How To Disable HTML In WordPress Comments

I really hate spammers. They make me sick with their spam comments with all the bold text and hyperlinks. I know that I'm not the only one with this crappy problem, since spammers are everywhere these days. Some of them should write a book about "The life of a Spammer."

You can easily disable HTML in WordPress Comments.So if someone uses the strong code, it will not bold the text etc. It's really important for a WordPresser to disable HTML comments to prevent spammers from commenting with HTML formatted comments.

Just add following code in your functions.php file:

// This will occur when the comment is posted
function plc_comment_post( $incoming_comment ) {

// convert everything in a comment to display literally
$incoming_comment['comment_content'] = htmlspecialchars($incoming_comment['comment_content']);

// the one exception is single quotes, which cannot be #039; because WordPress marks it as spam
$incoming_comment['comment_content'] = str_replace( "'", ''', $incoming_comment['comment_content'] );

return( $incoming_comment );
}

// This will occur before a comment is displayed
function plc_comment_display( $comment_to_display ) {

// Put the single quotes back in
$comment_to_display = str_replace( ''', "'", $comment_to_display );

return $comment_to_display;

That's IT!

Prevent Image Hotlinking With .htaccess

Image courtesy of markinns.com

Ever wonder how someone stealing your images, directly taking the URL and display on their own website can effect your bandwidths? This is what we call image hotlinking. With every single view of our images on their site cost us bandwidths. Because it's called directly from our server.

Not sure about you, but I paid for this bandwidths (not for this site). Just like almost everything, there is a way to stop thieves  from stealing our bandwidths without our permission. For those who are wondering, this tutorial is also for WordPressers.

Visit your FTP/File Manager and add following to your .htaccess file:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourdomain.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourdomain2.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjentSbUVx-fuFCCSHSi_6OL0g8IjaYt5K94H5s5v8jCEd4THGRVviaGxcMc5LOVsmvIpC0AuKe1NK4yNMW6lax31b3K6hhQZM2TBblWoGtSQ_i9jK-e4SvIAw0NuU3Vo5KkO0y2n0rPZ4/s1600/Hotlinking.gif [NC,R,L]

By default all sites are blocked from hotlinking. Only those specified by you are allowed to do so. Don't forget to replace yourdomain.com in above code with your website's URL. You can add as many URLs as you want.

Also the link https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjentSbUVx-fuFCCSHSi_6OL0g8IjaYt5K94H5s5v8jCEd4THGRVviaGxcMc5LOVsmvIpC0AuKe1NK4yNMW6lax31b3K6hhQZM2TBblWoGtSQ_i9jK-e4SvIAw0NuU3Vo5KkO0y2n0rPZ4/s1600/Hotlinking.gif is to a image you’ve set, and whenever image hotlinking is detected, this image will show up. You can change it to your favorite hotlinking message or anything you want. Just make sure where this image is not hotlink protected.

Hide Dashboard Login Errors In WordPress

In this tutorial, I'm going to show how you can easily hide login errors in WordPress. It's a great way to protect from WordPress from hackers. Whenever you login with the correct username but with the wrong password, a message appears saying "Error: Incorrect Password." WordPress has now given a clue to hacker that the username entered is in the system, and that they simply need to crack its password.

Similarly, an "Error: Invalid username" also appears when you enter an unavailable username. It's better for you to prevent hacking by hiding this error message. In order to keep this from happening, you need to add this code to your functions.php file:

add_filter('login_errors', create_function('$a', "return null;"));

This filter code will remove error message from the login page. The error box will still appear, but without any text.

How To Automatically Empty Trash In WordPress

The Trash feature was introduced in WordPress 2.7, and since then, if you click "Trash" for any item, it will be sent to the trash. It works similar to the Recycling Bin feature on Windows. By default, the content you trash remains there for 30 days before being permanently deleted. However, you can also delete items from the Trash at any time.

You can also modify the 30 day period with some simple codes. Just add this line to wp-config.php and you’re done:

define('EMPTY_TRASH_DAYS', 5 ); // Empty trash every 5 days

How To Create A Custom Dashboard Widgets In WordPress

Earlier this hour I was surfing thru WordPress' official codex website and I found something very interesting to write about. Okay! I know you guys are so exited about this great trick.

The Dashboard Widgets API (added in WP 2.7) makes it very simple to add new widgets to the administration dashboard. It only takes a few minutes to create a simple dashboard widget for your blogger. It can be a great way to make your plugin and themes even more useful.

