What is the Difference between WordPress Posts and Pages?

wordpress-pages-vs-posts A common question asked by many WordPress users is whether they should use posts or pages for creating content on their website. The short answer is that it’s possible to use both, but that some content is better suited to posts and others better suited to pages. In this article, we’ll explain the similarities and differences between WordPress posts and pages and tell you which types of content are suitable for each.

How are WordPress posts and pages similar?

Posts and pages can be used to publish the same kinds of content. Both can include text and media presented in a range of layouts and can be embellished with social media sharing icons, sign up forms, advertisements, comments and a whole range of other features.

Choosing either will not affect what you can create or how the content looks. With the exception of the homepage, which has to be a page, any other content can be created as either a page or a post. However, just because you can use either, doesn’t mean you should. In the next section, we’ll explain the differences between posts and pages so that you will understand which one is best to use in which circumstances.

Understanding WordPress posts

posts-all-posts

WordPress was originally developed as a platform for bloggers to ‘post’ their articles to. The way early blogs were structured was to have posts arranged on the homepage in reverse chronological order with the newest posts at the top and the oldest at the bottom. Bloggers liked it this way because their latest article took precedence; as it was newer and more relevant than their older work they wanted it to be the first thing that readers saw when they visited the site.

Although blogs have developed since then, this is how posts still work. Their prominence on your website is controlled by the date on which they were posted. Newer posts will always be placed at the top.

This kind of structure is fine if your website is primarily publishing time related content. It’s not just useful for blogs; it can also be useful for magazines, news websites and other types of business.

One of the advantages of posts is that you can create categories to put them in to help organise your content in a more structured way for your readers. If your website is about cars, you can have categories for sports cars, saloon cars, people carriers, 4×4’s etc., so your readers can find what they are looking for more easily. In addition, you can also label your posts with tags, enabling readers to search for various terms: Mercedes, hybrid, heated-seats, for example. Pages cannot be organised into categories or be labelled with tags.

Advances in WordPress over the years now allow homepages to present posts in non-chronological ways, such as showing featured posts and selections of posts from different categories. However, although the homepage can be modified to be more magazine-like and appealing, underneath, once you reach a category archive page, the articles in each category are still presented in reverse chronological order.

This, of course, is not the ideal structure for many website owners. There will always be some information on your site that, regardless of how old it is, is more important than others and you will want it to feature prominently on the homepage. And this is where ‘pages’ come into play.

Understanding WordPress Pages

wordpress pages

A page, in essence, is a stand-alone item of content. Unlike a post that will move towards the bottom of the pile as more posts are is added, a page will stay exactly where you put it. Instead of being organised into categories, pages are usually part of a hierarchical structure that you create yourself using hyperlinks and menus.

For example, if you ran a building company and had three main services: new builds, extensions and repairs, you could create a separate page for each of those services. On your homepage you would give a short description of each service and then a link to the main service page. Your website hierarchy would then look like this.

hierarchy

If you published additional pages, this structure would still remain the same unless you decided you wanted to make any changes. Pages, therefore, are for the important information that you want to remain fixed on your website in the place where it most meets your needs to have them.

Whilst you cannot create categories for pages, you can create menus with submenu items grouped together underneath, which can achieve a similar result. If, for example, one of your menu items is ‘Shop’ a submenu could be created with links to different pages: shoes, jewellery, watches, spa, etc.

The one thing that would be difficult to replicate for pages is an equivalent of a category page – a page on which is listed an excerpt from each of the posts in that category together with a thumbnail of its featured image. WordPress creates these automatically for posts, with pages you’d need to do it manually.

Advantages of adding posts to a page based website

Even if your website requires most of its content to be created as pages, adding posts, either as a blog or a news section, is a great way to increase business. Posts get indexed by search engines and can generate increased traffic. Those visitors, in turn, can share and like your posts to an even wider audience. Allowing comments on posts is a great way to develop customer relationships and if you can use those relationships to get visitors returning you can soon build up a large e-mail subscriber list – one of the cheapest and most effective marketing channels for generating repeat custom.

As an added bonus, posts are good for SEO. Google likes sites which are regularly updated with fresh content and blogs and news sections of websites are a great way to achieve this without the need to be constantly changing your important pages. Good posts can also get linked to, which can improve your domain authority.

Advantages of adding pages to a post based website

Even if you intend to run a predominantly post based website like a blog, it is still important that some of the content is created as pages where it can always be found in the same place. Contact pages, disclaimers, terms and conditions and privacy policies should always be published as pages.

