How to White Label Yoast SEO

It’s difficult to argue with the popularity of the Yoast SEO WordPress plugin. Over years of development and promotion, Yoast SEO has come to be considered the leader in a crowded and competitive plugin market. The plugin gives your clients much better control over their site’s SEO. Yoast SEO improves sites through meta tag creation, sitemap generation, and text analysis. It’s also one of the most aggressive freemium plugins when it comes to promoting their premium version. Our White Label WordPress plugin can help you deal with that. This article will show you how our plugin can help you white label Yoast SEO for your current and future client sites.

Our White Label WordPress Plugin

Let’s take a second to go over our White Label plugin for WordPress. White Label was built to make modifying and customizing the WordPress admin simple. The plugin comes with dozens of features to help you adjust WordPress to fit the needs of your clients. For example, White Label gives you options to rebrand the WordPress login screen. You can use our plugin to change admin menus, build your own dashboard elements, and create your own admin color scheme. There are also features to modify third-party plugins (like Yoast SEO) and installed themes.

You can review White Label’s features or read our large documentation collection to learn even more. We believe White Label is the best plugin of its kind out there. It is easy and simple to use and will make a great addition to the tools you use as a WordPress developer or agency.

Now, let’s get back to the goal of this post: how to white label Yoast SEO.

White Label has an area in its settings entirely devoted to Yoast SEO. With these features, in combination with other features in our plugin, you can white label Yoast SEO with ease. In this post, we’ll go through each of those features for you. Once you’ve reached the end, you will have a working version of Yoast SEO devoid of any branding, upsells, or notifications users normally see.

Note: Many of the features we cover in this article are only found in White Label Pro. You’ll need to purchase that version of our plugin to have access to all the features for white labeling Yoast SEO.

Yoast SEO Branding

White Label comes with several features to help you change Yoast SEO branding inside the WordPress admin.

Replace the Yoast SEO Name

The easiest way to white label Yoast SEO is to replace the name of the plugin throughout your WordPress admin. You can modify the display name of Yoast SEO by setting your own text replacement.

Hide the Yoast SEO Logo

You can remove the Yoast SEO logo from the WordPress admin with one simple setting in White Label. This is probably one of the easiest ways to white label Yoast SEO. The logo is removed from the plugin’s settings, throughout the admin, and inside the block editor.

Here’s an example of that feature on the main Yoast SEO settings screen:

Hide Yoast SEO Notifications

The next Yoast SEO branding feature in White Label lets you hide notifications. The developers of Yoast SEO occasionally put in notifications about services or opportunities. This White Label feature ensures your clients won’t see these alerts inside their site.

Once again, here’s an example of this feature being used on the main settings screen of Yoast SEO:

Screenshot of Yoast SEO Branding After White Label Pro Hide Notifications Changes

Hide Yoast SEO Links

Finally, the last branding-related Yoast SEO feature involves links. White Label will remove any links, in the WordPress admin or block editor, that lead to the developer’s marketing website. The text will stay, but the link itself is removed, and the color of the text will change to the default style of the surrounding copy.

Again, here’s a screenshot of what that feature looks like in action:

Screenshot of Yoast SEO Branding After White Label Pro Hide Links Changes

HelpScout Beacon

There’s an ever-present link, in the corner of every Yoast SEO screen, to access their HelpScout Beacon. White Label lets you hide the Yoast SEO HelpScout Beacon button with a single checkbox.

Yoast SEO Premium Upsells

The capability to hide Yoast SEO Premium upsells is probably the greatest feature to white label Yoast SEO that our plugin provides. Yoast SEO is a freemium product, with a premium version containing more features. The free version of the plugin is littered with upsells throughout the admin and block editor. White Label lets you hide all of those upsells.

Screenshot of White Label's Hide Yoast SEO Upsells Feature

WordPress Admin and Plugin Settings

Let’s take a look at this feature in action with some screenshots. Here is the main Yoast SEO settings screen:

Screenshot of Yoast SEO Branding After White Label Pro Hide Upsells Changes

WordPress Block Editor

This White Label feature also impacts the WordPress block editor in two locations. The meta box area below post content and the sidebar to the right of post content.

Here is the meta box area of the WordPress block editor:

Screenshot of Block Editor Meta Box Yoast SEO Premium Upsells After White Label Pro Hide Upsells Changes

And, finally, here’s the sidebar area of the WordPress block editor as well:

Screenshot of Block Editor Sidebar Yoast SEO Premium Upsells After White Label Pro Hide Upsells Changes

As you can tell from the screenshots, this single feature alone makes Yoast SEO much easier for your clients to use and navigate. Yoast SEO Premium is an excellent plugin, but this way you can be the one to broach its purchase with your clients when they are ready.

Yoast SEO Plugin Details

One of White Label’s most popular features is the ability to hide and rename plugin details. You can hide WordPress plugins from your users quickly. Simply find the plugin you want to hide from the list inside White Label’s Plugins tab. Click the appropriate checkbox, save your settings, and you’re done.

Screenshot of Hide Plugins Feature in White Label

Your clients will immediately have the selected plugins, including Yoast SEO if you choose, removed from their WordPress admin’s Plugins screen. In addition, those clients won’t be notified or bothered whenever your selected plugins have available updates. You’ll always be in charge.

White Label Pro, the premium version of our plugin required to access Yoast SEO features, also lets you change WordPress plugin details. This is an incredible way to take white labeling Yoast SEO to a greater level. White Label Pro lets you change the following items on the Plugins screen:

Name
Plugin URI
Description
Author
Author URI

And the following plugin details can be hidden:

View Details
Author
Version

Here is a screenshot of how you could modify Yoast SEO’s plugin details using White Label Pro:

Screenshot of White Label's Plugin Details Feature with Yoast SEO

This is what your clients will see using the above settings:

Screenshot of White Label's Plugin Details Feature with Yoast SEO Example

Yoast SEO Menu Items

Finally, let’s end this post talking about how you can modify Yoast SEO menu items in the WordPress admin. White Label has features to let you hide WordPress admin menus. This simple interface gives you the choice to pick a menu item to hide by selecting a checkbox. That’s all you have to do.

Screenshot of White Label's Yoast SEO Sidebar Menus Features

For Yoast SEO, we suggest hiding the following menus:

Academy
Upgrades
Workouts
Redirects
Support

White Label Pro, required for many of these Yoast SEO features, also lets you rename WordPress admin menus and change WordPress admin menu icons.

White Label Yoast SEO with our Plugin

That brings us to the end of our guide to white label Yoast SEO. You can start using White Label, for free, right now. It’s an easy plugin to install and comes with plenty of features at no cost to you or your clients. You can upgrade to White Label Pro at any time when you are ready. This will provide you with access to many of the Yoast SEO features discussed here today.

Our plugin is the best way to modify the WordPress experience to fit client needs. You can use it to keep the admin simple, clean, and easy to use. White Label helps you lower support requests and makes troubleshooting problems with clients easier. With less interface and clutter, the ability for them to get lost or have issues decreases. It’s the ideal plugin for WordPress developers and agencies. We hope you give it a try.