How To Create A Custom Dashboard Widgets:

 This code would go in one of your plugin's files, or in your theme's functions.php:

/**
 * Add a widget to the dashboard.
 *
 * This function is hooked into the 'wp_dashboard_setup' action below.
 */
function example_add_dashboard_widgets() {

    wp_add_dashboard_widget(
                 'example_dashboard_widget',         // Widget slug.
                 'Name of your widget',          // Title.
                 'example_dashboard_widget_function' // Display function.
        );   
}
add_action( 'wp_dashboard_setup', 'example_add_dashboard_widgets' );

/**
 * Create the function to output the contents of our Dashboard Widget.
 */
function example_dashboard_widget_function() {

    // Display whatever it is you want to show.
    echo "<p>Welcome to BWidgets! Need help? Contact the developer <a href="mailto:yourusername@gmail.com">here</a>.</p>";
} 

That's it! Red part in the above code is the title and content area of our widget. Don't forget to leave a comment if you need any help with this tutorial.

How To Add Extra Fields To WordPress User Profile Page

Yesterday I post an article about removing some extra fields (AIM, Yahoo IM, and Jabber) from WordPress' user profile page area. It's time to dig even more deeper into this trick. It's time for us to learn about adding some extra fields to user profile page.

The code below will show you how to add additional Twitter and Facebook fields, but you can use it to add any other field that you like. Add following php code to your theme's functions.php file (from theme editor):

function my_new_contactmethods( $contactmethods ) {
// Add Twitter
$contactmethods['twitter'] = 'Twitter username (withour @';
//add Facebook
$contactmethods['facebook'] = 'Facebook';
return $contactmethods;
}
add_filter('user_contactmethods','my_new_contactmethods',10,1);

That's it.

How To Stop Users With AdBlock In Blogger/WordPress

Don't you hate it when a crappy extension is blocking you from getting the payoff of your hard work that you put on your blog? Not sure about you, but I really really hate that. More than AJ Styles-Dixie Carter's TNA Promo that I'm watching right now, it's good. Okay, it was a creative way to end the show.

Back to topic. Antiblock.org found a great script to stop users with AdBlock from viewing your website. Don't forget to check and support their awesome project. There is no bad in stopping users with AdBlock from viewing your site because we blogger needs to earn as much as we can for our hard work. It's not easy to run and manage a full time blog without revenues from ads. Here is how to do it:

Stop Users With AdBlock In Blogger/WordPress/HTML:

First of all, you can also use this script on any other blogging/site platform. It works everywhere, even on a HTML page.

For Blogger:

• Visit Blogger > Template > Edit HTML.

• Press Ctrl + F and search for ]]></b:skin> and paste below code above it:

#g207{position:fixed!important;position:absolute;top:0;top:expression((t=document.documentElement.scrollTop?document.documentElement.scrollTop:document.body.scrollTop)+"px");left:0;width:100%;height:100%;background-color:#fff;opacity:0.9;filter:alpha(opacity=90);display:block}#g207 p{opacity:1;filter:none;font:bold 16px Verdana,Arial,sans-serif;text-align:center;margin:20% 0}#g207 p a,#g207 p i{font-size:12px}#g207 ~ *{display:none}

• Now press Save Template.

• Now navigate to Blogger > Layout > Add Gadget, Click on HTML/JavaScript Gadget.

• Paste the below code into it and press Save.

