By now you most probably would have come across this story which has taken the internet by storm recently, especially the programming community. The story reads:  How a hosting company lost its entire business because of one line of bad code. Any person even vaguely familiar with command prompt can guess that one line:
rm -rf

(well the actual line of code as per its author was rm -rf {foo}/{bar})

 

The issue first came to public notice when the person responsible for this catastrophe asked for help on ServerFault (question now removed). As per the question and followed thread of comments author intended to run a script that did a few task along with deleting all files/folders inside certain folders passed as variable. Due to an error in the code, the variable got wrong value which resulted in wiping everything on the machine. Unfortunately he ran this same script on all his machines which led to deletion of everything. A complete annihilation!

 

Add to that he ran a web hosting company. He not only deleted his entire company code and data but also wiped clean all customer data. This affected some 1535 customers who were using his service (figures provided by him on serverfault’s thread).

 

Did he take backups?

Whenever a person read such stories, first thing to come across mind is – why didn’t he take backups? Well as per him, he did. He made backups on separate disks, however these disks were mounted to the main machine and hence the contagious script managed to wipe them too.

 

He posted a comment that read:

“All servers got deleted and the offsite backups too because the remote storage was mounted just before by the same script (that is a backup maintenance script).”

 

We often come across users who are trying our service and tell us at the end of trial period, while they really loved our service their hosting company provides backup and hence they may not need our service. It’s difficult to explain why you cannot blindly rely on backups done by your hosting provider but this certainly is a good example to start with.

 

We understand it’s a rare case scenario coupled with human error and probability of something like this happening with your premium managed hosting provider is equivalent to probability of discovering extraterrestrial life. But the important thing to notice here is there is still a probability. There are over 1 billion websites on the internet today, even mere 0.1% accounts to 1 million websites and that’s a huge number. You definitely don’t want to be one in this million group.

 

If something similar happens with the managed hosting provider you are signed up with, your included backups will do you no good. This hosting company just lost all its data. Yes it was because of the carelessness of the system admin but human errors can happen anywhere. There can be another similar case, where a hacker somehow breaks into your hosting company’s server and run similar script intentionally. That will affect you equally. Not only your production site is gone, also the backups.

You should never completely rely on backups by your hosts

Though there are many managed hosting companies that provide quality automated backup to their customers, one should not completely rely on these backups especially when the site in question is your main source to bread and butter. If their system is compromised, so are you and your sites. We cannot emphasise enough how important it is to have backups completely independent from your hosting servers.  


Let’s assume another case where your hosting company is hit by a major DoS attack and it went completely down for 3-4 days. Your site data may be safe but there is no way to access it. There is no certainty how soon they will recover and you cannot let your site just hang around like that. Since your backup belongs with the same hosting company, there is no way to access them either. Like it or not, you’re stuck. If only your backups were independent, you could have hosted them somewhere else meanwhile.

 

These are real world examples and can happen to anyone. A good backup needs to be offsite, robust, completely independent from your main servers and most importantly something you can access and deploy anywhere within minutes. We have seen enough number of times people despite having zip of their backup, running over various tech forums desperately seeking professional help to get their site restored because just unzipping it won’t bring the site back. There are various server configurations that may require fixing/updating in wake of recent disaster. Similarly a good robust backup should have an easy way to validate itself. Consider a situation where you are relying on a backup which is corrupt and you only learn this when you needed it. It’s a nightmare! While most managed hostings do provide decent backup service, these are a few scenarios where they fall flat.

 

Our post is not aimed to scare our readers, we just want to educate people about the importance of an independent automated backup service. One can never take their system for granted. As per the very nature of machines they are bound to crash, hacked, wiped out, melt down etc. One need to have sound backup system not just for their sake, but also for the sake of their users. And we just happen to provide one 🙂

Permalinks, or permanent links, are the URLs that point to specific web pages on your WordPress site, be it individual posts/pages or category/tag archives. They are meant to remain the same, indefinitely. Permalinks are what people enter into their browsers in order to view your web pages, to read your content. They are what search engines (and other websites) use to link to your site. One can therefore say that permalinks are the gateways to your website that play an important role in overall site optimization.

