Common Layout

Each Administration Screen is presented in sections, the toolbar (and header), the main navigation, the work area, and the footer.

Toolbar has links to various administration functions, and is displayed at the top of each Administration Screen. Many Toolbar items expand (flyout) when hovered over to display more information.

Main Navigation menu details each of the administrative functions you can perform. At the bottom of that section is a Collapse menu button that shrinks the menu into a set of icons, or to expands to list them by major function. Within each major function, such as Posts, the sub-menu expands (fly-out) when hovered over, and expands fully if an item clicked.

In the work area, the specific information relating to a particular navigation choice, such as adding a new post, is presented and collected.

Footer, at the bottom of each Administration Screen in light shading, are links to WordPress, thanking you for using it, and the version of WordPress you have installed is shown.

Toolbar – Keeping It All Together

The Toolbar contains links to information About WordPress, as well as quick-links to create new posts, pages and links, add new plugins and users, review comments, and alerts to available updates to plugins and themes on your site.

Tips: To hide the Toolbar, go to Administration Screens > Users > Your Profile, and turn off “Show Toolbar when viewing site” of Toolbar option.

About WordPress

At the left-most side of the Toolbar is a WordPress logo. Place, or hover, the mouse cursor over the logo to see to About WordPress, WordPress.org, Documentation, Support, and Feedback.

The top link on that menu is for the ‘About WordPress’ page, which contains tabs for What’s New, Credits, Freedoms and Privacy.

• What’s New screen describes many of the new features WordPress current version.
• Credits screen provides some details about the various individuals who contribute to the WordPress code base.
• Freedoms screen describes your rights as a user of WordPress as open source software.
• Privacy screen describes handling of privacy information in WordPress.

Visit Site link

In the Toolbar, to the right of the WordPress logo, your site name is displayed as a link. Hover over the site name to see the View Site link to visit the main page of your site.

Howdy, User

On the far right of the Toolbar is “Howdy, User”, with an image of your Gravatar. When hovered over, this expands to link you to your Profile Screen as well as a Log Out link.

When you log in to your blog, WordPress stores a so called cookie in your web browser. This cookie allows WordPress to remember who you are; if you leave your blog’s site for a while but come back to it later, WordPress will see the cookie and not require you to log in again.

Tips: If you have a WordPress cookie set in your web browser, anyone using your computer can access the Administration Screens of your blog. If you don’t want this to happen (perhaps you are using a public computer or a computer which other people use), you can click this Log Out link, and WordPress will delete the cookie from your web browser.

Screen Options

Screen Options, displayed as a hanging tab under the toolbar, allow the user to decide what fields or modules are presented in the work area for a given Administration Screen. Each Screen may have a different set of Screen Options.

Click on the Screen Options tab to expand the options available for a particular Screen, check (or uncheck) the desired options, then click the Screen Options hanging tab to collapse the Screen Options.

Help

Contextual Help, displayed as a hanging tab under the toolbar, displays one or more Help items that are related to the Screen that is displayed in the work area.

Click on the Help tab to expand the Help available for a particular Screen, then click the Help hanging tab to collapse the Help display.

Dashboard – Information Central

The Dashboard tells you about recent activity both at your site and in the WordPress community, and update information.

Dashboard

Welcome – Shows links for some of the most common tasks when setting up a new site.

At A Glance – Displays a summary of the content on your site and identifies which theme and version of WordPress you are using.

Activity – Shows the upcoming scheduled posts, recently published posts, and the most recent comments on your posts and allows you to moderate them.

Quick Draft – Allows you to create a new post and save it as a draft. Also displays links to the 5 most recent draft posts you’ve started.

WordPress Events and News — Latest local events and news from the official WordPress project.

PHP Info — Shows the current PHP version your WordPress website is running on and whether the update is needed.

Site Health Status — Overview of current state of your website and if any parts of it needs improvements.

Updates

You can update to the latest version of WordPress, as well as update your themes, plugins, and translations from the WordPress.org repositories.

If an update is available, you᾿ll see a notification appear in the Toolbar and navigation menu. Keeping your site updated is important for security. It also makes the internet a safer place for you and your readers.

Updating WordPress

Click on the Update Now button when you are notified that a new version is available.

Tips: In most cases, WordPress will automatically apply maintenance and security updates in the background for you.

Updating Themes, Plugins and Translations

To update individual themes, plugins or Translations, use the checkboxes to make your selection, then click on the appropriate Update button.

To update all of your themes, plugins or Translations at once, you can check the box at the top of the section to select all before clicking the update button.

Posts – Make some content

Posts are the principal element (or content) of a blog. The Posts are the writings, compositions or discussions.

All Posts

Via the All Posts Screen you can select the Post or Posts you wish to edit, delete, or view. Multiple Posts can be selected for deletion and for editing. A powerful bulk edit feature allows you to change certain fields for a group of Posts. A handy in-line edit tool, called Quick Edit, allows you to update many fields for an individual Post. Various search and filtering options allow you to find the Posts you want to edit or delete.

Add New Post

Posts Add New Screen is where you write new Posts. While you are writing those Posts, you can also create new Categories and new Tags. In addition, any Media (pictures, video, recordings, files) can be uploaded and inserted into the Posts.

Categories

Every Post in WordPress is filed under one or more Categories. Categories allow the classification of your Posts into groups and subgroups, thereby aiding viewers in the navigation and use of your site.

Each Category may be assigned to a Category Parent so that you may set up a hierarchy within the category structure. Using automobiles as an example, a hierarchy might be Car->Ford->Mustang. In creating categories, recognize that each category name must be unique, regardless of hierarchy.

When using the WordPress default theme, all the Categories to which a given post belongs are displayed under that post. When someone viewing your blog clicks on one of those Category links, a archive page with all the Posts belonging to that Category will be displayed.

The Posts Categories Screen allows you to add, edit, and delete Categories, as well as organize your categories hierarchically. Multiple Categories can be selected for deletion. A search option allows you to find the Categories you want to edit or delete. Also remember Categories can be added in the Posts Add New Screen.

Tags

Tags are the keywords you might assign to each post. Not to be confused with Categories, Tags have no hierarchy, meaning there’s no relationship from one Tag to another. But like Categories, Tags provide another means to aid your readers in accessing information on your blog.

When using the WordPress default theme, Tags are displayed under each Post those Tags are assigned. Someone viewing your blog can click on one of those Tag links, and an archive page with all the Posts belonging to that Tag will be displayed.

The Posts Tags Screen allows you to add, change, or delete Tags. Multiple Tags can be selected for deletion. A search option allows you to find the Tags you want to edit or delete. Also remember Tags can be added in the Posts Add New Screen.

Media – Add pictures and movies to your posts

Media is the images, video, recordings, and files, you upload and use in your blog. Media is typically uploaded and inserted into the content when writing a Post or Page. Note that the Uploading Files section in the Settings Media Screen describes the location and structure of the upload directory.

Library

The Media Library Screen allows you add, edit, delete or view Media previously uploaded to your blog. Multiple Media objects can be selected for deletion. Search and filtering ability is also provided to allow you to find the desired Media.

Add New Media

The Media Add New Screen allows you to upload new media to later use with posts and pages. A drag and drop Uploader is provided and the ability to use a Browser Uploader button is also supplied.