How to White Label Gravity Forms

Gravity Forms is one of the most popular form building plugins available for WordPress. Most of the WordPress developers we know have Gravity Forms as a staple plugin in their website building strategy. It gives clients the power to quickly, and easily, add and modify all varieties of forms on their websites. For most clients, Gravity Forms is perfect out of the box. Unfortunately, not all clients are equal and sometimes website developers need to modify the Gravity Forms interface. Thankfully, our White Label WordPress plugin can help with that. This article will help you learn all the ways that you can use our plugin to white label Gravity Forms.

Our White Label Plugin

Before we get deeper into, let’s take some time to discuss the White Label plugin. Our plugin was built to make modifying and adjusting the WordPress admin experience simple. There are dozens of features in White Label to help you customize WordPress for your clients. For example, White Label helps you rebrand the WordPress login form and page. You can change menus inside the admin. The plugin lets you build dashboard widgets and modify the dashboard. There are features in White Label to change how plugins are shown to users. In addition, White Label has a set of theme-related features as well. Plus, many more options to make the WordPress admin fit your client’s needs exactly.

Take a look at our features list and the expansive documentation on this site to learn more about White Label. We think it’s the best white label WordPress plugin available. It’s simple and easy to use and makes a great addition to any WordPress developer’s or agency’s toolbox.

Let’s get back to the task on hand: how to white label Gravity Forms.

White Label has a section devoted solely to Gravity Forms. Using these bespoke features, in combination with some other features of our plugin, will let you white label Gravity Forms quickly and easy. In this article, we will walk you through each feature. By the end, you should have a working version of Gravity Forms without anyone using the site actually knowing what form builder plugin is in use.

Please note: Many of the features discussed in this article are only found in White Label Pro. You’ll have to purchase that version of our plugin to have access to many of the features related to white labeling Gravity Forms.

Gravity Forms Branding

White Label has a set of features to help you directly change Gravity Forms branding throughout the WordPress admin.

Hide the Gravity Forms Logo

The easiest way to white label Gravity Forms is to hide its logo throughout the admin. The Gravity Forms logo appears throughout various screens. Most obviously, in a header at the top of each screen in the plugin. You can easily hide the Gravity Forms logo with a click of a checkbox in White Label.

Replace the Gravity Forms Name

In addition to the logo, White Label lets you modify the name of Gravity Forms as it appears on various screens and interface panels. You can change the plural (Gravity Forms) and singular (Gravity Form) appearances of the name by setting your own values.

Gravity Forms Templates

Creating a new form with the Gravity Forms plugin begins with a template popup. This popup is incredibly handy, but it does contain a feature that some people looking to white label Gravity forms might want to remove.

Hide Gravity Forms Template Preview Button

Gravity Forms templates come with a Preview button that links to an external site maintained by the developers of Gravity Forms. In order to white label the plugin, you might want to remove that link from each template. You can do so by checking the box next to Hide Preview Button in White Label’s settings for Gravity Forms.

Gravity Forms Toolbar Links

Individual forms contain Gravity Forms toolbar links to several features:

Edit
Settings
Entries
Preview

White Label lets you hide these links to help control what form information your clients have access to. Simply check the box next to the toolbar link you want to hide. Once you save your settings, those links will be removed.

Screenshot of White Label's Hide Gravity Forms Toolbar Links Feature

Gravity Forms Settings

Gravity Forms comes with a comprehensive settings screen. These panels contain branding for Gravity Forms, of course, but also some features you might not want clients to access. Thankfully, White Label can hide the features for you.

Hide Gravity Forms Settings Panels

The Gravity Forms Settings screen has individual panels for each part of the plugin you can adjust. White Label has an easy-to-use table, with checkbox, you can use to hide these panels. Simply check the box next to whichever panel you don’t want your clients to see.

Hide Gravity Forms Setting Panel Links

Some of the panels on the Gravity Forms settings screen contain links to external sites. You can hide those links completely by checking the box next to the Hide Links setting in White Label.

Screenshot of White Label's Hide Gravity Forms Settings Links Feature

Gravity Forms Add-Ons

There is an entire section of the Gravity Forms plugin devoted to first-party and third-party add-ons. These add-ons add functionality to Gravity Forms not provided in the base plugin. Of course, most WordPress developers and agencies want to limit their clients’ access to these kinds of add-ons. White Label includes a feature to help you easily disable access to Gravity Forms add-ons.

Hide Gravity Forms Add-Ons Install Button

The list of official add-ons includes an install button. You can hide this install button, to prevent clients from activating an add-on without you knowing, by checking the corresponding box in White Label.

Hide Gravity Forms Add-Ons Download Button

The certified add-ons list, in the Gravity Forms plugin, includes download links to each third-party developer’s website. Check the box in White Label’s settings too prevent clients from seeing those links.

Gravity Forms Plugin Details

One of White Label’s most popular features is the ability to hide and rename plugin details. You can hide WordPress plugin from your users effortlessly. All you have to do is find the plugin you want to hide on the list inside White Label’s Plugins tab. Check the corresponding box and you’re done.

Clients will immediately have the selected plugins hidden from their view when they visit the WordPress admin’s Plugins screen. On top of that, those same clients won’t be notified or nagged whenever your selected plugins have available updates.

White Label Pro, the premium version of our plugin that is required to access its Gravity Forms features, lets you change WordPress plugin details. This is a great way to take your white labeling of Gravity Forms to the next level. White Label Pro lets you change the following items that are shown on the Plugins screen of the WordPress admin:

Name
Plugin URI
Description
Author
Author URI

The following plugin details can be hidden:

View Details
Author
Version

Here’s an example of how you could modify the Gravity Forms plugin details using our plugin:

Screenshot of White Label's Plugin Details Feature with Gravity Forms

This is what your users would see with the above settings in place:

Screenshot of White Label's Plugin Details Feature with Gravity Forms Example

Gravity Forms Menu Items

Finally, let’s close this discussion by showing you how to modify Gravity Forms menu items in the WordPress admin. White Label has a built-in feature that lets you hide WordPress admin menus from your clients. The interface for this is easy to use. All you do is pick the menu items to hide, check the box next to them, and save. That’s it.

Screenshot of White Label's Gravity Forms Sidebar Menus Features

For Gravity Forms, we recommend hiding:

Add-Ons
System Status
Help

These are the three interfaces within Gravity Forms that provide the most outside access and obvious branding.

White Label Pro, required for many of these Gravity Forms white labeling features, also lets you rename WordPress admin menus and change WordPress admin menu icons.

White Label Gravity Forms with Our Plugin

That’s the end of our guide on how to white label Gravity Forms. You can get started with White Label, for free, today. It’s simple to install and offers a ton of features right out of the box. You can then upgrade to White Label Pro if you’d like to access the Gravity Forms features discussed in this article.

Our plugin is the best way to modify the WordPress experience for your clients. Use it to keep the WordPress admin clean, simple, and easy to use. White Label will help you cut down on support requests from clients. It makes troubleshooting problems easier by simplifying what clients have access to. It’s a great plugin for WordPress developers and agencies.

