WordPress is More Than Just Blogging Software

If you take a step back and look at the successful premium WordPress themes available today, the first thing you’ll notice is that they offer much more than the standard blogging template that most free WordPress themes offer.  You’ll find magazine themes, news themes, video themes, social networking themes, and all sorts of other themes that are designed to function as content management systems.

In looking at the future of WordPress, my hope is that the standard build of WordPress will continue to grow and many WordPress plugins will fill the gaps to make a fully functional content management system.

Recently BloggingPro did a great job of showing the versatility of WordPress with their post showing 7 different ways to use WordPress.  In their post, they highlight these 7 ways you can use WordPress:

  1. Blogging
  2. Photoblog
  3. Tumblelog
  4. Magazine
  5. Online Shop
  6. Contact Manager and Customer Relations Management
  7. Twitter Platform

Click over to see the examples of each!

I personally use WordPress for most of my content sites, including several static sites, a tumblelog, and of course several blogs.   Its versatility is amazing. In what unique ways have you used WordPress?

  • Leave a Comment
  • Is Your WordPress Site Hackable?

    This guest post was written by Hayes Potter, who is a 13 year old programmer and web developer that gives webmasters tips on protecting their website from common hacking techniques. If you have webmaster or WordPress knowledge and are interested in writing a post for Hack WordPress, please contact us.

    Today I want to ask all the web masters out there “Is your site hackable?”. I’m a test hacker, and I’ve seen some very popular sites get hacked in some of the simplest ways. Hacking wordpress is actually quite easy if you know what your doing. Two words my friend, “SQL Injections”, most people bypass this thought when they make a blog. Even know wordpress login forms prevent SQL Injections but what about form making plugins? Always check to see if your site is hackable through SQL Injections, for more information on simple hacking with SQL Injection visit my post about it by clicking here.

    Also if you have a “robots.txt” file in your home directory, keep in mind that disallowing search engines doesn’t disallow people! Never leave directories with password’s in them, even if it is encrypted. If you have to password protect the director and/or password file. Also always keep your cgi-bin password protected because a lot of file management systems use it to keep passwords that you use. I know some cPanel file management systems do. So always check your site for rogue password files and SQL Injection prevention.

    Editor’s Note: If you aren’t very familiar with some of this terminology, your best bet is to always keep your WordPress blogs upgraded to the latest version of WordPress.

    Learning More About Javascript Injections

    Ok, for those of you who don’t know what javascript injections are, they are ways to manipulate the page source of any web page. Some very simple javascript injections are to simply display an alert box with any text you want. To execute any form of javascript injection enter “javascript:” in the URL bar in your browser, then after the colon you can enter any javascript code in the same way you would in a normal web page. For example if you type in “javascript:var a = “hello world!”; alert(a)” in the URL bar an alert box would pop-up displaying the value of the variable “a”.

    Now that you know the basics to javascript injections lets learn how to hack with them, as you should know javascript can manipulate anything on a web page. Here is a simple way to hack into a username on a website. Although the site you try to hack you have to be logged into that site. Once logged in type in the following javascript injection in the URL bar: “javascript:alert(document.cookie)”. This will display the cookie information that the site has on you, look for something like “user_id=xxx” or “PHPSESSID=xxx”. Typically you want to change this string’s value to 1, because the administrator is usually user_id number 1. To change it type in the following in the URL bar: “javascript:void(document.cookie user_id=1);alert(document.cookie);”. Now the user_id’s value should be 1, so refresh the page and you should be logged in as the administrator.

    Please remember that you should never mess around with someones site. Always contact the administrator if you find a security hole in their site. Now remember how I said javascript can manipulate anything on a webpage? Well lets start manipulating stuff, for the basics we can just start with forms. Lets say a web page has a form to buy something using a debit card or something like that. Lets say the price for this item is fifty dollars, now lets manipulate this price. Lets say the submit button is a form itself, and it has no other values. In the URL bar type the following: “javascript:void(document.forms[0] = $1.00)”. Ultimately this will change price to one dollar, yes! The “[0]” represents the form number on the page, for example if there are 3 forms on a page. The first one would be labeled “0” the second one “1” and the third one “2”.