Edit Media

The Edit Media page allows you to edit the information (title, caption, alt text, etc.) of media files uploaded to your site. This page does not appear as a link in the main Dashboard navigation, but is reached by clicking on the Edit link in the Media Library Screen that appears when you hover over each item, or when uploading media for the first time on the Media Add New Screen once your upload has completed.

Pages – Your Static Content

A Page is another tool to add content to a WordPress site and is often used to present “static” information about the site; Pages are typically “timeless” in nature. A good example of a Page is the information contained in “About” or “Contact” Pages. A Page should not be confused with the time-oriented objects called Posts, nor should a WordPress Page be confused with the word “page” referring to any web page or HTML document on the Web.

Because Pages live outside of the normal blog chronology, and as such, are not displayed with the rest of your Posts, but are displayed individually.

All Pages

The All Pages Screen provides the necessary tools to edit, delete or view existing Pages. On this Screen you can select the Page to edit, delete or view. Multiple Pages can be selected for deletion and for editing. A powerful bulk edit tool allows certain fields to be edited for a whole group of Pages. A handy in-line edit tool, called Quick Edit, allows you to update many fields for an individual Page. Various search and filtering options allow you to find the Pages you want to edit or delete.

Add New Page

The Add New Page Screen allows you to create new Pages. Also see the Pages article for an in depth discussion.

Comments – Reader Feedback

Comments are a feature of blogs which allow readers to respond to Posts.

In the Comments Screen you can edit and delete as well as mark comments as spam. Comments that are awaiting moderation can be marked as approved or previously approved comments can be unapproved. Multiple comments can be selected and approved, marked as spam, unapproved, or deleted. A section at the top of the Comments Screen displays the number of comments awaiting moderation and the number of approved comments. A search box allows you to find specific comments

Appearance – Change the Look of your Blog

WordPress allows you to easily style your site by either installing and activating new Themes or customizing existing Themes.

Tips: From Theme Customizer launched by Appearance > Customize, you can customize all other options such as Theme, Widgets, Menus and Header. Also, modern theme has other settings or options. You should try Theme Customizer

Themes

A Theme is the overall design of a site and encompasses color, graphics, and text. WordPress site-owners have available a long list of Themes to choose from in deciding what to present to their sites’ viewers.

From the Appearance Themes Screen, you can choose which Theme will be presented to users visiting your site. You can also view screenshots of each Theme you have uploaded to your site. In addition, under the Install Themes tab you can find and install new Themes.

Customize

The Customize Screen displays the settings that can be customized for a specific theme. For instance, the WordPress default theme provides options that allows the user to set the colors and a background image.

The Customize Screen page describes the details of this feature.

Widgets

Widgets are gadgets or gizmos that allow you to add various pieces of information to your Theme’s sidebar content. Widgets, for example, can be used to add Categories, Archives, Blogroll, Recent Posts, and Recent Comments to your sidebar.

From the Appearance Widgets Screen you can add, delete, and configure, the Widgets use in one or more of your Theme’s sidebar.

Menus

The Menus feature allows you to create a navigation menu of pages, categories, custom links, tags, etc. that is presented to your visitors. A custom menu WordPress Widget allows display of a custom menu in the sidebar or other widgetized areas in the Theme.

From the Appearance Menus Screen you can create and edit navigation menus for visitors use.

Header

The Header feature allows you to manage what image is displayed in a Theme’s header. WordPress default theme allows you to preview, upload, remove, and set as default, the images you want randomly displayed in the header.

The Appearance Header Screen describes the details of this feature.

Plugins – Add Functionality to your Blog

Plugins allow you to add new features to your WordPress blog that don’t come standard with the default installation. There are a rich variety of Available Plugins for WordPress, and with the following Screens, plugin installation and management is a snap.

Installed Plugins

The Plugins Installed Screen allows you to view the plugins you’ve downloaded and choose which plugins you want activated on your site. For information on downloading and installing plugins, see Managing Plugins.

Add New Plugins

The Plugins Add New Screen allows you to add new plugins. For information on downloading and installing plugins, see Managing Plugins.

Plugin File Editor

Using the Plugin File Editor Screen, you can modify the source code of all your plugins.

Users – Your Blogging Family

Every blog probably has at least two users: admin, the account initially set up by WordPress, and the user account you, as the author/owner of the blog, use to write posts. If you want a person to be able to post to your blog, that person must have access to a user account; typically, every person will have her or his own user account.

Via the Users option in the main navigation menu you can set up all of the user accounts you need, as well as change user information, or delete users. Also you can specify your, and others’, personal information, such as name, e-mail, etc. from these User Administration Screens.

All Users

You can manage the accounts of all your site’s users at the All Users Screen.

Add New User

You can create new users with the Users Add New Screen.

Your Profile

The Users Your Profile Screen allows to change any information related to your user account.

Tools – Managing your Blog

WordPress Tools provide you the ability to speed up WordPress for your local machine, import content from other sources, export your content, or to upgrade your WordPress software to a new release.

Available Tools

There is a link to the Categories and Tag Converter. The Available Tools Screen describes the function.

Import

WordPress supports the importing data from a number external sources. In many cases, posts, comments, pages, categories, tags, and users, can be imported.

The Importing Content for a more extensive list of import possibilites.

Export

WordPress Export will create an XML file for you to save to your computer. The format, which is called a WordPress eXtended RSS or WXR file, will contain your posts, comments, custom fields, categories, and tags.

The Tools Export Screen guides you through the easy process of exporting your blog. Take note that the Exporting is a useful method to backup your WordPress data.

Site Health

The Site Health Screen offers a diagnosis of your site’s health. It gives you actionable information on how to improve your WordPress site in the form of critical errors and warnings. It also gives you a summary of the technical aspects of your site.

There are two tabs on the site health page:

1. Status – The status tab allows you to see critical information about your WordPress configuration, along with anything else that requires your attention.

2. Info – The info tab is a granular view of the technical aspects of your WordPress website. You can see detailed information about every aspect of your site such as themes, plugins, and media.  There is also a useful export feature that allows you to copy all of the information about your site to the clipboard.Settings – Configuration Settings

General

In the Settings Administration Screen are all of the settings that define your blog as a whole: settings which determine how your site behaves, how you interact with your site, and how the rest of the world interacts with your site.

The Settings Administration Screen and controls some of the most basic configuration settings for your site: your site’s title and location, who may register an account at your blog, and how dates and times are calculated and displayed.

Writing

Using the Settings Writing Screen, you can control the interface with which you write new posts. These settings control the default Category, the default Post Format, and the optional feature.

Reading

The settings in the posts, or a “static” Page, displayed as your blog’s front (main) page. You can also adjust how many posts are displayed on that main page. In addition, you can adjust syndication feed features to determine how the information from your site is sent to a reader’s web browser or other applications.

Discussion

The Settings Discussion Screen allows you to control settings concerning incoming and outgoing comments, pingbacks and trackbacks. You can also control from this Screen the circumstances under which your blog sends you e-mail notifying you about the goings on at your site, and you can decide if your blog should show Avatars and their ratings.

Media

The Settings Media Screen allows you to determine how images, documents, and other media files will be organized when uploaded, and to specify the maximum dimensions in pixels to use when inserting an image into the body of a post.