How to White Label Elementor

Elementor is one of the most popular page builders in the WordPress community. If you develop WordPress sites for clients, there’s an excellent chance you have experience with Elementor. Unfortunately, Elementor comes with a lot of branding and upsells that WordPress professionals sometimes want to remove or change. Luckily, our White Label WordPress plugin can help. Today, let’s take a thorough look at how you can use our plugin to white label Elementor.

Before we begin, a few words about White Label. Our plugin was designed to make customizing the WordPress admin experience easy. There are dozens of features in White Label to help you achieve that goal. White Label lets you rebrand the WordPress login page. You can modify the menus inside the WordPress admin. Create your own dashboard or widgets. Hide or change how plugins are displayed. Customize how your installed themes are visible to users. Replace text and logos throughout the WordPress admin. You can even disable upgrade and notification nags.

Please review our features list and our documentation if you wish to learn more about White Label. We believe it’s the best white label WordPress plugin out there. It’s quick and easy to use and ideal for WordPress developers and agencies.

Now, back to the topic at hand. Let’s learn how to white label Elementor.

White Label has an entire section devoted to Elementor. These specific features, combined with some other features built into the plugin, will let you white label Elementor for your clients. We’ll go through each feature one-by-one. By the end of this article, you should have a working version of Elementor without your clients knowing exactly which page builder plugin they are using.

Elementor Logos

White Label has several features to help you deal with the Elementor logo throughout your WordPress installation.

Hide the Elementor Logo

The most obvious way to white label Elementor is to remove its logo from the WordPress admin. This logo appears, to your day-to-day users, most obviously in the Elementor editor. The logo appears during the editor’s loading process, inside the editor’s panel, on the “Edit with Elementor” button, and even in the WordPress admin’s bar menu. You can quickly and easily hide the Elementor logo throughout your WordPress install with a click of a checkbox in White Label.

Replace the Elementor Loading Logo

What if you want to replace the Elementor loading logo with your own? White Label can help you do that as well. In the Elementor area of White Label, there is an option to define an image file to replace the loading logo. The size of the logo doesn’t matter. White Label will adjust to make it work inside the loading screen. This feature also works with the editor navigation menu.

Elementor Colors

Colors are another huge way for software companies to brand their products. Elementor has several strong color choices in their editor. Our White Label plugin lets you modify Elementor editor colors with a few simple settings.

Editor Primary Color

The primary color mainly applies to the header and footer of the editor’s panel. This is the section of the editor, on the side, that contains menus and widgets. In addition, the primary color will also apply to confirmation buttons in the editor. All you need to do is select a color with the built-in picker supplied by White Label. Our plugin does the rest.

Editor Secondary Color

The secondary color applies to the icons and text in the footer of the editor’s panel. There are other additional areas where the secondary color is used: notification dots, panel headers, etc. As with the primary color, you simply pick a color in White Label and that’s it.

Screenshot of White Label's Replace Elementor Editor Colors Feature

Elementor Text

Elementor forces the name of the plugin throughout the WordPress admin. This is most prominent in the Pages list with post state text, but it happens in buttons as well.

Hide Elementor Post State Text

Essentially, post state text is that bit of wording that appears after a piece of content. Here’s an example:

The “— Elementor” part is what we are referring to. You can hide Elementor post state text entirely from the admin with White Label. Simply check the box and that text will disappear.

Screenshot of White Label's Hide Elementor Post State Text Feature

Replace Elementor Post State Text

Let’s say you want to keep the post state text, but change the wording. White Label has you covered there as well. You can replace Elementor post state text with text of your own choosing easily. Enter in the text you want, hit save, and you’re done.

Replace “Edit with Elementor” Text

Finally, the last bit of Elementor text that you can modify with White Label. There are buttons, and an admin bar menu item, that contain the “Edit with Elementor” text by default. You can use White Label to replace the “Edit with Elementor” text with your own wording. It’s just as easy as changing the post state text. Type what you want, save your settings, and you’re done.

Elementor Editor Navigation

Elementor’s editor has a series of navigation items in the side panel. Not all of these items are useful. Or, to be honest, something you want your clients to have access to. White Label comes with a simple interface to hide Elementor editor navigation based on your needs. All you have to do is check the box next to each menu item you want to hide in the editor. Your choices also change the navigation on the Elementor settings screen.

Elementor Pro

The free version of Elementor comes with many upsells and nags for the Pro version. You can white label Elementor to hide some of these elements from your clients.

Hide Elementor Pro Upgrade Nags

The Elementor editor, in the free version, is covered in ads and nags to upgrade to Elementor Pro. We are plugin developers ourselves, so we appreciate the need for these, but they can be overwhelming to non-technical WordPress users. So White Label offers a way to hide Elementor Pro upgrade nags in the editor. It’s a simple checkbox, like many of the other settings we’ve discussed in this article.

Hide Elementor Pro Widgets

Finally, the free version of Elementor shows you widgets unavailable without Elementor Pro. You can remove these widgets from the list with White Label. A single checkbox check will hide Elementor Pro widgets in the editor. Your clients will no longer try and use widgets that are not actually available to them.

Elementor Plugin Details

One of the most common features our users take advantage of is hiding and renaming plugin details. You can hide WordPress plugins from your users easily. Simply find them on the list inside White Label’s Plugins tab, in the plugin’s settings, and select the ones you want to hide.

Your other users will immediately not be able to see that plugin when they visit the Plugins screen of the WordPress admin. In addition, your users will not be notified or nagged whenever a hidden plugin has an update available.

You can change WordPress plugin details as well with White Label Pro, the premium version of our plugin. This can help you take your effort to white label Elementor to the next level. White Label Pro lets you modify the following items that are shown on the WordPress Plugins screen:

Name
Plugin URI
Description
Author
Author URI

The following plugin details can be hidden:

Author
Version
View Details

Here’s an example of how you could modify the Elementor plugin details using our plugin:

Screenshot of White Label's Plugin Details Feature with Elementor

This is what your other admin users would see as a result:

Screenshot of White Label's Plugin Details Feature with Elementor Example

Again, this is a feature only found in White Label Pro. You’ll have to purchase that version of our plugin to have access to this functionality.

Elementor Menu Items

Finally, let’s wrap this up by discussing Elementor menu items in the WordPress admin. White Label has a feature to let you hide WordPress admin menus from your users. The interface is simple. Select the menu items you want to hide, save, and you’re done.

Screenshot of White Label Hide WordPress Admin Sidebar Menus

We recommend you hide all the Elementor options from the menu. This is the simplest way to make sure your users only interact with Elementor via the editor.

White Label Pro has additional functionality that will let you rename WordPress admin menus. This can be useful if you want to combine hiding some Elementor menu items and keeping some with different names.

Screenshot of White Label Pro Rename WordPress Admin Menus

White Label Elementor with Our Plugin

Get started with White Label today. It’s quick and easy to install, and you’ll be able to white label Elementor, and many other parts of WordPress, in minutes. Upgrade to White Label Pro, when you’re ready, to get even more powerful features to help customize Elementor to your needs.

