WordPress Comments and Pinbacks Tutorial

WordPress Comments and Pinbacks Tutorial

What are Comments and Pingbacks

If comments are enabled(which they are by default) your visitors can share their thoughts on your content under your post. These are called comments. Comments are great for your website because they show you which of your content is becoming popular and what is your visitors opinion on what you write.

The way your comments are shown on your site depend on your WordPress comments settings and on the theme you're currently using.

What are Pingbacks

When people cite or use your entire blog post linking to you, WordPress automatically sends a pingback to the content author. This way you can keep track on who is linking to you. In addition that's a way of acknowledging someone's authorship on certain content. You will see your pingbacks in the Comments section of your WordPress admin area. They will be listed amongst the regular comments. You can distinguish pingbacks from regular comments because the anchor text of the link to your site is automatically placed in square brackets by WordPress.

Configure Comments

The available settings for your comments are listed under Settings -> Discussion tab in your WordPress admin panel.

On this page, there are several important settings that you should change depending on your needs:

  • Allow people to post comments on new articles - this setting handles whether the comments under your new posts are enabled or disabled by default. Note that enabling or disabling comments under a particular post or page will overwrite this setting.
  • An administrator must always approve the comment - if you want to moderate each comment that enters your site before it goes live, enable this option. If you do so, you'll have to activate new comments form the Comments page.
  • Show Avatars - by default, WordPress will link the commenter's email address to his/hers avatar in Gravatar if such is present. With this option, you can either hide or show avatars next to your comments.

Protect Comments from Spam with Akismet

Setting up Akismet for your WordPress site is one of the first things you should do. Spam is a global problem and often WordPress comments are the place when bots try to enter bogus content full of links to their sites. Akismet is an external service for battling spam. It has a database of known emails, IP addresses and username used for sending spam. When a visitor of your website submits a comment, it's being checked by Akismet and put in a special Spam folder if it matches any criteria. The first thing you should do is to go to the Akismet website and hit the Say Goodbye to Comments Spam button.

Once you have your key, go back to the admin panel of your WordPress site and install the Akismet plugin. Once activated the Akismet plugin will require from you to activate your Akismet account. To do this, press the blue button that will appear above the table of installed plugins.

On the next page, simply enter your Akismet key and press the Use this Key button.

That's it, your Akismet plugin is set and working on your WordPress site. You will see a confirmation of this and the information about the current status of the Akismet servers.

Next, follow the instructions on the Akismet site to create an account. Once ready, you will be provide with your Akismet Key.

Disable Comments on Specific Pages or Posts

Sometimes, you may wish to disable the comments for certain page or post. For example, your Contact Us page with a simple mail form on it shouldn't have comments under it. In such cases, you can disable the comments for a particular post or page. To do this, open the post/page itself and scroll down until you reach the Discussion tab. In it, uncheck the Allow comments and Allow trackbacks and pingbacks to display them from showing on this particular post or page.

How to Improve the Security of Your WordPress Site

How to Improve the Security of Your WordPress Site

Keep your WordPress site and plugins up-to-date

It is really important to keep your core WordPress files and all of your plugins updated to their latest versions. Most of the new WordPress and plugin versions contain security patches. Even if those vulnerabilities cannot be easily exploited most of the times, it is important to have them fixed.

Protect your WordPress Admin Area

It is important to restrict the access to your WordPress admin area only to people that actually need access to it. If your site does not support registration or front-end content creation, your visitors should not be able to access your /wp-admin/ folder or the wp-login.php file. The best you can do is to get our home IP address (you can use a site like whatismyip.com for that) and add these lines to the .htaccess file in your WordPress admin folder replacing xx.xxx.xxx.xxx with your IP address.

<Files wp-login.php>
order deny,allow
Deny from all
Allow from xx.xxx.xxx.xxx

In case you want to allow access to multiple computers (like your office, home PC, laptop, etc.), simply add another Allow from xx.xxx.xxx.xxx statement on a new line.

If you want to be able to access your admin area from any IP address (for example, if you often rely on free Wi-Fi networks) restricting your admin area to a single IP address or to few IPs can be inconvenient. In such cases we recommend that you limit the number of incorrect login attempt to your site. This way you will protect your WordPress site from brute-force attacks and people trying to guess your password. For such purposes, you can use a nice little plugin called Limit login attempts.

