7 Ways to Customize WordPress for your Users

WordPress has been considered as one of the most simplest Content Management Systems. It offers a very clean user interface. Offering significant power, this free open source content management system is easier to install.

However, sometimes WordPress can get daunting even for those who use it frequently. If not used carefully, it can invite a malicious plugin or wipe a database. Scary isn’t it?

Luckily, the CMS can be configured and customized to avoid problems. Here’s how to go about it:

1. Create Shortcodes

Many users demand advanced functionality. Some of the most commonly demanded include stock price trackers, affiliate links, Twitter widgets, etc. Here, it is important to restrict your users from adding arbitrary third-party code. In fact, you can let them call your code through a shortcode defined in functions.php file’s theme or a plugin. The following shortcode recommended by most reputed WordPress maintain service providers will allow your users to enter [include myfile] in the editor for including myfile.php from the template folder:

// include a specific PHP file
function customIncludeFile($params = array()) {

‘file’ => ‘contact-form’
), $params));

include(get_theme_root() . ‘/’ . get_template() . “/$file.php”);
return ob_get_clean();

add_shortcode(‘include’, ‘customIncludeFile’);

2. Allot User Roles

One of the best things about WordPress is that it offers a wide range of roles and capacities. Users may be any of the following in most cases:

  • A Contributor – Can write and manage their own posts without being able to publish any of them.
  • An Editor – Can publish and manage their posts for themselves and others.
  • An Author – Can publish and manage their own posts.

The above stated roles cannot do the following:

  • Install plug-ins
  • Change themes
  • Approve updates
  • Edit files
  • Perform other dangerous tasks available to Administrators

Although some users would demand full rights, they should also be prepared to take the risks involved.

3. Get Rid of Unnecessary Menus

Only a few websites use all WordPress features. An example of this is that an installation may not require the commenting functionality. You can easily eliminate unnecessary items by using the following code in a plugin or functions.php:

// remove unnecessary menus
function remove_admin_menus () {
global $menu;

// all users
$restrict = explode(‘,’, ‘Links,Comments’);

// non-administrator users
$restrict_user = explode(‘,’, ‘Media,Profile,Users,Tools,Settings’);

// WP localization
$f = create_function(‘$v,$i’, ‘return __($v);’);
array_walk($restrict, $f);
if (!current_user_can(‘activate_plugins’)) {
array_walk($restrict_user, $f);
$restrict = array_merge($restrict, $restrict_user);

// remove menus
while (prev($menu)) {
$k = key($menu);
$v = explode(‘ ‘, $menu[$k][0]);
if(in_array(is_null($v[0]) ? ” : $v[0] , $restrict)) unset($menu[$k]);

add_action(‘admin_menu’, ‘remove_admin_menus’);

Here, you should focus on setting variables listed below in the following way:

$restrict — This is a comma-delimited list comprising of menu items. These (including administrators) will not get displayed to users. Links and Comments have been hidden in the above stated example.

$restrict_user — This is a comma-delimited list that includes menu items that’s not displayed to non-administrators.

4. No Update Notifications

Although WordPress update notifications can be very useful to you, it may become a cause of worry for your users. So simply disable it in a plugin or functions.php file of the theme. Here’s how you can disable it:

// remove update notifications
function no_update_notification() {
if (!current_user_can(‘activate_plugins’)) remove_action(‘admin_notices’, ‘update_nag’, 3);
add_action(‘admin_notices’, ‘no_update_notification’, 1);

5. Remove the Administration Bar

WordPress displays a dark grey administration bar. This is available right at the top of live site once logged in. This is not beneficial. Hence, you may eliminate it by using PHP line in your plugin or the functions.php code:

// remove admin bar
add_filter(‘show_admin_bar’, ‘__return_false’);

6. Get Rid of Unnecessary Dashboard Widgets

Dashboard offers a confusing order of options to your users. So make sure you get rid of dashboard widgets. The plugin or functions.php code mentioned below will help you go about it:

// remove unnecessary dashboard widgets
function remove_dashboard_widgets(){

global $wp_meta_boxes;

// only remove “Right Now” for non-administrators
if (!current_user_can(‘activate_plugins’)) {

// remove widgets for everyone

add_action(‘wp_dashboard_setup’, ‘remove_dashboard_widgets’);

You can configure this as per your requirements. The ID of dashboard widget is assigned to its div element. You need to place it in the HTML source. Another way is to use ‘Developer Tools’.