Permalink-icon

The Default WordPress Permalink Structure

WordPress, by default, uses a permalink structure that takes the form of a URL followed by a query string that identifies the pertinent post ID. For instance, if N is the post ID number, the default WordPress permalink structure would be www.websitename.com/?p=N.

This default permalink structure is unreadable to humans, and hence, is termed to be ‘ugly’. Ugly permalinks are neither user-friendly nor search engine friendly. It is therefore recommended that you switch to a more SEO friendly WordPress permalink structure.

Other ‘Pretty’ Permalink Structures in WordPress

In addition to the default permalink structure, WordPress offers the following permalink structures for you to choose from:

Day and Name: Here, your page URL will include the year, month, and date that a post was published, followed by the post name.
Month and Name: In this case, your page URL will be two characters shorter than the previous case, as it includes only the year and month that the post was published, and of course, the post name.
Numeric: Here, your page URL will simply include the ID of the post (again, not very SEO friendly).
Post Name: Here, your page URLs will include the post name alone, making them short and memorable. And so, most WordPress users prefer to use this permalink structure for their websites.
Custom Structure: Here, you get to create your very own permalink structure by making use of one or more of the following structure tags:

%postname% – stands for the post slug
%post_id% – stands for the post ID
%category% – stands for the category the post was published under
%year% – stands for the year the post was published
%monthnum% – stands for the month the post was published
%day% – stands for the day the post was published
%hour% – stands for the hour the post was published
%minute% – stands for the minute the post was published
%second% – stands for the second the post was published
%author% – stands for the name of the author who published the post

Out of the structure tags mentioned above, the first six are more commonly used than the rest.

permalink-options

The above permalink structures are better organized than the default one, making it way easier for both visitors and search engines to navigate to your content. They help optimize your SEO and attract more and more users to your site. These permalink structures are often referred to as ‘pretty permalinks’.

Some Permalink SEO Tips

  • Include the post name in your permalink; it is what matters the most – from both SEO and user perspective.
  • Use simple and short permalinks that are less than 100 characters in length. So even if your article title is longer than usual, remember to cut it short in the URL, so that it falls within the 100-character limit (it’s best to use 3-5 words in the URL slug).
  • While it is advisable to include a keyword in your permalink, refrain from stuffing it with keywords (that’s just shabby).
  • Avoid using stop words (like a, the, is and are) in your permalinks. For instance, if your article title is ‘Stop using stop words in your permalinks’, you can leave out ‘in’ and ‘your’ from your page URL.
  • Use hyphens as separators, not underscores. So, for the article title mentioned above, a good page URL would be: www.websitename.com/stop-using-stop-words-permalinks.

Changing Permalinks on a Live Site

It is wise to choose a permalink structure for your WordPress site at the beginning itself. Changing the permalink structure of a live site, especially one that’s been running for more than six months, can drastically affect your SEO rankings. If you want to change your permalinks and avoid antagonizing users and search engines, here’s what to do:

  • change the page URLs from the back end
  • 301 redirect all the previously used URLs

To ensure that you don’t mess up, it’s a good idea to make a complete list of the previous URLs as well as what they’ll be redirecting to. And if you don’t want to get your hands dirty, you can always hire a professional to setup the redirects for your site. In spite of all this, you’ll still be losing all your social media share counts though, no changing that.

Wrapping Up

A pretty permalink structure is no doubt more user-friendly and SEO-friendly than the default one WordPress provides. It is always advisable to define your website permalink structure right at the beginning of your WordPress journey. However, if you should ever reach that point on the road where updating the permalink structure of your site means better SEO, then go for it! Just make sure to properly redirect your old URLs to the new ones.

And yeah, do remember to keep your site completely backed up before changing the permalink structure on your live site.

 

 

PressNomics is a 3-day conference for the renowned creators of third-party products and services for the WordPress community, organized by Pagely. It’s all set to take place this week, starting from the 2nd of March till the 5th, at the Tempe Mission Palms, Tempe, Arizona. Our founder, Akshat Choudhary, will be representing BlogVault at this event.

