Customising the HTML of the WordPress search form

Changing the markup used for the global search form (which is normally displayed in the header or at the top of the sidebar) is pretty straightforward .

Using a custom function

Yet another option is to create a custom function in your functions.php file:

function custom_search_form( $form ) { 
     $form = '<form method="get" id="quick-search" action="/" >';
     $form .= '<div><label for="s">Search this site for:</label>';
     $form .= '<input type="text" value="' . get_search_query() . '" name="s" id="s" />';
     $form .= '<input type="submit" value="Search" />';     
     $form .= '</div>';      $form .= '</form>';    
return $form;
  }
  add_filter( 'get_search_form', 'custom_search_form' );

In the file that contains your global search form

 (typically header.php or sidebar.php), replace <?php get_search_form(); ?> 

Protect your WordPress site with .htacces

The typical WordPress .htaccess file looks similar:

# BEGIN WordPress

RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress

Protect wp-config.php

In your .htaccess add the following to prevent any access to the wp-config.php file:

<Files wp-config.php>
order allow,deny
deny from all
</Files>

Admin access from your IP only

You can limit who can access your admin folder by IP address, to do this you would need to create a new .htaccess file in your text editor and upload to your wp-admin folder.

order deny,allow
allow from 202.090.21.1 (replace with your IP address)
deny from all

Protect .htaccess

This snippet basically stops anyone viewing any file on your site that begins with "hta", this will protect it and make it somewhat safer.

<Files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</Files>

Stop Spammers

Like hotlinking, spammers are notorious to use up your site’s resources. There are a number of ways to identify a potential spammer. One of them is to detect requests with ‘no referrer’. Spammers use bots to post comments on blogs and they come from ‘nowhere’. Add these lines to stop the spammers.

RewriteEngine On

RewriteCond %{REQUEST_METHOD} POST

RewriteCond %{REQUEST_URI} .wp-comments-post\.php*

RewriteCond %{HTTP_REFERER} !.*yourblog.com.* [OR]

RewriteCond %{HTTP_USER_AGENT} ^$

RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]

If you want a list of bad bots / User Agents to block then scroll to the end of this file.

RewriteCond %{HTTP_USER_AGENT} (libwww-perl|wget|python|nikto|curl|scan|java|winhttp|clshttp|loader) [NC,OR]

RewriteCond %{HTTP_USER_AGENT} (%0A|%0D|%27|%3C|%3E|) [NC,OR]

RewriteCond %{HTTP_USER_AGENT} (;|<|>|'|"|\)|\(|%0A|%0D|%22|%27|%28|%3C|%3E|).*(libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]

RewriteCond %{THE_REQUEST} \?\ HTTP/ [NC,OR]

RewriteCond %{THE_REQUEST} \/\*\ HTTP/ [NC,OR]

RewriteCond %{THE_REQUEST} etc/passwd [NC,OR]

RewriteCond %{THE_REQUEST} cgi-bin [NC,OR]

RewriteCond %{THE_REQUEST} (%0A|%0D|\\r|\\n) [NC,OR]

RewriteCond %{REQUEST_URI} owssvr\.dll [NC,OR]

RewriteCond %{HTTP_REFERER} (%0A|%0D|%27|%3C|%3E|) [NC,OR]

RewriteCond %{HTTP_REFERER} \.opendirviewer\. [NC,OR]

RewriteCond %{HTTP_REFERER} users\.skynet\.be.* [NC,OR]

RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR]

RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [OR]

RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR]

RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC,OR]

RewriteCond %{QUERY_STRING} (\.\./|\.\.) [OR]

RewriteCond %{QUERY_STRING} ftp\: [NC,OR]

RewriteCond %{QUERY_STRING} http\: [NC,OR] 

RewriteCond %{QUERY_STRING} https\: [NC,OR]

RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR]

RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR]

RewriteCond %{QUERY_STRING} ^(.*)cPath=http://(.*)$ [NC,OR]

RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]

RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]

RewriteCond %{QUERY_STRING} (\<|%3C).*embed.*(\>|%3E) [NC,OR]

RewriteCond %{QUERY_STRING} (<|%3C)([^e]*e)+mbed.*(>|%3E) [NC,OR]

RewriteCond %{QUERY_STRING} (\<|%3C).*object.*(\>|%3E) [NC,OR]

RewriteCond %{QUERY_STRING} (<|%3C)([^o]*o)+bject.*(>|%3E) [NC,OR]

RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]

RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR] 

RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]

RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [NC,OR]

RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]

RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR]

RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|%3c|%3e|%5b|%5d).* [NC,OR]

RewriteCond %{QUERY_STRING} ^.*(\x00|\x04|\x08|\x0d|\x1b|\x20|\x3c|\x3e|\x5b|\x5d|\x7f).* [NC,OR]

RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR]

RewriteCond %{QUERY_STRING} (\./|\../|\.../)+(motd|etc|bin) [NC,OR]

RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR]

RewriteCond %{QUERY_STRING} (<|>|'|%0A|%0D|%27|%3C|%3E|) [NC,OR]

RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR]

RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR]

RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR]

RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR]

RewriteCond %{QUERY_STRING} (sp_executesql) [NC]

RewriteRule ^(.*)$ - [F,L] 

You can install BulletProof security protection against: XSS, RFI, CRLF, CSRF, Base64, Code Injection and SQL Injection hacking

Adding your own News Feed to the Wordpress Admin Dashboard

<?php


  function wp_admin_dashboard_add_news_feed_widget() {


  global $wp_meta_boxes;



// Our new dashboard widget



  wp_add_dashboard_widget( 'dashboard_gravfx_feed', 'News from h20bikash.blogspot.com', 'dashboard_gravfx_feed_output' );



  }



  add_action('wp_dashboard_setup', 'wp_admin_dashboard_add_news_feed_widget');



function dashboard_gravfx_feed_output() {


  echo '<div>';


  wp_widget_rss_output(array(


  'url' => 'http://h20bikash.blogspot.com/atom.xml',


  'title' => 'Latest news from drikict.net',


  'items' => 2,


  'show_summary' => 1,


  'show_author' => 0,


  'show_date' => 1



  ));


  echo "</div>";



  }

  ?>

Removing Meta Generator WordPress

<meta name="generator" content="WordPress 3.4.1" />

<?php

  function remove_generator() {

  return '';

  }


add_filter('the_generator', 'remove_generator');

  ?>

Create a word count limit PHP function

<?php

function limit_words($description, $count) {

$words = explode(" ", $description); // explode our string by spaces and add to our $words variable as an array

$chunk = array_chunk($words, $count); // split our $words array into a multi-dimensional array, by our count

$description = implode(" ", $chunk[0]); // convert the $chunk array into a string, seperating words by spaces

return $description; // return our $description string with correct word count

}
$wordcount=$this->limit_words($home_news->intro,15);
?>

Show Children Categories from Parent Category

$category = get_the_category();

$args = array(
'type'                     => 'post',
'child_of'                 => $category[1]->term_id,
'parent'                   => '',
'orderby'                  => 'name',
'order'                    => 'ASC',
'hide_empty'               => 1,
'hierarchical'             => 1,
'exclude'                  => '',
'include'                  =>'' ,
'number'                   =>'',
'taxonomy'                 => 'category',
'pad_counts'               => false );




        $categories = get_categories($args);
        echo "<pre>";
        print_r($categories);
        echo "<pre>";