Our plugin is the best way to customize WordPress for clients. Keep the WordPress admin clean, simple, and easy to use. Cut down on support requests and troubleshooting by simplifying what your clients can access and do to their website.

How to Set Your Own WordPress Block Editor Theme Colors

How to Add Your Own WordPress Block Editor Theme Colors

Last Updated February 6, 2023

This post is brought to you by White Label for WordPress. Customize the WordPress admin and make life easier for you and your clients.

The WordPress Block editor has come a long way since its initial launch. There are plenty of blocks included by default and even more available from third-party developers now. Each has its own special set of features and customization capabilities. One of the most common of those features is to set text and background colors for a given block’s content. There is a set of default colors included with WordPress but did you know you can pretty easily add your own? That’s what we’ll cover today. Let’s go through how you can quickly and easily add your own WordPress Block Editor theme colors to your current website project.

Adding Block Editor Theme Colors with Code

Today, we’re going to first focus on adding new block editor theme colors by writing some code. You can also add more colors using some plugins if you prefer and we’ll get to that later in the article. Our assumption is that you are a WordPress developer looking for a more programmatic approach. So we’re going to show you how to add new colors by including some code in your theme.

Declare Block Editor Theme Colors in functions.php

The code you need is relatively simple. You only need to add a small function that uses the after_setup_theme hook. Inside this function, we will be adding an array of custom colors with the add_theme_support function. The elements of that array have to define the name of the color, a slug, and the color itself as a hex value.

Here’s an example block of code where I’m adding two Block Editor theme colors from a client’s logo:

function add_block_editor_theme_colors() {
    $new_colors = [
        [
            'name' => esc_html__('Logo Brown', 'theme-name'),
            'slug' => 'logo-brown',
            'color' => '#695e4a',
        ],
        [
            'name' => esc_html__('Logo Green', 'theme-name'),
            'slug' => 'logo-green',
            'color' => '#41850f',
        ],
    ];

    add_theme_support('editor-color-palette', $new_colors);
}
add_action('after_theme_setup', 'add_block_editor_theme_colors');

Simple enough. Now we’re going to have two new options available in the WordPress Block Editor’s color palette to choose from. Of course, now we have to actually implement these colors in our theme’s CSS.

Add Colors to a CSS File

This part is fairly simple. The easiest way to get your new colors working on the front end of your site is to include them in a CSS file with your theme. The format is basic. It uses the slug from our array for both color and background-color properties.

Here’s an example of the CSS you’ll need if you were using our array:

.has-logo-brown-background-color {
    background-color: #695e4a;
}

.has-logo-brown-color {
    color: #695e4a;
}

.has-logo-green-background-color {
    background-color: #41850f;
}

.has-logo-green-color {
    color: #41850f;
}

Of course, this doesn’t make our new colors work inside of content in the Block Editor. For that, you’ll need to enqueue your stylesheet in the admin as well.

Let’s go back to the functions.php file and add our CSS file to the front and admin side of our site.

Enqueue CSS File

We’re going to need to enqueue our CSS file on the front end and the admin of our WordPress site. You’ll need to add more code to your theme’s functions.php file. This will make sure that our new colors are actually working in our content. When a visitor reads our site or an admin user is writing in the Block Editor the colors will work.

For this code example, I’m going to say that we saved our CSS file into a css directory of our theme and called it block-editor-theme-colors.css. Here’s the code:

function add_block_editor_theme_colors_stylesheet() {
    wp_register_style('new-block-editor-theme-colors', get_template_directory_uri().'/css/block-editor-theme-colors.css';
    wp_enqueue_style('new-block-editor-theme-colors')
}
add_action('wp_enqueue_scripts', 'add_block_editor_theme_colors_stylesheet');
add_action('admin_enqueue_scripts', add_block_editor_theme_colors_stylesheet');

This should get you new block editor colors on both the front and back of your WordPress installation.

Do you want an easier solution? Let’s take a look at some WordPress plugins that can help.

Adding Block Editor Theme Colors with a Plugin

There are a couple of good plugins that will let you customize color palettes for use in the WordPress Block Editor. We’ve chosen two that have similar feature sets but different interfaces. The one you choose will ultimately come down to your preference in interacting with the plugin itself.

Custom Color Palette for Gutenberg

The Custom Color Palette for Gutenberg plugin is a great way to add your own colors to the Block Editor without writing any code. This plugin utilizes the WordPress Customizer and the built-in color picker to let you build your very own color palette. You can control main, grayscale, and primary colors and toggle each of those color categories even further. In the end, you can build a complete set of new Block Editor theme colors without writing a single line of PHP or CSS.

Plugin Details

This piece of software was first released by its developer in October of 2018. It is presently on version 1.0 and last saw a revision on April 1st, 2020. The most recent release runs on WordPress 5.4.17 and requires at least PHP 5.6 to run on your server. This plugin is presently operating on over 1,000 WordPress websites. It has had over 23,060 downloads. There have not been many help requests from users. Reviews for Custom Color Palette for Gutenberg are very positive. Many of the end-users who left an evaluation found this plugin to be excellent.

Block Editor Colors

Block Editor Colors is another fine WordPress plugin for adjusting the available colors you can use in the new editor. Unlike the previous example, this plugin has its own interface for defining Block Editor theme colors. You can add custom colors, define default colors, and all of your choices are applied globally across your WordPress site. So, regardless of the theme or other plugins you use, the color palette you build will be available. This is perfect for client projects where you want to add logo-specific colors but the site undergoes regular redesigns and changes.

Plugin Details

This piece of software was originally published by its creator in March of 2020. It is now on version 1.2.6 and last saw a change on June 11th, 2025. The latest release functions on WordPress 6.7.3 and requires at least PHP 5.6 to work on your server. This plugin is presently functioning on over 3,000 WordPress sites. It has had over 30,050 downloads. There have not been many help requests from users. Reviews for Block Editor Colors are very positive. Many of the customers who left an evaluation found this plugin to be useful.

Customize WordPress for Your Clients

Hopefully, using our code examples or plugin suggestions, you can add new Block Editor theme colors to your client projects moving forward. Before you go, if you want more ways to customize WordPress for clients, you might be interested in our White Label plugin.

White Label was built to let you rebrand and modify the WordPress admin experience for clients. Make WordPress less confusing for them to use and easier for you to support. Change the login page, add custom dashboard elements, edit and hide menus, and manipulate how plugins are displayed.

Check out the complete feature list to learn about all of the ways our White Label WordPress plugin can improve your business and the experience of your users.

How to Add a WordPress Search Form to a Custom Theme

WordPress theme developers have to worry about a lot of moving parts. Templates for posts, pages, archives, and taxonomies. The list goes on and on. One of the often overlooked aspects of theme design is a search form. Including a search form is the easiest way to let website visitors find the content they’re looking for quickly. It alleviates the need for complex, nested menus and other forms of navigation that can be cumbersome and overwhelming. Today we’re going to discuss several ways in which you can include a WordPress search form in the custom theme you are developing.

