How to Add Genesis Child Theme CSS Wraps (Structural Wraps) Easily and Quickly

So, since Genesis 1.6, and probably my favorite part of Genesis 1.6 is the theme support of genesis-structural-wraps. So now you can easily add wraps to the header, nav, subnav, inner, footer-widgets, and footer. This is something I found myself doing A LOT! And I guess I wasn’t the only one!

Previously to add an #inner wrap, for example, you had to:
[php]// Add div.wrap inside of div#inner
function child_before_content_sidebar_wrap() {
echo ‘<div class="wrap">’;
add_action(‘genesis_before_content_sidebar_wrap’, ‘child_before_content_sidebar_wrap’);

function child_after_content_sidebar_wrap() {
echo ‘</div><!– end .wrap –>’;
add_action(‘genesis_after_content_sidebar_wrap’, ‘child_after_content_sidebar_wrap’);

And this didn’t work all the time. For example, customizing the Agency theme, it wasn’t this simple. One still had to modify home.php and move a hook to make the wrap work appropriately (and I am sure that the Agency theme wasn’t the only one!).

Now, it is one line of code:
[php]add_theme_support( ‘genesis-structural-wraps’, array( ‘header’, ‘nav’, ‘subnav’, ‘inner’, ‘footer-widgets’, ‘footer’ ) );[/php]

While this one line doesn’t solve the Agency theme problem of adding a wrap, it does make adding wraps easier and simpler without any unnecessary extra code or failing to close a <div> tag at the wrong spot!

Best Plugins for Creating Custom Post Types

Understanding WordPress Custom Post Types

Do you hate coding and simply want a graphical user interface to create custom post types? Or would you rather use a plugin to save time to create custom post types? While I personally believe hand coding the custom post types and the metaboxes are easier, there are some really good plugins that will help you accomplish all that you want to accomplish with Custom Post Types.

So here are my Top Custom Post Type Creating Plugins.


  1. Easy Content Types: Easy Content Types provides an extremely easy to use and intuitive interface for creating custom post types, taxonomies, and meta boxes. It allows for custom categories, custom tags, and custom input fields.
  2. GD Custom Posts And Taxonomies Tools: Can be used to expand custom taxonomies and custom post types support. Plugin adds many tools including custom post types and taxonomies management and widget for taxonomies terms cloud.
  3. Post Type Constructor Kit: PCK is a suite of plugins consisting of the post type constructor kit, meta boxes kit, role manager kit, and widget kit giving the possibility of 15 different types of metaboxes including text, WYSIWYG, radio, checkbox, select box, image, file, date and time, tab, gallery, panorama viewer, contact form, comments, youtube, and Google map. This plugin also has a forum support channel apart from WordPress.
  4. WPMU Dev’s CustomPress: The ultimate plugin for transforming WordPress from a blogging platform into a full blown CMS system using your own custom post, taxonomies and custom field creator. And combine this with the Recent Custom Post Type Widget for even further usability.


  1. Custom Post Type UI: Great interface, ability to create taxonomies, good support community. Lacks custom field creation functionality; however, only free plugin to export to proper universal PHP code. Plugin Site.
  2. More Types: Integrates perfectly with More Taxonomies, to create additional taxonomies besides Categories and Tags, and More Fields, to create additional input fields easily. More Types has the ability to assign additional features beyond the typical WordPress supports to include theme based features like genesis-seo, etc. While More Types is a standalone plugin, combined with the suite of More Plugins, it is robust and powerful. More Plugins Site.
  3. WP Easy Post Types: Can select columns to show. In-built custom field creation (albeit limited) that will be attached to your new custom post type, and each field will be saved in the WordPress database as a custom field to take advantage of the WordPress query rules. However, it has a somewhat “confusing” Admin menu and support is not free. This could be a premium plugin.
  4. Ultimate Post Type Manager: This is an Easy to use Plugin to Create, Customize, Manage Custom Post Type. Do all you want to do with you Posts. It can also be used with Ultimate Taxonomy Manager.
  5. Content Types: Content Types is a WordPress plugin that helps you create custom content types in WordPress. It allows for custom categories, custom tags, and custom input fields. From what I can tell, this is the only plugin that makes some metabox/custom fields required for posting.
  6. WP Post Type UI: Inspired by “Custom Post Type UI” this plugin that gives you what have always wanted for creating dynamic post types and custom taxonomies in WordPress. The UI is made in true WP style, with a smooth integration to give nice and easy access to create and edit post types and taxonomies.
  7. GD Custom Posts And Taxonomies Tools: Can be used to expand custom taxonomies and custom post types support. Plugin adds many tools including custom post types and taxonomies management and widget for taxonomies terms cloud. For a comparison with the pro version: see the comparison chart.
  8. Simple Custom Post Types: Makes managing custom post types even simpler, removing the need for you to write any code. Excerpt update your theme. This plugin provides a nice interface and easy access. The plugin provides almost all the parameters of the WordPress CPT API. It is possible to manage the permissions of custom post types such as articles or pages. Or create a full set of custom permissions.
  9. Custom Content Type Manager: Create custom content types (AKA post types), standardize custom fields for each type, including dropdowns and images. This gives WordPress CMS functionality making it easier to use WP for eCommerce or content-driven sites. Plugin Site.
  10. Custom Press: Custom Press allows you to easily add your own custom post types and custom taxonomies into WordPress, which you can also toggle on and off more advanced options for creating custom post types and custom taxonomies. It also features an ‘Embed Code’ option is available if you would prefer to put your custom post types and custom taxonomies directly into a theme or plugin.
  11. CMS Press: CMS Press opens up the ability to create and manage custom content types and taxonomies for your WordPress site. It adds the flexibility to have more than just posts and pages for content by allowing the user to register their own post_types that can use their separate theming from the post and page template along with its own permalink structure.

