Jun
16
2020

Allow ZIP and 7ZIP files in WordPress uploads

If you have a WordPress website, you’ll know by know it’s relatively easy to upload images and documents to WordPress’ media directory.

Uploading images and other files here allow you to link to the files in your website’s page and post content – so it’s really handy.

Default file types WordPress allows you to upload

Not all file formats are allowed to be uploaded to WordPress by default (see a list of file types WordPress allows by default here).

  • Images
    • gif
    • jpg / jpeg
    • ico
    • png
  • Documents
    • .doc, .docx
    • pdf
    • odt
    • ppt, pptx, pps, ppsx
    • psd
    • xls, xlsx
  • Audio
    • mp3
    • m4a
    • ogg
    • wav
  • Video
    • 3gp
    • 3g2
    • avi
    • mov
    • mp4, m4v
    • mpg
    • ogv
    • wmv

It’s worth noting that some hosting companies will not permit the above file types, and may restrict the maximum file size you can upload. You may also find our guide on changing the default WordPress uploads directory useful.

Allowing ZIP and 7ZIP file archive file type for WordPress uploads

To allow you to upload additional file types as well as the default file types listed above, you can modify your WordPress installation’s allowed MIME types (MIME types are a way of describing different file types):

// Add new file types
function add_file_type_uploads( $mimeTypes ) {
	
        $mimeTypes['zip'] = 'application/zip';
        $mimeTypes['7zip'] = 'application/x-7z-compressed'; 
        $mimeTypes['7z'] = 'application/x-7z-compressed'; 

	return $mimeTypes;
}
add_filter( 'upload_mimes', 'add_file_type_uploads' );

You can also remove all restrictions to file upload types, though we strongly recommend against this for security reasons. If you insist on doing this, you can add the following line to your website’s wp-config.php file:

define( 'ALLOW_UNFILTERED_UPLOADS', true );

Still stuck? Our WordPress consultancy is designed to help you solve problems with your WordPress website.

May
3
2020

Exporting all user email addresses in WordPress

By default, WordPress’ export tool (under Tools > Export in WordPress’ admin panel) doesn’t have an option to allow you to export all of your users’ email addresses. This guide shows you how to export all user email addresses in WordPress.

There are many reasons you as a website owner might want to do this, of course, but if you’re planning to add them to a mailing list, beware data protection laws in your local region.

1. Use an export plugin for WordPress

There are plenty of WordPress plugins which can help you export data from your website, including user email addresses. We’ve used the Import Export WordPress Users plugin with success before, and it is still (as of May 2020) actively maintained.

The Import Export WordPress Users plugin allows you to download all of your WordPress website’s users, including their email addresses, in CSV (comma-separated value) format. You can then open this in spreadsheet software such as  OpenOffice Calc, Microsoft’s Excel, or Google’s Sheets tool, and capture the email addresses.

2. Export from the database directly

This method to export your users’ email addresses from WordPress will only apply if you have direct access to the database of your website – this might be accessible through a range of tools in your website hosting’s cPanel or Plesk control panel, or via a tool called phpMyAdmin.

No matter which database tool you are using, navigate to the users table in your WordPress website’s database. The name of this table may have a prefix if you have one set in your website’s wp-config.php file, so it may look something like wp_users or yoursite_users.

Export this database table in CSV format, which you can then open in any spreadsheet software such as those listed above.

3. Use MySQL to list all user email addresses

Finally, you can also use the following MySQL query (which we’ve adapted below) on your database to return all WordPress user’s email addresses. You may need to adapt this query to match the name of your WordPress users’ table.

SELECT user_email FROM wp_users;

Still need some help exporting data from your WordPress website? Our talented WordPress developers are available for hire!

Apr
12
2020

One simple change to improve spam filtering on WordPress websites

WordPress website header - WP logo

Here’s a great quick tip to improve the spam filtering on your WordPress website.

If you have a WordPress website, the likelihood is that you’ve seen spam comments appearing on your website in the “comments” section, unless you’ve disabled all ability for website visitors to add comments to your posts.

These are a magnet for spam comments to totally unrelated websites, and can harm your website’s search engine optimisation efforts, so it’s important to reduce and remove spam wherever it appears.

Using WordPress’ built-in blocklist feature for spam

Log in to your WordPress website’s administration panel, and navigate to the Settings > Discussion screen:

Improve spam filtering with WordPress

Scroll down the page to find the Comment Blocklist field:

WordPress' Comment Blocklist feature for reducing spam

As described in WordPress, the Comment Blocklist field:

When a comment contains any of these words in its content, name, URL, email, or IP address, it will be put in the Trash. One word or IP address per line. It will match inside words, so “press” will match “WordPress”.