Don't use the "admin" username

Most of the attackers will assume that your admin username is "admin". You can easily block a lot of brute-force and other attacks simply by naming your admin username differently. If you're installing a new WordPress site, you will be asked for username during the WordPress installation process.

Use strong passwords

You will be surprised to know that there are thousands of people that use phrases like "password" or "123456" for their admin login details. Needles to say, such passwords can be easily guessed and they are on the top of the list of any dictionary attack. A good tip is to use an entire sentence that makes sense to you and you can remember easily. Such passwords are much, much better than single phrase ones.

Consider two-factor authentication

Enabling two-factor authentication for your WordPress website will significantly improve the security of your website. One of the easiest ways to do this is to use Clef to authenticate using your mobile phone. For all SiteGround users, Clef authors have created an ad-free version of their plugin.

Make sure you're site is on a secured WordPress hosting

Your WordPress site is as secured as your hosting account. If someone can exploit a vulnerability in an old PHP version for example or other service on your hosting platform it won't matter that you have the latest WordPress version. This is why it is important to be hosted with a company that has security as a priority. Some of the features that you should look for are:

  • Support for the latest PHP and MySQL versions
  • Account isolation
  • Web Application Firewall
  • Intrusion detecting system

Ensure your computer is free of viruses and malware

If your computer is infected with virus or a malware software, a potential attacker can gain access yo your login details and make a valid login to your site bypassing all the measures you've taken before. This is why it is very important do have an up-to-date antivirus program and keep the overall security of all computers you use to access your WordPress site on a high level.

How to Change your WordPress Username

How to Change your WordPress Username

earn how to replace the default Admin username with a more secure name

If you have an existing WordPress site and you want to change your username(to something different than "admin" for security reasons, for example), you can do this quite easily.

First, go to your cPanel and click on the phpMyAdmin icon in the Database section.

Next, locate your WordPress database from the list on the left.

If you're not sure which one it is, you can check the wp-config.php file in the root folder of your WordPress installation and in particular the line below:

define('DB_NAME', 'user_wp448');

Once you select your WordPress database, you will see a lit of its tables. Choose the _users table from the left menu.

You will see a list of all the registered users in your site. Locate the admin username and click on theEdit button on that line.

Now, you will see all the fields for this username. Locate the user_login field and replace its value from admin to your new preferred WordPress login name and hit the Go button at the bottom of the page.

That's it, you can now login with your newly selected WordPress username!

Remove Spam Links From Wordpress Comments

Remove Spam Links From Wordpress Comments

By default all links posted in the comments under your articles are turned by WordpPress into links.Unfortunately, this features encourages spammers to post many unwanted comments in your blog.

To disable turning URLs from comments into actual links, go to your admin area and then navigate to Appearance -> Editor.

Select the functions.php file from the right column and add the following line just above the closing php tag ( ?> ):

remove_filter('comment_text', 'make_clickable', 9);
THAT'S IT! URLs pasted in your comments will not be turned into actual links anymore.

How to Backup WordPress

How to Backup WordPress

Backup WordPress Manually

WordPress is a web application based on PHP and MySQL. As such you need to backup all its files and its database to have a full copy of your site. The easiest way to copy your files is via FTP.  Make sure that you save all the files and folders in the directory WordPress is installed in (public_html if it's the main application for your site).

The WordPress database can be backed up as any other database. In case you have multiple MySQL databases and you wonder which one your site is using, open the wp-config.php file in the WordPress root folder and you'll see the database name saved next to the DB_NAME option.

Use Softaculous to Backup WordPress

Although the main purpose of Softaculous is to install new applications with a single click, it can be used to create a full backup of your WordPress site.

Now, you will see a list of the WordPress applications installed in your account via Softaculous. In case you don't see your site listed here, probably it was not installed via Softaculous. This means that you will have to add it to the system by using the Import page on the same screen. To begin the backup process, click on the yellow folder icon next to the site.