<script>(function(w,u){var d=w.document,z=typeof u;function g207(){function c(c,i){var e=d.createElement('i'),b=d.body,s=b.style,l=b.childNodes.length;if(typeof i!=z){e.setAttribute('id',i);s.margin=s.padding=0;s.height='100%';l=Math.floor(Math.random()*l)+1}e.innerHTML=c;b.insertBefore(e,b.childNodes[l-1])}function g(i,t){return !t?d.getElementById(i):d.getElementsByTagName(t)};function f(v){if(!g('g207')){c('<p>Please disable your ad blocker!<br/>This site is supported by the advertisement <br/> Please disable your ad blocker to support us!!! </p>','g207')}};(function(){var a=['Adrectangle','PageLeaderAd','ad-column','advertising2','divAdBox','mochila-column-right-ad-300x250-1','searchAdSenseBox','ad','ads','adsense'],l=a.length,i,s='',e;for(i=0;i<l;i++){if(!g(a[i])){s+='<a id="'+a[i]+'"></a>'}}c(s);l=a.length;for(i=0;i<l;i++){e=g(a[i]);if(e.offsetParent==null||(w.getComputedStyle?d.defaultView.getComputedStyle(e,null).getPropertyValue('display'):e.currentStyle.display)=='none'){return f('#'+a[i])}}}());(function(){var t=g(0,'img'),a=['/adaffiliate_','/adops/ad','/adsales/ad','/adsby.','/adtest.','/ajax/ads/ad','/controller/ads/ad','/pageads/ad','/weather/ads/ad','-728x90-'],i;if(typeof t[0]!=z&&typeof t[0].src!=z){i=new Image();i.onload=function(){this.onload=z;this.onerror=function(){f(this.src)};this.src=t[0].src+'#'+a.join('')};i.src=t[0].src}}());(function(){var o={'http://pagead2.googlesyndication.com/pagead/show_ads.js':'google_ad_client','http://js.adscale.de/getads.js':'adscale_slot_id','http://get.mirando.de/mirando.js':'adPlaceId'},S=g(0,'script'),l=S.length-1,n,r,i,v,s;d.write=null;for(i=l;i>=0;--i){s=S[i];if(typeof o[s.src]!=z){n=d.createElement('script');n.type='text/javascript';n.src=s.src;v=o[s.src];w[v]=u;r=S[0];n.onload=n.onreadystatechange=function(){if(typeof w[v]==z&&(!this.readyState||this.readyState==="loaded"||this.readyState==="complete")){n.onload=n.onreadystatechange=null;r.parentNode.removeChild(n);w[v]=null}};r.parentNode.insertBefore(n,r);setTimeout(function(){if(w[v]!==null){f(n.src)}},2000);break}}}())}if(d.addEventListener){w.addEventListener('load',g207,false)}else{w.attachEvent('onload',g207)}})(window);</script>

That's it!

For WordPress:

It's all same for WordPress. Just add following CSS & JavaScript code to your WordPress template:

CSS:

#g207{position:fixed!important;position:absolute;top:0;top:expression((t=document.documentElement.scrollTop?document.documentElement.scrollTop:document.body.scrollTop)+"px");left:0;width:100%;height:100%;background-color:#fff;opacity:0.9;filter:alpha(opacity=90);display:block}#g207 p{opacity:1;filter:none;font:bold 16px Verdana,Arial,sans-serif;text-align:center;margin:20% 0}#g207 p a,#g207 p i{font-size:12px}#g207 ~ *{display:none}

JavaScript:

<script>(function(w,u){var d=w.document,z=typeof u;function g207(){function c(c,i){var e=d.createElement('i'),b=d.body,s=b.style,l=b.childNodes.length;if(typeof i!=z){e.setAttribute('id',i);s.margin=s.padding=0;s.height='100%';l=Math.floor(Math.random()*l)+1}e.innerHTML=c;b.insertBefore(e,b.childNodes[l-1])}function g(i,t){return !t?d.getElementById(i):d.getElementsByTagName(t)};function f(v){if(!g('g207')){c('<p>Please disable your ad blocker!<br/>This site is supported by the advertisement <br/> Please disable your ad blocker to support us!!! </p>','g207')}};(function(){var a=['Adrectangle','PageLeaderAd','ad-column','advertising2','divAdBox','mochila-column-right-ad-300x250-1','searchAdSenseBox','ad','ads','adsense'],l=a.length,i,s='',e;for(i=0;i<l;i++){if(!g(a[i])){s+='<a id="'+a[i]+'"></a>'}}c(s);l=a.length;for(i=0;i<l;i++){e=g(a[i]);if(e.offsetParent==null||(w.getComputedStyle?d.defaultView.getComputedStyle(e,null).getPropertyValue('display'):e.currentStyle.display)=='none'){return f('#'+a[i])}}}());(function(){var t=g(0,'img'),a=['/adaffiliate_','/adops/ad','/adsales/ad','/adsby.','/adtest.','/ajax/ads/ad','/controller/ads/ad','/pageads/ad','/weather/ads/ad','-728x90-'],i;if(typeof t[0]!=z&&typeof t[0].src!=z){i=new Image();i.onload=function(){this.onload=z;this.onerror=function(){f(this.src)};this.src=t[0].src+'#'+a.join('')};i.src=t[0].src}}());(function(){var o={'http://pagead2.googlesyndication.com/pagead/show_ads.js':'google_ad_client','http://js.adscale.de/getads.js':'adscale_slot_id','http://get.mirando.de/mirando.js':'adPlaceId'},S=g(0,'script'),l=S.length-1,n,r,i,v,s;d.write=null;for(i=l;i>=0;--i){s=S[i];if(typeof o[s.src]!=z){n=d.createElement('script');n.type='text/javascript';n.src=s.src;v=o[s.src];w[v]=u;r=S[0];n.onload=n.onreadystatechange=function(){if(typeof w[v]==z&&(!this.readyState||this.readyState==="loaded"||this.readyState==="complete")){n.onload=n.onreadystatechange=null;r.parentNode.removeChild(n);w[v]=null}};r.parentNode.insertBefore(n,r);setTimeout(function(){if(w[v]!==null){f(n.src)}},2000);break}}}())}if(d.addEventListener){w.addEventListener('load',g207,false)}else{w.attachEvent('onload',g207)}})(window);</script>

