If you have a WordPress site, it’s important that you have enough memory allocated to run the software smoothly. Depending on your site’s size and complexity, you may need to increase it. However, before you do, you’ll need to determine your current memory limit.
In this article, we’ll show you how to check your current WordPress memory limit and how to increase it if necessary, as well as answer some of the most frequently asked questions about WordPress memory limits.
What is the PHP memory limit in WordPress?
The PHP memory limit is the maximum amount of memory that a PHP script can use. If a WordPress site exceeds its PHP memory limit, it will likely experience errors. These errors can include the “white screen of death,” slow page loading, and database connection issues.
Often, the error will appear as follows:
“Fatal error: Allowed memory size of XXXXXXX bytes exhausted (tried to allocate YYYYYYY bytes) in /path/to/file.php on line ZZZ.”
You’ll come across this error when trying to install WordPress plugins or themes, run updates, or perform some other action on your site.
How to check your WordPress memory limit
There are a few ways to check your WordPress memory limit:
Check your WordPress hosting account.
Check your wp-config.php file.
Ask your WordPress host.
Use WordPress Site Health.
Use a WordPress plugin.
Let’s review each of these options in more detail.
1. Check your WordPress hosting account
The first place to check your WordPress memory limit is in your hosting account. Many hosts will list the current PHP memory limit in the account control panel. In cPanel, this is located under the Software section. Click PHP Selector, then navigate to the document root of the directory you’d like to work with. You’ll likely see information as follows and this will tell you which PHP version your site is currently using:
Then, go to Options and scroll down until you see the line that reads memory_limit. Your site’s current settings should be visible here.
2. Check your wp-config.php file
The second place you can check your WordPress memory limit is in the wp-config.php file. This file is located in the root directory of your WordPress site. To access it, you’ll need to connect to your site using an FTP client like Filezilla or through the File Manager in cPanel. Once you’re connected, open the wp-config.php file in a text editor like Notepad++.
Next, search for the following line of code:
define('WP_MEMORY_LIMIT', '256M');
This line of code defines the maximum amount of memory that can be used by WordPress. The number following WP_MEMORY_LIMIT represents the maximum memory limit in megabytes. In this example, it’s set to 256MB.
If this line is not present in your wp-config.php file, you can add it to the end of the file. Be sure to save your changes before exiting.
3. Ask your WordPress host
If you’re not sure where to find your WordPress memory limit or you’re unable to access your hosting account or wp-config.php file, you can always contact your WordPress host and ask them what the current PHP memory limit is for your site. To do this, you’ll typically need to open a support ticket with your host or send them an email.
4. Use WordPress Site Health
If you want an easy way to check your WordPress memory limit (and other site details), you can use the WordPress built-in Site Health tool, which gives you an overview of your site’s health, including the current PHP memory limit.
This module will show you the current memory limit for your WordPress site. To access it, go to Tools → Site Health in your WordPress dashboard and click on the Info tab. Expand Media Handling and, under Server, look for the PHP memory limit.
5. Use a plugin
Another option is to use a plugin to get access to this information. Here are two that are up for the task:
WP Healthcheck: This plugin gives you an overview of your WordPress site’s health, including the current memory limit. Plus, it helps improve your site performance by removing transients and other unnecessary data.
Health Check & Troubleshooting: In addition to presenting your memory limit and other server information in an easy-to-consume way, this tool identifies configuration and setup issues. This can be extremely helpful if you’re working with a support team to troubleshoot a problem.
How to increase the WordPress memory limit
If you need to increase your WordPress memory limit, here’s the optimal process to follow:
Back up your site before editing any code
Edit wp_memory_limit in your wp-config.php file
In some cases, you may also need to take the following additional steps:
Edit memory_limit in your PHP.ini file
Edit your .htaccess file
Contact your hosting provider
Let’s review each of these in more detail.
1. Back up your site before editing any code
Before you make any changes to your WordPress site, it’s important to back up your data first. This will ensure that you have a copy of your site that you can revert back to if something goes wrong. There are a few different ways to back up your WordPress site:
Jetpack provides the simplest method of backing up your WordPress site. You can download a copy in just a few clicks without having to deal with accessing your server. And if something goes wrong while increasing your memory limit, you can restore that backup even if your website is completely down. The best part? In the future, you’ll be protected with automated, real-time backups that save your site every single time a change occurs.
2. Edit wp_memory_limit in your wp-config.php file
If you want to increase your WordPress memory limit, the first place to start is with your wp-config.php file. This file is located in the root directory of your WordPress site. You can navigate here using an FTP client or through the File Manager in cPanel as previously mentioned.
To edit your wp_memory_limit, simply download the file and open it in a text editor. Then look for the line that says:
define('WP_MEMORY_LIMIT', '64M');
Replace the memory limit with a higher number. For example, if you wanted to increase your memory limit to 256M, you would use:
define('WP_MEMORY_LIMIT', '256M');
Save your changes. Upload the file back to your server. Your site’s memory limit should now be increased.
3. Edit memory_limit in your PHP.ini file
If you’re unable to edit the wp_memory_limit in your wp-config.php file, or if you want to increase the memory limit for more than just WordPress, you can edit the memory_limit setting in your PHP.ini file.
The PHP.ini file is located in the root directory of your WordPress site, but if your hosting provider uses cpanel, you can easily change the memory limit from that dashboard.
Navigate to cpanel, and find the MultiPHP INI Editor in the Software section. From the dropdown that appears, select your website. Look for “memory_limit†and change it to whatever number you’d like. Save your changes. Your memory limit should now be increased.
4. Edit your .htaccess file
If you’re still unable to increase your WordPress memory limit using the previous methods, you can try adding the following line of code to your .htaccess file:
php_value memory_limit 256M
The .htaccess file is located in the root directory of your WordPress site. If you don’t see this file, make sure that you’ve enabled hidden files in your FTP client.
You can do this by going to the Server or Connection settings in your FTP client and checking the box that says Show hidden files. You can do this in cPanel as well by going to File Manager, clicking Settings in the top right corner then checking the box that reads Show Hidden Files (dotfiles).
5. Contact your hosting provider
If you’ve tried all of the above and you’re still unable to increase your WordPress memory limit, your last resort is to contact your hosting provider. You may need to upgrade your hosting plan to accomplish this, especially if you’ve used up your resources.
Your host should be able to help you increase your memory limit and point you in the right direction if you need to upgrade your hosting plan to something more robust, like a managed WordPress hosting plan, or even a VPS or dedicated server.
Frequently asked questions
Here are some answers to common questions people have about the WordPress memory limit:
1. Why increase the WordPress memory limit?
There are a few reasons why you might need to increase your WordPress memory limit:
The general rule of thumb is that you should have at least 64MB of memory allocated for WordPress. However, this can vary depending on the size and complexity of your site. If you’re not sure how much memory your site needs, you can start with 64MB and increase it as needed.
3. How do I know if I need to increase my WordPress memory limit?
There are a few signs that you may need to increase your WordPress memory limit:
You see an error message saying, “Allowed memory size exhausted”
You see an error message saying, “WordPress has encountered an error and needs to restart”
Your site is loading slowly or timing out
You’re seeing “white screen of death” errors
4. What happens if I don’t increase my WordPress memory limit?
If you don’t increase your WordPress memory limit, you may see errors on your site, or your site may load slowly. In some cases, it may even crash.
5. Will increasing my WordPress memory limit slow down my site?
Generally speaking, no. However, if you allocate too much memory to WordPress, it can cause your server to slow down and impact your site speed.
6. What happens if I try to allocate more memory than my server has?
If you try to allocate more memory to WordPress than your server has, you’ll see an error message saying “Fatal error: Allowed memory size of xxxxxxx bytes exhausted.” This means that you need to increase the amount of memory your server has, or reduce the amount of memory WordPress is trying to use.
7. What is the maximum WordPress memory limit?
The maximum memory limit for WordPress is 512MB. However, depending on your server and WordPress settings, you may not be able to allocate this much memory to WordPress.
8. What’s the difference between wp_memory_limit and wp_max_memory_limit?
The wp_memory_limit setting defines the maximum amount of memory that can be used by WordPress. The wp_max_memory_limit setting defines the maximum amount of memory that can be used by WordPress and any plugins or themes. If you’re having errors with a plugin or theme, you may need to increase the wp_max_memory_limit setting.
9. I’m still having problems. What should I do?
If you’ve tried all of the above and you’re still having problems, your best bet is to contact your hosting provider and ask them for help. They’ll be able to take a look at your server and WordPress settings and help you figure out what’s going on.
Increase your WordPress memory limit
Learning things like how to increase your WordPress memory limit is an exciting part of expanding your skills as a site owner. We hope you’ve found this post helpful. If you’re still seeing errors or slow performance, we recommend contacting your hosting provider for help.
The right combination of WordPress plugins can supercharge your website, add useful functionality, and provide a great experience for you and your visitors. But with nearly 60,000 plugins in the official plugin repository, it can be difficult to know which to choose. So to help with finding the perfect plugins for your website, we’ve put together the best WordPress plugins in 2022.
Twelve essential plugins every WordPress site should have
Security and regular backups are important for every website. After all, if your site ever gets hacked, you risk losing valuable site and customer data, which could damage your reputation and be costly to fix. An important step to ensuring your website is secure is to use a top WordPress backup & security solution, like Jetpack Security.
Jetpack Security provides a comprehensive range of security features in one easy-to-use package. It’s part of Jetpack — a popular WordPress plugin that over five million people use for their website security, backups, performance, and growth.
Jetpack Security helps ensure your site is protected from malicious logins through brute force protection and two-factor authentication. It also provides powerful anti-spam protection for your comments and forms, alongside downtime detection and automatic malware scanning to help identify and remove malware.
Jetpack Security also includes Jetpack Backup, which automatically backs up your site every time you make a change or a customer places an order, and you can easily restore backups even if your site is down.
Key features of Jetpack Security:
Automatic downtime monitoring and alerts
Brute force attack protection
Two-factor authentication
Automatic plugin updates
Automatic malware scanning
Automated and on-demand backups of your files and database
One-click restores from backups
An activity log showing every action taken on your site
Automated spam prevention
A mobile app with alerts and access to backups, scan results, and the activity log
Pros of Jetpack Security:
Jetpack Security is an entire suite of tools that help keep your site secure within a single plugin.
Jetpack Security is made specifically for WordPress by Automattic — the people behind WordPress.com — to address the common security needs of WordPress websites.
Downtime monitoring alerts you if your site is offline, enabling you to take actions to get it back online and minimize the impact.
Jetpack Scan is included with Jetpack Security, helping to ensureany malware that makes it onto your site is detected as soon as possible.
Jetpack automatically backs up your site and stores multiple copies off-site, so if your site is compromised, your backups won’t be.
You can restore your site even if it’s completely offline.
Cons of Jetpack Security:
A paid plan is required to access backup and advanced security features such as automatic malware scanning.
Ease of use:
Jetpack Security is straightforward to install, set up, and configure. Most security features take one click to enable and then work automatically in the background. Restoring from backups is simple, even if your site is fully down. There’s detailed documentation available, and if you need support, you can access Jetpack’s team of WordPress Happiness Engineers.
Pricing:
Jetpack Security is a premium plan, which includes malware scanning, backups, spam protection, and more. This is available for $10.95 per month.
You can, however, get certain features like downtime monitoring, brute force attack protection, and a limited activity log at no cost.
Contact forms are an essential addition to any WordPress website, as they let your visitors get in touch with you in a user-friendly way. WordPress doesn’t include built-in form functionality, so a tool like WP Forms is a must-have plugin for every WordPress site.
WPForms is a popular WordPress form builder, which allows you to add forms to your website with a drag-and-drop editor. The free version of the plugin will notify you by email when a visitor fills out a form, and CAPTCHA support provides a first line of defense against spam form submissions.
WPForms also has a premium version that unlocks many powerful features, including multi-page forms, survey support, and the ability to create user registration forms.
Key features of WPForms:
Pre-built templates to create contact forms
Responsive form design
CAPTCHA support
A visual drag-and-drop form builder
Email notifications of form submissions
The ability to create login and registration forms (premium only)
Multi-page forms (premium only)
The ability to store responses in the cloud (premium only)
Surveys & polls functionality (premium only)
Integration with payment providers (premium only)
Integration with Mailchimp and other email marketing tools (premium only)
Pros of WPForms:
The drag-and-drop interface and template library make creating a contact form easy.
Forms made using WPForms can be added to your site using a block or shortcode.
Cons of WPForms:
You’ll likely need to purchase a premium version of the plugin to create forms other than a basic contact form.
The premium version has multiple tiers, meaning some features and integrations are still unavailable at the entry-level premium price point.
Ease of use:
It’s simple to create a contact form using one of the templates provided and the drag-and-drop builder. While there is documentation available, there’s little guidance within the plugin, which can sometimes make it harder to use some features. Email support is provided for premium subscribers.
Pricing:
WPForms Lite is available for free from the WordPress plugin repository, and the free version works well for sites that want to create a basic contact form. WPForms Pro provides advanced features in tiered subscriptions, which range from $39.99 to $299.50 per year.
All websites are a target for bots that crawl the internet and attempt to send spam through comments and form submissions. An anti-spam tool like Akismet is an essential plugin for every WordPress site.
Akismet is used by millions of websites, making it one of the most popular WordPress plugins. It helps you keep spam out of your WordPress comment section by automatically analyzing comments and filtering out ones that look like spam.
Akismet blocks a staggering 3,500,000 pieces of spam on average per hour, and it works seamlessly alongside the WordPress comment system and a range of other tools, including Jetpack Comments. Akismet discards the most ‘spammy’ comments automatically and will flag questionable ones for you to review.
Key features of Akismet:
Automatically checks all comments for spam
Comment status histories for each comment
Displays the number of approved comments for each user
Automatically deletes the worst spam
Pros of Akismet:
Akismet has a high level of accuracy and is trusted by millions of websites.
Akismet is made by Automattic, the team behind WordPress.com, meaning it integrates seamlessly with WordPress.
Akismet has a range of additional features, including displaying URLs and the number of approved comments for each user.
Akismet works with many popular tools, including Jetpack Comments.
Cons of Akismet:
Akismet is only free for personal sites.
Ease of use:
Akismet comes installed on every WordPress.com site, and is included with many one-click WordPress.org installations. This means that you can often start using Akismet without even having to install it! An API key is required, but this is simple to obtain and, once activated, works in the background.