  • Leave a Comment
  • Collection of WordPress Resources

    As I mentioned in a post written last month, I wanted to collect everyones WordPress resources so I could throw together a WordPress resources page. After all, WordPress is community-based and it seemed like a good way to support WordPress users. I am proud to say that I was able to combine my favorite WordPress sites with yours to create a WordPress resources page here at Hack WordPress, which I hope people will find useful.

    If you are wondering why a couple sites are left off the list, it is probably for one of two reasons. The first is that I don’t know about it and the second is because I had to leave off (for the most part) any submitted blogs that occasionally write about WordPress (such as a category or whatever). This is because the collection of WordPress resources is already very large and these types of lists can get out of hand if you don’t draw the line somewhere.

    As with my WordPress theme galleries and other lists I maintain here, my ultimate goal is to keep this page useful. As a result, I will make every attempt to keep this page updated over time. You can help by letting us know if you find any invalid links or you would like to see something added.

    As for the list itself, here is what I’ve collected so far:

    WordPress Blogs WordPress Themes
  • Leave a Comment
  • Copyrighted Images – and the Ideal Solutions

    I recently wrote my first guest post for WP Hacks, which didn’t really go as smoothly as planned. I made an honest mistake about copyrighted images, which lead me to think that the readers at Hack WordPress could use a good lesson from my blunder and not fail where I did.

    I’m now ashamed to admit it – yep, I’ve used copyrighted images before. This is dangerous in the sense that your reputation can end up a bit banged up (hehe…), but can also result in legal action. Whoa, if you’re not careful what image you use, you can get sued? Yep. But in this day and age, there’s a ton of non-copyrighted images out there that are published under Creative Commons that can be used.

    The Solutions

    Not to worry – I’ve got a solution for you. My primary solution, YotoPhoto, is down at the moment (and has been for a while now) – so I ended up actually having to do some research to find some alternative resources.

    I chose to bring up image search engines instead because I feel that as bloggers, none of us have enough time to browse around entire stock image sites. For those that have time, I personally find SXC.hu to be a great stock image site – best of all, it’s free! Also, some photos on Flickr published under the Creative Commons license can be used freely. If you’ve got any other free stock image sites to suggest, feel free to list them in a comment.

    ReadWriteWeb’s got a great set of reviews on YotoPhoto and four other alternatives – Xcavator which searches iStockPhoto.com as well as six other photo providers, everystockphoto which searches through licensed Creative Commons images, PicFindr which runs through free-to-use stock images but also Dreamstime images if you prefer, and FotoSearch which examines pay images . Click here to read the article.

    I personally also enjoy using the Photo Dropper WordPress plugin, allowing you to search through Flickr Creative Commons licensed images right from your blog’s dashboard.


    If you’re looking for stock/creative commons-licensed images to take your post content to the next level, then why not give these search engines a try? However, if you want to take advantage of image SEO, then I won’t guarantee these will make the cut for you.

    This guest post was written by Herbert of Digital Media Break, where he writes about the latest digital technology.

  • Leave a Comment
  • How To: Using WordPress as a Static Site

    This guest post was submitted by Joseph. If you have WordPress knowledge and are interested in writing a post for Hack WordPress, please contact us.

    This is the story of one man’s laziness and his quest to build a simple website that any client of his could edit. And leave him alone after the design was done.

    I started doing this because I was tired of editing pages in Dreamweaver and uploading it each time a client wanted one word changed in the third sentence of the fourth paragraph on the About Us page. WordPress has a very convenient page functionality, and I decided to make the best of it. Here’s how you do it…

    First off, you have to work on the design. You could always start with one of the many WP themes out there. Once you decide on one, though, you need to lose all the peripheral pages. Delete all the php files except for the header, footer, page, and the sidebar (if there is one). Keep the search file as well, for the time being. Then, rename page.php to index.php. Now you’ve gotten rid of the extra files, but many page templates have unnnecessary blogging-related stuff: trackbacks, comments and the meta bits. Delete them all. They usually come wrapped in little divs called “postmeta” or “postmetadata”, or something on those lines. Essentially, look for the divs that contain the tags the_time, the_author, the_tags, the_category, comments_popup_link and so on. You can find more of these template tags here. All you actually need from this page is probably the_post and the_title. Yes, really.