Before we get started, as a WordPress developer you might be interested in learning more about our White Label plugin. Our plugin lets you modify and customize the entire WordPress admin experience for your clients. Rebrand WordPress, replace logos, add custom color schemes, and more with the dozens of features in White Label. You can learn more about what the plugin has to offer by viewing the features list.

Now, with that out of the way, let’s talk about search forms.

Use WordPress Core’s Built-in WordPress Search Form Function

The search form is such a common feature of a website that WordPress has a built-in function to help you add one to a theme. It’s very simple and can be called with some optional parameters.

In its simplest form, it looks like this:

<?php get_search_form(); ?>

You can pass that function an array of arguments with two possible options:

echo which is a boolean that determines whether WordPress will echo or just return the form. The default value is true.
aria_label which is the ARIA label for the search form. This is an easy way to improve accessibility on your site by giving your form a unique description. It will help to separate this form from other search forms that might appear in your theme.

This seems simple enough. What else would you need, right? Well, this function gets you the bare-bones search form. There are no customizations possible in terms of the markup. You can combine this search form function call with your own template if you want.

Let’s take a look at that technique next.

Build a Custom WordPress Search Form Template

The WordPress templating system knows to look for a search form template in the active theme directory. If one is found, the get_search_form function will use the markup in that file instead. You will need to create a searchform.php file in your theme directory.

The markup is fairly simple. Here’s a very basic version you can use to start:

<form role="search" method="get" action="<?php echo esc_url(home_url('/')); ?>">
    <input type="search" value="<?php echo get_search_query(); ?>" name="s" />
    <input type="submit" value="Search" />
</form>

The most important parts to keep the same here are the action on the form and the name of the search input. Stick with the submit button as well unless you want, or need, to do something more custom.

Obviously, you’ll want to improve on this quite a bit. Add CSS class and ID tags to the elements. Convert the text in the search button to something that can be translated. But, just as a basic example, that chunk of code should get you started on making your custom WordPress search form template.

With the searchform.php file in place, any call you make with get_search_form will use that markup instead of the default provided by WordPress Core.

Write a Custom Search Form Function

This is a bit of an odd way to go about it but we’ll highlight it here just in case it’s useful for your situation. You can write a filter for the get_search_form function to replace the markup of the form. This might be something you want to do if you are writing a custom WordPress plugin, for instance.

Here’s an example of how that would work using the basic markup we used above:

function my_search_form($form) {
    $form = '<form role="search" method="get" action="'.home_url('/').'">';
    $form .= '<input type="search" value="'.get_search_query().'" name="s" />';
    $form .= '<input type="submit" value="'.esc_attr__('Search').'" />';
    $form .= '</form>';

    return $form;
}
add_filter('get_search_form', 'my_search_form');

This is a pretty edge-case solution. For theme developers, you are probably better off just working with your own searchform.php file and skipping this filter function.

Add Custom Post Type Support to a WordPress Search Form

Finally, before we wrap this up, let’s talk about how you can add support for custom post types to a WordPress search form.

This is quite easily done by adding some hidden input elements to the form itself. All you need to do is include one hidden element per post type you want to search to work with. For example, let’s say our site has the following custom post types:

Teams
Players
Coaches

To make a search form that looks through those posts we would do this:

<form role="search" method="get" action="<?php echo esc_url(home_url('/')); ?>">
    <input type="search" value="<?php echo get_search_query(); ?>" name="s" />
    <input type="hidden" name="post_type[]" value="teams" />
    <input type="hidden" name="post_type[]" value="players" />
    <input type="hidden" name="post_type[]" value="coaches" />
    <input type="submit" value="Search" />
</form>

A neat trick here is that, instead of hidden inputs, you can use checkboxes and let the user decide what post types to search for. Tweaks like this are one of the biggest reasons why you shouldn’t rely on the default search form markup. Creating your own gives your theme so much more flexibility and functionality. It’s completely worth the time and effort.

Closing Thoughts on WordPress Search Forms

Writing your own search form markup, through theme files or a filter function, is one way you can get greater control over the built-in experience. Don’t let the built-in WordPress function take charge when you need to add a search form to your theme.

It’s important to add search capabilities to your WordPress themes. Many sites rely on search as a supplement to their site’s navigation. In fact, many sites with large amounts of content are practically unusable without a search form. Adding one with your own markup and styles is a great way to enhance the usability of your custom WordPress theme.

Of course, the default WordPress search results experience leaves much to be desired. In fact, you might want to check out our post about WordPress search plugins that can improve that.

The Best WordPress Plugin Detector Tools in 2023

Oftentimes, when browsing a WordPress-powered site, you’ll find yourself wondering how a specific feature was done. It’s not rare for a site to have something custom-developed but more often than not the feature is from a plugin. There are plenty of manual ways to discover what plugins a WordPress site is using. Thankfully, there are also a variety of WordPress plugin detector tools you can use. In addition to plugins, these tools also function as WordPress theme finders as well.

Let’s take a look at some of the more popular WordPress plugin detector tools out there today. We’ll briefly go over their features. In addition, we’ll run a test site through them to see how well they do at correctly identifying WordPress plugins.

Our Test Site

Our test site is running the GeneratePress theme on the latest version of WordPress. To be sort of unfair, we’re going to check for every WordPress plugin installed and activated on the site. It’s incredibly difficult, and often impossible, for any WordPress plugin detection tool to find admin and behind-the-scenes plugins. Those that do are truly standout performers.

The following plugins are installed and activated on our test site:

** These plugins are paid add-ons or have no direct presence on the WordPress.org plugin repository.

Scan WP

First on our list is Scan WP which is a tool for more than just plugin detection. That will be a common feature for every tool on this list, in fact. In addition to plugin detection, Scan WP will tell you a site’s theme, hosting provider, and some SEO information provided by SEMRush. A lot of this information, like the hosting, are just less-than-subtle attempts at affiliate marketing. The theme details are pretty normal for these types of tools: price, tags, URL, etc. One nice feature is that Scan WP will tell you how many sites they have scanned are using the same theme.

We’re here to talk about WordPress plugin detector tools though. How does Scan WP stack up? Of the 16 plugins our test site uses, Scan WP was only able to identify the following 5 for a 31% success rate:

Atomic Blocks
Easy Digital Downloads
MC4WP
WP Terms Popup
Designer Add-on for WP Terms Popup

That’s not a really great set of results. You could do a better job just manually reviewing the site’s source code. Let’s see if the next detector tool on our list does any better.

WordPress Plugin Checker by Earth People

The WordPress Plugin Checker is a tool written by the team at Earth People. This WordPress plugin detector is one of the oldest solutions we’ll cover in this post. It’s quite limited in what it can find. Their scanner only looks for the 50 most popular plugins in the WordPress.org repository in addition to the plugins Earth People develop themselves. That means, at the time of this writing, this WordPress scanner is only looking for 65 plugins. There are no bonus features to this site which means you won’t learn about themes, hosting, or other interesting details.