Here, you can list one word per line which will automatically filter comments to the “trash” (or “bin”, if you have the British English version of WordPress installed!), bypassing them being published.

Careful – the words in the list will do complete and partial matches, meaning any words on the list which appear as part of another word (e.g., ‘

A list of useful words to use in WordPress’ Comment Blocklist feature

To help make a start on your own blocklist words, we’ve included some common words found in spam comments which you might want to add to your own comment blocklist. It is important to note that phrases that appear in other words (e.g., like “ink” is found in the word “sink”).

viagra
rolex
rolexs
rolexes
bitcoin
outsource
outsourcing

Please check these before you add them to your own website’s blocklist – as we mentioned above, this has the chance for some “false positives” to be made, meaning genuine comments could be removed. And, of course, what we would consider a spam word on this blog could be relevant to your own blog – e.g., if it was about cryptocurrencies like Bitcoin, you probably don’t want to block comments about Bitcoin!

Other ways to block spam on your WordPress website

You can also use WordPress’ Comment Moderation field in Settings > Discussions to flag comments for moderation – rather than sending them straight to “trash”.

As we mentioned before, this isn’t a fool-proof way of stopping spam comments appearing on your WordPress website. Here are a few other ways to improve your website’s spam filtering abilities:

  • Using the Akismet plugin – this can improve your WordPress website’s ability to filter spam comments
  • Enabling Recaptcha or other captcha services on your form entries – this

Any, of course, if you’d like any help with your WordPress website, please do get in touch with us.

Mar
24
2020

RCC web consultancy still open for business during COVID-19 lockdown

Just a short announcement from us following a recent update from the U.K. Government yesterday on new lockdown rules, and we would like to reassure our clients.

Richard Carter Consultancy will continue to operate for the duration of the lockdown. We are working from home, so post delivered to our Proto office address will be significantly slower to reach us.

Web consultancy services

Our services are affected as follows:

We wish all of our clients the very best for lockdown, and look forward to seeing you on “the other side”. If you are experiencing financial difficulties, please contact us to discuss payment plans and arrangements – we aim to help support our clients wherever possible.

Last updated 12 May 2020.

Feb
25
2020

Popular WordPress plugins and what they do

There are tens of thousands of WordPress plugins available to use, but some are more popular than others.

The WordPress experts at RCC take a look at a few of the most well known and well used plugins, and what they can do to improve your website. There are tens of thousands of WordPress plugins available to use, but some are more popular than others. The WordPress experts at RCC take a look at a few of the most well known and well used plugins, and what they can do to improve your website.

What is a WordPress plugin?

A plug-in is a bit of code added to WordPress to add a new feature to your website. WordPress plugins therefore change the behaviour of your website in some way – they might add a contact form, or change how you can edit content in your website somehow.

WordPress.org lists tens of thousands of plugins you can add to your website, but the sheer number available can be baffling. Here, we review commonly used and popular WordPress plugins for your website.

Contact Form 7 plugin

Contact Form 7 is one of the most popular plugins for adding a contact form to your WordPress website.

It comes with a built-in contact form to get you started easily, but we recommended customising that to your own needs – the “subject” field is unnecessary and just gives your customers more work to do. You can customise your contact form with text fields, text areas, telephone fields, URL (web address fields), and dates.

Using a WordPress shortcode, you can create and embed forms in your website easily in pages, posts and widgets:

Shortcodes in Contact Form 7 plugin for WordPress

The plugin also allows you to customise the email that is sent to you when someone completes it.

Read our guide on creating better contact forms for WordPress websites too for hints and tips on making forms easier to use – and more likely to be completed – on your own website.

Contact Form 7 is free to download and use on your WordPress.org website. Other popular contact forms include Gravity Forms and Ninja Forms.

Yoast SEO plugin

Yoast SEO is a popular WordPress plugin to help improve your website’s search engine friendliness. Features include the ability to change your post and page titles separately from what appears in the page itself, which can be helpful for fine-tuning your search engine optimisation.

Yoast also allows you to add structured data to your website to help improve search engine’s understanding of the content and structure of the website. This includes:

  • breadcrumbs – ideal for helping to define the hierarchy of your website’s content
  • Open Graph information – this provides information on your web page’s content which is used in social media networks such as Facebook, Twitter and LinkedIn, as well as key business information such as your business name, contact details and business address. These contact details can then be used in Google and other search engine listings

Yoast SEO is available with basic features for free, or has a “professional” version with a greater range of features. Other SEO plugins for WordPress websites include.