Pricing:
Akismet is free of charge for personal sites. Plans for business sites start at $8.33 a month.
Search engine optimization (SEO) is an important way for you to attract visitors to your website. SEO can be confusing, but a plugin like Yoast SEO can help analyze your content and provide guidance on improving it in line with best practices.
Yoast SEO is one of the leading WordPress SEO plugins and provides a wide range of features to simplify the process of optimizing your pages and posts so that they can rank higher on search engines. It includes a range of templates for your all-important titles and meta descriptions and will automatically analyze your content for both readability and keyword usage, displaying actionable tips about how to improve your content.
Key features of Yoast SEO:
Analyzes your pages and posts for SEO best practices
Provides internal linking suggestions (premium)
A readability check
Updates to match any changes to Google’s algorithm
The ability to create custom page titles and meta descriptions
Generates XML sitemaps
An easy setup wizard to configure sitewide SEO settings
Open Graph support
Pros of Yoast SEO:
Yoast SEO gives you full control over key parts of your site’s search engine optimization.
The default settings automatically implement SEO best practices on your site.
Yoast SEO provides on-page analysis to help you gauge optimization.
Cons of Yoast SEO:
Some Yoast SEO users find the on-page analysis leads to them focusing on including more keywords rather than writing great content. It helps to have an overarching view of your SEO content strategy so you know when you can safely ignore its suggestions.
The free version only allows you to analyze content for a single keyword.
Ease of use:
Yoast SEO is simple to install, and its default settings automatically implement some elements of SEO best practices. However, some of the more complex settings may confuse users who are less familiar with SEO. There’s limited support for the free version provided via the plugin’s support forums.
Pricing :
The basic version of Yoast SEO is available in the WordPress plugin repository for free. A premium version, which includes advanced features such as keyword suggestions and multiple keywords per page, starts at $99 a year.
A lead generation tool is an essential plugin for most WordPress sites as it helps you turn your website visitors into email subscribers and customers.
OptinMonster supports all your lead generation needs and allows you to create popup forms, notification bars, countdown timers, slide-in notifications, and coupon wheels using a drag-and-drop builder. You can show any information you wish to your visitors — capture email addresses for your email marketing software, encourage people to create an account, or offer coupons.
OptinMonster contains a range of templates for you to use as inspiration, and you can fully customize the look and feel of your popups to match your brand. In addition, OptinMonster lets you set a range of triggers to display prompts to your visitors. For example, you could choose to display a popup after someone has spent a certain amount of time on your website or a spin-to-win wheel when they’re about to abandon their cart.
Key features of OptinMonster:
A wide range of styles for your campaigns, including popups, timers, welcome gates, slide-ins and coupon wheels
The ability to set different triggers for your popups
A/B testing, which allows you to try different content and see what works (premium only)
Display different popups to different groups of visitors
Responsive and mobile-friendly
Integration with a wide range of email marketing software
Abandoned cart and form targeting (premium only)
On-site retargeting (premium only)
Pros of OptinMonster:
OptinMonster’s drop and drag interface is intuitive.
The plugin has a range of user-friendly popups.
OptinMonster allows you to show different popups to different customers and include personalized messages.
Cons of OptinMonster:
Due to its popularity, many websites use OptinyMonster’s default popup styles and templates, so they may seem familiar to your visitors.
The free version of OptinMonster only supports 500 page views per month.
Some of the most useful features in OptinMonster, including cart abandonment and on-site retargeting, are only available with a premium subscription.
Ease of use:
Creating opt-in campaigns is straightforward through the plugin’s drag-and-drop builder, and you can configure simple campaigns directly within your dashboard. However, advanced features require you to leave WordPress and use the OptinMonster interface. Limited support is available for free users, but premium users can receive support via email.
Pricing:
There’s a free version of OptinMonster available in the WordPress plugin repository, which allows you to create a free account that includes limited features and 500 page views per month. Various premium subscriptions are available for between $9 and $49 a month, and these unlock a range of features and more page views.
Running an online business can sometimes feel overwhelming, with a dizzying amount of information and tasks to stay on top of. A customer relationship management (CRM) plugin, like Jetpack CRM, can help you manage your key business information, customers, and tasks so you can focus on growing your business. You can see detailed information about your contacts and customers, and keep track of their touch points and actions.
Jetpack CRM enables you to turn contacts into customers through sales funnels, analyze your customer information to identify potential opportunities, and create dynamic segments. You can then send proposals, quotes, invoices, and other documents to your customers, which they access at any time from their own portal.
Jetpack CRM is built by Automattic, the team behind WordPress.com, meaning it works seamlessly with the tools you already use, including WooCommerce. You can see your business information and track your progress through the Jetpack CRM dashboard, which displays vital information, including contact overviews, sales funnel performance, and revenue snapshots. Jetpack CRM will grow with your business and, unlike other popular CRM systems, places no limits on the number of contacts you can manage or the number of team members you have.
Key features of Jetpack CRM:
Support for quotes and invoices
Client portals for your customers to pay invoices, complete tasks, and access their files
Unlimited team members, along with user roles and permissions for each member
Support for branded templates for documents and invoices
A dashboard that shows you all your important sales information in one place
Storage for multiple contacts for each company
The ability to call clients and send emails directly from your dashboard
Customer segmentation
Integration with a wide range of tools, including WooCommerce and email and payment tools
Tools to create and manage sales funnels
The ability to assign tasks to contacts and set reminders
Pros of Jetpack CRM:
You can manage everything related to clients and customers from a single dashboard, including sending invoices and quotes, creating tasks, providing documentation, sending emails, and making calls.
Jetpack CRM is made by Automattic, so it integrates seamlessly with your WordPress site.
It includes an unlimited number of team members, so you won’t end up paying more when your team grows.
Jetpack CRM can seamlessly connect to various third-party tools, including popular payment gateways, contact forms, and email marketing platforms.
Cons of Jetpack CRM:
Some features, including integration with popular email tools and online payment platforms, are only available with a premium subscription.
Ease of use:
Jetpack CRM is straightforward to use with an easy-to-navigate dashboard that presents key information in an understandable way. In addition, there’s detailed documentation and support available from Jetpack’s team of Happiness Engineers.
Pricing:
Jetpack CRM has a free version that includes all essential functionality, including contact management, basic invoicing, and sales funnel management. Premium plans are also available. The Freelance plan adds integration for tools including PayPal and Stripe for $11 a month, and the Entrepreneur plan unlocks the full library of more than 30 extensions and priority support for $17 a month.
WooCommerce is the world’s most popular open-source eCommerce platform, and a must-have WordPress plugin for anyone wanting to sell on their website.
WooCommerce turns your site into a fully-functional online store, allowing you to sell anything, including digital files, memberships, and physical products. Installing WooCommerce automatically creates everything you need for your store, including product pages, shopping carts, and the checkout process.
WooCommerce is made by the team behind WordPress. This means WooCommerce is fully integrated into your WordPress site, so you can manage all elements of your store from within your WordPress dashboard.
WooCommerce has many options that allow you to customize your store to meet your needs. You can show reviews and ratings, set up tiered pricing, enable your visitors to find the perfect product through sorting and filtering, upload unlimited product images, and much more. You can also enhance your store functionality with hundreds of free and paid extensions from the official WooCommerce Marketplace, which have all been vetted by the WooCommerce team.
WooCommerce integrates with many payment providers, enabling you to get paid the way you want and, if you’re selling physical products, WooCommerce will help you manage your inventory and offer your customers a range of shipping options.
Key features of WooCommerce:
The ability to sell physical products, digital downloads, dropshipping items, bookings, services, and more
Custom shipping solutions
Extensive payment options
Ratings and reviews
Product sorting and filtering
A mobile app, so you can manage your site from anywhere
Pros of WooCommerce:
WooCommerce allows you to set up a new store in minutes and includes all of the features you need to start, including secure payments, product pages, shipping options, and more — for free.
It’s open-source, which means you retain full ownership of your store’s content and data.
WooCommerce is flexible and offers many customization options alongside official and third-party extensions, enabling you to create a perfect online store experience for your customers.
WooCommerce enables you to sell both physical and digital products.
Cons of WooCommerce:
While WooCommerce will work with any WordPress theme, some themes work better than others. It’s a good idea to use a WooCommerce-ready theme so you can take full advantage of the features offered.
Ease of use:
WooCommerce is easy to use, and it has a large, passionate community dedicated to helping store owners succeed and a growing showcase with inspiration for your store. Detailed documentation is provided, along with a large collection of ‘how-to’ guides, and a dedicated support team.
Pricing:
The core WooCommerce plugin is free. There’s also a large library of both free and premium extensions to add functionality to your store.
Websites have to comply with a wide array of legal and data protection requirements, like GDPR and CCPA. These requirements are often confusing, but a legal pages builder can quickly create the policies your website needs.
WP AutoTerms is a must-have WordPress plugin, as it helps you create the legal agreements for your website, including privacy policies, terms of service, and acceptable use policies. The plugin’s premium version also allows you to easily create GDPR-compliant policies and cookie consent notices.
WP Auto Terms also provides a range of ‘Compliance Kits,’ which help you meet key legal requirements, including having links visible to your legal pages and notifying users of updates.
Key features of WP AutoTerms:
A generator for privacy policies, cookie policies, and terms & conditions agreements
The ability to create custom pages for your policies
You can generate the legal documents your site needs within a few clicks.
The compliance toolkits allow you to easily meet key legal requirements, including ensuring links are visible to your legal pages.
Cons of WP AutoTerms:
GDPR-compliant policies and cookie consent notices are only available in the premium version, meaning you would need to pay if your site is based in or serves Europe.
Ease of use:
The plugin is straightforward to use. Once you activate WP AutoTerms, you’re asked to provide key details about your website or company so that it can tailor the legal documents to your needs. You can then generate, customize, and publish those policies. In addition, the plugin provides documentation and offers limited support via its support forum.
Pricing:
WP AutoTerms has a free version available in the WordPress plugin repository. A premium version that includes GDPR-compliant policies and cookie consent notices is available as a one-time purchase for $39.
A post duplication tool is a must-have plugin for WordPress, as it saves you time by making copies of posts and pages. This means that you can easily create variations of the same post or re-use elements from one on another. You may also want to duplicate content to work on a new version without changing the current post or page, or to create a ‘template’ for future posts or pages.
Duplicate Posts is a simple plugin that you can use to copy any post or page. The plugin allows you to set and apply a consistent naming convention to all copies, so you can automatically name your copy with the original post title and the date or version number. Duplicate Posts also supports child pages, allowing you to copy a parent page and its child pages in one click.
Key features of Duplicate Posts:
The ability to duplicate posts and pages
A default naming convention for all duplicates
A scanning tool that searches your site for duplicate content
Support for custom post types
Pros of Duplicate Posts:
The plugin is lightweight, simple to use, and supports both posts and pages.
Duplicate Posts supports automatic naming, allowing you to easily identify your duplicate posts and pages.
Cons of Duplicate Posts:
The plugin’s premium version is needed to copy information from 3rd-party plugins (such as Yoast SEO) when duplicating posts and pages.
Ease of use:
Once you’ve chosen your default settings, the plugin is easy to use by simply clicking ‘copy’ on a post or the ‘all posts’ screens. Limited documentation is available, but the plugin developer offers support for the free version through the plugin’s support forum.
Pricing:
A free version of Duplicate Posts is available from the WordPress plugin repository. Advanced features and 180 days of email support are included in the plugin’s premium version for $19.98 for non-commercial sites and $29.98 for commercial sites.
Broken links can harm your website. Not only can they lead to your visitors experiencing a 404 error page, but they also negatively impact your search engine rankings. A redirection plugin is an essential addition to any WordPress website, as it helps you ensure that if a visitor clicks on an out-of-date link, they’re redirected to a new location where they can continue browsing.
Redirection is a popular WordPress plugin for creating and managing redirects. With the plugin, you can set up global redirects, along with ones based on certain conditions, such as the visitor’s login status or role. You can then use Redirection’s logging feature to view how often each redirect occurs on your site.
Redirection also detects when you change the permalink of a post or page, then creates a redirect from the old permalink. This ensures that your visitors don’t get met with a 404 error if they bookmarked the old address. The plugin automatically tracks any 404 errors, allowing you to identify and fix problems.
Key features of Redirection:
Manual redirects
Automated redirects when permalinks have changed
Conditional redirects
404 error monitoring
Redirect logging
Pros of Redirection:
The plugin automatically creates redirects when permalinks change.
404 error monitoring allows you to identify and fix issues.
The plugin provides a wide range of conditional filters, allowing you to redirect only certain user roles, browsers, or logged-out users.
Cons of Redirection:
You aren’t able to restrict access to the plugin to certain users or user roles, meaning anyone with administrator or editor privileges can set up and manage your redirects.
Ease of use:
The plugin is straightforward and allows you to create redirects without touching any code. There is detailed documentation, and the developer provides support via the plugin’s support forum.
One of the great things about WordPress is that it allows you to create amazing websites without needing to understand or even see any code. However, companies such as Google and Facebook require website owners to add code to use their tracking tools. So, a code inserter such as WPCode is an essential WordPress plugin.
WPCode is the most popular WordPress plugin for code insertion and is installed on over one million websites. It allows you to add code to the headers and footers of your pages. This means you can add the code needed for Google Analytics or Facebook Pixel to every page without having to install multiple plugins or edit your themes functions.php file.
The plugin also allows you to add a range of different types of code, including HTML, Javascript, CSS, and PHP, which can be added to every page or to pages that meet the conditions you set. As well as adding code to the header and footer, you can add code to the body of your pages and create custom functions through global PHP snippets.
Key features of WPCode:
The ability to add code to the header, footer, or body of your site
The ability to enable and disable each code snippet
Support for a range of coding languages, including HTML, Javascript, PHP, and CSS
A full code library of common custom functions to add features to your site
Code generators, which allow you to generate codes for custom widgets, queries, and more
Control over the priority in which code snippets are run
Pros of WPCode:
You can easily add code to the headers or footer of your site without needing to edit your theme’s functions.php file.
WPCode supports conditional loading, meaning you can add snippets to certain pages or run them only for certain user types.
Cons of WPCode:
Errors in custom PHP functions could cause your WordPress website to become inaccessible, so you should only use the PHP snippet feature if you’re comfortable with writing PHP.
Ease of use:
The plugin makes adding code to your WordPress site straightforward and offers a ‘simple mode’ for users who only want to add analytics or other code. Some advanced features, such as custom CSS or PHP code, require some familiarity with coding to use safely and effectively. Basic documentation covering the common uses for the plugin is available, and support is provided via the plugin’s support forum.