    Now, lets get to the header and footer files. In the <head> section, delete the lines which contain links to the RSS feed (rss2_url) and the pingback URL (pingback_url). Similarly, in the footer file, delete any links to RSS feeds. That’s all there is to it.

    When you get to the sidebar, you need to make some decisions, based on your requirements and on your theme. First off, is the sidebar widgetized? If it isn’t, get that widgetizing done. Did you delete functions.php a while back? Sorry. Restore it from your recycle bin… you’ll need that. Once your sidebar is widgetized, browse over to the widgets section and add widgets you want. Don’t throw everything in… you don’t need Akismet stats, for heaven’s sake.

    Now we get to the search function. WordPress doesn’t search pages. Don’t ask me why. They just don’t. You’ll need a plugin like Search Pages. But first, figure out if you need a search page or not. If it’s a five page site, it’s highly unlikely anyone would need to use the search function. If your site runs into several dozen pages, keep the search function, unless your navigation is idiot-proof. Depending on whether you’re using search or not, keep or delete search.php. If you’re keeping it, don’t forget to remove the meta-stuff from the search results page.

    You’ll need a contact form. What’s a static site without a good old contact form? Use one of the many plugins at the WordPress plugin directory.

    Your theme is now ready, and you need to strip your CSS file a bit. No point in cluttering up your CSS with classes and ids you’ll never use.

    Finally, if you’re doing it for clients who want to edit pages themselves, you don’t want them fooling around with the site settings and themes and plugins. There’s no telling what havoc they could wreak. Not to mention, create more work for you. This is where a very handy plugin comes in: Ryan’s Simple CMS. Set your client as a new user with Editor permissions, and they get a nice clean pages-only backend. They won’t keep writing new posts and wondering why the new page isn’t up. While you’re at Ryan’s you could try his Simple CMS theme as well, to help with your theme. It’s even got a nice Suckerfish menu built in.

    Don’t forget the most important thing of all: setting a page as the front page for the site.

  • Leave a Comment
  • Technorati Wants You to Upgrade WordPress

    If you’ve been holding out on upgrading to WordPress 2.5 (or at least WordPress 2.3.3), Technorati is now adding some extra incentive. According to their official blog:

    Blogs that have been compromised by this security vulnerability are typified by having links to spam destinations inserted onto the blog page. These link insertions may be invisible to casual observations; the links are often obscured by style attributes that render them invisible. These links are still seen by crawlers such as Technorati’s, Google’s and Yahoo’s. You can find these links by viewing the source of the blog pages or, when using Firefox, looking under “Tools” -> “Page Info” -> “Links”. Blogs hosted on wordpress.com are not affected by this issue; only blogs hosted on their own installations of WordPress from wordpress.org require concern.

    Because of this ongoing problem, we’re discontinuing processing crawls of blogs that exhibit common symptoms of being compromised. We strongly recommend upgrading your WordPress installation. Even if you haven’t been afflicted by a compromise, by the time you are aware that you have been a number of negative consequences may have already occurred (for instance, flagged spam by Technorati, Google or Yahoo!) — this has been reported by many WordPress users.

    It looks like all those people that aren’t upgrading their WordPress blogs (or have a dormant blog) are being targeted by spammers, which is causing Technorati some problems. As a result, it appears that these blogs will no longer be indexed by Technorati.

    Is this really extra incentive? In my personal opinion, the relevance of Technorati disappeared long ago, but I’ve noticed that my blogs do occasionally get traffic from there. It certainly can’t hurt to have them indexing my posts.