For our test site, only 2 out of the 16 plugins were detected for an abysmal success rate of 13%:

MC4WP
Wordfence Security

WP Detector

WP Detector offers similar results to Scan WP but with a slightly less overwhelming interface. This tool provides theme details, hosting information, and SEP data via SEMRush. There are still affiliate links scattered through like Scan WP as well. In terms of plugin performance, this WordPress analyzer was (you guessed it) as successful as Scan WP. The site found 5 of the 16 plugins on our test site for a success rate of 31%.

Atomic Blocks
Easy Digital Downloads
MC4WP
WP Terms Popup
Design Add-on for WP Terms Popup

InspectWP

InspectWP is probably one of, if not the, most comprehensive tools on this list. This site does a lot on top of checking for WordPress plugins and themes. In addition to WordPress concerns, InspectWP shows you issues with security, GDPR, SEO, general HTML markup, performance, and much more. You can learn hosting, server, and even DNS information about any website that you look up with the tool.

For our test site, the plugin results weren’t too bad. It found the following six plugins we were using.

Easy Digital Downloads
MC4WP
The SEO Framework
WP Super Cache
Wordfence Security
Redirection

In fairness, we ran this test at a different time from the other plugin detection tools on this list. So, the total number of installed plugins on our test site has changed. We can’t give a success rate because it will never compare fairly to the others. But, in general, InspectWP did a nice job finding plugins and the extra information it provides is quite useful.

WhatWPThemeIsThat

WhatWPThemeIsThat.com is one of the most popular WordPress detection tools out there. As the name implies, it is mostly focused on WordPress theme detection. It will easily find whatever theme a WordPress site is using and tell you what version is in use, who made the theme, and how to find it for yourself. There’s very little that is flashy about this site. You get the theme details and a brief rundown of any plugins and that’s it.

Once again, we’re really interested in plugins, and here are the results. WhatWPThemeIsThat found 5 of the 16 plugins on our test site for a success rate of 31%. This performance, and the exact plugins it found, are identical to what Scan WP produced:

Atomic Blocks
Easy Digital Downloads
MC4WP
WP Terms Popup
Designer Add-on for WP Terms Popup

IsItWP

IsItWP is a WordPress website analyzer that is mostly a vehicle for affiliate sales. The main push is to get you to read their hosting reviews. Their theme detection is sub-par in terms of how it scanned our test site. The test site uses GeneratePress. It is one of the most popular WordPress themes on the market and IsItWP could not identify it.

In fact, of all the WordPress plugin detector tools on this list, it performs the most poorly. IsItWP was unable to find a single one of the plugins on our test site. A success (can you call it that?) of 0%. Instead of results, it suggested we read their blog post on the best-selling WordPress plugins.

IsItWP did so poorly that we thought we would put it to another test. We asked it to scan itself. The results were bad again. It was able to identify the custom theme the site uses but only found two plugins. We were able to identify at least five plugins by browsing the site’s source code.

WPThemeDetector

Finally, the last tool on our list is incredibly popular: WPThemeDetector.

This WordPress scanner will find themes and plugins for any WordPress-powered site you ask it to look at. It offers similar results to its main competitor, WhatWPThemeIsThat, in a similar format. You get theme details you would come to expect with some added stats like theme popularity. For example, our test site uses GeneratePress, and WPThemeDetector currently reports that 81 out of every 10,000 sites it scans use the same theme.

Now, for the good stuff. WPThemeDetector has a very accurate plugin detection system. In fact, no other tool on our list performs as well as this one. Their software found 9 of the 16 plugins running on our test site for a whopping 56% success rate. It found quite a few plugins no other tool we tried could find. Here’s the complete list:

Akismet Anti-Spam
Atomic Blocks
Easy Digital Downloads
GP Premium
MC4WP
Redirection
WordFence Security
WP Terms Popup
Designer Add-on for WP Terms Popup

WPThemeDetector was the only tool on our list to find Akismet Anti-Spam, GP Premium, and Redirection. Impressive. We recommend you use WPThemeDetector for all of your plugin-finding needs. It performed much better on our test site than any other WordPress plugin detector tool we tried.

Want More Help with WordPress?

We appreciate you reading our post on WordPress plugin scanners. The blog we run here has other articles about using and getting the best out of WordPress. We regularly post articles on how to use WordPress for your clients and projects in the best way possible.

In addition, our plugin WordPress plugin White Label gives you the ability to adjust the WordPress admin experience for your clients and users. Check it out for free and start making WordPress less intimidating and confusing for your clients.

How to Use a WordPress Static Site Generator to Increase Performance

One of the big knocks on WordPress is that it can have pretty poor performance. WordPress is simple to install and it runs on pretty much any server. It’s easy to get started and realize your site is running slow. Fortunately, there are a lot of ways to improve loading speeds and performance. You can try WordPress caching plugins, for instance. Or, if you want to take an even more modern approach, you can use a WordPress static site generator.

A WordPress static site generator will generate a copy of your site’s content in pure HTML and CSS form. There will be no database interaction or requests when someone visits your site. Everything will be served to the user through pre-generated files. This means changes you make to your site, via the WordPress admin, will require new static files to be created. Of course, that downside is worth the performance increase that static files provide. It’s much simpler, and faster, for a server to send someone static HTML than it is to generate web page content on demand for each request.

The Pros and Cons of Static WordPress Sites

We’ve discussed this already but speed and performance are the main advantages here. In addition, a WordPress static site generator is going to help keep your site safe from hackers. Bad actors take advantage of WordPress and its dynamic content systems to weasel their way into your database and admin. A static site doesn’t have any of those server-based interactions for people with bad intentions to use.

The downside to a static site is that you lose a lot of the interesting functionality of WordPress. Again, there is no longer going to be any dynamic content or real-time server requests. This means things like contact forms, comment systems, and even site search become much more difficult to make work. Also, large sites with a lot of content can be difficult and slow to generate whenever changes are made.

All in all, whether or not you go with a static site generator for your WordPress site is best decided on a case-by-case basis. Smaller sites that don’t see a lot of updates are ideal candidates. More interactive sites, that require a lot of user input, are probably not the best choices for this approach.

The Types of WordPress Static Site Generators

There are generally two types of WordPress tools to generate static sites: services and plugins.

For a WordPress static site service, you rely on a third party to handle the entire process. Generally, these services come with regular monthly or annual fees. They handle all of the technical details and leave you to relax and worry about other parts of your website.

WordPress plugins that generate static sites are a different beast entirely. For the most part, these plugins are free to download and use. The downside is that you are often the one responsible for the successful installation and maintenance of the static site generation processes. If something goes wrong, it’s on you to correct things or get a hold of the plugin developer to help you.

Static WordPress Services

Sometimes the easiest thing, if you have the budget, is to let someone else handle static site generation for you. The following are some of the most well-regarded and popular WordPress static site generator services on the market.

Strattic

Strattic is a headless WordPress hosting provider that has grown in popularity recently. Signing up for Strattic gives you access to a worldwide content delivery network (CDN) that will host and server your static files. The best part is that Strattic provides you with a lot of the features uncommon to static sites. That means you’ll get site search, working integrations with many popular plugins (including ones for forms), standard redirects, and 404 handling.