Permalinks

For a nice introduction to Permalinks, check out the Pretty Permalinks section of Introduction to Blogging. By default, WordPress uses web URLs which have question marks and lots of numbers in them; however, WordPress offers you the ability to create a custom URL structure for your permalinks and archives. This can improve the aesthetics, usability, and forward-compatibility of your links.

The Settings Permalinks Screen controls how that custom URL structure is defined.

Plugins are ways to extend and add to the functionality that already exists in WordPress.

The core of WordPress is designed to be lean and lightweight, to maximize flexibility and minimize code bloat. Plugins offer custom functions and features so that each user can tailor their site to their specific needs.

For instructions and information on downloading, installing, upgrading, troubleshooting, and managing your WordPress Plugins, see Managing Plugins. If you want to develop your own plugin, there is a comprehensive list of resources in Plugin Resources.

Plugin Repositories

WordPress Plugins are available from several sources. The most popular and official source for WordPress Plugins is the WordPress.org repo.

• Official WordPress Plugins Repository

Just to note, not all WordPress Plugins make it into the above repository. Search the web for “WordPress Plugin” and the keywords for the type of functionality you are seeking. There is bound to be a solution out there for you.

Default Plugins

The following two plugins are included with WordPress core: Akismet checks your comments against the Akismet web service to see if they look like spam or not. You can review the spam it catches under “Manage” and it automatically deletes old spam after 15 days.

See all of the features in Akismet here: https://wordpress.org/plugins/akismet/

Hello Dolly This is not just a plugin, it symbolizes the hope and enthusiasm of an entire generation summed up in two words sung most famously by Louis Armstrong. Hello, Dolly. This is, by the way, the world’s first official WordPress Plugin. When enabled you will randomly see a lyric from “Hello, Dolly” in the upper right of your Administration Screens on every page.

Plugin Development

For information on building your own plugins, see:

• Writing a Plugin
• Plugin API
• Plugin Resources

Enable Cookies in Your Browser

WordPress uses cookies for authentication. That means that in order to log in to your WordPress site, you must have cookies enabled in your browser.

• Google Chrome
• Mozilla Firefox
• Edge
• Safari

Users Cookie

Users are those people who have registered an account with the WordPress site.

On login, WordPress uses the wordpress_[hash] cookie to store your authentication details. Its use is limited to the Administration Screen area, /wp-admin/

After login, WordPress sets the wordpress_logged_in_[hash] cookie, which indicates when you’re logged in, and who you are, for most interface use.

WordPress also sets a few wp-settings-{time}-[UID] cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and possibly also the main site interface.

The cookies length can be adjusted with the ‘auth_cookie_expiration’ hook (An example can be found at what’s the easiest way to stop wp from ever logging me out).

Non-Version-Specific Data

The actual cookies contain hashed data, so you don’t have to worry about someone gleaning your username and password by reading the cookie data. A hash is the result of a specific mathematical formula applied to some input data (in this case your user name and password, respectively). It’s quite hard to reverse a hash (bordering on practical infeasibility with today’s computers). This means it is very difficult to take a hash and “unhash” it to find the original input data.

WordPress uses the two cookies to bypass the password entry portion of wp-login.php. If WordPress recognizes that you have valid, non-expired cookies, you go directly to the WordPress Administration Screen. If you don’t have the cookies, or they’re expired, or in some other way invalid (like you edited them manually for some reason), WordPress will require you to log in again, in order to obtain new cookies.

Commenters Cookie

When visitors comment on your blog, they too get cookies stored on their computer. This is purely a convenience, so that the visitor won’t need to re-type all their information again when they want to leave another comment. Three cookies are set for commenters:

• comment_author_{HASH}
• comment_author_email_{HASH}
• comment_author_url_{HASH}

The commenter cookies are set to expire a little under one year from the time they’re set.

References

• Wikipedia: Cookies
• RFC2965
• PHP cookie documentation

Important Note:

The Customizer is only available if the active theme supports a Customize ability. For Block themes that support building your site with blocks, this means you will not need to use the Customizer causing it to be hidden except if you are using a plugin that requires it. In addition, this screen will likely be different for each Theme that enables and builds it. The Customizer for WordPress Twenty Twenty-One theme, for example, provides options to change the background colors, select a background image and turn on the Dark Mode.

Basic Usage

How to start the Customizer

To start the Customizer, follow one of these steps:

• From Administration Screens, Select Appearance -> Customize
• From Toolbar, Select Customize

How to use it

From left side menu, open the option category and specify the option value. Notice that during your changes, the preview screen is also changed. After you finished the customization, click the Publish button to enhance the changes to your site.

There are some tips:

• You can click the internal links in the preview screen. Customizer will navigate to the clicked page and display it with current customizing option value.

• Device Preview Buttons at the bottom of the Customizer pane shows how your site looks in mobile, tablet, and desktop contexts before making changes to its appearance.

• Clicking blue pencil icon in Preview screen will open corresponding control menu in the left side pane.

Menu Options

Site Identity

This menu allows you to specify basic site information.

• Logo – Site logo image such as corporate symbol
  Click Select Logo to open the Media Library. Select an image from it or upload the new image from Upload Files Tab screen and click Choose logo button at the bottom right.
  Click Remove or Change logo to remove or change site logo image.
• Site Title – Text box for site title
• Tagline – Text box for tag line
• Display Site title and tagline – Checkbox to enable or hide the display of title and tag line
• Site Icon – The Site Icon is used as a browser and app icon for your site. Icons must be square, and at least 512 pixels wide and tall.
  Click Select Image to open the Media Library. Select an image from it or upload the new image from Upload Files Tab screen and click Select button at the bottom right.

Colors & Dark Mode

Colors & Dark Mode menu allows the customization of the background color as displayed by the theme. It also helps to activate the Dark Mode support for the theme.

• Background Color – Click the Select color button. You can either enter a hexadecimal number (e.g. d33131) representing the color to be displayed as the background of your theme, or from the color picker, click the desired color and the hexadecimal number for that color will be placed in the Color field, or click Default to restore the initial condition. This background may only be visible on wide displays.
• Dark Mode support – Click the checkbox to activate the Dark Mode support. If the Dark Mode support is enabled, your site will be shown with a dark background and light text. Learn more about Dark Mode.

Background Image

Select an optional background image to use in place of the solid background color specified in Colors & Dark Mode above.

• Select image – Click this button to open Select Image dialog box. You can choose an image that is already in your Media Library, or upload image file from your local computer in Upload Files tab screen. Select the image and click Choose Image button. The Customizer will preview your site with updated background.

Once you add a background image you will get some more options:

• Remove – Once an image is uploaded, if the image is no longer desired, use this button to remove the image. You will not be able to restore any customizations.
• Change Image – Click this button to change the background image.
• Preset dropdown – Under Preset, you can select how you want the background image to be displayed: default, fill screen, fit to screen, repeat, or custom.
• Image Position – You can also select the background image position by clicking on the arrows under Image Position, to be positioned Left, Center, or Right . Clicking on center will align the image to the center of the screen.
• Image Size – You can change the Image Size from the drop down menu to Fit to Screen, Fill Screen or keep it Original.
• Repeat Background Image – Click the checkbox to repeat the background image across the page.
• Scroll with Page – Click the checkbox to enable the background image to scroll with the page or display as fixed.