Conclusion

Although there is no difference in appearance for content created as a page or post, there is a great deal of difference in terms of how that content is organised and accessed by your visitors. By reading this article, you should now have a much better understanding of how posts and pages differ from each other and the circumstances in which you should use each to create your content.

Hardening WordPress Security

WordPress is the most popular blogging and CMS system on the Internet which makes it a favorite target for hackers. Having a WordPress site means that you have to take some extra efforts in order to protect your and your visitors data hence hardening your WordPress deployment is mandatory.

We know from experience that having your site hacked is not fun. That’s why, here at WebHostingWorld, we take security very seriously.
In line with our serious approach to security, our products are carefully optimized to be as secure as possible. There are, however, still a handful of potential security risks, when running a website, that we have no control over. You, the website owner, need to pay attention to these potential security risks, in order to keep your website safe.

With that in mind, here are few things you can do to improve your WordPress security.

1. Update all the things

It is really important to keep your core WordPress files and all of your plugins, themes updated to their latest versions. Every new release of WordPress contains patches and fixes that address real or potential vulnerabilities. If you don’t keep your website updated with the latest version of WordPress, you could be leaving yourself open to attacks.

Many hackers will intentionally target older versions of WordPress with known security issues, so keep an eye on your Dashboard notification area and don’t ignore those ‘Please update now’ messages.

Don’t ignore this!

The latest version of WordPress is always available on official WordPress site. Official release is not available from other websites or resources, thus, NEVER update WordPress from third party resources. Also, you can easily update WordPress from Admin Dashboard directly

WordPress update

It is strongly recommended to update your plugins and themes to the latest versions too, as a bug in one of these can affect your whole installation. You can update both plugins and themes via Admin Dashboard > choose Plugins or Themes menu and click ‘Update now’ near the necessary plugin or theme:

plugins update

themes update

NOTE: it is recommended to create backups of your WordPress files and database before applying any changes.

2. Strengthen up those passwords

You will be surprised to know that there are thousands of people that use phrases like “password” or “123456” for their admin login details. Needles to say, such passwords can be easily guessed and they are on the top of the list of any dictionary attack.

The goal with your password is to make it hard for other people to guess and hard for a brute force attack to succeed. Many automatic password generators are available that can be used to create secure passwords.

https://identitysafe.norton.com/password-generator/

Things to avoid when choosing a password:

Any permutation of your own real name, username, company name, or name of your website.
A word from a dictionary, in any language.
A short password.
Any numeric-only or alphabetic-only password (a mixture of both is best)

3. Don’t use the “admin” username

The default WordPress login is ‘admin’ and most hackers know that. It should be changed to custom one with a strong password which include upper/lower keys, numbers and symbols. If you’re installing a new WordPress site, you will be asked for username during the WordPress installation process.

installing WordPress

If you have already installed WordPress you can still change username.The easiest way to change your WordPress username is by creating a new user with your desired username and with the administrator user role. You will need to use a different email address than the one used by the old account.

To add a new user on your WordPress site, simply click on Users » Add New and fill out the form.

add-new-user-wordpress

Add a new user with Administrator role, make sure you use a strong password.
Now you need to logout and then login with the new user account you just created.
Go to the Users section and click on the Delete link under your old username
add user

While deleting your old user, WordPress will ask what you want to do with their content. Make sure that you click on ‘Attribute all content to:’ option and then select the new user you just created. Click on the ‘Confirm Deletion’ button to delete the old user account.

delete user

That’s all you have successfully changed your WordPress username

4. Protect your WordPress Admin Area

Keeping “wp-admin” folder protected adds an extra layer of protection. Whoever attempts to access files or directory after “wp-admin” will be prompt to login.

Protecting your “wp-admin” folder with login and password can be done in several ways:

4.1. WordPress plugin

Using the WordPress AskApache Password Protect plugin.

4.2. cPanel

You can set protection easily on any folder via cPanel’s Password Protect Directories

Go to cPanel > Security > Password Protect Directories to access a list of your site’s folders:

Password Protect Directories

Choose the directory you wish to protect and click on it

Password Protect Directories

Put a tick on Password protect this directory and name your protected directory, insert the username and password and click on Add or Modify the Authorized User button to save your changes:

4.3. .htaccess + htpasswd

Creating a password-protected folder can also be done easily by setting the folders you want to protect inside .htaccess and users allowed to access inside .htpasswd.

