Select Page
Here Is How You Can Prevent WordPress To Show Sub Categories

Here Is How You Can Prevent WordPress To Show Sub Categories

Using the WordPress platform, you must have had a situation where the WordPress does something that you do not like and you would like to prevent that. The problems may vary from loading the inappropriate homepage to the wrong redirection of URLs. One of the problems that might be bad for users, especially when it comes to staying within the good SEO limits, is showing the child categories or sub categories. While there are some plugins that eliminate this problem, the bigger problem is that it does not work every time. So, how can you solve this problem efficiently?

The problem of subcategories

Let’s say that you have a category “weather” and inside this, you have two subcategories: “world” and “the US”. When a user visits your site and presses on the “weather” category, he will see all posts from that category but will also see these two mentioned child categories. Now, this becomes irritating and sometimes bad for your SEO so you will probably want to eliminate this feature and allow only to see the main category.  Even Google can ban your site as it can think that you are duplicating the content by adding the same post in two different categories, so the experienced developers will want to get rid of this problem. Even if you are not that experienced, do not worry as you will be able to solve this problem easily.

Sub CategoriesDo not worry really, the solution is not far away and everyone who has at least a basic understanding of coding can perform this on his own and solve the problem.  Even if you do not have, just follow the instructions that are described below. So, how to solve this problem, you might ask? Should you use plugins? Yes, there are plugins that solve this, but very often they crash and the user still can see the child categories. To avoid plugins, you can use a simple hack that will solve this.

How to solve it without a plugin?

First of all – back up your archive.php and category.php before you do anything! You do not want to lose your posts and archive! Open archive.php and inspect the code. Try to find a line that is similar to this:

“<?php while (have_posts())” : the_post(); ?>”. Once you find this line, you need to add another line, AFTER THIS LINE. Now, add:

“<? if ((is_category()) &amp;&amp; in_category($wp_querry->get_queried_object_id())) {?>”.

The function of this line is to assess whether we see a category and that the post we are looking at is a righteous member of this category. Now, find the line:

“<?php endwhile; ?>” and add the following line before it:

“<?php } ?>”.

You have basically added this small modification that will prevent the WP to show subcategories, but only the parent category. It is required to have some posts in the “weather” category in order to function correctly. So, you did a small modification to your WP theme!

PHP Nonce Library

PHP Nonce Library

We’ve recently developed our own PHP NONCE library for use with custom programming. Our version is loosely based on the implementation found inside the core WordPress software. We would like to thank to the WordPress development team as we have used their software to develop our own library! Without their software, we would have to start from scratch!

What is a nonce?

Literally, the term refers to a number used once. In software development, it is often used as a security measure to ensure that certain links or forms are only available once, thereby preventing malicious attacks against the system.

Where would I use a nonce?

PHP-Nonce-LibraryAn NONCE offers an additional level of security where sensitive actions may take place within your application. Take the following line of code as an example:

<a href=”delete_post.php?post=003″>Delete Post</a>

This link was poorly thought out if the application has no other security measures in place. Anyone could begin deleting posts by simply pointing their browser at the above link and changing the post number.

Well designed applications would only make that link available if the user was logged into the system with appropriate permissions. Furthermore, the delete_post.php script would ideally check to see if the user was logged into the system and if the user had appropriate permissions to delete that post. Is this enough security though?

Here are just two scenarios that could circumvent the above security measures:

  • Depending on how the application’s user authentication works, it is certainly possible for a malicious user to spoof an authenticated user or to otherwise crack the authentication.
  • Additionally, if you are a legitimate admin of the above mentioned application it would be possible for me to trick you by sending you a link or to this script. Once you clicked it, the post would be deleted.

How an nonce prevents the above attacks

An NONCE is successful as an additional layer of security because it prevents actions initiated by links or REQUESTS from being used more than once. Every time a link or a form is printed on the screen, your NONCE functionality embeds a key / value pair to be sent to the receiving script. Every time that script is called, it checks for the key / value pair and then authenticates it on a pass / fail basis. If it passes, the action is performed, if it fails, the action is not performed.