Menus

This panel is used for managing the navigation menus for content you have already published on your site. You can create menus and add items for existing content such as pages, posts, categories, tags, formats, or custom links.

The WordPress Twenty Twenty-One theme supports two menu locations, Primary Menu and Secondary Menu. From the pull down box, select the menu that will be presented in the location. If you have added support for more navigation menus in your theme, you will see more pull-down location options.

Widgets

WordPress 5.8 introduces blocks to the Widget Editor and lets you add any block to the header, footer, sidebars and other widget areas in your theme using the all new Widgets Editor.

You can configure the Widgets via Appearance > Customize > Widgets menu and see your changes in live preview of the Customizer.

Adding Your Widgets

1. Click the Widget menu in the Theme Customizer to access to the Widget Customize Screen.
2. Click the + icon at the top of the Widget Area to open the list of available blocks.
3. Search or find the block you want to add and click to select the block. The block is added to the widget area.
4. Preview your site and you should see the new block in your Widget area.

Configuring The Widgets

To reorder the Widgets within the Widget area, select the widget and click the up or down arrow from the Block toolbar.

You can also rearrange the Widgets, by clicking and holding the six-dot-grid button in the Block toolbar and dragging the Widget blocks.

To customize the Widget features, click the three-dots button in the Block toolbar of the selected widget and select Show More Settings to open the Widget customization options.

You can traverse the changes made in the Widget Area customizations using the Undo-Redo buttons in the Widget Menu.

To remove the widget, click three-dots button in the Block toolbar of the selected widget and select Remove block.

Within a widget area, you can now select multiple Widgets using shift-click and delete the blocks or backspace to delete the blocks.

Homepage Settings

You site’s home page can either contain your latest posts or display a static page or post.

• Your latest posts – select this to show your latest posts in your home page
• A static page – select either a Front page or Posts page. Refer Creating a Static Front Page for more detail information and available combination.

Excerpt Settings

This panel allows you to choose if the blog and archive pages should show the full content or only the summary.
The default is summary. The search results page always shows the summary. When the summary is selected, only text will be displayed.

Additional CSS

A panel that lets you add CSS code which will override the current theme.

Can my posts have URL instead of /index.php?p=76?

See:

• Using Permalinks

How long is the release cycle of WordPress?

A major release of WordPress happens every 6 months or so. Suggest and vote on ideas for future releases at the WordPress Extend Ideas site.

Also refer WordPress Versions for the chronologically listed versions of WordPress along with the Change Log information on new features and improvements in each version. There are the future releases and links to their respective milestones in the bug tracker.

How do I turn on Permalinks, and what do I do about the errors?

See:

• Using Permalinks

What are Roles for and what permissions do different Roles have?

See:

• Roles and Capabilities

Why can’t I delete the uncategorized Category?

Deleting a category does not delete the posts in that category. Instead, posts that were only assigned to the deleted category are set to the uncategorized category. Also, all Pages are assigned the uncategorized Category.

The uncategorized category cannot be deleted, however you can specify your default categories for posts on the Settings – Writing screen of the Administration Screens.

Why is there no Page Template option when writing or editing a Page?

If there is no Page Template option when writing or editing a Page it may because there is no template file with the proper structure. For the Page Template box to be available to assign to a Page there must be a least one template file in your theme that has a structure at the beginning of the template file that looks like this:

<?php
/*
Template Name: My Custom Page
*/
?>

Create a new PHP file with any name under the theme directory and put above codes into the file. You will see the Page Template box appears that includes “My Custom Page” option in the Page Edit Screen. For more detail about Custom Page Template, refer Page Templates.

How do I determine a Post, Page, Category, Tag, or User ID?

Sometimes it is necessary to know the ID of a particular Post, Page, Category, Tag, or User. To determine that ID, use one of these method:

• Look in your browser status bar for the ID:
  1. Visit the related list table screen in your Administration Screen. For instance in the case of Posts visit Posts->All Posts, for Pages visit Pages->All Pages, and for Categories visit Posts->Categories.
  2. Now hover your mouse over the ‘item’ you need the ID. In the case of Pages, hover over that particular Page’s title in the Title column and for Categories hover over the Categories Name in the Name column.
  3. Look at the status bar (at the bottom of your browser) and the you will find at the end of the line something like “post=123” or “tag_ID=67”. In these cases, 123 is the Page ID, and 67 is the Category ID.

Configuration

How can I change how the date and / or time is displayed?

See:

• Formatting Date and Time

How can I control comments people make?

See:

• Comment Moderation

What do the Discussion Options mean?

See:

• Discussion Screen

How do I install plugins?

See:

• Managing Plugins

Why are all the comments being moderated?

Go to the Settings > Discussion screen and make sure that Comment must be manually approved is unchecked. With that option selected, all comments are sent to the moderation queue to await approval.
Make sure that Hold a comment in the queue if it contains x or more links. is not blank and contains a number higher than zero. If this value is blank or zero, all comments containing links will be moderated.
If the option mentioned above is unchecked, the link moderation value is higher than zero, and you still have this problem, then upgrade the comment spam plugins you have installed. If this continues to be a problem, deactivate the comment spam plugins one by one to determine the culprit and contact the plugin author for help.

How do I disable comments?

First, uncheck Allow people to post comments on new articles on the Settings > Discussion screen. This will only disable comments on future posts.
Next, to completely disable comments, you will have to edit each past post and uncheck Allow Comments from the Edit Post screen. Use Bulk Edit to disable multiple posts at once.

1. In the Posts_Screen, check the checkbox in the Table’s title to select all Posts in a given table.
2. From Bulk Actions box, select Edit and click Apply.
3. In the Bulk Edit Screen, select Do not allow option from Comments box
4. Click Update.

Alternatively, you could run below MySQL query from the command line on a shell account or using phpMyAdmin, or through a wp-cli wp db query:

UPDATE wp_posts SET comment_status = 'closed';

If your goal is to permanently remove comments, then follow the next steps. This is the example of Twenty Fifteen theme customization.

1. Create a Child Themes of Twenty Fifteen theme.
2. Copy twentyfifteen_entry_meta() function from parent’s inc/template-tags.php to child theme’s functions.php.
3. Comment out the if block that contains comments-link.

function twentyfifteen_entry_meta() {
    if ( is_sticky() && is_home() && ! is_paged() ) {
        :
    }

    // if ( ! is_single() && ! post_password_required() && ( comments_open() || get_comments_number() ) ) {
    //  echo '';
    //  /* translators: %s: post title */
    //  comments_popup_link( sprintf( __( 'Leave a comment on %s', 'twentyfifteen' ), get_the_title() ) );
    //  echo '';
    // }
}

It removes the number of comments or “Leave a comment” message from bottom of each post.

1. Newly create comments.php under the Child Theme’s directory without any contents. It removes the comment area of exsiting posts.
2. Activate the Child Teheme.

How do I disable trackbacks and pingbacks?

First, uncheck Allow link notifications from other blogs (pingbacks and trackbacks) on new articles on the Settings > Discussion screen. This will only disable trackbacks and pingbacks on future posts.
Next, to completely disable trackbacks and pingbacks, you will have to edit each past post and uncheck Allow trackbacks and pingbacks on this page from the Edit Post screen. Use Bulk Edit to disable multiple posts at once. See also above image.