You may find <our guide to improving your WordPress website’s SEO> useful too!

Wordfence security plugin

Wordfence is a WordPress security plugin. Its features include firewalls and the ability to restrict IPs from accessing your website.

WordPress is open source software, meaning that it is free to use and download the code which makes it work. A team of web developers from around the world work to keep it secure, but there may occassionally be security issues that can be abused by hackers if you don’t update your website in a timely manner. Plugins like Wordfence are designed to prevent this by tightening the default security settings on the website

Wordfence is available for free. A professional, paid version of the plugin with additional features is also available.

Apr
24
2019

How to exclude WordPress custom post types from Yoast’s HTML sitemap

WordPress website header - WP logo

If you have a WordPress website and have looked at improving its search engine friendliness, you will now doubt have come across the Yoast SEO plugin. One of the additional tasks you can do to improve your WordPress website’s SEO is to add a HTML sitemap to list all of the pages, posts and custom post types for search engines to find more readily.

Yoast has a handy guide to creating a HTML sitemap for WordPress already, but you may find that it needs adapting if you don’t want to list certain custom post types in your website’s sitemap.

A good example of this was a recent change for a WordPress SEO audit client of ours, who had a custom post type which recorded information from a quote system, and which was not required to be found by search engines (of course, we also hid the content another way!).

So, here’s our guide to excluding specific custom post types from the Yoast HTML sitemap:

1. Create a sitemap page template for your WordPress theme

The first step is to create a sitemap page template for your WordPress theme. Create a file called page-sitemap.php in your WordPress theme’s directory (e.g., wp-content/themes/your-theme/page-sitemap.php) and add the following:

 

<?php
/* Template name: Sitemap */
get_header();
?>

<h2 id="pages">Pages</h2>
<ul>
<?php
wp_list_pages( array( 'exclude' => '', 'title_li' => '' ) );
?>
</ul>
<?php
foreach( get_post_types( array('public' => true) ) as $post_type ) {
if ( in_array( $post_type, array('post','page','attachment') ) )
continue;
$pt = get_post_type_object( $post_type );
if ( $post_type != 'custom-post-type' ) {
echo '<h2>'.$pt->labels->name.'</h2>';
echo '<ul>';
query_posts('post_type='.$post_type.'&posts_per_page=-1');
while( have_posts() ) {
the_post();
echo '<li><a href="'.get_permalink().'"">'.get_the_title().'</a></li>';
}
echo '</ul>';
}
}
?>

<?php
get_footer();
?>

You will find that you need to adapt the HTML to ensure that the new sitemap page displays like other pages in your WordPress website. Depending on the theme you have enabled, you may not need the get_footer() and get_header() statements in this file.

2. Exclude the custom post types you don’t want appearing in search engines

For each custom post type you don’t want to appear in your HTML sitemap, you can adapt the line above:

<?php
foreach( get_post_types( array('public' => true) ) as $post_type ) {
if ( in_array( $post_type, array('post','page','attachment') ) )
continue;
$pt = get_post_type_object( $post_type );
if ( $post_type != 'custom-post-type' && $post_type != 'another-custom-post-type' ) {
echo '<h2>'.$pt->labels->name.'</h2>';
echo '<ul>';
query_posts('post_type='.$post_type.'&posts_per_page=-1');
while( have_posts() ) {
the_post();
echo '<li><a href="'.get_permalink().'"">'.get_the_title().'</a></li>';
}
echo '</ul>';
}
}
?>

This snippet would ensure that the custom post types with machine names “custom-post-type” and “another-custom-post-type” are omitted from the Yoast HTML sitemap. If you’re not sure that this value is for your post types, try using the get_post_type() function within the loop above.

3. Assign the sitemap page template to a sitemap page

Next, you will need to create a page called “Sitemap” within your WordPress website. Once that’s done, assign your new Sitemap template using the “Page template” dropdown in the Attributes block (usually displayed in the right-hand column of the screen on larger screens).

4. Link to your sitemap page

Finally, now that you’ve created your custom HTML sitemap page for your WordPress website, be sure to link it from the footer of your website. Depending on the WordPress theme you have enabled, you may be able to do this via the Appearance > Menus screen in the backend when logged in as a site administrator, or by editing your theme’s footer.php file.

If you need any help implementing this on your own website, contact us at hello@richardcarterconsultancy.com and talk to us about our WordPress consultancy services.

Nov
9
2018

Updating your WordPress site URL to HTTPS in the database

If you’re a WordPress developer, you’ve probably had the need to update an old website’s URL to use HTTPS recently.