Website performance is important, as a slow website can negatively impact your user experience. Google also considers site speed in its ranking algorithm through its core web vitals metrics. A performance plugin like Jetpack Boost can help speed up your site and ensure it loads as quickly as possible, making it a must-have plugin for your WordPress site.
Jetpack Boost is a free performance plugin that allows you to speed up your WordPress website in just a few clicks. It starts by measuring your site speed and giving you an overall site performance score. You can then enable three tools that work together to boost the speed of your site:
Optimize CSS loads the CSS styles for visible page elements first, enabling you to display content faster, especially for mobile visitors.
Defer Non-Essential Javascript moves some Javascript tasks after the page loads, so your site’s visible items load faster.
Lazy Image Loading only loads each image when your visitor scrolls them into view.
Key features of Jetpack Boost:
A quick, free site speed analysis
CSS optimization to load essential CSS first
The ability to defer non-essential JavaScript until after your page loads
Lazy image loading, so images only load when needed
Pros of Jetpack Boost:
Jetpack Boost is made by Automattic, the team behind WordPress.com, so it’s guaranteed to work seamlessly with WordPress and other popular plugins, including WooCommerce.
It’s simple, and lets you speed up your website without needing to write code or use multiple plugins.
Once enabled, Jetpacks Boost’s features work in the background to help keep your website running as fast as possible.
Cons of Jetpack Boost:
Jetpack Boost’s simplicity means that it lacks some of the features of other performance enhancement plugins, but unlike these plugins, Jetpack Boost’s core features are available for free.
Ease of use:
Jetpack Boost makes it easy to make key changes that will speed up your WordPress site. You can activate/deactivate each module in one click, and once a module is activated, it constantly works in the background to boost the speed of your site. In addition, Jetpack Boost has clear documentation, and you can contact Jetpack’s team of Happiness Engineers with any support questions.
Pricing:
Jetpack Boost is available for free. You can upgrade Jetpack Boost to include automatic regeneration of critical CSS when you update your site for $9.95 per month.
Make the most of WordPress
No two sites are the same, so you may not need every tool on this list. However, most sites can benefit from the majority of these twelve essential plugins. Keep in mind that you’ll probably need some options beyond this list to add all of the functionality and unique design elements you’re looking for.
This month, we’re excited to share: a new block, enhancements to existing blocks, an update to our Google Analytics feature, and more.
In this release:
A new Payment block
​​We have released a new Payment Buttons block that works as a container for several Payment Buttons. This enables you to add multiple inline payment buttons to your site.
The WordPress editor with individual payment buttons inside a Payment Buttons block
Gallery block and carousel improvements
Reusable gallery blocks now support carousels, and images with rounded corners will now use the correct link.
Support for Do Not Track (DNT) headers in our Google Analytics feature
We have added support for Do Not Track headers in our Google Analytics feature; which enables your site visitors to opt-out of tracking when they have requested to do so in their browser.
And more!
We added support for the Post List module which was until now only available on WordPress.com.
This release also includes other minor bug fixes and improvements — check the changelog for more details.
A big thank you to everyone who contributed to this release:
Over the last 15 years, WP Super Cache has become one of the most popular WordPress plugins, helping improve performance for more than two million sites for free. It was created in 2007 by Automattic developer Donncha Ó Caoimh.
“WP Super Cache is a great plugin for handling caching needs, but there is an opportunity to make it more useful for a wider variety of sites. I have been working on the plugin for 15 years, and it’s time to hand it over to a new team. Jetpack will be able to put much more effort and time into the plugin than I ever could, and I’m excited to see what becomes of it,†said Donncha.
Jetpack will move development to its Performance team, which works on related features like Jetpack Boost and the CDN. “We’re excited to start working on WP Super Cache,†Jetpack Performance Lead Mark George says. “Our goal is to create an experience where anyone can make their site extremely fast without being an expert. We want to help make sure that WP Super Cache remains a reliable and easy option for that.â€
More of the same
We’re happy to say that WP Super Cache will continue to be a great way to speed up your site for free. You can enjoy its core features without a new plugin or a connection to Jetpack.
What will be changing
While we research new features to help make WordPress sites cache faster, we will begin updating the WP Super Cache UI to bring it in line with modern standards, so it is easier to use. In addition, we’ll be working behind the scenes to ensure it’s compatible with our other performance features like Jetpack Boost.
Speed up your site
For those that aren’t familiar, WP Super Cache is a static caching plugin for WordPress. It generates HTML files served directly by Apache without processing comparatively heavy PHP scripts. This simple step should speed up your WordPress site significantly.
WordPress is one of the most versatile and robust content management systems (CMSs) out there. Still, you may occasionally run into some issues when using it. One of those is an error informing you that “your PHP installation appears to be missing the MySQL extension which is required by WordPress.â€
The good news is that this is a relatively straightforward problem with a handful of quick and easy solutions. Once you understand what the error means and the common causes of it, you’ll be better prepared to resolve it and prevent it from happening again.
Below, we’ll explain what the WordPress MySQL extension error is and some of its common causes. Then, we’ll walk you through how to fix the problem as well as how to prevent it from happening again.
What is the WordPress MySQL extension error?
Before we get into resolving this error message, it’s important to understand what it means. So let’s go over some basics.
First of all, Hypertext Preprocessor (PHP) is a server-side scripting language designed for web development. It’s also the most popular scripting language today, as well as the primary language of WordPress.
MySQL is a database management system used by WordPress to store your site’s information. This is where you can find all of your database tables and files.
When you’re working on your website, you may come across the “Your PHP installation appears to be missing the MySQL extension which is required by WordPress” error message. If you’ve never encountered this issue, you may be confused as to what it means, let alone how to fix it.
This error message will usually show up when you try to install or update WordPress. Although an error message like this can be frustrating and stressful, there’s no need to panic.
What causes the MySQL extension error on WordPress?
There are a handful of reasons you might be dealing with this problem. Typically, it means that something is wrong with your site’s code. As the error message indicates, some element is preventing WordPress from properly connecting to the MySQL database.
One of the most common causes of the error is that your server does not have the MySQL extension installed or enabled. Usually, this can be attributed to one of two things:
First, you may be using an incompatible version of PHP. MySQL 5.0 requires PHP 5.2 or higher. WordPress recommends using the latest stable version of PHP, which is currently PHP 7.4.
If you’re using a particularly outdated version of WordPress with a modern version of PHP, this error can also happen. PHP 7.0 deprecated the MySQL extension and WordPress now uses the newer PDO_MySQL or MySQLi extensions.
The other possibility is that your PHP is misconfigured, meaning it’s not properly set up to work with your WordPress site. In addition to being outdated or incompatible, it could be due to incorrect server settings.
How to fix the “Your PHP installation appears to be missing the MySQL extension which is required by WordPress†error
Now that you understand more about what the message means and what may be causing it, let’s take a look at how to resolve it.
1. Update WordPress
As we mentioned, using an older version of WordPress, like 3.9 or lower, might cause this error message. Therefore, one of the first steps you should take to resolve it is to make sure that you’re using the most updated version of WordPress Core.
This is likely the source of the problem if you’re using the latest version of PHP (which we’ll cover in the next section). To determine whether there’s an update available, you can navigate to your admin area and go to Dashboard → Updates.
Note that if you’re using a WordPress.com site, you can find updates under My Home → Updates, instead. Any available updates will be shown on this screen.
It will also inform you of what version of WordPress you’re currently using. If you see a notification saying “An updated version of WordPress is available,†you can select the Update to version [X] button.
On this page, you can also view any plugin and theme updates that are available. As with WordPress Core, plugins can present compatibility issues with PHP that may result in the MySQL extension error.
So, we also recommend updating any plugins that have newer versions available. If there are multiple, you can simply select all, then click on Update Plugins.
2. Check your PHP version
Once you’re sure that your WordPress core is up to date, the next step is to check which version of PHP your server is using. There are a couple of ways to go about this.
The easiest option is to navigate to Tools → Site Health from your WordPress dashboard.
Next, you can select the Info tab, then scroll down and expand the Server panel. Under this section, you can locate the PHP version you’re currently running.
If you’re not able to access your WordPress admin, you can check your PHP version by connecting to your server via a File Transfer Protocol (FTP) client like FileZilla. Alternatively, if your web host uses cPanel, you can use the File Manager tool.
Either in your FTP client or your File Manager, create a new file in the root directory of your site (/public_html) and name it phpinfo.php. Next, open the file and copy and paste the following code snippet:
<?php phpinfo(); ?>
Save the file when you’re done. Then, in a new browser tab, visit “yoursite.com/phpinfo.phpâ€. Be sure to replace “yoursite.com†with your domain name.
Now you should see a page that displays your server’s PHP configuration information.
The PHP version your server is running should be listed at the top of the screen. If it begins with 7 or 8, an outdated version of PHP probably isn’t the reason you’re seeing the error message.
If your WordPress version is up to date, it’s important to also check whether the MySQL extension is installed and enabled. It’s possible that the Operating System (OS) you’re using didn’t include the extension by default, which means you’ll have to install it yourself.
To determine whether it’s installed, revisit the phpinfo.php file that you created in the last step. Then, navigate to the mysqli or mysql section. If the MySQL extension is installed, it will indicate the version of it next to the Client API field.
But, if this field is blank or not visible at all, it means that the MySQL extension is not installed. The process for installation will depend on your host. You can refer to the PHP installation guide for details.
If your provider uses cPanel, you can enable the extension by navigating to Software from your cPanel dashboard, then choosing Select PHP Version.
Here, select the most recent version of PHP, then click on the boxes for mysqli and mysqlnd. Save your changes, then revisit your site to see if you’re still seeing the error message.
Alternatively, if you’re unsure about installing the MySQL extension on your own, you may want to reach out to your web host. You can always request that they complete this process for you.
4. Verify that the PHP extension is properly configured
Once you know that your WordPress version is up to date and the MySQL extension is installed, you can safely confirm that something else is causing the problem. Another reason you might be seeing the error message is that the extension is not configured correctly.
There are a few issues that can lead to misconfiguration, including incorrect file paths or using a php.ini file intended for a different type of server. For instance, you may be using one meant for Windows servers on a Linux server.
To verify that your PHP extension is configured properly, navigate back to your phpinfo.php file. Then, locate the Loaded Configuration File item.
This is where you can find the file path value. Note the file path listed here, then look for the extension_dir row.
The file path listed here should match what is listed for the Loaded Configuration File. If not, the next step is to edit your php.ini file to correct it. When you’re done, revisit your site to make sure the error is resolved.
Tips for preventing the MySQL extension error in WordPress from happening again
At this point, you’ve learned how to fix the MySQL extension error in WordPress. But there are also steps that you can take to prevent it from happening in the future.
It’s also crucial to make sure you’re keeping your WordPress software up to date. Not only can this help prevent errors like the MySQL extension issue, but it can provide security and performance enhancements for your site as well.
Finally, be sure to choose a WordPress web host that uses updated versions of PHP. When providers automatically handle these updates for you, this eliminates the need to manually manage it yourself. They can also help streamline server configuration to ensure that you’re adhering to best practices.
In turn, this can reduce the likelihood of running into PHP-related errors. There are a wide variety of high-quality and reliable WordPress hosts to choose from. Some of the top WordPress hosts include Bluehost, DreamHost, and Pressable.
Streamline WordPress website maintenance
WordPress is a powerful and dependable CMS, but you can still run into issues from time to time when using it. You might encounter an error message informing you that “Your PHP installation appears to be missing the MySQL extension which is required by WordPress.†Fortunately, there are a handful of solutions you can use to resolve this problem.
As we discussed, there are four measures you can take to fix this error in WordPress:
Update your WordPress software and plugins.
Check your PHP version and update it, if necessary.
Ensure that the MySQL extension is installed.
Verify that the PHP extension is properly configured.
To help prevent WordPress errors from happening in the future and to make troubleshooting and resolving any issues easier, it’s important to back up your site in real time. Learn how Jetpack Backup can make this a breeze!
There’s a lot of work that goes into building and maintaining an online store. Therefore, it’s important to make sure that you know how to back up your WooCommerce store to avoid losing critical data, like your orders, products, and database.
The good news is that there are multiple solutions you can use for backing up WooCommerce. The best option will depend on a handful of factors, like whether you want to use a plugin and the type of backups you want to create.
In this post, we’ll discuss the importance of backing up your WooCommerce store and how often you should do it. Then, we’ll walk you through the methods you can use to back up your store and restore it. Finally, we’ll answer some common questions about this process.
Why back up your WooCommerce store?
There are a number of reasons why you should regularly back up your WooCommerce store. For starters, it will help you protect your data in case of a technical issue or human error.
If you’re updating your site, installing a new plugin, or making any other changes to your content, there’s a chance that something will go wrong. If it does, it’s important that you have a current version to restore.
The same is true for cyber attacks. You’ll want to have a safe copy of your website to roll back to in the event that a hacker infiltrates and infects your site with malicious code or malware.
Another reason to back up your store is to keep a record of your data. This can be useful for auditing purposes, or if you need to reference past orders when dealing with queries and complaints.
In summary, backups help ensure that you can always access your data, even if your WooCommerce site goes down and you’re unable to log in. Hosting issues, cyberattacks, and unexpected outages are all things that can cause downtime.
How often should I back up WooCommerce?
How frequently you back up a WordPress site depends on how often you add or change data. Static or small websites may only require backups periodically — daily is a good option.
But WooCommerce sites are a different story. Not only is there usually a lot more activity, it’s all the more important to protect data like orders and customer submissions. You don’t want to lose a single one.
For this reason, WooCommerce stores shouldn’t really settle for anything less than real-time backups, which save a new copy every single time an order is placed, a product is updated, or anything else happens on the site.
You canmanually back up a WordPress site at regular intervals. It’s not the most efficient process, but does allow you to avoid using a plugin. But for real-time backups, you’ll want to use a tool like Jetpack Backup.
Jetpack continuously monitors your WooCommerce store for changes. Whenever you update your content, a snapshot of this change will be safely stored. These happen automatically, so you never have to remember to take a backup. And if you ever need to restore a copy, you can do so in just a few clicks — no code or server edits required!
What should I include in a WooCommerce backup?
When it comes to creating a WooCommerce backup, there are two main areas you’ll need to consider: your database and your files. The database contains all of your critical data — if you lose this, you’ll lose your entire store.