The best you can do is to get our home IP address (you can use a site like whatismyip.com for that) and add these lines to the .htaccess file in your WordPress admin folder replacing xx.xxx.xxx.xxx with your IP address.

<Files wp-login.php>
order deny,allow
Deny from all
Allow from xx.xxx.xxx.xxx
</Files>
In case you want to allow access to multiple computers (like your office, home PC, laptop, etc.), simply add another Allow from xx.xxx.xxx.xxx statement on a new line.

5. Securing wp-config.php

It is very important to protect wp-config.php file and wp-admin folder since they are more susceptible for hacker attack.

Move wp-config.php outside of the web directory (eg. one directory up). WordPress knows to look for the file in other directories if it can’t find it in the web directory.

The trouble is, if a hacker managed to gain access to your admin panel, they could also edit your files that way, and execute whatever code they wanted to.

So it’s a good idea to disable this method of file editing, by adding the following to your wp-config.php file. You can put this in that file (at the very top) to deny access to anyone surfing for it:

<files wp-config.php>
order allow,deny
deny from all
</files>

The WordPress Dashboard by default allows administrators to edit PHP files, such as plugin and theme files. This is often the first tool an attacker will use if able to login, since it allows code execution. WordPress has a constant to disable editing from Dashboard. Placing this line in wp-config.php is equivalent to removing the ‘edit_themes’, ‘edit_plugins’ and ‘edit_files’ capabilities of all users:

define(‘DISALLOW_FILE_EDIT’,true);

6.Changing database prefix

Your website might be at stake if you are using the predictable wp_ prefixes in your database.

This one can be difficult to do but it is the absolute most critical. By default, WordPress prefixes all its database tables “wp_”. Changing the table prefix to a random string makes it difficult if not impossible for a hacker to execute remote SQL injection attacks.

If you haven’t installed WordPress yet, then during installation you can change the table prefix to the random string you generated previously. Make sure you add an underscore ( _ ) after the string so your tables are easier to read.

changing table prefix

If you have already installed WordPress you can still change database prefix in two ways: either manually or using a special plugin.

For manual database prefix change, go to cPanel > phpMyAdmin menu > choose the necessary database from the left side > click on SQL option above.

Here you need to run RENAME SQL queries on tables in your WordPress database:

RENAME table `wp_commentmeta` TO `newprefix_commentmeta`;
RENAME table `wp_comments` TO `newprefix_comments`;
RENAME table `wp_links` TO `newprefix_links`;
RENAME table `wp_options` TO `newprefix_options`;
RENAME table `wp_postmeta` TO `newprefix_postmeta`;
RENAME table `wp_posts` TO `newprefix_posts`;
RENAME table `wp_terms` TO `newprefix_terms`;
RENAME table `wp_term_relationships` TO `newprefix_term_relationships`;
RENAME table `wp_term_taxonomy` TO `newprefix_term_taxonomy`;
RENAME table `wp_usermeta` TO `newprefix_usermeta`;
RENAME table `wp_users` TO `newprefix_users`;

*where newprefix_ should be replaced with new database prefix you wish to have instead of wp_, then click Go:

sql query

Once done, you will see the new database prefix has been applied to your WordPress database:

table prefix

After that you will need to search the options table for any other fields that is using wp_ as a prefix in order to replace them. It is necessary to run the following query in the same way:

SELECT * FROM `newprefix_options` WHERE `option_name` LIKE ‘%wp_%’

options table

Then click Go and you will get the result as on the screenshot below:

table prefix

Here you will need to go one by one to change these lines and replace the old database prefix with the new one. Once done, we need to search the usermeta for all fields that is using wp_ as a prefix with the help of this SQL query:

SELECT * FROM `newprefix_usermeta` WHERE `meta_key` LIKE ‘%wp_%’

sql query

After that click Go and the following results will appear:

changing database prefix

Number of entries may vary on how many plugins you are using and such. Here you need to change everything that has wp_ to the new prefix as well.

Once done, make sure to update your wp-config.php file with new database prefix:

changing database prefix in wp-config.php

Also, you can change database prefix using special plugins, like Change DB prefix or Change table prefix.

7. Plugins For Better Security

7.1. WP DB Backup

WP DB Backup is an easy to use plugin which lets you backup your core WordPress database tables just by a few clicks. Besides it is so easy, it
has also been one of the most used plugin to secure your WP-powered website.

