Tip: Use Caution When Shopping for a WordPress Theme

Why is author reputation so important?   In addition to things like quality, theme support, etc., you’ve also got to worry about potential problems such as unknown links (these are usually hidden and could get your blog banned from search engines if discovered) and things like malicious code being run via your WordPress theme.

Recently Viper007Bond wrote about a theme that was discovered with hidden links (not the same thing as sponsored links):

What I found inside the theme’s footer.php file though was tons of malicious code. The entire contents of the file was heavily encoded (it was encoded with gzinflate(), str_rot13(), and base64_decode() around 150 times) and a ton of eval()’s. Since I was curious what it was doing, I wrote some PHP to decode it without using the nasty (and unsafe) eval()’s and I finally ended up with the HTML for the footer file (I assume to stop people from removing the code) and some more crazy eval() PHP code to display links to websites.

Luckily the code was just there to insert links (although using such a theme is a good way to get banned from Google), the PHP could just as easily have stolen passwords and other things. Remember, themes are exactly like plugins — they can execute code. You wouldn’t download a random program off and Internet and run it on your PC, so why would you do it with a plugin or theme?

So please, only download themes and plugins from reputable sites such as WordPress.org. If in doubt, don’t use it.

The author cites QualityWordPress.com as the source of this theme, so I would recommend avoiding this site if you are looking for a new theme.


There is a good chance that no matter which theme you end up going with (free, premium, or custom) you are going to be fine, but author reputation is just one more thing that should factor into your decision. Find a theme made by an author you can trust.  I’ve seen many situations over the past couple years where people unknowingly get banned from Google or run into other problems because they made a bad choice when picking their theme.

Do you factor an authors reputation (word of mouth) and theme support into your decision before downloading/buying a WordPress theme?   I know I do and I also try to keep that in mind whenever I support a theme by adding it to our WordPress theme galleries.

How To: Displaying Your Most Commented Posts

Though this isn’t quite the same as displaying your most popular posts in your sidebar, here is some code you can use to display the posts that have received the most comments.  You’ll want to place it in your sidebar where you want the code to be displayed.

Most Commented Posts Code

Go into your theme files and go to header.php file.   Somewhere within the </head> you’ll want to place the following code:

<?php most_popular_posts($no_posts = 5, $before = '<li>', $after = '</li>', $show_pass_post = false, $duration='') {
global $wpdb;
$request = "SELECT ID, post_title, COUNT($wpdb->comments.comment_post_ID) AS 'comment_count' FROM $wpdb->posts, $wpdb->comments";
$request .= " WHERE comment_approved = '1' AND $wpdb->posts.ID=$wpdb->comments.comment_post_ID AND post_status = 'publish'";
if(!$show_pass_post) $request .= " AND post_password =''";
if($duration !="") { $request .= " AND DATE_SUB(CURDATE(),INTERVAL ".$duration." DAY) < post_date ";
$request .= " GROUP BY $wpdb->comments.comment_post_ID ORDER BY comment_count DESC LIMIT $no_posts";
$posts = $wpdb->get_results($request);
$output = '';
if ($posts) {
foreach ($posts as $post) {
$post_title = stripslashes($post->post_title);
$comment_count = $post->comment_count;
$permalink = get_permalink($post->ID);
$output .= $before . '<a href="' . $permalink . '" title="' . $post_title.'">' . $post_title . '</a> (' . $comment_count.')' . $after;
} else {
$output .= $before . "None found" . $after;
echo $output;
} ?>

If you’d prefer to display more than 5 posts, you can change the $no_posts = 5 code to whatever number you want to display.

Okay, now, you need to figure out where you want to display these most commented posts (usually the sidebar) and place the following code:

<?php most_popular_posts(); ?>

And as is usually the case, if you want something easier, you can always go with a plugin such as the Popularity Contest plugin.

To see other code that we’ve featured, check out our WordPress Code page.

How to: Create an Ajax-based Auto-completing Search Field for your WordPress Theme

Why not helping your visitors to find what they’re looking for on your blog, by using a cool auto-completion on your search field? To do so, we’ll use WordPress tagcloud, php and ajax.

Please note that even if this code is fully functional, this is an experimentation, and the SQL query isn’t really optimized.

The idea

We will use tags as a list of keyword to suggest to the readers.

When someone will start to type on the search field, we will use Javascript to send a request to a php page which will do the following SQL request SELECT * FROM matable WHERE ‘name’ LIKE ‘$search%’. Via Ajax, we’ll send back the request results to our page, and display it to the visitor.