The above link with an NONCE applied to it would resemble something like the following:

<a href=”delete_post.php?post=003&_nonce=9c5fbfabb1″>Delete Post</a>
The receiving script would then do the following:

  • Check to see if the user is logged in with appropriate permissions (standard security)
  • Check to make sure the NONCE key / value is set
  • Authenticate the received NONCE using a library of functions.

How does an nonce create and authenticate its key / value pairs?

The process of generating NONCE is a bit complex than usually. While there are no hard and fast rules for creating an NONCE, most libraries will include the following components when generating an NONCE:

  • A secret key or ‘salt’ stored only on the server
  • A user ID (optional – makes the NONCE only work with a specific user)
  • An action name: ie: ‘delete-post’
  • A timestamp (allowing the NONCE to expire if never used)
  • A database of used NONCEs (optional and not used in our library)

Using all of the above components, an NONCE may be generated like this: secret-salt + user ID + action-name + timestamp. All of this is thrown into a hash that the receiving script can unpack and authenticate (Most of the time, the timestamp will be modified before being included and hashed).

The receiving script doesn’t actually ‘unpack’ the received key, rather it recreates it and compares. For instance, the delete_post script would combine the secret salt (which it knows) , the current users’s ID , use the delete-post action name, and a timestamp (modified appropriately). If any one of those components are off, the NONCE value generated by the receiving script will not match the one sent by the initial script and the NONCE will fail to authenticate.

How to use our nonce library

  • Download the zip file and unpack
  • Include ft-nonce.php inside all your applications pages
  • Embed one of our two generating functions in your links or forms
  • Call the validating function at the top of your receiving scripts and do as you wish based on the validity of the NONCE.

If you need further example, you can check out the example here. The PHP file source file is included in the zip .


We’ve only deployed this once and value your feedback. We will be more than happy to modify, enhance, and correct bugs as reported. Feel free to test our feature, implement it in your projects, but do not forget to inform us about the quality of it! Feel free also to send us suggestion! The more people use this feature, the more valued our work is and that is why we encourage people to use it and test as many times as possible!

How To Create A Password Protected Children Pages?

How To Create A Password Protected Children Pages?

Today’s technology has so evolved that our little children from early age know how to use the web and browse it. Sometimes, we just want to protect them from seeing inappropriate content that is not age-relevant, so we want to add the password to a certain page, especially if you own a website. In any way, a password protected page is something that you can create and eliminate the possibility for children to see something that is not appropriate for their age. How to do this in WordPress? Is it complicated or you can do it on your own?

WordPress allows you easy password set up

Hiding your content from a certain audience (children in this example) is a common task that administrators do. You can even lock the whole website that you cannot access to unless you have the right password. WordPress is the best online platform for creating your website and allows easy updating, managing and publishing of content. On top of that, you have useful commands like the password protection to ensure that only people you want access to your website or a post. Do follow the small tutorial below in order to set the password protection.

The very first thing you need to do is to log in to your website as the administrator so you could make changes and have permissions for such actions. Now, go to the page or post you want to protect and click on EDIT command. Once you slick, you will see in the upper left corner EDIT THE VISIBILITY and click on it. The next thing is to click on PASSWORD PROTECTED and type in the password you want. Make sure you use the combination of upper case, lower case, numbers and special characters in order to produce strong password. Once you type it in, click on OK, and click on UPDATE button in the lower right corner of the window. Now just publish the post/page, load it again and check if it asks for password to access it.

You can check all the pages and posts that do require a password to access them in the list of all pages and posts. Also, you have the ability to mark it as PRIVATE so no one could see it except the EDITOR and ADMINISTRATOR. Though this is not very useful for restricting the content, it may come useful when you want to publish a post or a page just to see how it looks like on your website.

Use strong passwords!

Kids often want to break the password and will try in many different ways to do this, so make sure you use very strong password that has a lot of characters. This will make it impossible to crack it as the combinations are endless and no CPU could calculate all the combinations for it. Always use upper case, lower case, numbers and special characters to increase the strength of your password.