On this page, you can select whether to backup only the WordPress files, only its database or both. In addition, you will receive some useful info about the folder and database that will be backed up. If you wish, you can add a note to this backup. Then, simply click on the Backup Installation button at the bottom of the page.

In few moments, your backup will be ready (time can vary depending on your site size) and you will receive a confirmation message for a successful backup creation. Follow the link to the Backups page to proceed.

Here you will see all the backups you've created. If you want to store your backup locally, simply press the blue arrow icon to download it to your computer.

That's it, you now have a full backup of your WordPress site!

Changing Password in cPanel

When you are successfully logged into a cPanel Dashboard, first and foremost, change the password of your cPanel account. This is very important, so that the security of cPanel remains intact. Nobody would want their website to be hacked.

To change your cPanel Password, follow these steps −

Step 1 − In cPanel Home, click username written over the right corner of the dashboard.


Step 2 − Click Password & Security option. You will find Change Password Interface.


Step 3 − Write your old password and in the following fields, write your new password twice.


Step 4 − Enable digest authentication option if you need to access your webdisk via an unencrypted connection in windows machine. This type of connection is unsecured and not recommended.

Step 5 − Click Change your password now! Button to change your current password. If successful, then cPanel will automatically log you out and you will have to login again with your new password.

cPanel - User Manager

This is a new feature introduced in the latest edition of cPanel. Through this user manager section, you can control all the users you have in your cPanel with a single interface. This interface will show you all the user accounts, who have email accounts or FTP accounts that are associated with your domain. You can delete edit those accounts, change passwords and also you can delete them from here. This interface gives you the ability to add new user and associate them to FTP and Email account too.

To Delete an Account

To use user manager and delete user accounts, you can follow these steps −

Step 1 − Open User manager by clicking the last icon in the sidebar on the left side. Once user manager is open, you will see an interface like this −


Step 2 − You can view all the accounts of your cPanel here, which includes your system accounts too. Account having the Inbox icon colored shows that the account has an email address. The accounts having the truck icon colored show that the account has an access to FTP account, whereas the accounts having the disk icon colored shows that the account has access to a webdisk.

Step 3 − Find the account you wish to delete and click on the delete link under the domain.


Step 4 − You will be asked for confirmation, click on the delete button to delete the user account.

To Edit an Account

If you wish to edit an account or to change the password of any account. Follow these steps −

Step 1 − Choose the account you wish to edit or change password of, from the user manager. Click on Edit link or Change Password link under that account. Both of these will take you to the same interface, where you can edit the account.


Step 2 − You can specify the Full name of the user. Or else, you can provide alternate email id for that account.

Step 3 − Scroll down to see the Security Information, you can provide a new password in this interface or whether, you wish to change the password, if not leave it blank.


Step 4 − Choose the services you want to enable for that user account from the services interface.


You can enable or disable email, also you can change the Quota for the email of that account. You can also enable FTP for that account, just move the switch to enable the FTP account.

Step 5 − Click Save for saving the settings for that existing user.

Add a New User

You can also add a new user and give him access to email and FTP. To create a new user, follow these steps −

Step 1 − Click ‘Add User’ Button found on the right side of the user manager interface. And you will see the same screen, which you saw on the Edit user interface.


Step 2 − Provide all necessary information like username and password, you can also provide full name of the user, but it is optional.

Step 3 − Choose services you want to give to that particular user. Enable the services by moving the switch to enable or disable the services.


Step 4 − Click the Create button to create the user and return to the user manager interface or click Create and Add Another to create the user and return to Add user interface to add a new user again.

cPanel - File Permissions

All files and directories in Linux Operating System has access permissions. This feature gives the ability to the user for setting up different access levels for each user and also Operating system gets the ability to deal with different request for accessing the file. This feature makes system more secure to potential security threats. There are three types of access permissions −

  • Read − It is denoted by ‘r’ and number 4, it gives ability to the user for reading the file only.
  • Write − It is denoted by ‘w’ and number 2, it gives ability to the user for writing into the file only.
  • Execute − It is denoted by ‘x’ and number 1, it gives ability to user for executing the file only.

Access permissions can be given in groups too, for example, if we want to give a file to read and write permission only, we can assign ‘rw–‘ to that file or in numerical form, we can assign number 6 – as 4 for read and 2 for write equals to 6.