1. In the Posts_Screen, check the checkbox in the Table’s title to select all Posts in a given table.
2. From Bulk Actions box, select Edit and click Apply.
3. In the Bulk Edit Screen, select Do not allow option from Pings box.
4. Click Update.

Alternatively, you could run this MySQL query from the command line on a shell account or using phpMyAdmin, or through a wp-cli wp db query:

UPDATE wp_posts SET ping_status = 'closed';

How do I change the site admin name?

To change your Admin Name, in the Administration Screens, choose the Users->Your Profile menu. Make your changes there. However, you are not able to change the username from within the Administration screen. In order to do this you must directly edit the MySQL database, however this is not recommended as your username is not often seen by other users.

See:

• Users Your Profile Screen

How do I find the absolute path I need for uploading images?

1. Open the below page from your Browser

http://(site URL)/wp-admin/options.php

1. Refer upload_url_path option value.
   If the value is blank, then the directory wp-content/upload is the default destination to save.

Which files do I change to alter the way my blog looks?

See:

• Theme Development Handbook

How do I upload images?

See:

• Inserting Media into Posts and Pages

Can I change the “Error establishing database connection” message to something more descriptive?

Just simply create a file to reside at wp-content/db-error.php, and in that file put the message you want displayed to users when WordPress determines the database connection is not available. That file will be used in place of “Error establishing database connection” message. You could even use the db-error.php to redirect users elsewhere. Here’s an example for db-error.php:

<?php
<pre>echo '<h2> This site is currently experiencing a problem with the database server.</h2>  Press your browser Reload button to try again!';
?>

Modifying

Can I change the Smilies?

See:

• Using Smilies

How do I edit files?

See:

• Editing Files

What is The Loop?

See:

• The Loop and The Loop in Action

How can I change the URL-structure for my posts?

See:

• Using Permalinks

How can I change URL-structure for my posts on a Windows server?

See:

• Using Permalinks Without mod rewrite

How do I use WordPress Template Tags to change what is displayed on the blog?

See:

• Template Tags

How do I get All links to open in a new window?

Put this inside the section of your Theme’s template header.php file:

<base target="_blank" />

See:

• Using Themes
• W3 Schools base tag explanation

How can I add an image to my RSS feed?

See:

• Add an image to your RSS 2.0 feed at wordlog.com

If I turn off comments, it says “Comments Off” on the weblog. so how do I remove that?

Depending on your theme, some other message of similar intent may be displayed. The specifics of how to remove this message is theme dependent. You should be able to find the offending text in your theme’s comments.php file. If it’s displayed by a PHP function, comment out the function with slash-asterisks ‘/*‘ and ‘*/‘ (without quotes) on either end of the function:

<?php /* _e( 'Comments are closed.' , 'twentytwelve' ); */ ?>

If it’s simply HTML, comment out the enclosing HTML tags by adding ‘<!-- ‘ and ‘ -->‘ (not including the quotes, note the space after the first and before the last comment symbols):

<!-- <p class="nocomments">Comments are closed.</p> -->

If you decide later to restore the message, you can simply remove the comment symbols.

How do I change what is shown when I password protect a post?

Hook the filters ‘the_title‘ and ‘the_password_form‘. Your filter function is passed exactly what the filter names imply. Use the str_replace() function to search out the offending text and replace it with your preference (or nothing).
Note the ‘the_title‘ filter fires for every single title, not just password protected posts, so you need to use the existence of the post_password property to know whether to apply the string replace function or not.
Some themes may also have additional locations where content needs to be canged. Next example works with Twenty Fifteen Theme.

add_filter('the_title', 'replace_protected', 10, 2);
function replace_protected( $title, $id ) {
    $post = get_post( $id );
    if ( ! empty( $post->post_password ) ) {
        $title = str_replace('Protected:', 'Hidden:', $title);
    }
    return $title;
}
add_filter('the_password_form', 'replace_message');
function replace_message( $form ) {
    return str_replace('This post is password protected. To view it please enter your password below:',
        'Enter you password below to see the surprise:', $form);
}

How can I allow certain HTML tags in my comments?

Use a custom filter in your themes functions.php or plugin:

add_filter('preprocess_comment','fa_allow_tags_in_comments');

function fa_allow_tags_in_comments($data) {
    global $allowedtags; 
    $allowedtags['span'] = array('style'=>array());
    $allowedtags['p'] = array();   
    return $data;
}

How can I add advanced search ability to WordPress?

See:

• Advanced Contextual Search for WordPress at Weblog Tools Collection

Posts

How do I upload an image and display it in a post?

See:

• Inserting Media into Posts and Pages

What is pingback?

See:

• Introduction to Blogging, Pingbacks

What is trackback?

See:

• Introduction to Blogging, Trackbacks

Where is the permalink to my post?

See:

• Linking Posts, Pages, and Categories

Can I use desktop blogging software?

See:

• Weblog Client

Can I blog by email?

See:

• Post to your blog using email

Spam, Spammers, Comments

What can I do to stop comment spam?

See:

• Combating Comment Spam

More Information on Comment Spam

See:

• Comment Spam

Importing and Exporting

How do I Import a WordPress WXR file when it says it is too large to import?

If a WordPress WXR file, an XML file exported from WordPress, is too large to import, there are several things you might try to overcome that limit.

• Edit php.ini‘. Some hosts may not allow this settings.

memory_limit = 300M
post_max_size = 200M
upload_max_filesize = 100M
max_execution_time = 600

• memory_limit: Maximum amount of memory in bytes that a PHP script is allowed to allocate.

Note: memory_limit should be larger than post_max_size, and post_max_size must be larger than upload_max_filesize.

• Edit .htaccess. Some hosts may not allow this settings.

php_value memory_limit 300M
php_value post_max_size 200M
php_value upload_max_filesize 100M

• Edit wp-config.php

define('WP_MEMORY_LIMIT', '64MB');

See also Increasing memory allocated to PHP.

• In multisite environment, configure following settings
  1. From Network Admin dashboard, select Settings > Network Settings and increase the values of ‘Site upload space’ and ‘Max upload file size’.
  2. From Network Admin dashboard, select Sites > All Sites and click Edit menu under your site. Click Settings tab and incease the value of ‘Site Upload Space Quota’ or leave it blank for network default
• GZip the file. On some hosting services, a gzipped file can be automatically expanded in the background, without WordPress ever knowing the difference. This can allow you to make the file small enough to be fit into the maximum upload size constraints.
  1. On Windows, use 7Zip to create a gz archive out of the WXR file.
  2. On Linux, use the gzip command line.
  3. Make sure that the resulting file has the file extension of “.gz” before uploading it, as this is often necessary.
  4. This is not guaranteed to work, as it highly depends on the hosting configuration. If this fails, then try another method instead.
• Break the WordPress WXR file into smaller pieces by separating the data between posts and pasting the header/footer into each file.