PressNomics

More About PressNomics

The PressNomics conference will cover topics pertinent to WordPress entrepreneurs like community considerations, growth hacking, and customer relationship management. Some remarkable speakers attending this event include (but are not limited to)

and many more…

BlogVault at PressNomics

Well, we’ll not be presenting at PressNomics, but we’ll definitely be around to discuss WordPress security and backups (and anything else you might want to talk about). So guys and gals, if you’re there this week, feel free to catch up with us for a chat or drinks. We would love to meet you all!

In an earlier article, we spoke about password protecting wp-login.php with HTTP authentication. There, we came up with this amazing analogy that if your WordPress were a house, HTTP authentication would be a fence to it. Now, imagine deploying a guard at your fence door to further secure your house (your WordPress site). This guard would check the ID (read IP address) of every visitor and allow (or deny) a selected few.

IP address

In this article, we’ll teach you how to provide restricted access through the fence door to only select IP addresses. Of course, for this to work, your internet connection needs to have a static IP address first. If you aren’t sure what your IP address is, you can always Google ‘IP address’.

How to Restrict Access by IP to your wp-admin Directory

To begin with, download the .htaccess file from your wp-admin directory using a third-party FTP client like FileZilla. In case there isn’t already an .htaccess file in your wp-admin directory, go ahead and create a new one. Then, add the following lines at the end of your .htaccess file:

order deny,allow
allow from your.IP.address
deny from all

The above directive allows only a single IP address to access your admin dashboard. This will apply in case you solely access your WordPress dashboard from a single location. In the given example, you need to mention your IP address in place of ‘your.IP.address’.

Now, if you access your dashboard from multiple locations, you’ll need to list out all those IP addresses in the directive. For this, you’ll need to mention individual IP addresses in individual ‘allow from’ lines as shown below:

order deny,allow
allow from your.IP.address.1
allow from your.IP.address.2
allow from your.IP.address.3
deny from all

Blocking Specific IP Addresses

It has been seen that a large number of attacks come from specific regions or set of IPs. To block these culprits at the htaccess level itself, you can include the following syntax in your .htaccess file:

order deny,allow
deny from IP.address.1
deny from IP.address.2
allow from all

Mention the IP addresses you wish to blacklist in place of ‘IP.address.1’ and ‘IP.address.2’. If the blocked IP addresses try to access your dashboard, they’ll get a default ‘403 Forbidden’ error message.

403 error ip address ban

Once you’re done, save the changes and upload the .htaccess file back to the wp-admin directory. In case you make such a change to the .htaccess file in the root directory of your WordPress, all website visitors, apart from you, will receive the ‘403 Forbidden’ error message. Therefore, be sure to make the changes to the .htaccess file in the wp-admin directory of your WordPress alone.

Fixing the Admin Ajax Issue

Limiting access to WordPress wp-admin using IP address tends to break the front-end Ajax functionality. Therefore, if any of your plugins use Ajax in the front end, add the following code to the .htaccess file in your wp-admin directory for fixing the Ajax issue:

<Files admin-ajax.php>
order allow,deny
allow from all
satisfy any
</Files>

For increased security, it is always advisable to use the method discussed above for limiting access via IP address in conjunction with password protection. Also, your IP address will change if you change your internet service provider. So don’t forget to update your .htaccess file in such a case.

A website management platform as flexible as WordPress can be used to create and run numerous different sites for various purposes, blogging being one such purpose. Blogging might start as a hobby, but somewhere down the line, for most people, it becomes more than just that. With quality content and a decent amount of traffic, your WordPress blog can easily become your source of income. Here, we talk about the top five ways of making money with your WordPress blog.

Monetize your WordPress blog

1. Affiliate Marketing

Affiliate marketing involves signing up to an affiliate program and promoting third-party products on your blog by providing affiliate links to products. You can choose to promote products, both digital and physical, that are related to the niche off your blog and relevant to your audience. When a visitor clicks on your link and purchases the product, you get a commission for the sale.