Your WooCommerce database contains:
Products
Customers
Orders
Tax information
Meanwhile, your files contain all of your media. If you lose these files, you’ll lose all of your product images and videos.
Another important area is your settings, which include your shipping methods and payment gateways. Your store’s settings will typically be included in your database and files, so you won’t need to create a separate backup for them.
How to back up your WooCommerce database
There are several methods that you can use to back up your WooCommerce database. The best solution will depend on a handful of factors, like your experience level and the type of hosting plan you use. Let’s take a close look at each option.
1. Back up WooCommerce in real-time with a plugin
The quickest and easiest method for backing up your WooCommerce database is to use a plugin like Jetpack Backup, which includes:
Automated real-time backups
10GB of storage space (1TB option also available)
One-click restores
A 30-day backup archive
Easy setup
Off-site storage
Once installed and activated on your website, you can access the tool by navigating to Jetpack → Backup from your WordPress admin area.
Here, you can manage all of your backups. You can also restore your site to any past state while keeping your customer data and orders current.
2. Back up WooCommerce using your web host
If you don’t want to install a plugin on your website, you can back up WooCommerce through your web host. The options that are available to you will depend on your hosting plan.
Many providers offer backups as part of their packages, while others make them available as a premium add-on. It’s best to check with your web host to see which options are included with your plan and upgrade your service if necessary.
The actual steps involved in backing up your WooCommerce store will depend on your host, but the process will be similar. You can start by logging into your hosting control panel.
If your web host uses cPanel, navigate to the Files section and select the Backup application.
On the next screen, you’ll see some backup options:
If you want to back up your entire site, select the Download a Full Account Backup button. Note that you might want to save it to your local device, as some providers will automatically delete backups after 48 hours.
Alternatively, you can scroll down to the Download a MySQL Database Backup section.
Here, you can locate your WooCommerce database from the list. Then, select the link to begin the download process. The backup will be stored as an .sql file on your computer.
If your hosting provider doesn’t use cPanel, you may still have options for backing up your WooCommerce database. Let’s use SiteGround as an example.
To get started, log into your account and navigate to Websites. Next to your domain name, select Site Tools. Then, go to Security → Backups.
After naming your backup, click on the Create button. Once your backup is complete, you can view it from the Manage Backups log located on the same page.
Keep in mind that, by choosing this option, you’re relying completely on your host. It’s very possible that something goes wrong and your backups aren’t stored or completed correctly. Hosting providers typically only back up your site on a daily or weekly basis, and only store backups for a certain period of time. If something goes wrong, this could mean that you don’t have what you need to get back up and running.
And, if your store goes down because of a hosting issue, you don’t have an alternative option for accessing and restoring your backups.
3. Back up WooCommerce manually
A third option for creating a WooCommerce backup is to use the manual approach. This method can be a little tedious and time-consuming. As such, we only recommend it as a last resort.
You’ll need to back up your WooCommerce files and database separately. You can do this using a cPanel File Manager or File Transfer Protocol (FTP) client, and phpMyAdmin.
In the following tutorial, we’ll cover FTP and phpMyAdmin, since we’ve already discussed how to back up your site via cPanel.
Backing up WooCommerce files via FTP
To get started, you’ll need to download an FTP client like FileZilla.
Once you launch the FTP client, log in to connect to your site. You can find your FTP credentials in your web hosting account. You’ll need your hostname, username, password, and port number.
After you successfully connect to your site, navigate to the public_html folder, right-click on it, and select Download.
You can store and save your files as a ZIP folder on your device. The next step is to back up your database.
Backing up your WooCommerce database
You can use phpMyAdmin to manually back up your WooCommerce database. To get started, log into your hosting account and navigate to phpMyAdmin under Databases.
On the next page, you can find a list of databases. Choose your database, then select all of the tables and click on the Export tab.
Next, you’ll need to choose a backup format. You can keep it as the default SQL.
When you’re done, click on the Go button to download the database. Then, you can move the database backup to the folder that contains the site files you downloaded earlier.
Beyond the time required, manual backups run the risk of human error. If you find yourself needing to restore a backup, the last thing you want is to realize that your backup is faulty. Plus, manual backups mean you may not have a copy of the most recent site changes or store orders. It’s for these reasons that we generally don’t recommend relying on manual backups.
How to restore your WooCommerce backup
Regardless of the method that you used to create your WooCommerce backup, you should be able to restore it in a few simple steps. The best option will depend on the solution you used to back it up.
Let’s take a look at how to restore your WooCommerce backup based on the three main methods we’ve discussed in the last section.
1. Restore a backup with one click using Jetpack
If you have Jetpack Backup installed and activated on your site, you can restore your WooCommerce backup in just one click. The great thing about using Jetpack Backup is that all of your orders will be saved — regardless of the point you restore to. There are two main options to choose from.
The first is to restore it to a particular event. To do this, navigate to your WordPress.com account (which you can do even if your site is down!) and go to your Activity Log. On this screen, you can use the filters to search by date or activity type.
Once you find the event you’re looking for, you can select the Actions button next to it, followed by Restore to this point.
This will open the Restore Site panel. Here, you can select any items you don’t want to restore. If you want to retrieve all of the content, you can simply click on Confirm Restore.
A progress bar will appear, showing you the current status of the process. Once the restoration is complete, you’ll receive a notification via email.
The second option is to restore your site to a specific day. In the WordPress dashboard navigate to Jetpack → Backup.
Here, you’ll see the latest backup of your site. To choose a particular day, you’ll need to click on Select Date from the calendar at the top of the page.
Once you find your preferred date, you can select Restore to this point.
On the next screen, leave the selected options as-is. If you want to exclude certain items, you can uncheck the accompanying boxes. When you’re done, click on the Confirm restore button.
Once again, a progress bar will appear. When the process is complete, you’ll see a confirmation message.
2. Restore a backup from your web host
If you backed up your site via your web host, you can usually restore it in the same way. If your provider uses cPanel, log into your site and navigate to Files →Backup.
This is the same page you used to back up your site, but this time you’ll need to click on the Choose File button under Restore a MySQL Database Backup.
Select the .sql file that you downloaded as your backup, and click on the Upload button to restore it.
Once the process is complete, you should see a message informing you that the database was successfully restored.
3. Restore a manual backup of your store
As we mentioned earlier, you can use the Backup application in cPanel (if your hosting provider offers it) to restore your content. Since this is not always an option, we’ll show you how to manually restore your store using FTP and phpMyAdmin.
Let’s start by restoring your WooCommerce files. Connect to your server via FTP, using the credentials offered by your hosting provider.
Once you’re connected to your server, the remote site panel will display your site directory. Navigate to your public_html folder, then drag and drop the files from the local site panel to your remote site panel.
If you stored your files in a ZIP folder when backing them up, you’ll need to extract them before restoring them. This can take some time, depending on the size of your WooCommerce store.
Next, you can manually restore your database using phpMyAdmin. To get started, log into your hosting cPanel account, then navigate to phpMyAdmin from the Database section.
From the list on the left, select your database, then the Import tab.
On the next screen, you’ll need to click on the Choose File button and select the file that you backed up from your local device or server. Next, make sure that the format is the same as the backup you downloaded (SQL by default).
When you’re done, click on the Go button. As with the files, this restoration process can take some time.
Tips and best practices for creating WooCommerce backups
Creating backups in WooCommerce is fairly straightforward. To ensure that the process goes as smoothly as possible, there are some tips and best practices that you can use.
The first is to create a backup schedule that suits your needs. Ideally, you’ll want to choose real-time backups so that you have a stored version every time you make changes to your site.
Another tip is to create offsite backups. Why? Because keeping your backups on the same server as your store can create a singular point of failure. If something happens to your store or server, you may also lose your backups.
To prevent this, we recommend keeping copies of your site on a third-party platform. Some popular options include Google Cloud Storage, Amazon S3, and Dropbox. Keep in mind that if you use Jetpack, the plugin will automatically store your backups in a separate, secure location.
If you have to retrieve a backup of your WooCommerce site, you might also want to restore it to a staging environment before moving it to your live site. This way, you can test the restored version to make sure that everything looks and functions as it should.
Finally, you might want to periodically test your backup solution to verify that it’s working properly. If you’re using a plugin, you’ll want to make sure that you’re keeping it up to date. Not only can this help strengthen your security, but it minimizes the chances of compatibility issues.
Frequently asked questions about WooCommerce backups
So far, we’ve looked at how to create and restore WooCommerce backups, but you might still have some questions about the process. Let’s answer some of them.
Where are WooCommerce backups stored?
The location of your WooCommerce backups will depend on the method you used to save them. If your hosting plan includes backups, you can access them via cPanel (or a control panel equivalent). These backups are stored on your server.
If you manually back up your WooCommerce store or use a plugin, you can usually access your backups from your local device and/or off-site locations of your choice. For instance, if you use an FTP client, you can store backups on your computer, and then upload them to a third-party platform like Google Drive or Dropbox.
Backups from Jetpack are stored on dedicated servers — the same world-renowned infrastructure used for WordPress.com — so you never have to worry about their security.
You can also use the plugin to create manual backup so that you always have a safe and updated copy in an additional location.
What is the best WooCommerce backup solution?
If you’re looking for the best backup solution, you might want to consider using Jetpack Backup. This premium tool automatically backs up your WooCommerce site so you don’t have to worry about handling it yourself. It also performs real-time backups every time you make changes to your store.
Can I only back up products in WooCommerce?
There may be times when you just want to back up a certain section of your store. Perhaps you don’t want to take up more storage space than necessary or you don’t have enough time to do a complete backup.
Fortunately, you can just back up your WooCommerce products. You can do this manually or by using a plugin.
To do it manually, navigate to the Products tab of your admin dashboard. Next, select all of the products and click on the Export button located at the top of the screen:
This will take you to the Export Products screen. Here, you can select the columns, product types, and product categories that you want to export. If you want to include all of the data, you can leave it as-is.
When you’re done, click on the Generate CSV button.
The CSV file will be downloaded to your computer. You can then move this file to an off-site storage location.
Another option is to use a plugin like Product Import Export for WooCommerce. With the free version, you can export products based on simple, grouped, or external/affiliate types.
This plugin lets you export any custom field that’s assigned to your WooCommerce orders and products. You can also choose from multiple data export format options, including CSV, XML, and JSON.
Additionally, you can rename labels, reorder columns, and apply filters. The tool lets you export order data, a summary of order details, and customer information, which you can then save to the location of your choice.
After you install and activate the plugin, you can navigate to WooCommerce→Export Orders. Then, click on the Export now tab to configure your settings.
You can filter orders by data type and enter certain date ranges. You can also name your export file and select aformat. On the right-hand side, you can choose to apply a wide variety of filters for your products. For instance, you can base it on order statuses, custom fields, and more.
When you’re happy with your changes, you can select the Save settings button at the bottom, followed by Export. This will download a file in the format that you selected.
Start backing up your WooCommerce store
Your WooCommerce store is packed with data, including orders, customer information, and product details. With so many potential threats putting your WordPress site at risk, it’s important to know how to perform a WooCommerce backup.
As we discussed in this post, there are several ways to back up and restore your WooCommerce store. The easiest option is to use a plugin like Jetpack Backup. You can also perform manual backups, though this can be very time-consuming and therefore is not ideal.
Are you looking to create regular WooCommerce backups without much effort? Download Jetpack Backup today!
There are a lot of ways to speed up a website, but one of the most effective is using a Content Delivery Network (CDN). A CDN stores copies of your site, or select content, on a network of servers, then sends that content to your visitors’ computers from the server that can do it the fastest. This is usually one nearest to them geographically.
Using a content delivery network distributes your server’s workload — meaning your site loads faster and more reliably while reducing the resources used by your hosting plan.
Because there are so many options, the question isn’t really whether you should use a CDN for your WordPress site, but which one to use and how to integrate it with WordPress.
Some CDNs are free. Others come with hefty fees. Some require advanced technical knowledge to set up and others are built for WordPress and can be easily integrated with a plugin.
The point is that not all CDNs are the same. Below, you’ll learn how to choose the right CDN for WordPress and how to install it. Then, we’ll discuss the benefits of using a CDN and answer some frequently asked questions.
What’s the best CDN for WordPress?
There are a lot of CDN services that you can use with any website. Although, one downside of most content delivery networks is that they’re premium services. This is because of the infrastructure required behind the scenes.
To put it simply, when you sign up for a CDN, you get access to a global network of real-world data centers. These data centers cache copies of your site and its files.
So, when a visitor goes to access your site, the CDN then ‘intercepts’ that connection and serves the website from the data center that’s closest to the user. This way, the website is delivered more quickly and efficiently.
Essentially, CDNs are optimized to serve content as quickly as possible and to be able to handle massive amounts of traffic. With a CDN, your website still works just as intended, but in most cases, it loads much faster than it would using your hosting provider’s servers alone.
Popular content delivery networks (CDNs)
There are a lot of choices for CDNs. Cloudflare is one popular option that comes with additional services you may or may not want. While it’s well-known, it’s going to be more complicated to set up when compared to other solutions that are completely dedicated to WordPress sites. That said, if you have an advanced site and an IT team available to help, it could be a great option. There are free plans available with limited features, but business plans start at $200 per month and are designed for companies that rely heavily on their website.
Cloudfront is a CDN service from Amazon. It’s part of the Amazon Web Services suite of tools and is another option that could be ideal for sites with a large volume of traffic (hundreds of thousands or millions of hits each month) or a large database of content or products. You’ll need an AWS account and an AWS Identity and Access Management user to get started. Cloudfront does have a plugin for WordPress, but you might want to view the getting started documentation to see if you, or your IT manager, is up for what might be a lengthy setup process. Cloudfront was not designed solely for WordPress sites.
KeyCDN is another CDN for WordPress that you may have heard of. It has powerful, fast servers and a focus on speeding up images — one of the heaviest parts of a website. It also includes a plugin that makes integrating with WordPress relatively simple. However, there are still quite a few settings that require configuration, which can be confusing for non-developers. There’s also no free plan available, and pricing is based on storage space used. This means that the more you grow, the more you’ll have to pay.
The best CDN for most WordPress sites
Unless you’re a larger company, many popular CDNs can be prohibitively expensive or complicated to manage. But most WordPress sites can greatly benefit from an outstanding free option that’s built specifically for WordPress — Jetpack.
Jetpack offers a free CDN that you can use for your website’s images and static files. Those are features built into the base version of the plugin. You don’t even need a premium Jetpack license to access CDN functionality.