First part: PHP

The first thing to do is to create a php page. This page will send a request to our WP database and display the tags as a html unordered list.
if (isset($_POST['search'])) {
$search = htmlentities($_POST['search']);
} else $search ='';
$db = mysql_connect('localhost','root',''); //Don't forget to change
mysql_select_db('wp', $db); //theses parameters
$sql = "SELECT name from wp_terms WHERE name LIKE '$search%'";
$req = mysql_query($sql) or die();
echo '<ul>';
while ($data = mysql_fetch_array($req))
echo '<li><a href="#" onclick="selected(this.innerHTML);">'.htmlentities($data['name']).'</a></li>';
echo '</ul>';

This code is simple: It receive a POST parameter (The letter(s) typed in the search field by the visitor) and then sends a request to our WP database in order to gets all tags starting with the letter(s) typed in the search box.

Part two: Ajax

Now it’s time to start the client-side programming. We need to code 4 Javascript functions in order to make our auto-completion work:

  • Function ajax() will create a XMLHTTPRequest object.
  • Function request() will send an Ajax request to our gettags.php file.
  • Function return() will return gettags.php contents.
  • And the selected() function will update the search field.

Here’s our gettags.js file and the 4 functions needed:
var myAjax = ajax();
function ajax() {
var ajax = null;
if (window.XMLHttpRequest) {
try {
ajax = new XMLHttpRequest();
catch(e) {}
else if (window.ActiveXObject) {
try {
ajax = new ActiveXObject("Msxm12.XMLHTTP");
catch (e){
ajax = new ActiveXObject("Microsoft.XMLHTTP");
catch (e) {}
return ajax;
function request(str) {
//Don't forget to modify the path according to your theme
myAjax.open("POST", "wp-content/themes/openbook-fr/gettags.php");
myAjax.onreadystatechange = result;
myAjax.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
function result() {
if (myAjax.readyState == 4) {
var liste = myAjax.responseText;
var cible = document.getElementById('tag_update').innerHTML = liste;
document.getElementById('tag_update').style.display = "block";
function selected(choice){
var cible = document.getElementById('s');
cible.value = choice;
document.getElementById('tag_update').style.display = "none";

Part three: Editing your theme

Now that we have our php and javascript ready, we can edit the searchform.php file from your WP theme:

Your searchform.php file should look like this:
<form method="get" id="searchform" action="<?php bloginfo('url'); ?>/">
<input type="text" value="<?php the_search_query(); ?>" name="s" id="s" />
<input type="submit" id="searchsubmit" value="Search" />

We have to add a div, which will display the received data from the request, as well as a Javascript event on the search form:
<form method="get" id="searchform" action="<?php bloginfo('url'); ?>/">
<input type="text" value="<?php the_search_query(); ?>" name="s" id="s" onkeyup="request(this.value);"/>
<input type="submit" id="searchsubmit" value="Search" class="button" />
<div id="tag_update"></div>

Final part: CSS

Due to the fact that every theme use different color schemes, this is only an example. Anyways, I thought it could be a good start:
#tag_update {
display: block;
border-left: 1px solid #373737;
border-right: 1px solid #373737;
border-bottom: 1px solid #373737;
#tag_update ul {
margin: 0;
padding: 0;
list-style: none;
#tag_update li{
#tag_update a {
display: block;
padding: .2em .3em;
text-decoration: none;
color: #fff;
background-color: #1B1B1C;
text-align: left;
#tag_update a:hover{
color: #fff;
background-color: #373737;
background-image: none;

That’s all. You now have a very nice auto-completing search form! If you have any questions, feel free to leave a comment below.

Parsing and Hacking External RSS Feeds in WordPress

It’s a little known fact that WordPress contains it’s own RSS parser, and you can use it to your advantage to make custom dynamic pages!

This is a tutorial on how to take an ordinary RSS feed, parse it using WordPress’ internal RSS parser, and then create dynamic pages with it. I’m not talking about being a scraper, creating a splog, or doing anything spammy at all. I’m talking about creating added value for visitors and your blog while making money. We all know what a “splog” is. It’s a “spam blog”…or someone who takes RSS feeds and generates pages and posts from them and tries to profit using say Adsense or affiliate ads. The pages are just excerpts and titles from RSS feeds (sometimes full posts), and while they do link back to your site (usually) – they’re not the type of links you want to get. These spam blogs don’t have any redeeming value at all, no contact information, and certainly no original content at all.

Now – let’s take your blog, let’s say you have a birdwatching club in Buffalo, New York. You’ve developed a great site with loads of original content, bunches of articles, and your members visit regularly. The two things that you and other members talk about regularly are binoculars and digital cameras. This is what you could do…

Craigslist is America’s garage sale. If you don’t live in America, I’m sure something like this is in your region. Craigslist offers RSS feeds on each and every page. Here’s how the birdwatching club could benefit from that.