BlogVault has a great affiliate program, where its partners get an affiliate URL to embed on their respective websites upon signing up. When a customer gets referred through the affiliate link on a partner’s website, BlogVault shares 20 percent of the revenue earned with said partner. Amazon Associates and ClickBank are a couple of other well known affiliate link programs.

2. Sponsored Posts/Reviews

Sponsored posts/reviews are content on your blog that you publish for the purpose of promotion of third-party products/services relevant to your blog audience. Here, a sponsor (a company or an individual) encourages and pays you to review his product/service on your blog in order to reach out to your niche audience.

3. Pay-per-click Advertising

Pay-per-click advertisements are one of the most popular methods used to make money off of your blogs. A popular service offering this form of monetization is Google Adsense. Here, all you need to do is sign up for an account with Adsense and follow appropriate steps to place a piece of ad code provided by them on your site. Thereafter, your site will display ads, and whenever a visitor clicks on one of your ads, you earn a payment. There are many WordPress plugins available that help you better manage your advertisements, ensuring that only relevant advertisements are displayed on your blog.

4. Selling Advertisement Space

A simple way to monetize your WordPress blog would be to sell advertisement space on your site. Unlike other means of money-making that are based on pay-per-sale/pay-per-click formats, this one gets you one-time payments for each advertisement space you sell. Although that makes this form of monetization somewhat predictable in nature, it also means that you might lose out on making more money should you later end up with an insane number of clicks on the advertisement.

In case you’re looking to sell advertisement space on your website, BuySellAds is an advertisement marketplace where you can list your website for advertisers to check out and choose to purchase your advertisement space. Once you receive an offer for your advertisement space, it’s upto you to accept or reject the offer. It is always advisable to accept such advertisement offers that are relevant to the niche of your website. Once you accept an offer, the respective advertisement will start to show on your site and your payment will get credited to your BuySell account. BuySellAds acts as a simple, straightforward and reliable middleman to your monetizing venture.

5. Building an Email List

Sending out newsletters to your subscribers’ email addresses, undoubtedly, is an excellent way to keep your audience engaged. But that’s not all you can do with your email list. Email lists also provide a great way to show relevant advertisements and content to your niche audience, providing them with an excellent user experience while filling your purse. However, be careful while exploiting email lists; no one likes spam!

As you can see, there are a number of ways to start making money online using your WordPress blog. Choose a monetization method that’s up your alley and best gels with your blog. And do remember to backup your precious blog with BlogVault before getting started!

Appointments are parts and parcels of all business ventures, from salons and clinics to hotels and consultancy services. If you’re looking for an easy way to allow your customers/clients to book appointments directly from your WordPress site, here’s the perfect plugin for you. Focused solely on appointments and not on other types of bookings, the WooCommerce Appointments plugin from BizzThemes claims to be the best software you can get your hands on right now for scheduling your appointments. Having been built on top of WooCommerce, the plugin lets you readily use all the features and extensions of WooCommerce.

WooCommerce Appointments

Plugin Features

Two-way Google Calendar Sync

The WooCommerce Appointments plugin offers two-way Google calendar synchronization. This means that whenever you add a new appointment or edit an existing one in Google calendar, the additions/changes you make will automatically be synced with your WordPress site, instantaneously. Likewise, whenever you add or edit an appointment in your website admin, it will automatically be synced with your calendar.

Calendar Administration

WooCommerce Appointments lets you view and edit your appointments in a flexible calendar, so that you have a better overview of your schedule. The flexible calendar can be viewed in daily or monthly view, and is synced with both staff and Google calendar, for increased efficiency.

Custom Availability and Capacity

The plugin lets you customize your availability for each calendar date, day or hour; it also lets you set breaks for hours and holidays. Furthermore, the plugin allows you to increase or decrease the number of available places for some appointment slots. This way, you can meet more customers whenever you have the time for it.

WooCommerce Apointments custom availability

Unique Time Slots

The plugin provides you with an option to link time slots to specific dates, letting you have unique time slots for each calendar date.