1. Always have the header

<rss version="2.0"
    xmlns:excerpt="https://wordpress.org/export/1.2/excerpt/"
    xmlns:content="http://purl.org/rss/1.0/modules/content/"
    xmlns:wfw="http://wellformedweb.org/CommentAPI/"
    xmlns:dc="http://purl.org/dc/elements/1.1/"
    xmlns:wp="https://wordpress.org/export/1.2/"
>
<channel>
including all info like category, tags, etc to just before the first  

2. Always have the footer

</channel>
</rss>

3. In between, add the posts start with end with and check to see whether the XML file you’re creating is less than or equal to 2MB. You’ll get the hang of it.

4. As always, before importing the new XML’s, backup the database of the blog you are importing the XML files to and might as well export XML file of that blog as well for good measure.

See:

• Importing Content
  • Editing wp-config.php
  • Forum discussion on program that helps with splitting the file into pieces

WXR Splitter Utilities:

• WordPress WXR File Splitter utility for Windows
• WordPress WXR File Splitter utility for Mac OS X

How do I import links (blogroll) from another WordPress blog?

See:

Importing Content

Codex FAQ

WordPress has six pre-defined roles: Super Admin, Administrator, Editor, Author, Contributor and Subscriber. Each role is allowed to perform a set of tasks called Capabilities. There are many capabilities including “publish_posts“, “moderate_comments“, and “edit_users“. A default set of capabilities is pre-assigned to each role, but other capabilities can be assigned or removed using the add_cap() andremove_cap() functions. New roles can be introduced or removed using the add_role() and remove_role() functions.

The Super Admin role allows a user to perform all possible capabilities. Each of the other roles has a decreasing number of allowed capabilities. For instance, the Subscriber role has just the “read” capability. One particular role should not be considered to be senior to another role. Rather, consider that roles define the user’s responsibilities within the site.

Summary of Roles

• Super Admin – somebody with access to the site network administration features and all other features. See the Create a Network article.
• Administrator (slug: ‘administrator’) – somebody who has access to all the administration features within a single site.
• Editor (slug: ‘editor’) – somebody who can publish and manage posts including the posts of other users.
• Author  (slug: ‘author’)  – somebody who can publish and manage their own posts.
• Contributor (slug: ‘contributor’) – somebody who can write and manage their own posts but cannot publish them.
• Subscriber (slug: ‘subscriber’) – somebody who can only manage their profile.

Upon installing WordPress, an Administrator account is automatically created.

The default role for new users can be set in Administration Screens > Settings > General.

Roles

A Role defines a set of tasks a user assigned the role is allowed to perform. For instance, the Super Admin role encompasses every possible task that can be performed within a Network of virtual WordPress sites. The Administrator role limits the allowed tasks only to those which affect a single site. On the other hand, the Author role allows the execution of just a small subset of tasks.

The following sections list the default Roles and their capabilities:

Super Admin

Multisite Super Admins have, by default, all capabilities. The following Multisite-only capabilities are therefore only available to Super Admins:

• create_sites
• delete_sites
• manage_network
• manage_sites
• manage_network_users
• manage_network_plugins
• manage_network_themes
• manage_network_options
• upgrade_network
• setup_network

In the case of single site WordPress installation, Administrators are, in effect, Super Admins. As such, they are the only ones to have access to additional admin capabilities.

Administrator

The capabilities of Administrators differs between single site and Multisite WordPress installations. All administrators have the following capabilities:

• activate_plugins
• delete_others_pages
• delete_others_posts
• delete_pages
• delete_posts
• delete_private_pages
• delete_private_posts
• delete_published_pages
• delete_published_posts
• edit_dashboard
• edit_others_pages
• edit_others_posts
• edit_pages
• edit_posts
• edit_private_pages
• edit_private_posts
• edit_published_pages
• edit_published_posts
• edit_theme_options
• export
• import
• list_users
• manage_categories
• manage_links
• manage_options
• moderate_comments
• promote_users
• publish_pages
• publish_posts
• read_private_pages
• read_private_posts
• read
• create Reusable Blocks
• edit Reusable Blocks
• read Reusable Blocks
• delete Reusable Blocks
• remove_users
• switch_themes
• upload_files
• customize
• delete_site

Additional Admin Capabilities

Only Administrators of single site installations have the following capabilities. In Multisite, only the Super Admin has these abilities:

• update_core
• update_plugins
• update_themes
• install_plugins
• install_themes
• delete_themes
• delete_plugins
• edit_plugins
• edit_themes
• edit_files
• edit_users
• add_users
• create_users
• delete_users
• unfiltered_html

Editor

• delete_others_pages
• delete_others_posts
• delete_pages
• delete_posts
• delete_private_pages
• delete_private_posts
• delete_published_pages
• delete_published_posts
• delete Reusable Blocks
• edit_others_pages
• edit_others_posts
• edit_pages
• edit_posts
• edit_private_pages
• edit_private_posts
• edit_published_pages
• edit_published_posts
• create Reusable Blocks
• edit Reusable Blocks
• manage_categories
• manage_links
• moderate_comments
• publish_pages
• publish_posts
• read
• read_private_pages
• read_private_posts
• unfiltered_html (not with Multisite)
• upload_files

Author

• delete_posts
• delete_published_posts
• edit_posts
• edit_published_posts
• publish_posts
• read
• upload_files
• create Reusable Blocks
• read Reusable Blocks
• edit Reusable Blocks (own)
• delete Reusable Blocks (own)

Contributor

• delete_posts
• edit_posts
• read
• read Reusable Blocks

Subscriber

• read

Special Cases

The following capabilities are special cases:

• unfiltered_upload – This capability is not available to any role by default (including Super Admins). The capability needs to be enabled by defining the following constant:

define( 'ALLOW_UNFILTERED_UPLOADS', true );

With this constant defined, all roles on a single site install can be given the unfiltered_upload capability, but only Super Admins can be given the capability on a Multisite install.

Capability vs. Role Table

Note that the capabilities of Administrators differs between single site and Multisite WordPress installations, as described above .

Capabilities

switch_themes

• Since 2.0
• Allows access to Administration Screens options:
  • Appearance
  • Appearance > Themes

edit_themes

• Since 2.0
• Allows access to Appearance > Theme Editor to edit theme files.

edit_theme_options

• Since 3.0
• Allows access to Administration Screens options:
  • Appearance > Widgets
  • Appearance > Menus
  • Appearance > Customize if they are supported by the current theme
  • Appearance > Header

install_themes

• Since 2.8
• Allows access to Administration Screens options:
  • Appearance > Add New Themes

activate_plugins

• Since 2.0
• Allows access to Administration Screens options:
  • Plugins

edit_plugins

• Since 2.0
• Allows access to Administration Screens options:
  • Plugins > Plugin Editor

install_plugins

• Since 2.7
• Allows access to Administration Screens options:
  • Plugins > Add New

edit_users

• Since 2.0
• Allows access to Administration Screens options:
  • Users

edit_files

• Since 2.0
• Note: No longer used.