This guide will help you to change your WordPress website’s settings to accommodate the move to HTTPS for your website, including the options in the database and all mentions of your website’s HTTP domain within your existing website’s content.

You’ll need database access to complete these tasks fully please back up your website and database before making any changes (or, even better – use a test version of your website!).

Before following these guides, you’ll need to install an SSL certificate for your domain. LetsEncrypt.org offers free SSL certificates which can renew automatically, depending on your website hosting company’s settings.

Why update your WordPress website to use HTTPs?

If you’ve been running a website for a few years, you may have your website accessible via HTTP – this is a simple protocol which means web traffic between a website visitor and your server isn’t encrypted. Potentially, this means that anyone could, with the right knowledge, intercept this traffic for malicious purposes.

Using HTTPS for access to your website enhances its security by encrypting the traffic between the website’s server and your visitors.

Search engines, such as Google, have recommended for some time now that all websites use HTTPS to provide content to visitorsChrome browser even flags your site with an error message if it doesn’t use HTTPS now.

How to change your WordPress site’s siteurl and homeurl settings in the database

  1. Back up your WordPress website and database before attempting these changes!
  2. To change your WordPress website’s basic URL settings to use HTTPS rather than HTTP, the first step after installing your SSL certificate is to log in to your database management tool (such as phpMyAdmin, used in this tutorial).
  3. Navigate to the options database table. This may be called just options, or something like wp_options, or something_options (if you’re really stuck, look in your WordPress website’s wp-config.php file and see if the database prefix setting is set here using the $table_prefix.
  4. Updating the siteurl setting in your WordPress website database
    Locate the siteurl and homeurl settings
    in this database table. You’ll see they are set to something like http://www.yourwebsite.com – see image above.
  5. Change the values of these settings to https://www.yourwebsite.com. Don’t forget to update the table with your changes.

How to change your WordPress website URL in content

If you’ve done that in WordPress’ wp_options database table for the siteurl and homeurl settings, that won’t be enough to tie off your change to HTTPS entirely – as your existing WordPress pages and posts will still link to other pages and images using your HTTP domain. Follow these steps to update your website URLs in WordPress’ content as well, via the database:

  1. Back up your WordPress website and database before attempting these changes!
  2. Log in to the database tool you use (this guide uses the popular phpMyAdmin application).
  3. Navigate to the wp_posts table (the name of this table may vary depending on your database prefix – please see notes above).
  4. Click the SQL tab to run SQL queries on the database.
  5. Run this SQL query, replacing www.yourwebsite.com with your own website’s domain name. Be sure that wp_posts is the name of your WordPress posts table:
    update wp_posts set post_content = replace(post_content,'http://www.yourwebsite.com','https://www.yourwebsite.com');
    Change your website domain to HTTPS in WordPress content database

Of course, if you’re stuck and would like our help to install your SSL certificate to your WordPress website’s domain and do all of the tidy up we suggest above, get in touch with our WordPress development experts.

Jul
24
2017

Bulk deleting WordPress spam in Contact Form 7 Flamingo plugin

WordPress UK

Have you had problems in your WordPress website with a lot of spam submissions through your Contact Form 7 plugin?

Spam emails aren’t uncommon, but if you use Contact Form 7 out of the box and simply set it to forward the submitted message to you by email, your email program – Gmail, Outlook, etc – will probably do a reasonable job of filtering the spam out for you.

Many WordPress websites rely on Contact Form 7 to add a contact form feature to their website, and the plugin provides a nice interface for building simple (and even more complex) contact forms. We also add the Flamingo plugin for sites using the Contact Form 7 plugin, as this provides a safety net if the website doesn’t send you a message. Flamingo creates an archive of all messages submitted through contact forms on your website, as well as maintaining an “address book” of contacts who have contacted you.

However, Flamingo’s spam filtering isn’t particularly strong, and it’s possible to end up with a few thousand spam messages archived in your website in Flamingo. You can safely ignore these, but you may find that the sheer quantity of the messages means it’s easier to miss genuine enquiries. This is something we’ve looked in to for our own your WordPress website clients, and have provided these notes to help other WordPress users in a similar situation.

How to bulk delete spam from Flamingo / Contact Form 7 forms on your WordPress website

On sites we were asked to look at for clients, many submissions were sent from the (fake) email address “sample@email.tst”, which made it easier to filter the messages, and then delete them.