There is a 30-day free trial available if you want to give this a shot. Afterward, the price of their plans ranges from $45/month to $250/month and more. Most sites can handle the cheaper plan but, if you grow, there are options available. Strattic is on the rise, with a recent round of investment guaranteeing they will be around for a long time.

Shifter

Finally, we suggest you check out Shifter for service-based static site generation. Shifter markets itself as a Jamstack WordPress hosting platform. Essentially, Shifter provides a platform to serve WordPress-powered sites served statically. You handle everything inside their custom dashboard and they handle the rest. They have their own CDN, handle your backups, and let your site serve WordPress dynamic content like search, forms, and online sales.

Shifter has an entirely free plan which sets it apart from the competition. It’s limited in terms of storage and bandwidth but is good enough for smaller sites. After that, plans range from $16/month up to $144/month. Each increase brings more storage and bandwidth. In addition, paid plans support custom domains which is key for any serious website anymore.

Static WordPress Plugins and Tools

There are a handful of really good plugins and tools for static WordPress site generation. Here are two of the favorites that we recommend you check out.

Simply Static

Simply Static, by Patrick Posner, is arguably the most well-known and useful static site generating plugin. It’s available for free at WordPress.org and offers a lot of flexibility and choices. You can use the plugin to generate static files of your site that you can then host on your own server, another provider’s servers, or at a CDN.

There is a premium version called Simply Static Pro that offers GitHub integration. You can then deploy your website to GitHub Pages, Cloudflare Pages, Netlify, Vercel, Amazon S3, and other servers. Even your own. Essentially, the Pro version makes the production process seamless so you don’t have to worry about transferring any files.

WP2Static

Finally, check out WP2Static from Leon Stafford. This plugin provides an interface to generate and deploy your site. In addition, there is a command-line tool you can use as well. You can check out the free version of the plugin right now and see if it’s right for you.

The add-ons, which can be bought in a bundle for a one-time fee, extend WP2Static in interesting ways. You can use the add-ons to deploy your site to BunnyCDN, Google Cloud, Netlify, and more. There is also an add-on to help integrate your site with Algolia search. As we mentioned, integrating search into a static site can be a pain so this is a nice addition.

Want More Tips About Managing WordPress Sites?

Thanks for taking the time to check out this post on picking a WordPress static site generator. The blog we maintain has more articles about getting the most out of WordPress for your business. We frequently write articles on how to effectively use WordPress for your clients and projects.

In addition to the blog, our popular plugin WordPress plugin White Label lets you change the WordPress admin experience to match your clients and their needs. Check it out today for free and discover how it can help you deal with clients better.

How to Maintain a Secure WordPress Website for Your Clients

Web design and development is dominated by many platforms but the most popular is WordPress. If you are here, you presumably know this already as you use WordPress for your clients. You are also presumably aware that the popularity of WordPress comes with a reputation of hackers looking to exploit its vulnerabilities. Their goals are to steal valuable information from websites or shut them down entirely. How can you prepare your WordPress website to be as protected as possible from these threats? Here are some easy steps you can take to keep a secure WordPress website.

Research Themes and Plugins Before Installing

WordPress enjoys the flexibility of having many themes and plugins. Unfortunately, those themes and plugins can also have vulnerabilities that can be exploited by hackers. This is why it is important to review your theme and plugins in advance. Check for any potential threats associated with them. A simple search for any theme or plugin name should reveal past or ongoing issues to be aware of.

It is also essential for plugins to have a reliable support team for help if there are problems. Try to avoid using a plugin that is either old or not compatible with recent WordPress versions. It may not have an active support system. When something goes wrong and you can’t fix it yourself you might be in trouble. Being unable to reach out to the theme or plugin developer for assistance could leave you scrambling to find alternate solutions.

Handle Regular WordPress Updates

WordPress is open-source software that is always changing and evolving. You can just install WordPress, add a few plugins, and send your clients on their way but that is a recipe for disaster. It’s important not to neglect updates to WordPress core and third-party plugins. Plugins, in particular, are very common vectors for security threats to infect a site. Keeping plugins updated is an easy way to make sure your client’s website stays safe. Updates also frequently introduce general bug fixes and new features that can improve the website and experience.

WordPress has a feature that lets you turn on automatic plugin updates. You can do this on a case-by-case basis if you don’t want to be constantly checking your clients’ sites for changes. We recommend you use this feature sparingly though. Plugin updates should be reviewed and not just done blindly most of the time. Unless you really trust the plugin developer, we suggest treading carefully with automatic plugin updates. WordPress core can be automatically updated by most hosting providers. This is common for important security fixes and, in general, can be trusted to go forward without your intervention. Either way, keeping things updated is by far the easiest way to maintain a secure WordPress site.

Create Durable and Secure WordPress Passwords

A common way hackers try to break into WordPress sites is by figuring out the password to an admin account. Traditionally, hackers try to access WordPress sites via brute force attacks. In these situations, an individual repeatedly tries different username and password combinations until they hit on one that works. These combinations are usually pulled from large databases of known accounts that have been comprised around the web.

What many people don’t realize is that there is more than one way for hackers to try and access WordPress via logins. Non-technical folks assume a person is manually entering in usernames and passwords. Unfortunately, hackers and exploiters are too smart for that. Often times they will use bots to do the login attempts for them. To make things worse, they don’t even need to use the actual WordPress admin’s login form. There are ways, with scripting, that you can try and access a WordPress site repeatedly without having to access the login page at all.

Remember, a weak password has a higher chance of being compromised. It is important to use random characters when creating a WordPress password. WordPress’ user creation tool has a password suggestion feature we recommend using. These auto-generated passwords are more secure than what most people come up with off the top of their heads. Creating obscure passwords is a very simple step to maintaining a secure WordPress installation.

Eliminate Automated Bot Traffic

Since we mentioned hackers earlier, one of their main weapons is bots. When you see bot traffic in your analytics it can be a bad omen. It is important to track the original source of this traffic and block it from reaching your site. This can include the IP address of the traffic as well as the region it is coming from. Your malware detector software can be used to identify the sources of bot traffic and how to manage it, including blocking them from coming from certain IP addresses and regions. We recommend a plugin like WordFence to handle this effectively.

Monitor Additional Users and their Access Roles

It is very common for a WordPress website to be run and managed by multiple people. This is why many clients want user accounts across multiple access levels within their business. This is simple enough to do in WordPress but you must be careful which role each user is assigned. Not everyone should be an administrator, for example. Giving the wrong person admin-level control of a WordPress site can lead to many issues. If they are non-technical, they might accidentally delete or install something they shouldn’t. If they are malicious, they can create all sorts of havoc with administrator privileges.

Review user access levels constantly as not every team member may have reliable security software set up on their systems. If a team member has their computer compromised by a virus, then disable or limit their user role within your website until their device is cleaned. In addition, if an employee is departing from the company, then remove their user role from the system as well.