manage_options

• Since 2.0
• Allows access to Administration Screens options:
  • Settings > General
  • Settings > Writing
  • Settings > Reading
  • Settings > Discussion
  • Settings > Permalinks
  • Settings > Miscellaneous

moderate_comments

• Since 2.0
• Allows users to moderate comments from the Comments Screen (although a user needs the edit_posts Capability in order to access this)

manage_categories

• Since 2.0
• Allows access to Administration Screens options:
  • Posts > Categories
  • Links > Categories

manage_links

• Since 2.0
• Allows access to Administration Screens options:
  • Links
  • Links > Add New

upload_files

• Since 2.0
• Allows access to Administration Screens options:
  • Media
  • Media > Add New

import

• Since 2.0
• Allows access to Administration Screens options:
  • Tools > Import
  • Tools > Export

unfiltered_html

• Since 2.0
• Allows user to post HTML markup or even JavaScript code in pages, posts, comments and widgets.
• Note: Enabling this option for untrusted users may result in their posting malicious or poorly formatted code.
• Note: In WordPress Multisite, only Super Admins have the unfiltered_html capability.

edit_posts

• Since 2.0
• Allows access to Administration Screens options:
  • Posts
  • Posts > Add New
  • Comments
  • Comments > Awaiting Moderation

edit_others_posts

• Since 2.0
• Allows access to Administration Screens options:
  • Manage > Comments (Lets user delete and edit every comment, see edit_posts above)
• user can edit other users’ posts through function get_others_drafts()
• user can see other users’ images in inline-uploading [no? see inline-uploading.php]
• See Exceptions

edit_published_posts

• Since 2.0
• User can edit their published posts. This capability is off by default.
• The core checks the capability edit_posts, but on demand this check is changed to edit_published_posts.
• If you don’t want a user to be able to edit their published posts, remove this capability.

publish_posts

• Since 2.0
• See and use the “publish” button when editing their post (otherwise they can only save drafts)
• Can use XML-RPC to publish (otherwise they get a “Sorry, you can not post on this weblog or category.”)

edit_pages

• Since 2.0
• Allows access to Administration Screens options:
  • Pages
  • Pages > Add New

read

• Since 2.0
• Allows access to Administration Screens options:
  • Dashboard
  • Users > Your Profile
• Used nowhere in the core code except the menu.php

publish_pages

• Since 2.1

edit_others_pages

• Since 2.1

edit_published_pages

• Since 2.1

delete_pages

• Since 2.1

delete_others_pages

• Since 2.1

delete_published_pages

• Since 2.1

delete_posts

• Since 2.1

delete_others_posts

• Since 2.1

delete_published_posts

• Since 2.1

delete_private_posts

• Since 2.1

edit_private_posts

• Since 2.1

read_private_posts

• Since 2.1

delete_private_pages

• Since 2.1

edit_private_pages

• Since 2.1

read_private_pages

• Since 2.1

delete_users

• Since 2.1

create_users

• Since 2.1
• Allows creating new users.
  • Without other capabilities, created users will have your blog’s New User Default Role.

unfiltered_upload

• Since 2.3

edit_dashboard

• Since 2.5

customize

• Since 4.0
• Allows access to the Customizer. 

delete_site

• Since 4.0
• Allows the user to delete the current site (Multisite only).

update_plugins

• Since 2.6

delete_plugins

• Since 2.6

update_themes

• Since 2.7

update_core

• Since 3.0

list_users

• Since 3.0
• Allows access to Administration Screens options:
  • Users

remove_users

• Since 3.0

add_users

• Since 3.0
• Replaced in 4.4 with promote_users

promote_users

• Since 3.0
• Enables the “Change role to…” dropdown in the admin user list.
  • This does not depend on ‘edit_users‘ capability.
• Enables the ‘Add Existing User’ to function for multi-site installs.

delete_themes

• Since 3.0

export

• Since 3.0

edit_comment

• Since 3.1

create_sites

• Since 3.1
• Multi-site only
• Allows user to create sites on the network

delete_sites

• Since 3.1
• Multi-site only
• Allows user to delete sites on the network

manage_network

• Since 3.0
• Multi-site only
• Allows access to Super Admin menu
• Allows user to upgrade network

manage_sites

• Since 3.0
• Multi-site only
• Allows access to Network Sites menu
• Allows user to add, edit, delete, archive, unarchive, activate, deactivate, spam and unspam new site/blog in the network

manage_network_users

• Since 3.0
• Multi-site only
• Allows access to Network Users menu

manage_network_themes

• Since 3.0
• Multi-site only
• Allows access to Network Themes menu

manage_network_options

• Since 3.0
• Multi-site only
• Allows access to Network Options menu

manage_network_plugins

• Multi-site only
• Allows access to Network Plugins menu

upload_plugins

• Since 4.0
• Multi-site only
• Allows user to upload plugin ZIP files from the Network Plugins -> Add New menu

upload_themes

• Since 4.0
• Multi-site only
• Allows user to upload theme ZIP files from the Network Themes -> Add New menu

upgrade_network

• Since 4.8
• Multi-site only
• is used to determine whether a user can access the Network Upgrade page in the network admin. Related to this, the capability is also checked to determine whether to show the notice that a network upgrade is required. The capability is not mapped, so it is only granted to network administrators. See #39205 for background discussion.

setup_network

• Since 4.8
• Multi-site only
• is used to determine whether a user can setup multisite, i.e. access the Network Setup page. Before setting up a multisite, the capability is mapped to the `manage_options` capability, so that it is granted to administrators. Once multisite is setup, it is mapped to `manage_network_options`, so that it is granted to network administrators. See #39206 for background discussion.

Resources

Plugins

• Members Plugin
• User Access Manager
• Advanced Access Manager
• User Role Editor
• WordPress User Role Editor
• Simple Membership Plugin
• View Admin As (manage & test roles)

Information

• WordPress Capabilities

Exporting your WordPress data (posts, pages, custom post types, comments, custom fields, categories, tags, custom taxonomies, and users) is sometimes necessary and useful. If you are moving to a new host or just want a backup of your site data, then Exporting your site is the answer. Once the export file is created, that file can be used for import by the Tools Import Screen.

The Tools Export Screen is quite simple–just specify the desired Filters, if any, you wish to apply, and then click the Download Export File button to save that file to your local computer.

Export

When you click the Download Export File button, WordPress will create an XML file for you to save to your computer.

This format, which is called and WordPress eXtended RSS or WXR file, will contain your posts, pages, custom post types, comments, custom fields, categories, tags, custom taxonomies, and users.

Once you’ve saved the download file, you can use Administration > Tools > Import > WordPress at another WordPress site to import this data

Filters and Other Options

• All content – export all of your posts, pages, comments, custom fields, terms, navigation menus, and custom posts.
• Posts – check this radio button to expose additional filtering when exporting posts.
• Categories – select only one category with this pulldown or leave at All Categories.
• Authors – select a specific author from the pulldown or leave at All Authors.
• Date range – select both the starting and ending post date to include in export.
• Status – select the post status (e.g. Published) to export or leave at All Status.
• Pages – check this radio button to expose additional filtering when exporting pages.
• Authors – select a specific author from the pulldown or leave at All Authors.
• Date range – select both the starting and ending page date to include in export.
• Status – select the page status (e.g. Published) to export or leave at All Status.
• Download Export File – click this button and the file, with any filters selected, will be created and you will be asked to save that file to your local computer.

If a site’s using HTTPS, you’ll see a little padlock icon in the address field, just as in the screenshot below:

Here are the most common reasons you might want to use HTTPS on your own site:

Faster. One might think that HTTPS would make your site slower, since it takes some time to encrypt and decrypt all data. But a lot of efficiency improvements to HTTP are only available when you use HTTPS. As a result, HTTPS will actually make your site faster for almost all visitors.