Security for Your WordPress Site: Processes, Passwords, & Plugins

One of the most important things to consider when developing a site for a client is client education and training on site security. While it is true, that once we develop a site for someone, information security belongs to them. We could have implemented all the best WordPress security plugins and processes, but if the user has a poor password then it will only be a matter of time before they are exploited.

So, first and foremost information security, site security, belongs to both the developer and the client. As far as the client is concerned, if their site gets hack or there is a problem with the site due to security vulnerabilities, the first person they will blame is the developer. However, if we educate our clients on the importance of information security, while it may be their tendency to blame the developer, it may not be their first recourse. Simply speaking, information security is everyone’s responsibility.

Most of this information was obtained from WordCamp Phoenix Security Presentation by co-founder Dre Armeda along with CEO and founder of Webdev Studios, Brad Williams.

So what are some security tips around passwords, plugins, and processes?


  • Browser Processes
    1. Use a secure connection whenever possible, e.g., https://.
    2. Use NoScript FireFox extension if you use FireFox.
  • FTP Processes
    1. Use sFTP or SSH instead of normal FTP. FTP passes passwords unencrypted.
    2. Don’t store creditials in FTP client. As tempting as it is to have browsers and FTP clients remember your credentials, avoid doing this.
  • Hosting
    1. Use hosts that talk about security. Free hosting is nice, but the cost of recovering a site may not be worth it.
    2. Purchase a SSL certificate from your hosting company.
  • WordPress
    1. Update WordPress! Minor WordPress versions (3.0.x, 3.1.x, 3.2.x). WordPress is open source and once they find a vulnerability, it is known. And if your site has not been updated, then all the hackers in the world know how to hack your site. Minor versions don’t necessarily need development testing. Major releases (3.0,3.1,3.2) should be tested in a development/staging environment before implementation.
    2. Update Plugins! Read the changelog and details to determine if new features are introduced. This is where you can check those change details to determine whether the plugin is adding new features, patching issues or known problems, or is a security upgrade.
    3. Change database table prefix. The default is wp_ and everyone knows this. However, if you change it to something unique. The famous five minute install has a place for you to do this upon installation. However, there are also plugins that will help you change this. And if you know phpmyadmin and mySQL, the prefixes can be changed rather easily. See also my pictorial guide: Pictorial Tutorial on WordPress Security: Change the WP_ Prefix
    4. Use Secret Keys with your wp-config.php. To get your secret keys visit the WordPress Secret Keys API. It’s a hashing salt for your cookies on your computer. Newer installations have this in them already; however, older installations may not have it. So if you started with an older WordPress installation and have upgraded, you may want to check to make sure these are in place. Changing these on a live site will only render current cookies invalid and will have no adverse affects on the site.
    5. Lockdown WP Login and WP Admin. Add the following code in wp-config.php to force SSL on login and on all Admin pages. Using SSL (https) on all admin screens in WordPress will encrypt all data transmitted with the same encryption as online shopping.
      On login only
      [php]define( ‘FORCE_SSL_LOGIN’ , ‘true’ );[/php]
      On admin pages
      [php]define( ‘FORCE_SSL_ADMIN’ , ‘true’ );[/php]
    6. Create .htaccess file in your wp-admin to lockdown IP addresses. Add the following lines of code to your .htaccess:
      AuthUserFile /dev/null
      AuthGroupFile /dev/null
      AuthName "Access Control"
      AuthType Basic
      order deny,allow
      deny from all
      #IP address to Whitelist
      allow from
      allow from
      This example will only allow a user with the IP or to access wp-admin. However, also note that IP addresses do change, and if you are locked you can go into the file edit it to include your new IP address or you can simply delete the file. Also, this file will not be deleted on WordPress upgrades since it does not belong to WordPress core.
    7. Move wp-config.php. WordPress features the ability to move the wp-config.php one directory above your WordPress root. So if your WordPress wp-config.php file is located public_html/wordpress/wp-config.php you can place it to public_html/wp-config.php.
    8. Disable WordPress Generator Tag. Viewing the source on most WordPress sites will reveal the version they are running. This helps hackers find vulnerable installations or older versions. To remove the code, find the following code in your header.php and remove it.
      [html]<meta name="generator" content="WordPress <?php bloginfo[‘version’];?>" />[/html]
      The wp_head() function also includes the WP version in your header. To remove it, add the following to your functions.php file:
      [php]remove_action( ‘wp_head’ , ‘wp_generator’ );[/php]
      Themes and plugins may also output their versions, but some may have an option to remove it, such as the Genesis Framework.
    9. Use Trusted Sources for Themes and Plugins. Use Themes found elsewhere may have some base64() code that can break your site or just add some black hat SEO. Instead of solely relying on Google or your favorite search engine, use these trusted sources:
      1. Theme Directory
      2. WooThemes
      3. Themelab
      4. Theme Hybrid
      5. ThemeShaper (Thematic)
    10. Don’t use admin for your username. All WordPress installs before WordPress 3.0 had an admin install. Change the admin username in MySQL:UPDATE wp_users SET user_login='hulkster' WHERE user_login='admin';. Or:
      1. Create a new account with a unique username
      2. Assign account to Administrator role
      3. Log out and log back in with new account
      4. Delete admin account (WordPress will allow you to reassign all content written by admin to an account of your choice.)
    11. File/Folder Permissions. Good rule of thumb:
      • files should be set to 644
      • folders to 755
      • If your host requires 777, switch hosts.
      • This can be easily checked/set via Filezilla by right clicking on the file/folder and clicking on File Permissions. Or via SSH:

        • find [your path here] -type d -exec chmod 755 {} ;
        • find [your path here] -type f -exec chmod 644 {} ;


  • Use different passwords for your different sites.
  • Use a password management tool
  • Change passwords often
  • Don’t ever share your passwords with anyone


Security Plugins:

  1. WordPress Exploit Scanner
  2. WordPress File Monitor
  3. Login Lockdown
  4. AskApache Password Protect
  5. BulletProof Security
  6. Secure WordPress
  7. BackupBuddy: Contains a Malware scanner module
  8. See also WP Smith: The Best Security Plugins for WordPress 3.0+

Backup Plugins:

  1. WP Time Machine
  2. WP-DB Backup
  3. BackupBuddy
  4. VaultPress

Website Scanning Tools

  2. Unmask Parasites

Malware Removal

  2. VaultPress

Security Related Codex Articles

Blog Security Articles **Beware of DATE published!

Info graphic by WPBeginner:

Helpful Custom Post Type and Custom Taxonomy Functions

Understanding WordPress Custom Post Types

Here are two great posts regarding custom post types’ functions: An Important Update: WordPress 3.0 Post Types And Taxonomies, from New2WP written by  Jared (@Tweeaks), and Custom Post Types in WordPress from Justin Tadlock (@justintadlock). that I wanted to reproduce in part in this series.

The following are functions you can use for various things related to post types. The function name is linked to the line in /wp-includes/post.php where it is created for those that would like to check out the source code which makes them work. I’ve also added a short description for each that is used in the source to describe them [slightly modified by Travis Smith].

Post Type Functions:

  • is_post_type() – Checks to see if current post is of a specified post type.
    if ( is_post_type( ‘zombie’, $post_id ) )
    echo ‘This is a not a blog post. It is a zombie!’;
    echo ‘This is not a zombie. [insert sad face]’;[/php]
  • get_post_types( $post ) – Get a list of all registered post type objects.
    • $args – An array of key => value arguments to match against the post type objects.
    • $output – The type of output to return, either post type ‘names’ or ‘objects’. ‘names’ is the default.
    • $operator – The logical operation to perform. ‘or’ means only one element from the array needs to match; ‘and’ means all elements must match. The default is ‘and’.
    • Returns an array listing post type names or objects.
  • get_post_type_object() – Retrieves a post type object by name
    [php]$post_type = get_post_type_object( ‘zombie’ );

    if ( $post_type->show_ui )