First – create a page template. From your WordPress theme directory, download “single.php” (or the theme template that creates post pages) to your desktop. Open it in Notepad or any text editor, and add the following lines of code to the top:

/* Template Name: Craigslist Template */ ?>

This is the tricky part, because each and every theme is different. You need to look for the following block of code (which is what prints the page content out):

<div class="entry">
<?php the_content(__('Read more &raquo;')); ?>

Right after those lines (or “the loop” in your template, you want to copy and paste this code:

<?php include_once(ABSPATH . WPINC . '/rss.php');
wp_rss('http://example.com/rss/feed/goes/here', 5); ?>

That code comes from this page in the WordPress Codex. WordPress has a built in “RSS Parser” that will read any RSS feed and spit out a list of links is list ordered fashion to a page. So, if you visit the Buffalo Craigslist Photo page, you’ll find at the bottom of the page a little orange RSS icon. Click on that link, and then copy the URL, and paste it over the example URL in your template. The number (20) that comes after the URL is the number of items from the RSS feed to parse and display. Save the template, and upload it back to your theme directory of your WordPress blog.

In your WordPress Dashboard, go to “Write -> Page”. Type some original content in the box, and scroll down to the bottom (in WordPress 2.5, on the sidebar in <2.5) and select “Craigslist Template”. Title your page “Craigslist”, and then save and publish the page. Now if you go to www.yourblog.com/craigslist you should see a listing of things from craiglist with your original content on top.

Look what you did, now the Buffalo Birdwatchers Club won’t can look at photo equipment right on the member web site without having to go to Craigslist unless they see an item they like. You can add multiple feeds to the same page, just copy and paste that code block in multiple times with different RSS feed URL’s. Just remember, the more your add, the longer they take to parse, and the longer the page will take to load. I loaded 6 feeds @ 20 items per feed, and the page took about 20 seconds or so to load.

This Craigslist example is just that – an example. If you want to see how this looks in realtime, look at this Craiglist RSS example I just built. You could use RSS feeds from just about anything, digg, google news – any site that has a feed. As long as you’re only using headline feeds and not stealing content – nobody should ever think you’re plagiarising them in any way, you’re sending them traffic. In your template file, before you parse the feeds add a few paragraphs of original content about what they user might find (on Craigslist – or whatever) and now you have a page with ever changing (daily) content, AND orignal content that google can index!

Now, how do you monetize this? Well, use your noggin and add some affiliate banners, adsense, or other items above, below, or in your sidebar. There is a better way to monetize without using these though…

eBay has RSS feeds – don’t they?  All you have to do is add your affiliate code to an eBay RSS feed, and you could use it instead of the Craigslist feed for a list of eBay items, and every time someone clicks, bids, and buys an auction you profit! First you have to be a member of the eBay Partner Network (EPN). Once logged in go to “Tools->Widgets->RSS Feed Generator”. Then just enter in what you’re looking for. Like Craigslist, you can “geo-target” what you want by scrolling down and checking “Items within 50 miles of xxxxx zip code”. Then click “search” and the page you get should be auctions for only that area. Again, scroll to the bottom of the page and see the orange RSS icon. Click on it and copy the URL and use that as the URL in the code block in your template, save the page now your blog page will list eBay auctions! The difference between these listings and Craigslist is that you profit from each won auction click on these.

I’ve just given you a few ideas, the sky’s the limit with these. You could probably do the exact same thing with Amazon. Now, there’s one thing I didn’t tell you, often people want to know how to take an RSS feed an automatically create blog posts from the feed and publish them, kind of like what’s called an “auto-blog”. Let me state first that there are very few legit reasons to do this, because of duplicate content issues in google, etc. Most people want to use this to try and create quick spammy blogs with no original content, but there are (just a very few) legit reasons to want to create posts from an RSS feed (like doing a blogroll type page for members of a larger community). You can do that easily (and freely) with RadGeek’s Feed WordPress Plugin.

Now, get hacking, come back to comment and tell me what you’ve come up with!

Learn How to Secure Your WordPress Blog

We hear almost every day about bloggers getting their login information comprimised. Are you one of the many people that are growing increasingly concerned about their blogs security?

If you are looking up ways to beef up the security of your WordPress blog, Make Tech Easier has posted a great article about 11 ways to secure your WordPress blog. The post includes a few security tips we’ve already covered in past posts, plus a bunch of other great tips.

Here is what information the post covers:

  • Encrypt your Login
  • Stop Brute Force Attack
  • Use a Strong Password
  • Protect your WP-Admin Folder
  • Remove WordPress Version Information
  • Hide your Plugins Folder
  • Change your Login Name
  • Upgrade to the Latest Version of WordPress and Plugins
  • Do a Regular Security Scan
  • Backup your WordPress Database
  • Define user Privilege

Click over to get descriptions, plugin information and more!

Got any tips to add? Let us know in the comments below!