Additionally, you can install the Jetpack Boost plugin, which will help you optimize your load times even further. With Jetpack Boost, you can improve your Core Web Vitals by having the plugin optimize your CSS, defer non-critical scripts, and enable lazy loading for your site.
If you’re not sure what CDN to use, you can’t beat Jetpack when it comes to easy integration.
How to install a CDN in WordPress
Typically, installing a CDN involves editing your Domain Name Records (DNS) so they point to the service instead of your web hosting provider. However, that process can vary depending on which content delivery network you’re using.
With Jetpack, you don’t need to edit any domain records to use the CDN functionality. For WordPress CDN setup with Jetpack, all you have to do is install the plugin and activate it. After that, you’ll need to connect the plugin to a WordPress.com account to start taking advantage of its features.
Although Jetpack works with self-hosted WordPress sites, it’s developed by the Automattic team (the same people behind WordPress.com). Creating a free WordPress.com account takes only minutes and you don’t need to use it beyond entering your credentials to activate Jetpack.
How to configure your WordPress CDN
We’re going to use Jetpack CDN as an example. Before you read through it, however, you may want to check out other CDN getting started documentation like this one from Cloudfront. Then, compare Jetpack’s configuration process below to fully understand the difference in ease of use.
How to configure Jetpack CDN
Once the plugin is active on your website, navigate to Jetpack → Settings and open the Performance tab. Look for the section that says Performance & speed and turn on the Enable site accelerator option:
At the bottom of this section, you can also choose to enable lazy loading for images. If you do, visitors won’t have to load all images from your website’s pages at once. Instead, images will only start to load as users scroll down the respective pages.
If you’re using Jetpack Boost, there will be an additional Jetpack → Boost page in the dashboard, where you get access to more performance-related settings. From this page, you can monitor your PageSpeed Insights performance scores for the desktop and mobile versions of your website.
If you already enabled lazy loading via Jetpack, you can skip that setting here. Then, you can turn on the Optimize CSS Loading and Defer Non-Essential JavaScript settings and you’re good to go.
These settings aren’t part of Jetpack’s CDN functionality, but they’re essential if you want to improve your website’s overall performance. All in all, the Jetpack CDN features and Jetpack Boost go hand-in-hand in helping you reduce site load times.
What are the key benefits of Jetpack CDN?
Some CDNs offer massive rosters of servers spread out across the world, which is perfect for large, global enterprises. Others have a wide range of extra features built in. For most sites, these far exceed what they’ll ever need or use.
If you’re running a growing website and simply want to speed up your site without breaking the bank, Jetpack CDN is the ideal option.
With Jetpack, you get to leverage the world-renowned WordPress.com infrastructure to improve your site’s loading times, all for free. Here are some other benefits:
It’s easy to set up. Other CDNs typically involve a complex integration process. In most cases, you need to configure your DNS settings to point to other nameservers to use a CDN. This can be confusing, especially for WordPress beginners. But Jetpack enables you to enhance your website’s performance without a complicated configuration process.
It can reduce your hosting fees. Because many of your large files are offloaded to Jetpack CDNs servers, your storage capacity and bandwidth used with your hosting provider are reduced.
It includes unlimited resources. Many other CDNs charge more based on the size of your site or the number of visits you get in a certain time period. The more you grow, the more you pay! But Jetpack is free no matter how large your site becomes.
It’s built for WordPress. This means that it integrates seamlessly with the themes and plugins you’re already using and you don’t have to spend your valuable time troubleshooting compatibility issues. Plus, it’s always up-to-date with the latest version of WordPress.
It includes automatic image compression. Images are typically one of the heaviest types of files on your WordPress site. Jetpack CDN automatically compresses images as you upload them to reduce their weight, and even optimizes them for mobile devices.
Frequently asked questions (FAQs)
If you still have any questions about CDNs and how they work, this section will answer them. Let’s start by digging into how to use a CDN in WordPress.
What is a CDN in WordPress?
Content delivery networks (CDNs) are services that enable you to cache copies of your site on third-party servers. Typically, CDNs have data centers around the world, which they use to serve the cached copies of your site when a visitor tries to access it.
If you decide to use a CDN, you’ll need to sign up for it. You’ll also have to integrate it with your site manually if you’re looking for ways to improve its performance.
One key advantage of using a CDN with WordPress is that the CMS is so popular that most services offer easy integration with it. That means you usually get access to plugins or in-depth instructions on how to configure a CDN to work with your WordPress website.
Do I need to use a CDN?
Using a CDN isn’t strictly necessary for any website, but it’s recommended in most cases. That’s because ensuring that your website loads as fast as possible will improve the user experience and can help reduce its overall bounce rate.
In most cases, integrating a CDN with WordPress will drastically reduce loading times almost immediately. If you combine the use of a CDN with other performance improvement tweaks, you’ll be able to offer the best possible user experience.
If you don’t have the budget for a paid CDN, you can use a service like Jetpack. With Jetpack, you get access to most of the features that paid CDN services offer, all for free. If you want access to more advanced features you can always choose to upgrade to a premium Jetpack plan.
What are the benefits of using a CDN for WordPress?
The main benefit of using a CDN is to reduce your website’s load times. CDNs achieve this by serving cached copies of your site from the closest data center to its visitors. Their servers are optimized for performance. What’s more, they can typically handle a lot more concurrent traffic than regular hosting plans.
Besides performance improvements, CDNs also offer a range of additional benefits. Some of them include:
Increased security: With a CDN, you get an added layer of security between attackers and your website. Some CDNs also offer web firewall functionality, which enables you to block connections from malicious sources.
Protection against DDoS attacks: Most CDNs offer protection against distributed denial of service (DDoS) attacks. A DDoS attack is when someone directs massive amounts of concurrent traffic to your website to overwhelm it, making it impossible to access.
Diminishing your server’s workload: Since a CDN handles most visitor requests, your server doesn’t have to work as much. Often, that means you can opt for a less expensive hosting plan without sacrificing quality.
If you’re using a free CDN like Jetpack, there’s basically no downside. Premium CDNs can be expensive, so it becomes a question of how much the increase in performance and the other benefits outweigh the costs. With a free (and powerful) CDN, it’s all upside.
Is there a free CDN built specifically for WordPress?
Jetpack is the only WordPress-specific CDN on the market. Some of Jetpack’s features are only for users with premium licenses, like real-time WordPress backups and Customer Relationship Management (CRM) tools. Jetpack CDN, on the other hand, is available for all users.
To get started using Jetpack and its built-in CDN, you only need to install the plugin and set up a free WordPress.com account. You can also install Jetpack Boost to improve performance even further.
Will a CDN improve my WordPress site’s performance?
In the vast majority of cases, using a CDN will result in an immediate performance boost. That’s because most CDN servers are far better optimized than regular ones. CDNs also offer data centers around the world, which cut down on latency issues when connecting to websites hosted in distant regions.
If you’re using a performance-oriented WordPress hosting provider and you’ve configured your website properly, it might already load quickly. However, using a CDN can further reduce load times, which is always a positive.
What else can I do to improve my site’s performance?
There are a lot of ways to improve a website’s performance. When you set up a new WordPress website, it should load almost instantly. If it doesn’t, it’s likely that your web host is the problem.
Unfortunately, not all web hosts are optimized for performance, even if you’re not using a shared hosting plan. If you have a brand new website and it’s taking more than two seconds to load, you might want to consider switching to a different hosting provider.
On the other hand, if you’re happy with your web host and your site’s basic performance, there are still a lot of ways to reduce load times even further. Among those methods, you have options like:
Compressing images before or during upload. Images can take up a lot of server space and they can slow down loading times drastically. Instead of avoiding images, we recommend compressing them to reduce overall file sizes.
Enabling browser caching. With browser caching, visitors can store files from your site locally. That way, they don’t need to reload your website fully every time they visit it.
Turn on lazy loading for images. This feature makes it so that users don’t load images until they scroll down to see them. Lazy loading helps reduce the initial loading times for a page.
Minifying CSS and JavaScript. Most modern websites use a varied collection of CSS and JavaScript. Minifying these files reduces how long they take to load.
On top of those optimizations, you’d also be wise to consider Core Web Vitals. These are user experience metrics that Google takes into account when ranking websites in search results. Core Web Vitals are directly related to website performance.
If you use Jetpack Boost, the plugin can help you measure and improve your Core Web Vitals.
Use a content delivery network (CDN) to improve your WordPress website’s performance
Making sure that your website is as fast as possible is key to providing a positive user experience. If you don’t, slow load times can cause you to lose visitors. Using a CDN is perhaps the best way to improve your site’s performance.
There are a lot of options for CDNs that you can use with WordPress, but Jetpack CDN is a great, free tool that’s easy to configure. For most sites, Jetpack is the ideal tool to instantly improve site performance.
Check out Jetpack’s complete lineup of WordPress security, performance, and growth tools.
If you’re just getting started with WordPress development, one of the most important files you should familiarize yourself with is the functions.php file. There are actually three possible functions.php files that you might use on your WordPress website, and each plays a different role. Knowing where these files live, what their purpose is, and how and when to modify them will help you when troubleshooting issues and give you more control over your site’s functionality.
In this article, we’ll cover everything you need to know about WordPress functions.php files. You’ll learn what functions.php does and how to find and edit it. We’ll even include a few useful code snippets to try out.
You can start at the beginning and read through or jump to a specific section using the table of contents below:
In WordPress, the functions.php file is where vital code lives that determines the way your site works. There are actually at least two functions.php files in every WordPress website — one included with WordPress core and one included with your theme. If you’re using a child theme, you should also have a functions.php in your child theme folder.
The functions.php file in WordPress core contains important code that’s required for WordPress to function. You should almost never modify the code in WordPress core’s functions.php file.
Your theme’s functions.php file is where all the theme-specific features of your website live — like custom menu locations, widget areas, custom header and footer content and functionality, post excerpt length, and more.
Your theme’s functions.php file behaves in much the same way as a WordPress plugin. The difference is that functions.php should be used for code that is theme-specific, while plugins should be used for functionality that will remain even when you switch themes.
Where is the functions.php file located?
We’ve talked about what the functions.php file does both in WordPress core and in the theme files, but how do you find the functions.php file? Where is functions.php in WordPress?
All of your WordPress files are located in your site’s root directory and in various subfolders. Your root directory is usually named something like public_html or www, but may have a different name. If you aren’t sure where to find your WordPress installation folder on your server, contact your web host.
Once you’ve found where your WordPress files are located on your server, you can start looking for your functions.php files. We’ve mentioned that there are up to three locations for functions.php: WordPress core, your theme folder, and your child theme folder. In this section we’ll go over where to find each one.
Where is functions.php in WordPress core?
If you’re looking for the location of functions.php in WordPress core, you’ll find it in the wp-includes folder of your WordPress installation.
While you should never edit functions.php in WordPress core, you may find yourself needing to inspect it for one reason or another. The most likely scenario for poking around in functions.php in WordPress core is if you suspect that malware has been injected into it.
Before even opening functions.php, you should make a backup of your WordPress site in case you accidentally make a change to the file that causes a critical error. If you find that functions.php has been corrupted or hacked, chances are you may have other areas of WordPress that are affected. The best thing to do is simply replace WordPress with a fresh installation, rather than trying to remove all the offending scripts one-by-one.
Where is functions.php in my WordPress theme folder?
Your theme’s functions.php file is located in the main directory of your theme folder: wp-content → themes → yourtheme.
Where is functions.php in the WordPress child theme folder?
The WordPress child theme functions.php file is located in the main directory of your child theme folder: wp-content → themes → yourtheme-child.
How do I access functions.php?
Knowing where functions.php lives is only half the job. Now comes the question of how to access functions.php in WordPress. While the functions.php file in WordPress core can only be accessed through secure file transfer protocol (SFTP) or through cPanel, your theme and child theme functions.php files can also be accessed in the WordPress Theme File Editor.
Accessing functions.php in the WordPress Theme File Editor
If you need to access your theme or child theme’s functions.php file, you can do so directly from the WordPress Theme File Editor. In your WordPress dashboard, go to Appearance → Theme File Editor.
You’ll be taken to the Edit Themes page. From here, under the dropdown next to Select theme to edit, choose your theme and click Select. You’ll see a list of files available to edit under the Theme Files column at the far right of your screen. Click functions.php to open the file.
If you’re in your parent theme’s functions.php file, you’ll see a warning notice on the bottom of the screen above the Update File button that says, “Caution: This is a file in your current parent theme.â€
Note: If you’re not the theme developer, you should make your changes in your child theme’s functions.php file to avoid having your edits overwritten in future theme updates.
Accessing functions.php via SFTP
Step 1: Install your SFTP client. If you don’t have an SFTP client already, you’ll need to download one. There are some great free and premium options out there, including:
In this example, we’ll be using Filezilla. Other SFTP clients should work in a similar fashion.
Step 2: Retrieve your SFTP credentials. To log into your server via SFTP you’ll need the following details:
Host (your server’s IP address or url)
SFTP username
Password
Port number
These details can usually be found in your hosting control panel. This information might be generated for you or your host may prompt you to create an SFTP username and password. If you don’t know where to find these credentials or have trouble figuring out how to create them, search your host’s help documentation for instructions or contact their support team.
Step 3: Enter your SFTP credentials.
Enter your host’s IP address or url, your SFTP username, password, and the port number (usually 22 or 2222, but some hosts may use a different port).
Note: You might get a ‘host key unknown’ alert if your SFTP client uses trust on first use (TOFU) authentication. Check ‘Always trust this host, add this key to the cache’ if you plan on using your SFTP client to access the site again. Click OK to proceed.
Step 4: Navigate to your website’s root directory.
Once you’ve logged in, you’ll see two file trees displayed at the button of your screen — one on the left and one on the right. The right side lists the directories on your web server (remote). The left side lists the directories on your computer (local).
Your root directory is usually in a folder labeled www or public_html, but it might use a different name. If you aren’t sure what folder to look in, ask your hosting provider. You’ll know you’re in the correct folder if you see the wp-admin, wp-content, and wp-includes folders near the top of your file list.
Step 5: Navigate to functions.php in WordPress core, your parent theme, or child theme. If you’re looking for functions.php in WordPress core, you’ll navigate to the wp-includes folder.
If you’re looking for functions.php in your theme directory, you’ll navigate to wp-content → themes → yourtheme.
To find your child theme’s functions.php file, go to wp-content → themes → yourtheme-child.