Staff Management and Availability

The plugin lets you assign staff to each of your appointments. It also lets you manage each staff member’s calendar. Additionally, it allows staff members to login and set their availability as they want.

Custom Schedules and Scheduling Window

With WooCommerce Appointments, you can schedule appointments for multiple days at once, totally skipping time slots. The plugin also lets you decide how much in advance you want your customers to be able to book their appointments. Moreover, if you feel the need to take some time for yourself to prepare for your next appointment, the plugin even lets you specify how much ‘padding’ time you require in between appointments.

Confirmation/Cancellation of Appointments

While the WooCommerce Appointments plugin allows your customers to cancel their appointments, it also lets them make appointment requests. You can accept or decline these requests based on how tight your schedule is at that time. This way, you have better control over your schedule.

WooCommerce Apointments scheduling window cancellation

WooCommerce Integration

Since the plugin in natively integrated with WooCommerce, it allows for the use of all of WooCommerce’s features and extensions. This confers on it a number of bonus features like WC memberships integration, WC follow up emails integration, WC gravity forms integration, WC deposits integration and WC extra product options.

What More with WooCommerce Appointments

Multilingual Compatibility

The WooCommerce Appointments plugin is compatible with popular multilingual plugins like WPML and qTranslate.

Charge for Service Delivery

If you’re required to execute a service at your client’s location, the plugin, thanks to its WooCommerce integration, lets you apply custom shipping/delivery costs in such cases. How much extra you charge will depend on your client’s location.

Country-based Pricing

WooCommerce Appointments lets you charge your customers in different currencies, based on their geological location.

Conclusion

With a clean and beautiful code, the WooCommerce Appointments plugin is easy to use and intuitive. Its configuration process is simple and hardly takes any time. This feature-rich appointment scheduling WordPress plugin is available for just $69. What’s more, it comes with a white label, so you can completely customize it to your brand, leaving no reference to the plugin.

Before installing a new plugin to your WordPress, do remember to keep your site completely backed up using BlogVault!

The WordPress admin dashboard can only be accessed by entering in your username and login password. It is good practice to use a strong login password at all times, as this makes it difficult for bots and hackers to break into your admin dashboard. However, the internet has never been a very safe place, and no amount of security is ever enough. Therefore, it’s always good to have as many layers of security as (sanely) possible, to keep hackers at bay.

Password Protect

While login credentials are a robust security measure at the WordPress application level, we can add further security using HTTP Basic Authentication (BA). HTTP BA is the simplest technique for enforcing selective restriction of access to your web resources, making it a system level security. But well, enough nitty-gritty for now, lets try to understand this with a simple analogy. Imagine your WordPress site to be a house. Although the house’s main door (read login credentials) is a vital part of security, it may not be enough, and you might want to add a fence around your house as an additional security measure. HTTP authentication is one such ‘fence’ for the protection of your WordPress site. Anyone who wants to enter your admin dashboard will first need to go through the HTTP authentication (your fence) and then enter in their login credentials (your main door).

To secure your WordPress site with HTTP authentication, you need to first generate a .htpasswd file, where you’ll list all authorised usernames and their respective encrypted passwords. Following our analogy, think of this as setting up a door to your fence. One can leverage .htpasswd only on an Apache server, since .htpasswd is an Apache password file. Good news is, Apache is the most commonly used web server software worldwide. This makes it highly probable that your site is running on Apache.

Creating a .htpasswd File

You can use the htpasswd command line tool to create a new .htpasswd file. In your command line, use the following code:

htpasswd -c .htpasswd harini

Here, ‘-c’ stands for ‘create’ and should only be used while creating a new .htpasswd file. ‘harini’ is a case-sensitive username for our HTTP BA. On hitting enter, you’ll be prompted to enter the password you would like to use. By default, the htpasswd tool encrypts your password using MD5.

htpasswd 01

In the case that you already have an existing .htpasswd file, and would just like to add a new username to it, you should use the following command line:

htpasswd .htpasswd rahul

htpasswd 02

Note that you don’t have to use the ‘-c’ switch in this command, since you don’t have to create a new htpasswd file here.