  • register_post_type() – Register a post type. Do not use before init.
    • A simple function for creating or modifying a post type based on the parameters given.
    • The function will accept an array (second optional parameter), along with a string for the post type name.
  • get_post_type_capabilities() – Builds an object with all post type capabilities out of a post type object.
  • Accepted keys of the capabilities array in the post type object:
    • edit_post – The meta capability that controls editing a particular object of this post type. Defaults to “edit_ . $capability_type” (edit_post).
    • edit_posts – The capability that controls editing objects of this post type as a class. Defaults to “edit_ . $capability_type . s” (edit_posts).
    • edit_others_posts – The capability that controls editing objects of this post type that are owned by other users. Defaults to “edit_others_ . $capability_type . s” (edit_others_posts).
    • publish_posts – The capability that controls publishing objects of this post type. Defaults to “publish_ . $capability_type . s” (publish_posts).
    • read_post – The meta capability that controls reading a particular object of this post type. Defaults to “read_ . $capability_type” (read_post).
    • read_private_posts – The capability that controls reading private posts.Defaults to “read_private . $capability_type . s” (read_private_posts).
    • delete_post – The meta capability that controls deleting a particular object of this post type. Defaults to “delete_ . $capability_type” (delete_post).
  • get_post_type_labels( $post_type_object ) – Builds an object with all post type labels out of a post type object.
  • Accepted keys of the label array in the post type object:
    • name – general name for the post type, usually plural. The same and overriden by $post_type_object->label. Default is Posts/Pages
    • singular_name – name for one object of this post type. Default is Post/Page
    • add_new – Default is Add New for both hierarchical and non-hierarchical types.
    • add_new_item – Default is Add New Post/Add New Page
    • edit_item – Default is Edit Post/Edit Page
    • new_item – Default is New Post/New Page
    • view_item – Default is View Post/View Page
    • search_items – Default is Search Posts/Search Pages
    • not_found – Default is No posts found/No pages found
    • not_found_in_trash – Default is No posts found in Trash/No pages found in Trash
    • parent_item_colon – This string isn’t used on non-hierarchical types. (In hierarchical ones the default is Parent Page)
  • _get_custom_object_labels() – Builds an object with custom-something object (post type, taxonomy) labels out of a custom-something object
  • add_post_type_support( $post_type, $feature ) – Register support of certain features for a post type.
  • All features are directly associated with a functional area of the edit screen, such as the editor or a meta box:
    • ‘title’,
    • ‘editor’,
    • ‘comments’,
    • ‘revisions’,
    • ‘trackbacks’
    • ‘author’,
    • ‘excerpt’,
    • ‘page-attributes’,
    • ‘thumbnail’,
    • ‘custom-fields’

    Additionally, the ‘revisions’ feature dictates whether the post type will store revisions, and the ‘comments’ feature dicates whether the comments count will show on the edit screen.

  • set_post_type( $post_id = 0, $post_type = ‘post’ ) – Updates the post type for the post ID.
    • $post_id Post ID to change post type. Not actually optional.
    • $post_type Optional, default is post. Supported values are ‘post’ or ‘page’ to name a few.
    • Return int Amount of rows changed. Should be 1 for success and 0 for failure.
  • get_posts() – Retrieve list of latest posts or posts matching criteria.
  • The defaults are:
    • ‘numberposts’ – Default is 5. Total number of posts to retrieve.
    • ‘offset’ – Default is 0. See { WP_Query::query() } for more.
    • ‘category’ – What category to pull the posts from.
    • ‘orderby’ – Default is ‘post_date’. How to order the posts.
    • ‘order’ – Default is ‘DESC’. The order to retrieve the posts.
    • ‘include’ – See { WP_Query::query() } for more.
    • ‘exclude’ – See { WP_Query::query() } for more.
    • ‘meta_key’ – See { WP_Query::query() } for more.
    • ‘meta_value’ – See { WP_Query::query() } for more.
    • ‘post_type’ – Default is ‘post’. Can be ‘page’, or ‘attachment’ to name a few.
    • ‘post_parent’ – The parent of the post or post type.
    • ‘post_status’ – Default is ‘published’. Post status to retrieve.

Functions For Taxonomies You Should Know About

The following are functions which you can use when working with taxonomies. I’m not going to link to the line of each function or include descriptions of each since the file which contains them is way smaller than posts.php where the post type functions are, so if you’re interested in viewing the source of these you should’ve have a hard time finding the line they are on.

The functions which make up taxonomies are located in /wp-includes/taxonomy.php of the WordPress source.

How to Change the Title Text for Your Custom Post Type

Understanding WordPress Custom Post Types

Have you ever wanted to use the Title section, but didn’t want to call it Title? Surely, many of you have wanted to change the text in the title entry bar from the standard ‘Enter title here’ to something more specific for your custom post type. Well, WordPress has a filter for it.

// Change ‘Enter Title Here’ text for a CPT
function wps_change_default_title( $title ){
$screen = get_current_screen();
$wps_cpt = ‘wps_mycpt’;

if ( $wps_cpt == $screen->post_type ) {
$title = ‘Enter Staff Members Name Here’; //change this to whatever you’d like

return $title;

add_filter( ‘enter_title_here’, ‘wps_change_default_title’ );