Step 6: Download functions.php. Now that you know where functions.php is located and have accessed it, you might want to inspect or edit the file. Before you can do that, you’ll need to download it. Right click on your functions.php file and select Download. Your file will be downloaded to your local machine.
Accessing functions.php in cPanel
If your host uses cPanel, you can access functions.php through its file manager. If you don’t know how to find cPanel in your host’s dashboard, contact their customer support for help.
Step 1: Open cPanel’s File Manager. Once you’re in cPanel, navigate to the Files section and click on File Manager.
Step 2: Open your website’s root folder. The root folder is commonly called www or public_html, but it may have another name. Root folder naming conventions differ on some hosts, so if you aren’t sure what folder to look in, ask your hosting provider.
You’ll know you’re in the correct folder if you see the wp-admin, wp-content, and wp-includes folders near the top of your file list.
Step 3: Find and download functions.php. The functions.php file for WordPress core is located in your wp-includes folder.
Your theme’s functions.php file is located in wp-content → themes → yourtheme.
If you’re looking for your child theme’s functions.php file, you can find it in wp-content → themes → yourtheme-child.
When you’ve found the functions.php file you’re looking for, right click on functions.php and click Download, or single-click functions.php and then click the Download option from the top menu.
If you rename your file when you save it, make sure to name it back to functions.php before re-uploading it. And before you make changes to and overwrite functions.php, back up your WordPress site.
When should I edit functions.php in WordPress?
Before we dive in to how to edit functions.php, we should talk about if and when you should edit it. There are many reasons you might want to edit PHP code in WordPress, but adding that code to your functions.php file is not always the best option and should only be done under certain circumstances, which we’ll discuss below.
When to edit functions.php in WordPress core
Never. You shouldn’t edit functions.php in WordPress core. At most, you might replace it if you find that it’s been corrupted, but deleting or adding code to WordPress core functions.php is likely to break your site. So, you can open it, inspect it, replace it with a fresh copy if you need to, but don’t mess around on any live websites.
When to edit functions.php in your theme
When it comes to your theme’s functions.php file, you may or may not need to edit it. If you’re creating your own theme, you’ll most certainly want to add some custom code to functions.php. Just about every theme has code in its functions.php file that gives it a unique set of features and capabilities. Besides your stylesheets, these functions are a huge part of what makes one theme different from another.
If you’re adding code to your theme’s functions.php file that isn’t specific to your theme and could be used independently of your theme, consider making it a plugin instead. This way you can use that feature across multiple themes and even submit it to the WordPress.org plugin library where it might benefit other WordPress users.
Before creating your plugin, check the plugin library to make sure what you’re creating doesn’t already exist. If a quality solution exists already, you might want to save your development energy for a different custom feature on your site.
When to edit functions.php in your child theme
If you’re using a theme from a developer, and want to modify the functions.php file, you should always use a child theme to make those changes. When theme developers issue a new version of their theme and you update to the latest one, your current theme is overwritten by the new files — including functions.php.
Child themes are unaffected by parent theme updates, so you’ll retain all your custom code if you make changes in a child theme’s functions.php file.
Before adding code, consider whether using a plugin would be a better solution. Is the code you’re adding specific to your theme? Edit your child theme’s functions.php file. Is the code you’re adding something you want to still have if you change themes in the future (e.g. Google Analytics tracking code or Facebook pixel)? Use a plugin.
How to edit functions.php in WordPress
You should always take steps to protect your site from any mistakes you might make while editing functions.php. So before you start making edits, back up your site and consider creating a staging site to test them first. This way your live site is not disrupted if you accidentally add some code to functions.php that causes major issues or — even worse — crashes your site completely.
Now that you’ve backed up your site, you can move on to editing your functions.php file.
How to edit functions.php in the WordPress Theme File Editor
Editing functions.php in the WordPress Theme File Editor is a little risky. If you’re using this tool because you don’t have access to cPanel or SFTP, then you’ll be in a pretty bad situation if your edits cause a fatal error that prevents you from accessing your WordPress dashboard.
If you want to edit functions.php in the Theme File Editor, make sure that you have direct access to the server and your backups so you can restore your backup file quickly.
You can find the WordPress Theme File Editor under Appearance → Theme File Editor in your WordPress admin panel.
You’ll be taken to the Edit Themes screen, where you should select your child theme, then select the functions.php file from the Theme Files column at the right of your screen.
If you’ve selected the parent theme instead, you’ll see a warning at the bottom of your screen that says, “Caution: This is a file in your current parent theme.†You don’t want to make edits to your parent theme’s functions.php file because your changes will be overwritten the next time you update your theme.
If you see functions in your file that you don’t understand, WordPress includes a handy documentation lookup feature just above the Update File button. Click the dropdown and search for the function name that you want to learn more about and click Look Up. You’ll be directed to the WordPress.org documentation for that function.
When you’re done with your changes, click Update File. Check the front and back end of your site to make sure everything is still working as intended. If you encounter a fatal error and need to restore functions.php from your backup, you can do that in cPanel or via SFTP.
Editing functions.php with a text editor
The best way to edit functions.php is in your code editing software of choice. Since you’re editing a copy that’s offline on your local computer, you don’t have to be connected to the internet to work on your file. You’ll also have more control over when you commit your changes to your live site.
You can edit your code whenever you like and upload your changes at a time when your website normally gets the least traffic. That way, if there are any issues, the fewest number of visitors will be impacted.
Step 1: Open functions.php in your text editor. If you aren’t familiar with using a text editor, there are several free options to choose from.
Step 2: Edit functions.php and save to your local machine. Your display may look different depending on what program you use to edit your functions.php file. This is what PHP code looks like in atom.io:
Add or change whatever information you need to, then save your file.
Step 3: Log into your web server via SFTP or cPanel. Navigate to your theme or child theme folder and find the functions.php file.
Step 4: Change the file name of functions.php on your web server. In case your edited version contains errors, you don’t want to overwrite your original functions.php file. You’ve made a backup, of course, but instead of having to pull the functions.php file from your backup, you’ll have your original file on-hand.
You want to be able to restore the functions.php file quickly if something goes wrong, so renaming it to something like ‘functions-orginal.php’ will make sure that the contents of the original file are preserved on your server.
Step 5: Upload functions.php from your local machine to your webserver. Using SFTP or cPanel, upload your functions.php file to your theme or child theme’s main directory.
Step 6: Visit your website to make sure it’s working correctly. Once you’ve uploaded your functions.php file, you should check to make sure that everything is working on your site. Visit the front end and log in to the WordPress dashboard to make sure everything is accessible and displays and functions correctly.
Step 7: Delete the old, renamed functions.php file. Once you’ve established that your site is working properly, you can delete functions-original.php (or whatever you renamed it to). If you find an issue down the road, you should still have your functions.php file from the backup you made.
Editing functions.php directly in cPanel
If you don’t have or don’t want to use a source code editor, you can edit functions.php directly in cPanel (if your host uses cPanel). Like editing in the WordPress Theme File Editor, it’s a little more risky than working on your local machine. If your internet connection is disrupted while you’re editing, you could lose your changes. You also run the risk of potentially overwriting your original functions.php file.
Step 1: Find functions.php in cPanel. In cPanel, click on File Manager.
Navigate to your root folder (usually public_html or www, but it could have a different name).
Step 2: Make a copy of functions.php. In your File Manager main menu, click + Folder to add a new folder. You’ll want to make a copy of your functions.php file and save it here as a backup.
Name your new folder something easy to identify like ‘backup functions’ so you can easily find it later. Click Create New Folder.
Step 3: Find functions.php in your theme or child theme folder and copy it to the backup folder. In your theme or child theme folder, scroll down to functions.php and right click on the file name. Select Copy.
A dialog box will appear asking you to enter the path you want to copy the file to. The path to the folder you’re currently in will be pre-populated, so if the file path to your backup folder differs from what you see, type in the correct path. Click Copy File(s).
Step 4: Navigate back to functions.php in the theme or child theme directory. Now that you have a backup, you can go back to the functions.php file in the theme or child theme directory and start editing.
Right click on functions.php, then click Edit.
Step 5: Edit functions.php. You should now see the contents of your functions.php file on your screen. It should look something like this:
Add or change whatever information you need, then save your file.
Using a plugin to add functions to your WordPress site
Instead of directly modifying the functions.php file, you can use a plugin like Code Snippets to add functions to your website. If you need to add a fair number of functions to your site, it can be easy to lose track of which functions you still need and which you don’t.
Code Snippets provides a graphical user interface (GUI) for managing your blocks of PHP code. You can add descriptions so that you know what the code is supposed to do, and turn blocks of code on and off, much like activating and deactivating a plugin.
Since you’re not making changes to functions.php, it’s a much safer method of adding PHP functions to your WordPress site.
How to protect functions.php from security exploits
The functions.php file is often a target of hackers, so keeping it safe should be a high priority. Take the following steps to help you secure your functions.php file:
1. Install a security plugin
By using a security plugin, you’ll enjoy advanced protection from hackers across multiple areas of your site.
Jetpack Security is an inexpensive option that helps keep your site safe from malicious attacks. It includes malware scanning and one-click fixes, brute force attack protection, downtime monitoring, an activity log so you know if and when your site was hacked, and login protection via two-factor authentication (2FA).
Jetpack Security also monitors your site for any changes to core WordPress files, outdated or insecure plugins, and other vulnerabilities so that you can catch them before a hacker finds them and takes advantage.
Plus, it provides real-time WordPress backups so you can quickly restore a clean version if anything goes wrong — even if you can’t log into your site.
2. Deny access to WordPress core functions.php via the .htaccess file
If your website is hosted on an Apache server, you can use an .htaccess file to help protect your WordPress core functions.php file by blocking access to the entire wp-includes folder.
Step 1: Download .htaccess
Using SFTP or cPanel, navigate to the root folder of your website. Right click on .htaccess and select Download to download the file to your local computer.
Step 2: Add code to block access to the wp-includes folder
In a source code or plain text editor, open .htaccess and add the following code:
Save your file. Make sure that your editor program does not include a file extension. If you’re using Notepad++ or Text Edit, it may add a .txt file extension. The file should simply be named ‘.htaccess.’
Step 3: Upload the edited .htaccess back to the root folder
Upload your edited .htaccess file back to your website’s root folder. You’ll be asked if you want to overwrite the existing file. Click Ok.
Now your .htaccess file should block external access to any files in your wp-includes folder, including functions.php.
3. Deny access to functions.php using functions.php
You can block direct access to your functions.php file by adding the following code snippet directly to functions.php.
if (!empty($_SERVER[‘SCRIPT_FILENAME’]) && ‘functions.php’ ==
basename($_SERVER[‘SCRIPT_FILENAME’]))
{
die (‘Access denied!’);
}
4. Hide functions.php outside of the root directory
Hackers know the default location of all standard WordPress files. Changing the location of sensitive files to a restricted access folder outside the root directory can keep it out of reach of hackers. This process is a little more involved than just adding some code to your .htaccess file, but it’s worth the extra effort for the additional layer of protection to your website.
In just a few steps, you can secure functions.php outside of the root folder.
Step 1 : Download your current functions.php file
If you’re moving your theme’s functions.php file, you’ll find it under wp-content → themes → yourtheme. Your child theme’s file will be in wp-content → themes → yourtheme-child.
Once you’ve found your functions.php file, download it to your computer via SFTP or cPanel.
Step 2 : Create a new directory outside of the root folder
Navigate outside of your root directory to the next file folder level up. You should see the name of your root folder as well as several other folders. In this directory, right click and select Create directory.
Give your directory a name that’s easy to remember as the location of your functions.php file.
Step 3: Upload functions.php to your new folder
Upload the functions.php file you downloaded earlier into your new folder via SFTP or cPanel.
Check your new folder and functions.php file permissions and make sure they’re set to 600.
Step 4 : Point WordPress to the new functions.php file
You should have a functions.php file in your new directory as well as the original functions.php file that is still in your theme folder. In order for WordPress to find and use the correct file, you’ll want to delete all the information in your theme file’s functions.php file and the following code snippet:
Note: Your file path will look different, as you’ll be using your server’s directory names.
In cPanel, you can open the root directory’s functions.php file and edit it directly or you can edit the copy you downloaded to your local machine earlier using a source code editor. For this example, we’ve edited the copy we downloaded earlier using Atom.io.
Save your funtions.php file and upload it back to your theme directory.
You’ll be asked if you want to overwrite the file. Click Ok.
Now, WordPress should reference your new functions.php file in its secure location outside of the root folder.
4. Change the name of your functions.php file
Changing the name of your functions.php file is another step you can take to keep it safe from hackers. You’ll need to host this file outside of your root folder, so if you’ve followed the process in Hide functions.php outside of the root directory, you’ll only need to take a few additional steps.
Step 1: In your secure directory outside the root folder, change the file name of functions.php
Go to the functions.php folder hosted outside of your root directory and change the file name to something unique, like ‘keep-out.php’ or ‘these-are-not-the-functions-you-are-looking-for.php’. Okay, that last one’s a little long, but it doesn’t really matter what you call it as long as you include it in the file path in the theme folder copy of functions.php.
Step 2: Edit the code in functions.php in your root directory to reflect the name change
Now that you’ve changed the name to something other than functions.php, you’ll need to make sure your theme directory copy of functions.php is pointing to the right file name.
Download the root folder copy of functions.php to your local computer and edit it with your text editor. Change the functions.php file name to your new file name, then save your file.
Step 3: Upload functions.php back to the theme directory
You’ll be asked if you want to overwrite the existing file. Click Ok.
Now WordPress should point to your renamed functions file.
Additional layers of security for functions.php
You can add some additional protection to your website as a whole, including your functions.php file, by making similar changes to your wp-config file like renaming it, hosting it outside the root directory, and denying public access.
What code can I add to functions.php in WordPress?
There are a lot of different code snippets that you can add to your WordPress functions.php file. However, you’re often better served by using a plugin (or writing your own plugin) for many functions. If the code you want to add is specific to your theme, then you can add that PHP code to your child theme’s functions.php file.
Below are a handful of useful functions you might insert into your child theme’s functions.php file:
Adding a new admin user in functions.php
If you’ve lost admin access to your WordPress dashboard and can’t recover your username or password via email, you can create a new admin user through your hosting account. Either via SFTP or cPanel, you can download your functions.php file and add the following code to create a new admin user for your site.
