bots.
Simply securing the wp-admin/ directory might also break some WordPress functionality, such as the AJAX handler at wp-admin/admin-ajax.php. See the Resources section for more documentation on how to password protect your wp-admin/ directory properly.
The most common attacks against a WordPress blog usually fall into two categories.
Sending specially-crafted HTTP requests to your server with specific exploit payloads for specific vulnerabilities. These include old/outdated plugins and software.
Attempting to gain access to your blog by using “brute-force” password guessing.
The ultimate implementation of this “second layer” password protection is to require an HTTPS SSL encrypted connection for administration, so that all communication and sensitive data is encrypted. See Administration Over SSL.