Flamingo stores the submitted contact form messages in WordPress’ post_content table in the posts table. To select all submitted contact form submissions containing this, you can use the following SQL query:

SELECT * FROM posts WHERE post_content LIKE '%sample@email.tst%';

  1. Note: this will also select other content types (blog posts) that contain the email address. If you’re not familiar with databases, it’s wise not to play around with this, and get your web developer involved – you could potentially delete your entire site’s data!
  2. ‘posts’ is the database table name; if you have used a database table prefix for your WordPress installation, this is likely to be something more list wp_posts

If that selects the content you want to delete, you can now DELETE the posts:

DELETE FROM posts WHERE post_content LIKE '%sample@email.tst%';

Note: this permanently deletes the content from your WordPress website’s database, so it’s wise to back your database up before running this!

If you would like to discuss our WordPress training courses, or WordPress consultancy project with us, please get in touch.

Jun
19
2017

Disabling redirect to checkout in Magento after adding a product

Here’s another Magento guide for quite a common query: how to disable the redirect to the checkout after adding a product to the cart in Magento.

Whilst this is a handy feature – enabled by default – for stores where customers aren’t likely to browse, it can be frustrating for customers who want to continue shopping after adding an item to your store’s cart. Luckily, there’s a setting to disable this feature in Magento’s administration panel!

Disabling cart redirect after add to cart in Magento

  1. Log in to your Magento administration account
  2. Navigate to the System > Configuration screen, with Default Config, or the desired store view in Magento you want to change this setting for, set as the Current Configuration Scope (top-left of the screen)
  3. From the left-hand column, find the “Sales” heading, and click the “Checkout” option
    Magento - disable add to cart redirect to checkout
  4. Under the Shopping Cart options that now appear, find the After Adding a Product Redirect to Shopping Cart option (this should currently be set to “Yes”):
    Change setting to disable add to cart redirect in Magento 1.9
  5. Change this option to “No”, and click the Save Config button at the top-right of your screen.

That’s it – adding a product to your cart in Magento should no longer redirect you to the cart. 

Troubleshooting add to cart redirect

If you’re still being redirected to Magento’s cart after changing the setting, take a look at these troubleshooting tips:

  1. Hard-refresh your browser (Ctrl + F5 on Windows; Cmd + Shift + R on Mac)
  2. Clear your Magento store’s caches (System > Cache Management in the Magento admin panel)
  3. Check that you’ve changed the setting at the right configuration scope (the dropdown at the top-left of the configuration screen – if you’ve changed the setting in the Default Config scope, but the setting is overwritten at a lower scope (e.g., for an individual store view), it won’t take effect:
    Changing configuration scope in Magento 1

If you’d like any further help with your Magento store, you can talk to us about Magento consultancy services – we’re based in the UK and love Magento! We also offer comprehensive Magento training courses for clients across the UK.

Mar
11
2017

Adding a Google Font to your Magento theme using local.xml layout file

A fairly common task for building custom Magento themes these days is to use a web font. Whilst there are plenty of services which offer hosted web fonts for use on Magento and other website platforms, Google Fonts has a reasonable library of fonts available for us on the web.

This guide will show you how to add your own Google Font to your Magento 1.9 theme the proper way – using your theme’s local.xml file to add the request to load the font to your Magento store’s <head> element.

Add your Google Font as a block in local.xml

Your first step is to open your theme’s local.xml file; this should be present in the app/design/frontend/[package]/[theme]/layout directory, where [package] and [theme] represent the package your theme belongs to, and its name, respectively. The local.xml file is there to overwrite anything you want to change from your parent Magento theme (typically, your parent Magento theme would be rwd, Magento’s default responsive theme).

Once there, locate the <reference name=”head”> line within the <default> handle (this means it applies to all pages in your Magento store); this contains all of the things we want to do in your Magento theme’s <head> element. The highlighted code below (in bold) shows the <block> element which is added to add a link to an external CSS file in Magento 1.9 – which is essentially what all you need to embed a Google Font in to your own store:

<?xml version="1.0"?>
<layout>

<default>
<reference name="head">
<block type="core/text" name="google.fonts.opensans">
<action method="setText">
<text><![CDATA[<link href="https://fonts.googleapis.com/css?family=Open+Sans" type="text/css" rel="stylesheet" />]]></text>
</action>

</block>

</reference>

It’s worth being wary of page load times with fonts, so it pays to be careful in how many Google web fonts you add to your Magento store, as well as the weights (see Google Fonts itself for information on that).

And if you need more pointers for Magento’s local.xml layout file, take a look at the boilerplate local.xml on Maksold’s Github account, or you can contact us about our Magento consultancy services.