In the above code, replace ‘your-username’, ‘your-password’, and ‘your-email’ with your own credentials. Save your functions.php file and re-upload it to your theme folder. This will create a new admin user with the username, password, and email address that you’ve assigned in the code.
After you’ve uploaded your file, navigate to your site’s login page and use your new username and password to log in. Once your login is successful and you’ve confirmed that you have admin privileges, you should remove the code that you added to create your new admin account from functions.php.
Adding and removing image sizes in functions.php
When you upload an image to the WordPress Media Library, multiple variations of your image are generated. WordPress has default thumbnail, small, medium, and large sizes that are used in addition to your full size image. Your theme will generally pull the optimal image size for individual parts of your site.
If you’re creating your own theme or need to make modifications to a child theme to accommodate additional custom image sizes, you can do so in your functions.php file.
Use the following code and change your custom image size name from ‘custom-small-square’ and ‘custom-landscape’ to whatever name you’d like to use. The numbers next to your custom image size name represent the image size in pixels, so enter the pixel values with width first and height second.
Keep in mind that additional custom image sizes can weigh down your site and impact load times. If you have some WordPress default image sizes that your theme doesn’t use, you may want to delete and disable those to make room for your custom sizes.
If you want to disable WordPress default image sizes, you can place this code snippet into your functions.php file:
add_filter( 'intermediate_image_sizes_advanced', 'prefix_remove_default_images' );
// This will remove the small, medium, and large default image sizes.
function prefix_remove_default_images( $sizes ) {
unset( $sizes['small']); // 150px
unset( $sizes['medium']); // 300px
unset( $sizes['large']); // 1024px
return $sizes;
}
If you only need to disable one or two sizes, you can only add those sizes to the code above and delete the code that you don’t need.
Use functions.php to allow additional file types in uploads
WordPress only allows a few different file types to be uploaded in your WordPress dashboard. This is a reasonable security measure, but you might encounter a situation where you need to upload a file type that’s not natively allowed.
To add more allowed file types to WordPress, add the following code to your child theme’s functions.php:
For the above example, we used the stl file type, which is a CAD file type. It’s an unusual file type to upload to a website outside of certain niche industries, but if your site is for an industrial designer, engineering firm, or even an orthodontics lab, you might find the ability to upload STL files really useful.
You can replace the $mime_type variable with whatever file extension suits the needs of your website. You’ll also need to include the media type and subtype after that (e.g. ‘application/sla’ or ‘image/octet-stream’). Here’s a complete list of mime types that you can refer to.
Frequently asked questions about editing the functions.php file in WordPress
We’ve covered what the functions.php file is, how to find functions.php, how to access it, how to edit it, and a few code snippets you can add to your functions.php file. We’ll wrap things up with a few helpful answers to frequently asked questions.
Do I really need to use a child theme to edit functions.php?
The short answer? Yes.
If you’re a theme developer, you’ll definitely want to add your theme-specific functions directly to your theme’s functions.php file. If you’re modifying a theme from another developer that will get regular updates, however, you’ll absolutely want to use functions.php within a child theme.
Most theme developers will periodically make updates to their themes for security and performance reasons, or to add new features. If you change the parent theme’s functions.php file, those changes will all be overwritten when you update to your theme’s latest version. All your hard work and customizations — poof! Gone.
Child themes aren’t touched when the parent theme updates, so if you make changes to your child theme’s functions.php file, your changes will be preserved any time you update your parent theme.
I edited functions.php and now I don’t have access to my WordPress dashboard. Help!
In the unfortunate event that you edited the functions.php file and caused a critical error on your site that kept you from accessing the WordPress dashboard, don’t worry — all is not lost!
There are a few things you can do to restore access to your site. You can edit functions.php via SFTP and a text editor or directly in cPanel if you know which bit of code caused the issue. Alternatively, you can restore functions.php from a backup or download a fresh copy of functions.php from your theme developer.
I know what code I messed up. I just need to access and edit functions.php to fix it.
See How to edit functions.phpabove for instructions on how to access and edit your theme or child theme’s functions.php file.
I have no clue what I did to my functions.php file, but I have a backup.
If you have a backup on hand, you can access your files either on your web host’s server or your remote server (depending on where you have opted to store these files), and use them to replace your corrupt functions.php file via SFTP or cPanel.
If you feel more comfortable restoring your entire site backup rather than trying to restore just the functions.php file, our article, “How to Restore WordPress from a Backup†goes in depth on the different methods you can use to restore your WordPress site.
I have no idea what code caused the problem and I didn’t make a backup.
If you don’t have a backup, you can download a fresh copy of the theme you’re using from your theme developer, extract the functions.php file, and overwrite the broken functions.php file on your server via SFTP or cPanel.
Note: If you’re using a theme that hasn’t been updated in awhile, you may encounter issues in overwriting functions.php with a version that’s from a much more recent update. If you encounter issues, you might be better off just manually updating your entire theme to the latest version. Alternatively, you can contact your theme developer to get the theme files for your current version and use that version of functions.php.
Can I add JavaScript to my functions.php file?
Yes, you can add code to your functions.php file that will add your custom JavaScript to either specific pages, posts, or all pages and posts on your site. This article covers all the different ways you can add JavaScript to your functions.php file.
Menus play an important role in your website’s design and functionality. They help visitors navigate between your pages and can improve overall usability. Still, when you have a lot of content, figuring out how to display it without it looking crowded or chaotic can be challenging.
That’s where mega menus come in. A WordPress mega menu can give your website a more professional appearance and help people find the content they’re looking for more easily. Plus, there are multiple methods you can use to add one to your website.
In this post, we’ll explain what a mega menu is and the benefits of using one in WordPress. Then we’ll walk you through your options for creating one and explore five of the best mega menu plugin options.
What is a mega menu in WordPress?
Your WordPress menu is the structure you use to organize and display your website’s pages. It’s usually at the top of the site — though it can also be on the side or shown in another unique way.
By default, WordPress uses standard menus, which show a list of pages, sometimes with one-column dropdowns. There’s no additional information or content like images, descriptions, etc. — it’s just a series of lists. It’s typically pretty simple and straightforward, but does limit you when it comes to the number of pages or volume or information you can include. Here’s an example from WooCommerce:
A mega menu is a type of drop-down menu that allows users to access a large amount of content in one place. Mega menus are often used on eCommerce websites and are becoming increasingly popular on other types as well. You can see an example on the Nalgene site, which showcases product photos, sliders, and other content in more of a horizontal style:
The key difference is that a mega menu typically has multiple columns of content, whereas a traditional drop-down menu only has one column. This allows for a much more robust and comprehensive menu, which can be especially helpful on websites with a lot of information.
Why use a mega menu in WordPress?
One of the benefits of using a mega menu is that it can reduce the number of clicks needed to navigate to a particular piece of content. This is great for visitors who are looking for something specific on your website, but it also improves the user experience for first-time visitors by helping them explore your site more efficiently.
Mega menus can also be used to improve the look and feel of your website and even promote specific content or encourage the actions you want visitors to take. Plus, they’re highly customizable — so they can play off the rest of your brand to provide a seamless, visually-appealing experience.
How to create a WordPress mega menu
There are a couple of different ways to create a mega menu in WordPress. One option is to do it manually, by adding custom code. The other (quicker and easier) option is to use a plugin. Let’s take a look at how to add a mega menu to WordPress using both of these methods.
Creating a mega menu manually (without a plugin)
If you’re comfortable working with your site files, this can be a good option for creating something highly unique.
Before doing this, it’s important to back up your WordPress site. You might also consider creating a staging site to build and test your mega menu before pushing it live. This will help you avoid any issues that break functionality on your live site.
First, browse to Appearance → Menus in your WordPress dashboard and name your menu.
Click on the Create Menu button. Drag and drop the pages you want to include in the mega menu, indenting them as submenus where necessary.
When you’re done, you can select Save Menu.
Next, navigate to your cPanel’s File Manager or use a File Transfer Protocol (FTP) client to connect to your website’s files. Find your theme’s stylesheet by going to /wp-content → /themes → /your-theme-or-child-theme → /style.css. At the bottom, add the following line of code:
.main-navigation ul:hover li ul,
.main-navigation ul:hover li ul li ul {
display: inherit;
}
This will make your sub-menu items appear when someone hovers over a top-level item. Now, we’ll customize the code to make it a little more visually appealing, ensuring that each sub-level item displays in full-width, with sections of items appearing next to one another. Add this code:
.main-navigation {
position: relative;
}
.main-navigation li {
position: static;
}
.main-navigation ul li:hover ul {
display: inherit;
position: absolute;
left: 0;
right: 0;
width: 100%;
}
.main-navigation ul li:hover ul li ul {
display: inherit;
position: relative;
left: 0;
}
.main-navigation ul li:hover ul li {
float: left;
position: static;
display: block;
padding-top: 1em;
}
.main-navigation ul li:hover ul li ul li {
float: none;
padding-top: 0;
}
You can then play with the styling to make it look the way you want, in line with your brand and the rest of your site. For example, you might want to switch out the background color of your mega menu or bold certain items. You might also want to adjust column spacing or add extra elements like photos. If you’re a developer or have a degree of code experience, you can craft your mega menu to look however you’d like!
Another option to create a mega menu without a plugin is to check your theme’s built-in options. Some, like the Hestia theme, include mega menu options by default. This isn’t always the case, though.
Creating a mega menu with a WordPress plugin
If you’re not comfortable editing your site files or your theme doesn’t offer built-in mega menu options, another method you can use to create a mega menu in WordPress is with a plugin. There are plenty of options available, which we’ll discuss in the next section.
While this is a safer option than creating one manually, you should still back up your WordPress site before making any changes.
The specific features and functionality of the plugin will vary depending on which tool you decide to use. But overall, the concept will be the same.
We’ll use Max Mega Menu as an example. To get started, you can install and activate the plugin on your WordPress website.
Next, you’ll need to enable the mega menu functionality by navigating to Appearance → Menus. You can choose the desired location for your menu, then click on the box next to Enable.
Save your changes when you’re done. To customize your mega menu appearance and settings, you can go to MegaMenu → Menu Themes.
Here, you’ll find a variety of options for styling the menu. You can modify the menu type as well as the appearance and functionality of it.
Five best WordPress mega menu plugins
If you decide that you want to use a mega menu WordPress plugin, there are plenty of options to choose from. As you’re researching them, it’s important to consider the specific features you’re looking for as well as your budget. With that in mind, let’s take a detailed look at five of the best WordPress mega menu plugins.
Max Mega Menu is an incredibly popular plugin that lets you easily add high-quality, customizable menus to your WordPress site. It includes a drag-and-drop builder that’s easy to use. It also supports multiple mega menus for various locations across your site.
Key features of Max Mega Menu:
Multiple, individually configurable menu locations
A grid layout builder
Menu hover and transition options
A drag-and-drop builder
Shortcodes
Menu item icons
A search box
Menu logos
Pros of Max Mega Menu:
There are free and premium options available.
It’s lightweight, with clean code.
It includes support for WooCommerce and Easy Digital Downloads.
You can place mega menus in multiple locations.
The widgets let you add maps, contact forms, and more.
You can also build mega menus from scratch or use your existing menus.
Keyboard navigation makes for better accessibility.
Cons of Max Mega Menu:
Advanced customization options are only available with a pro license.
There’s no free trial for premium plans.
Ease of use:
Max Mega Menu is very easy to use. It automatically converts existing menus into mega menus. It has a user-friendly interface that’s simple to navigate. A pro license also includes updates and priority support.
Pricing:
Max Mega Menu offers a free version with limited customization options. Pro plans with advanced features start at $29 for a single site license. This also includes a year of support.
QuadMenu is another popular mega menu plugin that’s easy to use regardless of your experience level. The flexible tool includes an intuitive drag-and-drop builder and a wide variety of styling and customization options for building menus and submenus for WordPress.
Key features of QuadMenu:
A drag-and-drop builder
Multiple menu locations
Off-canvas, sticky, and vertical menus
Options for aligning links
Float dropdown menus
Font Awesome icons and Google Fonts
Dropdown animations
A variety of filters
Display widgets
Pros of QuadMenu:
There’s both a free and premium version.
It’s suitable for beginners and developers.
It supports child themes.
There’s automatic and manual menu integration.
It’s intuitive and easy to use.
There are tab and carousel menus available with the pro version.
Cons of QuadMenu:
Advanced styling options require a pro license.
There are limited live preview options.
Ease of use:
QuadMenu is suitable for both beginners and developers. The drag-and-drop builder makes creating and customizing your mega menus quick and easy.
Pricing:
QuadMenu has a free version. Pro licenses are available starting at $30 for a single site.
If you’re looking for a premium mega menu builder, UberMenu is worth checking out. This powerful, feature-rich tool uses a sophisticated grid system that lets you quickly build a professional-looking mega menu.
Key features of UberMenu:
A unique grid system
More than 50 style settings
Dynamic item generation
Submenus based on posts, categories, and more
The option to add tabs within menus
Touch-enabled menus
Dropdown CSS3 transitions
Multiple menu triggers (hover, hover intent, and click)
Various menu locations
Flexible layouts
Pros of UberMenu:
It’s widely used and highly rated among WordPress site owners.
There are options to add custom HTML, shortcodes, and widgets.
It uses the native WordPress Customizer interface.
There are unlimited menu themes.
Cons of UberMenu:
There’s only a premium version available.
Depending on your theme, it may not be the best option if you don’t have CSS/PHP programming skills.
Ease of use:
Using UberMenu will likely be a breeze for experienced WordPress users because the interface is built on the native Customizer. You can view real-time previews of your menu as you build it. For WordPress beginners, though, this might be more difficult to navigate than an intuitive drag-and-drop builder interface.
Pricing:
An UberMenu license for a single site costs $26. This includes six months of developer support.
If you’re familiar with and use the Elementor page builder, ElementsKit is an excellent mega menu plugin to consider. The tool includes an expansive library of custom modules, featuring a header and footer builder.
Key features of ElementsKit:
A live content interface
A custom module library
A header and footer builder
Parallax scrolling
Over 200 pre-designed page templates
A countdown timer widget
Dropdown animations
Off canvas, sticky, and vertical menus
Font Awesome icons
Light and dark themes
Two mobile menu layouts
Custom CSS
Pros of ElementsKit:
It fully integrates with the Elementor page builder.
It includes drag and drop functionality.
It’s beginner and user-friendly.
It has customizations for icon and badge text colors.
It has built-in WooCommerce features.
It offers advanced mega menu options.
Cons of ElementsKit:
It’s not ideal unless you use the Elementor page builder.