That's it. You can also use this plugin to stop users with AdBlock with some extra options.

After adding above listed code your blog will look something like this:

Image courtesy of HackingUniversity.in

How To Remove User Contact Info From WordPress Profile Page

After writing bunch of articles about WordPress' wp-config.php file, it's time for me to write some articles about the powerful functions.php file. And I'll start from the start. In this post, I'm sharing a very simple and useful trick for WordPressers (WordPressers :p).

Most of us never ever used three fields on the WordPress profile page and so we want to remove those fields. They are the fields for AIM, Yahoo IM, and Jabber. It's time to get rid of these fields:

Add following php code to your theme's functions.php file (from theme editor):

add_filter('user_contactmethods','hide_profile_fields',10,1);
function hide_profile_fields( $contactmethods ) {
unset($contactmethods['aim']);
unset($contactmethods['jabber']);
unset($contactmethods['yim']);
return $contactmethods;
}

That's it..!!

How To Change The Default WordPress Media Uploads Folder

I'm really loving all the wp-config.php tricks. We can do so much amazing stuff with just some little codes.

Before WordPress 3.5 you used to be able to change the upload directory path from the Settings menu in the dashboard. However, now you can't do anything like that from the settings option, but it’s still possible.

How to Change The Default WordPress Media Uploads Folder:

Open wp-config.php (located in root of WordPress installation) and add following code before the line that says require_once(ABSPATH.’wp-settings.php’);.

define( 'UPLOADS', 'wp-content/custom-path' );

Change wp-content/custom-path with your custom upload path. For example, you can can change it to wp-content/files. Don't forget to add the code before require_once(ABSPATH.’wp-settings.php’);.

3 Ways To Disable WordPress AutoSave

This is my second post of the day here on BWidgets, and it's also about Daniel Bryan wp-config.php file and WordPress AutoPost. This time I'll show you one three ways to disable WordPress AutoSave feature.

When editing a post, the changes you make are automatically saved every 2 minutes. You can also use our last trick to Modify AutoSave Interval.

By Editing wp-config.php File:

This is the easiest way to disable WordPress AutoSave feature. To modify autosave interval simply open wp-config.php (located in root of WordPress installation) and add following code to the end of file:

define('AUTOSAVE_INTERVAL', 86400);

We've set WordPress AutoSave interval to 86400 seconds which is an entire day. So this effectively disables the autosave functionality. Thanks to Jacob Nicholson for the idea.

By Editing post.php File:

This is the smartest way to disable AutoSave feature without any heavy codes. Thanks to Shane G. for sharing this trick on a WordPress forum.

• Open your wp-admin/post.php file and wp-admin/post-new.php files.

• You will find this line of code there:

wp_enqueue_script('autosave');

• Add // to the beginning of this code. It'll look something like this:

// wp_enqueue_script('autosave');

The AutoSave option will be disabled for your existing and new posts.

By Editing functions.php File:

Last but not the least. This is the most preferred way to disable this feature, as we don't have to re-edit our post.php and post-new.php file after every WordPress update, nor we have to adjust AutoSave interval. This trick will simple disable AutoSave feature. Thanks to Egill R. Erlendsson for sharing this trick on a WordPress forum.

Simple throw this in your functions.php file:

add_action( 'admin_init', 'disable_autosave' );
function disable_autosave() {
        wp_deregister_script( 'autosave' );
}

That's it folks. Thanks for all amazing guys that I mentioned on the article for sharing these amazing tricks around the internet. Don't forget to give us a backlink if you're sharing this article on your blog.