7.2. WP Security Scan

With this plugin, scanning your WordPress-powered site will be a simple task. It finds the vulnerabilities in your site and offer useful tips on removing them.

7.3. User Locker

If you want to avoid brute-force hacking your site, then the User Locker plugin is right for you. It works on the same system as Login
Lockdown, however, it’s a 5-stars rated WP plugin which has a great fame among its users. With this plugin, scanning your WordPress-powered site will be a simple task. It finds the vulnerabilities in your site and offer useful tips on
removing them.

8. Keeping the backups

Back up your data regularly, including your MySQL databases. A sound backup strategy could include keeping a set of regularly-timed snapshots of your entire WordPress installation (including WordPress core files and your database) in a trusted location.

The following is a very simple version of how to use phpMyAdmin to back up your WordPress database.

1. Click on Databases in your phpMyAdmin panel. (It may not be necessary to do this, depending on your version of phpMyAdmin)

database backup

You may have several databases. Click the one that holds your WordPress data, the database you created when you installed WordPress.
Below is a picture of the default tables in the Structure view tab. You may have more tables — this would happen if you have any statistics plugins or anti-spam plugins.

database structure

Click Export. There are two methods to export, Quick and Custom; if you choose Custom, follow these steps:

1.1. Select all the tables.
1.2. In the Output section check Save output to a file and select None for Compression. (If your database is very large use a compression method)
1.3. Select SQL from the Format drop-down menu.
1.4. Check “Add DROP TABLE”: this can be useful for over-writing an existing database.
1.5. Check “IF NOT EXISTS”: this prevents errors during restores if the tables are already there.
1.6. Click Go. The data will now be saved into your computer.

Keep these files safe, copied and stored in separate places on separate media.

The tips provided above do not guarantee 100% secure of your WordPress website, however, they drastically decrease chances of getting hacked. We sincerely hope this article helped you enough in securing your online business and becoming a trouble-free and happy customer.

Changing The WordPress Site URL

Your WordPress.com blog address is what people use to access your blog. An example of a WordPress.com blog address is example.wordpress.com. This document explains how you can change the example part of the address to something else.

1. Log in to WordPress admin panel Settings > General.
2. Update WordPress Address (URL) line and Site Address (URL) lines and save the changes:

general settings

3. You will also need to re-generate the permalinks to make sure they have the new URL in Settings> Permalinks.
So if you had Post name, you need to switch to “Default” for instance, save the changes and then revert everything back:

permalink settings

If Dashboard is not opening or not letting you in for some reason, you may perform the changes directly in MySQL database.

The instruction below will guide you on how to change WordPress website URL usingphpMyAdmin in cPanel.

1. Login to your cPanel and navigate to phpMyAdmin menu:

phpmyadmin

2. Choose the database which is being used for your WordPress blog and click on it.

If you are not sure what exactly database you need, check it in wp-config.php file which is located in the document root – in our case it is /public_html/wp/:

wp-congif.php

3. Click on wp-options table and edit siteurl and home fields:

wp-options table

That’s it!

Learn about robots.txt file

The robots exclusion protocol (REP), or robots.txt is a text file webmasters create to instruct robots (typically search engine robots) how to crawl and index pages on their website.
Robots.txt is a text (not html) file you put on your site to tell search robots which pages you would like them not to visit. Robots.txt is by no
means mandatory for search engines but generally search engines obey what they are asked not to do. It is important to clarify that robots.txt
is not a way from preventing search engines from crawling your site (i.e. it is not a firewall, or a kind of password protection) and the fact that
you put a robots.txt file is something like putting a note “Please, do not enter” on an unlocked door – e.g. you cannot prevent thieves from
coming in but the good guys will not open to door and enter. That is why we say that if you have really sensitive data, it is too naïve to
rely on robots.txt to protect it from being indexed and displayed in search results.

robots.txt

When a search engine crawls (visits) your website, the first thing it looks for is your robots.txt file. This file tells search engines what they should and should not index (save and make available as search results to the public). It also may indicate the location of your XML sitemap.

Google’s official stance on the robots.txt file

Robots.txt file consists of lines which contain two fields: line with a user-agent name (search engine crawlers) and one or several lines starting
with the directive

How to create a robots.txt file

You will need to create it in the top-level directory of your web server.

When a robot looks for the “/robots.txt” file for URL, it strips the path component from the URL (everything from the first single slash), and puts “/robots.txt” in its place.

For example, for “http://www.example.com/shop/index.html, it will remove the “/shop/index.html“, and replace it with “/robots.txt“, and will end up with “http://www.example.com/robots.txt”.