It can be overwhelming if you’re only looking for a mega menu builder tool.
Ease of use:
ElementKits is a straightforward, versatile tool. If you’re not familiar with Elementor, the interface may take some getting used to. Although, if you already use the page builder plugin, you’ll likely get the hang of this add-on in no time.
Pricing:
ElementsKit offers a free version. Premium licenses start at $39 per year for a single site.
If you’re looking for a simple and straightforward freemium tool to build mega menus in WordPress, WP Mega Menu is another solid option. This plugin is easy to use and provides all the basic features and functions needed to build a quality mega menu for a wide variety of sites. For a free tool, it also comes with an impressive set of options for customization and styling.
Key features of WP Mega Menu:
Intuitive navigation
A drag-and-drop interface
The option to create and save menu themes
Logo, search bar, and background images
Google Fonts and Font Awesome icons
Social icons
Menu labeling
Pros of WP Mega Menu:
It’s completely free to download and use, with a pro upgrade available.
It’s easy to navigate and use.
It has features that other plugins only include in premium versions.
It has the option to create and save menu themes to use across multiple websites.
Cons of WP Mega Menu:
It lacks tools designed for developers compared to other plugin options.
There’s no sticky or off-canvas options with the free version.
Ease of use:
WP Mega Menu is a beginner-friendly plugin with lots of options. It comes with an intuitive interface that’s easy to understand and navigate.
Pricing:
WP Mega Menu is free. But it also offers Premium plans starting at $29 per year for a single license.
Comparison of the top mega menu plugins for WordPress
Max Mega Menu
QuadMenu
UberMenu
ElementsKit
WP Mega Menu
Drag & Drop
Yes
Yes
No
Yes
Yes
Icons
Yes
Yes
With extension
Yes
Yes
Widgets
Yes
Yes
Yes
Yes
Yes
Sticky
Premium
Yes
With extension
Premium
No
Vertical
Premium
Yes
Yes
Yes
Premium
Off-Canvas
Yes
Yes
No
Yes
No
Google Fonts/Font Awesome
Premium
Yes
Yes
Yes
Yes
Transitions/Animations
Yes
Yes
Yes
Premium
Premium
Pricing
Free; $29 per year
Free; $30 for one site
$26 per year
Free; $39 per year
Free; $29 per year
Frequently asked questions (FAQs) about mega menus
At this point, hopefully, you have a solid understanding of how to create and add a mega menu in WordPress. But let’s take a moment to wrap up with some Frequently Asked Questions (FAQs).
Can I add images and icons to a WordPress mega menu?
Yes, you can add images and icons to a WordPress mega menu. Some plugins come with built-in support for this. Alternatively, you can also add images and icons by editing your website’s code.
Can I add a mega menu to my WordPress sidebar?
Yes, you can add a mega menu to your WordPress sidebar. There are a few different plugins that you can use to add a mega menu to your sidebar. Most plugins that let you display menus as widgets will also let you add them to your sidebar.
Start customizing your WordPress menus
Menus play an essential role in your website’s design and functionality because they can be used to improve the look and feel of any site. So, if you have a large WordPress website with a lot of content and pages, you might want to consider adding a mega menu.
As we discussed in this post, there are three main methods you can use to create a mega menu in WordPress. One is to use your theme’s options for adding a mega menu. The second is to code one manually. If neither of those are possible, or if you just want to save some time, you can try out a mega menu plugin like Max Mega Menu, QuadMenu, or ElementsKit.
Do you want to further enhance the performance of your WordPress site? In addition to providing easy, automatic backups and other WordPress security features, Jetpack can help boost the speed and UX of your site!
A critical factor in running a successful WordPress website is implementing monitoring and security measures. After all, a hacked site can cause a lot of headaches — regardless of whether your site is used for business or personal purposes. It can impact your revenue, risk your visitors’ information, and wreck your reputation.
A typical entry point for hackers is the WordPress login page, which will be our focus today. What follows is a rundown of 14 ways to harden WordPress login security so malicious actors won’t breach your site.
Why secure your WordPress login page?
Before we get to the list of security tips, let’s first briefly discuss why you might want to secure your WordPress login page — from brute force attacks or otherwise — in the first place.
WordPress is very popular, so cybercriminals are often looking for new vulnerabilities that they can exploit over a wide number of sites.
Because hackers are familiar with WordPress, they know when a website is outdated and which security flaws are present in each version.
To gain access through a login page, hackers don’t always need advanced development knowledge or special skills.
Keeping a secure WordPress login page is essential for your website’s long-term success and overall performance.
How to harden your WordPress login security
So you know why you need to create a secure WordPress login, but how can you accomplish it? We’ve gathered 14 ways to secure your WordPress login page properly so you don’t have to leave the safety of your data or customer info to chance.
1. Install a WordPress security plugin
You can get a handle on most security concerns in just a few minutes by installing a high-quality WordPress security plugin. While many plugins specialize in protecting specific aspects of a site or against certain kinds of attacks, a more comprehensive approach is best for the average site. An all-in-one security plugin will include features like audit logs, malware scans, firewalls, and login security tools in a single solution.
And at the top of the list of our recommendations is Jetpack Security.
Jetpack Security works by taking care of numerous security tasks automatically. And with both free and paid features, a level of protection is available to everyone with a WordPress website. It has a strong range of features that can work to prevent security breaches, but also help you diagnose and recover from any incidents you experience. These include:
Brute force attack protection
Spam prevention
Malware scanning
Downtime monitoring
Backups
Activity logs
Two-factor authentication
While you can move through the rest of the steps outlined here on your own, using a plugin like Jetpack Security will streamline the login hardening process.
2. Change and hide your WordPress login URL
Another way to make your login page more secure is to hide it from prying eyes. By default, the login address for all WordPress sites is http://www.yourwebsitename.com/wp-admin, which is basically like giving a burglar your home address. So anything you can do to obscure this is a good idea.
Changing the WordPress login URL is a great way to put barriers in place to make the hacker’s job more difficult. You can find a plugin that does this for you, but you can also do it yourself.
You can also bolster your site security by upgrading to a stronger password. Implementing strong password measures makes it much less likely that a hacker or bot will be able to “guess” it. Though “fluffy21” might be easy to remember, it’s much too easy to guess — especially if “Fluffy” is the name of a beloved pet.
Instead of picking passwords based on names, ages, or pets, creating one that combines letters and numbers, uppercase and lowercase letters, and a couple of symbols are much better. You can build a strong password in a couple of ways:
A built-in strong password tool. WordPress has a strong password tool that encourages you to create a stronger password than what you may be naturally inclined to choose.
A password generator. Many password generators make it easy to develop a strong password that’s not intuitively guessable.
A password keeper/manager. The only trouble with strong passwords is that they’re hard to remember. Using a password keeper or management tool eliminates this issue. Popular options include LastPass, DashLane, and 1Password.
4. Password protect your login page
By default, anyone can access the login page for your WordPress site. And while you can hide or change your login URL, as we previously discussed, hackers may be able to find it if the wp-admin folder is still accessible.
That’s why adding another layer of protection before accessing the login page is a good idea. And you can accomplish this by password protecting the wp-admin folder. If your web host uses cPanel, this process is relatively easy.
Log in to your hosting provider account, access the cPanel, then go to the Directory Privacy folder.
While viewing your site’s files, navigate to public_html/wp-admin. There should be a visible checkbox that reads password protect this directory. Check the box. Then create a new username and password for accessing the wp-admin folder. Save your changes.
Try to log in to your site as usual. You should now have to input another set of credentials before being granted permission to log in to WordPress.
Note: this process would be identical, even if you moved the location of your login page. Password-protect the folder in which your login page resides, even if it’s not wp-admin.
5. Limit the number of login attempts
Another thing you need to do to secure the WordPress login page is to limit login attempts. Hackers can use bots to make repeated login attempts until they crack the code — i.e., figure out your password and gain access to your website. Unfortunately, WordPress allows unlimited logins by default.
To prevent this potential access point, you can limit login attempts. A plugin is the best way to accomplish this. In fact, Jetpack Security offers Brute Force Attack Protection as a part of its all-in-one security solution.
Brute force attacks can be incredibly disruptive to how your website functions, even before hackers gain access. For instance, they can slow your site down considerably — or cause it to stop responding altogether. Repeated login attempts may eventually succeed and the hacker can then go on to inject malware, insert links, or otherwise cause mayhem. These attacks can also put your personal information at risk.
The Brute Force Attack Protection feature included in Jetpack Security provides the tools necessary to block attacks and prevent malicious hackers from gaining access to your data. It works by blocking malicious IPs before they ever get to your site. It also provides a count of total attacks and enables you to whitelist known IP addresses.
6. Add a security question to your WordPress login form
You can also extend the security of your login form by adding a security question (or two) to the login process. So, instead of just inputting a username and password, users must also answer a security question to gain access.
This single step makes your website much more difficult to hack. And it’s relatively easy to implement.
The No-Bot Registration plugin is a great way to accomplish this. Download it by going to Plugins → Add New, then type in the plugin’s name. Once it appears, download and activate it.
Once activated, go to Settings from the WordPress dashboard. Here you can set up the plugin and configure the rules for when security questions are used (on registration, login, or forgotten password pages).
Next, you can enable two-factor authentication. Many websites and apps use this popular security option, including Gmail. It works by sending an SMS code to your phone that you’ll need to input before you can complete the sign-in process.
This is used to verify your identity and ensure access is only granted to authorized users. Every layer of authentication that you add to the process makes it significantly more difficult for someone to hack your site. Even if a bad actor gets access to your login information, it’s unlikely that they’ll be able to thwart the 2FA process.
The easiest way to add two-factor authentication to WordPress is using a 2FA plugin. Several security plugins include this feature, but again, Jetpack Security comes through strong with Secure Authentication.
Secure Authentication allows you to log in using your standard WordPress.com credentials and also disable or bypass the default login form entirely. Plus, you can opt to make two-factor authentication a requirement for all users to give your site further protection.
8. Install an SSL certificate on your WordPress site
Another avenue of protection is to install an SSL certificate. Getting an SSL certificate for free is easy, so it’s a security measure no one should skip over.
SSL is how most websites secure their data. And you can tell when a site is secure as the “HTTP” in the URL field will have an “S” added, so it reads “HTTPS.” Browsers will often use other visual indications, like a green lock icon, to let visitors know your site has an active SSL certificate in place.
Beyond the security implications, visitors may not continue to navigate your site if they see that it’s unsecured. Plus, sites with SSL certificates tend to rank better in search engines and some browsers will even display a warning to visitors if you don’t have one.
9. Disable WordPress login hints after failed login attempts
Login hints can be genuinely helpful for real WordPress users, but they can sometimes give away too much information about your username and password to hackers. When you attempt to log in to a WordPress site and get the username wrong, you’re met with an error that reads, “The username is not registered on this site. If you are unsure of your username, try your email address instead.”
Something similar happens if you type in the right username or email address, but the wrong password.
To remove login hints, you need to add a few lines of code to your site’s functions.php file.
function no_wordpress_errors(){
return 'There is an error.';
}
add_filter( 'login_errors', 'no_wordpress_errors' );
When someone — real or bot — inputs an incorrect username or password, they’re greeted with the message, “There is an error,” rather than the default.
10. Keep your WordPress install & plugins up-to-date
Hackers also find entry points into WordPress sites via outdated installations. Every time WordPress is updated, all the bug fixes and security holes that were repaired are posted online. If your installation is outdated, hackers have an instruction manual for breaching your site.
When new WordPress core updates roll out, you must back up your site and install the update as quickly as possible.
But that’s not all you need to be mindful of. Third-party software — i.e., plugins and themes — are potential weak points, too. They’re even more essential to keep updated as plugins and themes are made by various development companies with different standards and approaches.
This is also why you must be selective about the plugins and themes you install. If your go-to social sharing plugin hasn’t been updated in two years, it may be time to find one that updates regularly.
11. Hide your WordPress version number
A quick way to improve the login page’s security is to hide the WordPress version number. At the very least, this will make hackers look more thoroughly to determine which security holes to exploit. And you can remove it rather easily.
Locate the functions.php file and (after you’ve backed up your site) add the following line of code to the file:
remove_action('wp_head', 'wp_generator');
12. Hide your WordPress login username
Another step you can take is to hide your WordPress login username. A lot of the time, the emphasis is on creating a super-secure password — which is excellent — but you need to think of your username, too. Often, it’s available to the public — an opportunity hackers can exploit.
The quickest way to hide your username from the view of prying eyes is to remove it from appearing on blog posts and within author archives.
To remove your username from blog posts, you simply need to go to Users → Profile → Nickname while logged into WordPress. From here, you can change the nickname so that your username is no longer visible to site visitors. So instead of seeing “blogperson02,” they’ll see your first name, first and last name, or another nickname you configure.
To remove your username from appearing in the author archives, you’ll need an SEO plugin like Yoast SEO.
Install Yoast like any other plugin, then go to the SEO → Search Appearance → Archives menu in the WordPress dashboard. There’s an option here to disable author archives. Do this, then click Save Changes.
13. Shorten your WordPress auto-logout timer
It’s common to stay logged in to your accounts when you use them often. But this can create potential breaches, especially if several people have accounts on your site. Implementing an auto-logout timer is a great way to close those security holes.
When a session is left unattended, it will be logged out automatically. By default, WordPress will log out users after 48 hours. Checking the “Remember Me” box keeps users logged in for 14 days. You can change these time frames a bit by using a third-party plugin. One that’s dedicated to this feature is Inactive Logout.
Once installed, navigate to Settings → Inactive Logout → Basic Management. Then select the duration of idle time you want to trigger a logout.
14. Delete old and unused WordPress user accounts
Lastly, deleting accounts no longer in use can also help improve your WordPress security. Having several open accounts on your site means each is an access point to private data. And if you’re not regularly updating passwords for these accounts, they could present significant weaknesses.
To avoid this, delete old and unused accounts. Make doing so a part of your regular site maintenance plan.
Likewise, keep an eye on the accounts listed. Sometimes, hackers will create a fake account. If one appears, delete it right away and bolster the rest of your security measures. Learn what to do if your WordPress website has been hacked.
Secure your WordPress login page
Owning a website means bearing a level of responsibility for its content and users. Of course, this is doubly the case if you collect customer information. But no matter how you use your WordPress site, bolstering security around the login page is a great way to keep your data safe for the long haul.
And the tips presented here should help you become efficient at WordPress security maintenance in no time.