7. Eliminate Post Meta Boxes and Unnecessary Page

Only a very few people, including administrators need all options available to posts, pages, and custom posts. Screen Options can be used to hide these by using the menu at the top-right of the editing screen. However, it is possible for users to re-enable options. For deleting boxes permanently, simply add the following code to functions.php or a plugin:

// remove unnecessary page/post meta boxes
function remove_meta_boxes() {

// posts

// pages


You need to add or remove the following lines as required:


Place the ID assigned to the div element of Metabox in the HTML source. Developer Tools can also be used for the same.

WordPress Security Plugins – Top 10 Options to Ensure You Best Security

Security for WordPress website is very important. Since you spend a lot of time writing articles, researching for pictures, and brainstorming for topics, it is crucial to ensure utmost safety for your blog.

Remember that your website needs to be prevented from digital thieves or intruders (hackers). Being the top content management system across the globe, it makes for an ideal target for hacking attempts. So choosing the best from a variety of WordPress security plugins needs to be a priority for you as a blog or website owner.

As already discussed, WordPress is the most popular content publishing platform. Since it is being used by many millions of websites worldwide, hackers are more interested in websites that use WordPress.

How is WordPress Website Hacked?

Usually, third-party WordPress plugins and themes are used to hack WordPress based websites. Some other elements can also be used for the same. These include:

  • WordPress Hosting server vulnerabilities
  • WordPress database security
  • WordPress plugin security
  • Theme security
  • File permissions
  • FTP vulnerabilities
  • Users permissions
  • Weak passwords
  • Your computer security
  • Many more

Website security is extremely crucial. Hence, you should keep WordPress installation secured as much as possible. Hackers can exploit your private info and steal that your users/customers. There are a number of things you can do to secure your WordPress site. For instance, you can keep all of your WordPress, plugins, and themes up to date, rely on a good WordPress hosting company, use strong passwords, avoid installing plugins from unreliable sources, get WordPress backup regularly, be strict about permissions you give to your website users, authors and editors etc.

Here is a list of the best WordPress Security Plugins. You may use these for adding an extra layer of security to your WordPress website:

1. WordFence WordPress Security plugin

This is the most downloaded WordPress Security plugin and has over 1+ million active installs till now. The plugin is full-featured and very powerful. It is also consistently updated. WordFence ensures complete protection from hacking, malicious traffic malware, and much more. It comes equipped with many other powerful features that make WordFence one of the most powerful and efficient free WordPress security plugins.

Some of these features include:

  • WordPress Firewall
  • Compatibility with CIPv6
  • Blocking Features
  • Security Scanning
  • Multi-Site Security
  • Login Security
  • Monitoring Features
  • All Major Theme and Plugins Supported

WordFence also comes with a premium API key. Freelance WordPress Plugin Developer and experts strongly recommend this plugin. This adds some additional features to the plugin such as scheduled scans, country blocking, premium support and two-factor authentication, allowing users to sign-in to WordPress using password and their cell phone. This plan also checks if your website IP is being used to spamvertize.

2. BulletProof Security

This is a very popular plugin that helps secure your WordPress website. It offers a single click security solution to site owners. The plugin offers secure your website against the following:

  • RFI
  • XSS
  • CRLF
  • SQL injection
  • Code injection hackings

BulletProof security is an easy single-click setup and comes with a record of the number of login attempts. It offers file monitoring and quarantining of all uploaded files. Email alerts are also available for user actions. You will get alerts as soon as any malicious activity is suspected or affects your site. BulletProof also has a pro version. It offers advanced features to improve website security.