A typical htpasswd file looks like this: ‘username:encrypted_password’. For instance, a sample .htpasswd file that contains users harini and rahul would look like:

sample .htpasswd file

If you aren’t able to get your hands on the htpasswd tool, you can easily generate your .htpasswd entry (username-encrypted password pair) using this htpasswd generator.

Now that you’ve successfully created the .htpasswd file, you have a lot of flexibility over where to place it, however it is advisable to store it in a directory that can’t be accessed directly through the web. One such good location would be one level above the WordPress install directory. This will ensure that your Apache password file remains secure, even if your web server software were to get corrupted.

Password Protecting wp-login.php

With the .htpasswd file ready and stored in a safe position, you can now go on to restrict access to your wp-login.php file. For this, you’ll need to specify the following things in your .htaccess file:

  • what file to restrict?
  • where to get HTTP BA credentials from?

Assuming .htaccess file is at WordPress install directory level, adding the following lines of code in the file will do this for us:

<Files wp-login.php>
AuthUserFile /path/to/.htpasswd
AuthName "Private access"
AuthType Basic
require valid-user
</Files>

Here, you need to focus on the following two lines:

AuthUserFile /path/to/.htpasswd: Make sure you provide the correct path to your .htpasswd file in place of ‘/path/to/.htpasswd’.

require valid-user: The ‘valid-user’ keyword tells Apache to provide any user mentioned in the .htpasswd file with access to the wp-login.php file. In case you want to grant selective access to the file, instead of using ‘valid-user’, you can just mention the usernames you’ll like to provide access to. For example, if there are three usernames mentioned in the .htpasswd file, out of which you want to grant access to only two users, say user01 and user02, and not to user03, you’ll use the following require directive:

require user user01 user02

Once you’re done, save the file and upload it to the directory that contains the wp-login.php file. Now, the next time you try to login to your WordPress dashboard, you will find your browser prompting for authentication even before the admin-login screen is loaded, just like the fence we discussed.

http authentication protect wp-login.php

WordPress offers countless themes and plugins to its users, all of which have resulted in an exponential expansion of WordPress functionality, without changing its core structure. Today, whatever it is you wish to do with your website/on your website/to your website, there’s a plugin/theme for you to work with.

To the untrained eye, all plugins and themes appear the same, well coded or not. It takes an experienced programmer to distinguish between a plugin or theme that’s well-built and one that’s not. In most cases, you get what you pay for; if a plugin or theme is free/cheap, there’s a reason for it – the plugin/theme could be outdated, buggy, bloated, or unsecure. Of course, this does not mean that expensive themes and plugins are infallible and perfect – no plugin/theme is. Therefore, it is always wise to exercise caution while trying out a new theme or plugin on your site for the first time.

How much harm can a badly written code cause?

A low quality code, or an improperly tested code, more often than not results in a poor user experience; it has the potential to hurt the entire WordPress ecosystem. One of our customers, A. Hanna of the Saudi Arabian Cultural Mission in New Zealand, ran into a bit of trouble recently when his website, one fine day, displayed a fatal error at the bottom of the page. Even after restoring to an older backup version of the site, the fatal error was still present. Clueless as to the reason behind the error, and worried sick about his website, he wrote to our Support team at BlogVault.

screenshot of the fatal error
The Fatal Error that appeared on Customer’s Site

On analyzing the situation, our support team found that the theme used by the creator of the website had an RSS feed coming from another website, which was giving out a fatal error. The root cause of the problem however was that the code handling the RSS feed had a bug, which surfaced when the fatal error occurred. In a nutshell, the theme had a faulty code, which caused the website to display the fatal error. Although this issue was out of their scope, our support team went the extra mile to advice the customer on how to resolve the bug and get things sorted.

code snippet screenshot
The Code Snippet that was causing the Issue

Now, if one minor bug in your theme can give you so much pain, imagine what a badly written theme could do! The same goes for plugins too. Remember, a theme that looks good or a plugin that sounds great does not necessarily have to be properly coded. As the age-old adage goes, do not judge a book by its cover.