So, as a web site owner you need to put it in the right place on your web server for that resulting URL to work. Usually that is the same place where you put your web site’s main “index.html” welcome page. Where exactly that is, and how to put the file there, depends on your web server software.

Remember to use all lower case for the filename: “robots.txt“, not “Robots.TXT.

You can simply create a blank file and name it robots.txt. This will reduce site errors and allow all search engines to rank anything they want.

Here’s a simple robots.txt file:

User-agent: *
Allow: /wp-content/uploads/
Disallow: /

1. The first line explains which agent (crawler) the rule applies to. In this case, User-agent: * means the rule applies to every crawler.

2. The subsequent lines set what paths can (or cannot) be indexed. Allow: /wp-content/uploads/allows crawling through your uploads folder (images) and Disallow: / means no file or page should be indexed aside from what’s been allowed previously. You can have multiple rules for a given crawler.

3. The rules for different crawlers can be listed in sequence, in the same file.

Examples of usage

robots-allow-all

Prevent the whole site from indexation by all web crawlers:

User-agent: *
Disallow: /

Allow all web crawlers to index the whole site:

User-agent: *
Disallow:

Prevent only several directories from indexation:

User-agent: *
Disallow: /cgi-bin/

Prevent site’s indexation by a specific web crawler:

User-agent: Bot1
Disallow: /

Robots.txt for WordPress

Running WordPress, you want search engines to crawl and index your posts and pages, but not your core WP files and directories. You also want to make sure that feeds and trackbacks aren’t included in the search results. It’s also good practice to declare a sitemap. So in case you didn’t create yet a real robots.txt, create one with any text editor and upload it to the root directory of your server via FTP.

Blocking main WordPress Directories

There are 3 standard directories in every WordPress installation – wp-content, wp-admin, wp-includes that don’t need to be indexed.

Don’t choose to disallow the whole wp-content folder though, as it contains an ‘uploads’ subfolder with your site’s media files that you don’t want to be blocked. That’s why you need to proceed as follows:

User-Agent: *
# disallow all files in these directories
Disallow: /wp-admin/
Disallow: /wp-includes/
Disallow: /wp-content/plugins/
Disallow: /wp-content/themes/

Miscellaneous remarks
Don’t list all your files in the robots.txt file. Listing the files allows people to find files that you don’t want them to find.
Don’t block CSS, Javascript and other resource files by default. This prevents Google bot from properly rendering the page and understanding that your site is mobile-optimized
An incorrect robots.txt file can block Googlebot from indexing your page
Put your most specific directives first, and your more inclusive ones (with wildcards) last

Top 5 WordPress beginner tips

security

So you are new to WordPress? WordPress is a very flexible and powerful system, and it can be very overwhelming for beginners. Where to start? Well, there are many great WordPress video and tutorial websites, for example: wp101.com and wpbeginner.com. We’ve also compiled this list of top WordPress beginner resources. The WordPress community is very open and people love to help. Make sure you join a local Meetup and attend your local WordCamp. There are also many wonderful Facebook, and Google+ community pages.

After many years of working with and supporting WordPress we’ve come up with the following 5 top tips:
Tip #1 – Don’t use Admin as a user: Is “admin” your username? Then you are a prime target! Change this immediately. Oh, but wait… you can’t change a WordPress username. Don’t fear. First log in as you normally would. Under “profile,” change your email address to an alternate email. (This is because you can’t use the same email address for more than one username). Now create a new user choosing a unique username that is not admin, test, administrator, Admin, or root, as these are the top usernames being targeted. For this new username, you may now include your normal email address. After creating the new user, then delete your old username. Poof! That was easy!

Tip #2 – Backup frequently: There are many wonderful backup systems available for WordPress. See our list here. A favorite of many of our users is BackupBuddy.

Tip #3 – Keep WordPress updated: WordPress frequently releases new updates. Make sure you keep your WordPress version up-to-date.

Tip #4 – Keep plugins updated: As WordPress is updated, so are plugins to keep up with the new versions. Plugins are also updated to prevent security issues. It is very easy to update plugins. In your plugin area, just click on the update link next to the plugin that you want to update.

Tip #5 – Install a security plugin: There are many great security plugins and we recommend you install at least one. All ClickHOST customers have free access to the premium Sucuri WordPress plugin. We also recommend iThemes Security Pro plugin.

The Official Web Hosting World Blog