3. iThemes Security WordPress plugin

The WordPress security plugin from iThemes, is a free security plugin for WordPress which ensures over 30 powerful ways to protect WordPress site. It is a great option for novices as well as experienced WP users. The 1-click installation helps with easier plugin setup. The advanced security options can be configured from dashboard easily. This plugin offers protection from WordPress sites via fixed common security vulnerabilities. It also helps users to select very strong passwords, stop automated attacks, etc. The security checklist ensures easier maintenance.

4. All in One WPSecurity & Firewall

This is also a very popular WordPress security plugin. It promises a user-friendly interface for all those who are not very familiar with advanced security settings. The plugin offers ample protection to your website via consistent checking for vulnerabilities and implementation of the latest techniques and security measures.

It is integrated with a meter on your dashboard to ensure your site a score of how secure it is. This is a very useful feature. It helps you increase score via adding more security options. All in One WPSecurity & Firewall comes equipped with a security scanner that keeps constant track of files and notifies you about any change in the WordPress system. It will also detect malicious code in your WordPress website.

Also read our guide on boyfriend tag questions

5. AntiVirus

This is a free self-explanatory plugin. It scans your website for all malware and spam injections. The plugin performs these scans mainly primarily on your database and theme files. Once it finds anything, you get notified instantly through email. Since the plugin informs you in the fastest possible way, it is easier for you to respond quickly to prevent any issue from escalating. In order to ensure consistent protection, you may schedule AntiVirus to run automatic which scans your website on a daily basis.

6. Sucuri Security WordPress plugin

Sucuri is a widely renowned authority in the WordPress and Website Security industry. They offer WordPress Security plugin, a powerful scanning and monitoring tool for WordPress. It is a 100% free WordPress Security plugin integrated with four primary features:

  • Remote Malware Scanner
  • Security activity auditing
  • File integrity monitoring
  • Overall WordPress Security Hardening

The free security plugin has been specifically developed for highly experienced users and developers because it requires basic understanding of codes and files within WordPress. You should use this plugin with another WP security plugin such as iThemes or WordFence Security to ensure security of very high level.

7. Google Authenticator

The plugin adds two-step or two-factor authentication to WordPress. Here, you don’t need to sign in by using username and password only. There is another way of authentication for each new device such as a voice call, text, or a mobile app. The second authentication method is needed once for each device. Hence, you should do it once per device. Google Authenticator also supports security keys plugged in the USB port.

8. WP Antivirus Site Protection

As the name suggests, WP Antivirus Site Protection WordPress plugin in meant to protect your site against viruses, and malware. This free security plugin for WordPress scans all your WordPress installation files to detect malware, worms, spyware, backdoor’s, hidden links, rootkits, adware, Trojan horses, fraud tools and removes them.
This plugin scans your site files using Siteguarding.com API against the daily-updated virus database. When the plugin detects any threat it displays it in the WordPress Admin dashboard and will also send an email to you if you want.

9. Acunetix WP Security plugin

This is free and highly comprehensive WordPress security plugin that ensures you a highly secure WordPress-built site via performing scanning for vulnerabilities. Acunetix hides WordPress version for non-admins in back-end dashboard. It also removes WP Generator META tag from core code. Your WordPress site will be secured against unethical file permissions, passwords, etc. You can also take WordPress database backup easily.

10. Brute Force Login Protection

The security plugin for WordPress is a one-purpose plugin. It promises best protection for your WordPress website against Brute Force Login Attacks. This process is undertaken via blocking the attacker IP address for a certain period of time with the user of .htaccess file.

Also read our guide on how to track an iphone by phone number


In the past few years, there has been a significant increase in the number of hacking attacks. Hence, it is very important to ensure tight security for your WordPress website. All security plugins listed above will let you ensure top security for your site. If you don’t code a lot, adding plugins is the best option for securing the blog. Most of these are free, very safe and easy to use.