Trust. Users find it easier to trust a secure site. While they don’t necessarily know their traffic is encrypted, they do know the little padlock icon means a site cares about their privacy. Tech people will know that any servers between your computer and the web server won’t be able to see the information flowing forth and back, and won’t be able to change it.

Payment security. If you sell anything on your site, users want to know their payment information is secure. HTTPS, and the little padlock, assure that their information travels safely to the web server.

Search Engine Optimization. Many search engines will add a penalty to web sites that don’t use HTTPS, thus making it harder to reach the best spots in search results.

Your good name. Have you noticed that some websites have the text “not secure” next to their address?

That happens when your web browser wants you to know a site is NOT using HTTPS. Browsers want you to think (rightly!) that site owners who can’t be bothered using HTTPS (it’s free in many cases) aren’t worth your time and certainly not your money.

In turn, you don’t want browsers suggesting you might be that kind of shady site owner yourself.

When a new version of a plugin or theme is available, an alert bubble is displayed in your WordPress Admin Menu and the corresponding theme or plugin is highlighted on Themes and Plugins Screens.

There are several places where you can manage themes or plugins updates:

• WordPress, Plugins, Themes and Translations updates can be managed on the Updates Screen located in Dashboard > Updates sub menu.
• Themes updates can be managed on the Appearance Screen.
• Plugins updates can be managed on the Plugins Screen.

Since WordPress 5.5, websites Administrators can manually opt-in for automatic updates theme by theme and plugin by plugin.

Enable auto-updates for themes

On the Appearance Screen, click on a theme thumbnail. In the theme modal, right below the author of the theme, an “Enable auto-updates” action link is available. Click on this action link to enable auto-updates for this specific theme.

Once enabled, auto-updates can be disabled at any time, using the same toggle link.

Themes auto-updates have to be enabled/disabled theme by theme.

Enable auto-updates for plugins

Navigate to Plugins Screen. For each plugin, there is an “Automatic update” column with an action link used to enable/disable auto-updates plugin by plugin.

Click on this action link to enable auto-updates for each specific plugin.

Once enabled, auto-updates can be disabled at any time, using the same toggle link.

Bulk enable/disable plugins auto-updates

Plugins auto-updates can be bulk enabled or disabled for several plugin at one time by using the bulk action selector. Select plugins using the checkbox located in the first column of the plugins list table and use the bulk action selector located on the top of the table to enable or disable auto-updates. Then click on the “Apply” button to bulk enable/disable auto-updates for the selected items.

When do Themes and Plugins auto-updates happen?

By default WordPress runs auto-updates twice per day. If updates are available for plugins or themes with auto-updates enabled, the time until the next scheduled update will be displayed below the enable/disable auto-updates action link.

The time until next auto-updates is also displayed in the Dashboard > Updates Screen for both Themes and Plugins:

Email notifications after plugins and themes auto-update attempts

By default WordPress sends email notifications to website owners to inform them that plugins and themes were automatically updated. These email notifications are sent when:

• One or more plugins or themes successfully auto-updated
• One or more plugins or themes failed to auto-update
• Some plugins or themes were successfully auto-updated, and some of them failed

Advices & Troubleshooting

Perform regular automatic backups of your website

Before enabling auto-updates on your plugins and themes, you may want to make sure you’re able to rollback to a previous version of your website in case things go wrong.

Various plugins exist to take automatic scheduled backups of your WordPress database and files. This helps to manage your backup collection easily. You can find automatic backup plugins in the Plugin Browser on the WordPress Administration Screens or through the WordPress Plugin Directory.

• List of Backup Plugins

Auto-updates are not available

If auto-updates controls are not available on your Plugins/Themes Admin Screens, please check you are running WordPress version 5.5 or more. Plugins and themes auto-updates were introduced in WP 5.5.

If you are running WordPress 5.5 or more and those controls are still unavailable, it probably means the feature was partially or completely deactivated by your hosting company or by a plugin.

Auto-updates are not working

Depending on your server, your installation or on the plugins your website is running, auto-updates scheduling may not work correctly. Indeed, they rely on WordPress Cron tasks to actually perform the update.

To check if WordPress Cron tasks are running correctly, go to Tools > Site Health and search for any error message.

More resources

• Developer note: Controlling plugin and theme auto-update interface in WordPress 5.5
• Plugins and Themes auto-updates core merge announcement

To have HTTPS, SSL Certificate is needed to be installed on the server.

Let’s Encrypt is a non-profit organization that provides free SSL certificates for everyone, as of Feb 2020 they have issued over 1 billion certificates. The easiest way to get a certificate is to use the EFF certbot tool, their site has complete instructions for installing and updating certificates for several different web servers and operating systems.

For local development, you can create a self-signed certificate using OpenSSL, however this has limited use since any certificate generated will not be trusted by others, so should only be used for private servers.

There is no extra or special settings needed specifically for WordPress at the web server level for HTTPS. WordPress by default is ready to use HTTPS URLs if the web server is properly configured.

The default port for HTTP URLs is port 80, the default port for HTTPS is port 443. These ports not to be opened through any network firewall. Apache includes a mod_ssl module that needs to be enabled and properly configured. If using certbot, it can automatically configure and create the VirtualHost settings needed. 

Implementing HTTPS for WordPress

To implement HTTPS support on WordPress, you only need to set the WordPress and Site Address URL to use https://. You can install WordPress either using HTTP or HTTPS to start, both will work, and you can switch over later.

 Go to Settings > General and make sure that the WordPress Address (URL) and Site Address (URL) is https. If not, add ‘S’ after http to make https and save it :

The Site health tools (Tools > Site health) will inform you that your website doesn’t use HTTPS.

Since version 5.7, WordPress can also automatically switch to HTTPS if an SSL certificate is already set up on your server.

Best Practices for HTTPS for WordPress

It is recommended for all production WordPress sites to use HTTPS.

• Use a reputable web host, most provide HTTPS service as a standard.
• Use a SSL Certificate from Let’s Encrypt, they are free and easy to use.
• Serve Static Content from an SSL enabled CDN

You may need to redirect your HTTP traffic to your HTTPS site. For Apache, you can do so by creating two VirtualHost entries for example:

<VirtualHost *:80>
    ServerName mkaz.blog
    Redirect / https://mkaz.blog/
</VirtualHost>

<VirtualHost *:443>
    ServerName mkaz.blog
    DocumentRoot /home/mkaz/sites/mkaz.blog
    <Directory /home/mkaz/sites/mkaz.blog>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>

    SSLEngine on
    SSLCertificateFile    /etc/letsencrypt/live/mkaz.blog/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/mkaz.blog/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/mkaz.blog/fullchain.pem
    IncludeOptional /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>

Bad Practices for HTTPS for WordPress

• Serving site from both HTTPS and HTTP urls, use HTTPS and redirect.
• Using mixed content, ie. CSS, JS, or images served from HTTP on an HTTPS page

References and Useful Links

1. Why should I use HTTPS
2. Let’s Encrypt and Certbot
3. Apache Module mod_ssl – Official Apache Module Documentation
4. Encrypting the Web (EFF.org)
5. HTTPS as a ranking signal (Google)
6. Best Practices Securing Your Site (Google)