So what should you do?

For starters, before purchasing any theme/plugin, do a thorough background check of its source – read as many reviews as you can; see what other users have to say about the theme/plugin that you’re interested in. These offer tell-tale signs as to whether or not you’ll have a good experience with the theme/plugin. Also, make sure that the theme/plugin is well-documented, so you have ample instructions on how to configure it. Further, it is advisable to check when the theme/plugin was last updated, and if it’s well supported.

The Last Word

Themes and plugins are powerful in terms of what they can do to your website – they can make or break it. Anything can happen when you install a new plugin/theme on your website. Every plugin you install and every theme you activate, is a potential security risk to your site. So do yourself a favour and make a complete backup of your website before clicking on ‘Activate’.

Timeline from RoarTheme is a clean and simple blog theme that’ll give an elegant and refined look to your WordPress blog. Using the many many features of this responsive theme, you can easily build a personal blog reflecting every single special and not-so-special moment in your life, and have lots of fun while you’re at it.

Timeline-theme

The Timeline theme supports all post formats; so pen your thoughts, post photos and videos, share that song that’s been on your mind – share anything and everything, the floor is all yours! And to add to that, the theme offers 5 different blog layouts for you to choose from, like standard, list and grid layout. Furthermore, each layout comes with an option to have a sidebar on the left, right, or no sidebar at all. With these options, customizing your blog layout just became that much easier!

With the Timeline theme, you can beautifully display your posts using a featured slider at the top of your homepage. And then there’s the option to have a full width Instagram feed in the footer, using which you can display your latest Instagram photos on your blog.

Timeline Instagram footer

The theme comes with a MailChimp integration, so you can have an eye-catching newsletter widget on your blog. It also comes with various other widgets to feature your recent posts, popular posts and category posts. Additionally, Timeline’s sticky top menu feature, infinite scroll, and social media sharing aim to provide the best possible user experience. It supports the Contact Form 7 plugin, letting you customize your contact form and mail content to suit your needs and requirements.

The Timeline theme comes with a Lookbook page, which can be customized to feature photographs of anything from your sketches to fashionable looks for the month or season.

Timeline lookbook

Timeline’s theme options are powered by the Redux framework, making this translation ready theme quite flexible and simple to use. This versatile WordPress blog theme is priced at $44 and available on Themeforest. In case you need any guidance with regard to using the theme features post purchase of the theme, you can contact the support team at RoarTheme via mail, Skype or Facebook.

Before making a big change like using a new theme, do remember to keep your site completely backed up using BlogVault!

 

A .htaccess file is a distributed configuration file that’s present not just in WordPress, but in all Apache web hostings. .htaccess files can be used to boost your website’s performance, security and usability. A few features that you can enable or disable using a .htaccess file include server signature, file caching, URL redirection, password protection and custom error pages.

WordPress installations may or may not contain the .htaccess file in the root directory, depending on your permalink structure; while a default ‘ugly’ permalink structure comes sans .htaccess, a pretty permalink structure auto creates a .htaccess file in your WordPress. In case you’re using default WordPress settings (read an ugly permalink structure), it is highly advisable to change it to a pretty permalink structure. Now assuming that you want to enable default pretty permalinks, create a new notepad file and rename it to .htaccess (not .htaccess.txt). Include the following basic code in the file:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

Save the changes and upload the file to your WordPress root directory using FTP.

Protect your .htaccess File

To protect your .htaccess file from external users and to tighten website security, it is recommended to add the following code to the .htaccess file:

<Files .htaccess>
order allow,deny
deny from all
</Files>

While making any modification to your .htaccess file, it is important to remember that even a tiny error in the .htaccess file can cause a major issue on your website, so much so you might even end up disabling your entire server with one simple typo. Hence, it is advisable to make a backup of your .htaccess file before making any changes to it. This way, if something goes wrong, you can always revert to the backup version of the file.