  • Leave a Comment
  • Wanted: Your WordPress Resources

    Here at Hack WordPress, we pride ourselves on bringing you all sorts of WordPress hacks, theme and plugin reviews, and we also try to create some good WordPress discussions whenever possible.

    One thing I get asked a lot is why I link out to other people so often. The answer is fairly simple. There are a lot of people that are as passionate about WordPress as I am, and these people do great work. Some are other “WordPress niche” blogs, while most are just bloggers who occasionally write about WordPress on their blogs. Either way, I don’t look at them as competitors, but rather as other WordPress enthusiasts and I try to give their posts some additional exposure.

    One thing I’ve been planning to do is to create a resources page for this site which collects other great WordPress resources. For now, the list will be limited to WordPress niche blogs and web designers that use (and write) about WordPress, but it may expand in the future if I can incorporate other blogs that cover WordPress and still keep the page both useful and manageable.

    Here is where I’m hoping you can help me out. I’ve got about 15 blogs in my feed reader and I know there are a lot more than that. If you run a WordPress blog, you are a WordPress designer with a personal blog and write about WordPress, or you are a reader and have a few favorite WordPress blogs you enjoy reading, can you drop me some links in the comments below? That way I can put together a list for my WordPress resources page.

    I’m going to try to get the blogroll put together this weekend (hopefully with feeds as well) and will also do a follow up post to give these blogs some more exposure.

    Update: You can now check out our WordPress Resources page.

  • Leave a Comment
  • How To: Spelling WordPress

    I figured the title of this post would probably catch everyone’s attention!  

    Generally speaking, I am not one of those people that gets anal about spelling.   I always make a conscious effort to spell things correctly and use words in the proper context, but it usually doesn’t bother me when I’m reading someone else’s work and things are misspelled (wrong “there”, etc.).  I’m sure some of my published works even have misspellings from time to time.   For whatever reason, however, I have noticed that a lot of people don’t seem to know how to properly spell WordPress. 

    Do you know how to spell WordPress?  For those that never really gave it any thought, WordPress is spelled with a capital “P” in the middle.   Now, it doesn’t really bother me so much when bloggers misspell WordPress on their blogs, but with the recent explosion of WordPress blogs, it does bother me a little that these WordPress bloggers don’t even know how to properly spell the product that their blog is focused on.

    When you write about WordPress on one of your blogs, are you spelling WordPress correctly?

  • Leave a Comment
  • WordPress vs Movable Type

    Comments Off

    If you ever scroll down in your WordPress dashboard, you’ve probably noticed some back and forth over the past week between WordPress founder Matt Mullenweg and Anil Dash, who is the Vice President of Six Apart, which is responsible for Movable Type and Typepad.

    So what is this argument all about?  Daily Blog Tips has been tracking the dialogs between the two in their post Movable Type vs. WordPress, showing that things have started to get a little heated.  So which is better?   I’ve never used Movable Type and this blog is dedicated to WordPress, so I don’t feel that I’m qualified to comment.

    Have you used both?  Let us know your thoughts in the comments below!

  • Leave a Comment
  • How To: Manually Backing Up Your WordPress Blog

    Comments Off

    In the past I’ve talked about some great WordPress plugins for backing up your database.   This is a great way to backup your WordPress blog for people that don’t know how to do it manually.   You can also set it up to do your backup automatically, which I find extremely useful because I run several websites that need backed up.

    Throughout the past few years I been fortunate to meet a lot of bloggers, and I’ve found that many prefer to avoid plugins as much as possible, or sometimes they are just the kind of people that like to be hands on and learn how to do things themselves.   For these people, Performancing recently posted a Bloggers Guide To Safely Backing Up Your WordPress Site, where they detail the steps you need to take to manually backup your WordPress blog.

    As a quick note, if you decide you want to manually backup your WordPress blog, you’ll first need to make sure you have FTP access for your website and the ability to access your Control Panel (CPanel).   From there you will want to follow the steps in Performancing’s guide to create a backup of your posts and a backup of your database.

  • Leave a Comment