These access permissions are given to three types of users −

  • User − It is owner of the file.
  • Group − It is the group of users in which Owner lies.
  • World − It is referred to everyone else.

We give access permissions according to file types in cPanel. By default, cPanel File Manager gives 6-4-4 permissions to the users – 6 to the User, 4 to the Group and 4 to the World. Most of the time we do not need to change the file permissions unless needed.

You can change the file permissions in cPanel environment by using the following steps −

Step 1 − Go to File Manager from cPanel Home.

Step 2 − Navigate to the File or Folder you wish to change permissions to and select the file or folder by a single click of the mouse.

Step 3 − Click on Permissions link from the Top menu of File Manager and you will get a Prompt as shown below.


Step 4 − Choose permissions according to your need and Click on Change Permissions to save the new access permissions of the file.

cPanel - Backup

This feature of cPanel is very useful for your website. We can use backup feature for transferring our website to the new host. If we are making a change in the website files or database, we can create a backup of website. So that, if in future anything wrongs happens to the website while editing, we can always restore to as it was before. If any problem occurs with the hosting provider, you will always have a copy of the website.

cPanel Backup creates a zipped copy of your entire website or a part of your website. There are two types of Backup in your cPanel Backups.

Full Backup

Full Backup creates a zipped copy of your entire website and cPanel account. It includes all the files you own or you have access to. It also includes all the databases, email accounts, email lists, subdomain, etc.

Full Backups cannot be restored through cPanel interface. It is only used when you are transferring your current host to the new host. You need to upload this zipped backup into your home directory and ask your hosting provider to restore it.

To download your full website backup, please follow these steps −

Step 1 − Open cPanel Backup by clicking Backup from the Files section in cPanel Home.


At the top, you will find Full Backup as shown below −


Step 2 − Click on the Big Blue button on which “Download a Full Website Backup” is written and you will be taken to this screen.


Step 3 − Select Backup destination, leave it as home directory. This will create a backup in your home directory, from where you can download it later. Enter the email address, where you want to receive a notification, when full backup of your website is ready to be downloaded. As full website backup takes time to generate.

Step 4 − Click Generate Backup and you will see a success message of Backup in Progress.

To download the Full Website Backup, you can always come back to this page after you receive your email notification and you will see a screen similar to the one shown below.


Download your backup by clicking over the backup link.

Partial Backups

Partial backup is created and can be downloaded instantly. Through Partial Backup, you can download your Home Directory, Databases, Email Forwarders and Email Filters separately. You can restore the downloaded backups any time by uploading them to cPanel using the same interface.

To use this feature, open your Backup section using the same method used above in Step 1, scroll down and you will see a similar interface shown here, interface will vary according to your domain and data.


You can click Home Directory button to download your home directory backup. To restore your home directory, you can upload the same file in the right hand side interface on which Restore a Home Directory Backup is written.

You can do the same with Databases, Email Forwarders and Email Filters.

cPanel - Backup Wizard

You can use cPanel Backup Wizard to Backup and Restore your cPanel website step by step. cPanel Backup wizard is created for non–advanced users to simplify the backup and restore process.

To use cPanel Backup Wizard, open this interface by clicking the Backup Wizard link, which can be found under the Files section of the cPanel Home.


Once you are inside your Backup Wizard you can Create Backups or Restore Backups through the similar Interface shown below −


To use this Backup Wizard, there are 3 important steps −

If you need to download backup of your website

Step 1 − Select Backup.

Step 2 − Select Full or Partial backup, as stated in the previous chapter. We cannot restore Full Backup, same applies here too. If you wish to download Partial Backup, you can click on any one from the Home Directory, MySQL Databases or Email Forwards & Filters. Partial Backup downloaded from Backup Wizards can be restored through the Backup Wizard only.


Step 3 − Download your backup according to your choice.

If you need to restore your website form the backup you downloaded, follow these steps −

Step 1 − Select Restore from Backup Wizard Interface.

Step 2 − Select Restore Type from Home Directory, MySQL Databases or Email Forwarders & Filters.


Step 3 − Upload your backup file to and click on Restore Button to restore your backup.