Finally, try using a plugin like White Label to limit what admins can and can’t do to a WordPress site. The plugin, which we develop and update regularly, lets you modify menus, dashboards, and more to fit your client’s needs.

Use Security Scanners and ModSecurity WordPress Settings

The most popular WordPress security scanner is WPScan. You can find details about the inner workings of WPScan online at the official website. In short, it’s a command-line interface tool that checks against a large database of known WordPress vulnerabilities. After the WPScan tool runs it shows you its findings in a simple reporting interface. WPScan checks for the current versions of WordPress, your theme, and any plugins that are installed. From there it will find problems recorded in its database. In addition, WPScan can find and alert you to other problems. Weak user passwords. Publicly accessible database dumps. Exposed error logs. Vulnerable files and a lot more. It’s an incredible, yet pretty technical tool, to keep a secure WordPress installation.

ModSecurity is an open-source web-based firewall application most commonly referred to as a WAF. It can run on all of the popular web servers such as Apache and Nginx. Installing and configuring ModSecurity is beyond the scope of this article but tutorials are available online. Once you have ModSecurity running you can make it work with WordPress by installing a rule set. Luckily, there is a WordPress ModSecurity rule set available provided for free by a member of the WordPress community.

Want to Learn More About Handling Your Clients’ WordPress Sites?

The key to having a secure WordPress site is having a consistent system of security practices. Being proactive in your management of WordPress can go a long way. Adding the aforementioned strategies into your security plan can protect against malicious threats.

We appreciate you taking the time to read this article on keeping a secure WordPress site. Check out our blog for more tutorials and articles about using WordPress in your business. We often write posts on how to get the best out of WordPress for your clients. We also have a very popular plugin called White Label that lets you change the WordPress admin experience to better suit your clients.

WordPress Log4j Exploits: Are Your Clients’ Sites Safe?

Undoubtedly, you’ve heard the news about the recent discovery of an exploit centered around something called Log4J. This issue has hit mainstream television, newspapers, and every form of media. It’s become so well-known, in such a very short time, that you might have heard your friends and family asking about it. Anyone who does any kind of web design or web development work has most definitely had clients ask them about Log4J as well. Today we’re going to go over what exactly Log4j is, how the exploit works, and whether or not your WordPress clients are in danger. In the end, you should have a better understanding of the truth behind WordPress Log4j exploits and how they impact the world’s most popular content management system.

What Is Log4j?

Log4j is a very popular logging library for the Java programming language. Written and maintained by the Apache Software Foundation., Log4j appears in a variety of software applications to collect and store events. In short, a logging library lets a developer collect information about a particular process or user and save it for later use. These uses can be for other features of an application, for various kinds of reporting, or to simply help with development by monitoring for errors.

What Is the Log4j Exploit?

The Log4j exploit, specifically called CVE-2021-44228 but commonly referred to as Log4Shell, is a zero-day vulnerability that allowed for unintended code execution. Since Log4j allows for storing user input (again, it’s common practice to log these kinds of things in a lot of applications) it needs to be sure that input isn’t actionable. Unfortunately, the Log4Shell vulnerability allows for the remote execution of code if the user input that is logged is formatted in a very specific way.

This exploit allows malicious users to inject text via Log4J and then execute code on a remote address. Some common applications of this technique are to force devices to unknowingly mine cryptocurrency, send spam emails, and do other underhanded things.

News of the exploit came to the Apache Software Foundation’s attention on November 24th, 2021, but the vulnerability had been in the wild since 2013. On December 6th, 2021, a fix for the exploit went out but the crisis doesn’t end there. The amount of software using Log4j is quite vast. It will take quite a while for all of these applications to correct this issue internally. In the meantime, abuse of the exploit will be running rampant.

Is WordPress Impacted by Log4j?

Finally, to the discussion about WordPress Log4j problems.

This entire post has essentially been nothing but bad news for the Internet. Log4j is very popular in the Java programming community. Many high-profile applications use the library. Fortunately, PHP, and not Java, is the programming language of WordPress. This means that your clients’ WordPress sites are safe in most circumstances.

The only thing you should check is to see if, for some reason, your WordPress sites connect or interact with any Java-based applications on the same server. The chances of this are rare if you are working with standard WordPress installation. We recommend you check anyway just to be safe. If you are unsure, contacting your hosting provider is a good place to start to get confirmation.

It’s important to remember that this issue does not impact the Apache webserver. This is important to know because many WordPress sites run on Apache-powered servers. While Log4J is part of the Apache Software Foundation it is separate from the web server application. In addition, you might see some references to something called Log4js in some of your WordPress plugins or server architecture. This is a Javascript library and not related to the exploit. It just has a very similar name.

This Isn’t the End of Log4j

We are most likely going to be dealing with the fallout of Log4j for many months to come. Thankfully, if you run a WordPress-focused business, the news is good. The odds are small that your clients and work are affected. WordPress runs on the PHP programming language, and not Java, so the likelihood of there being a problem is tiny. Just remember there is a chance your server might contain Java software that interacts with your WordPress installation. This would most likely be a custom setup you are aware of though so act accordingly.

Thank you for reading this article. If you would like to learn more about WordPress and running a WordPress business check out our blog. We regularly write articles and guides on how to get the best out of WordPress for your projects. We also have a popular plugin called White Label that lets you customize the WordPress admin experience for your clients. Check it out if you run a WordPress-focused client business.

WordPress Scripting: Server-Side and Client-Side

The term “coding” is broad and refers to any machine language that writes instructions for a computer or computer program. Scripting is a specific type of coding that sends instructions to websites or programs running on a computer. These instructions can be either on the client-side (the front-end) or the server-side (the back-end). When you visit a WordPress website it will first request that page from a server. The server will run any server-side scripts and then send the page to my browser along with the code necessary for the client-side scripting. Client-side and server-side code are the building blocks of WordPress scripting.

Let’s go into some more detail about exactly what server-side and client-side scripting is. In addition, we’ll discuss specifics about how this all relates to WordPress. By the end, you should have a better understanding of how server-side and client-side WordPress scripting works.

What Is Server-Side Scripting?

The server is the location where the files for your website are stored. When someone loads your site, their browser sends a request to the server. The server-side script then processes the request and sends the results back to the user. This back-and-forth, with the server processing code and information from a storage mechanism such as a database, is the core of server-side scripting.

In short, server-side scripts run on the server hosting the site in the few seconds between someone clicking something on your site and the content appearing in their browser.

What Is Server-Side Scripting Used For?

In most cases, server-side scripting is used for most aspects of loading a web page. It’s the building block of websites. For example, say you are visiting your favorite WordPress-powered website. When you first visit, the browser you’re on sends a request back to the server with information about what post you are viewing. Server-side scripts then instruct the server to pull that post’s data and construct the HTML for the page. Then the server sends that markup to your browser.

If you have a site with a personalized login page for your clients, the same thing will happen. The server needs to send their personal details back to the browser after they log in. You may see different content on the login page depending on if you are logged in or not. That’s server-side scripting. It decides what to display based on variables and conditions.

Which Parts of WordPress Scripting Are Server-Side?

The core of WordPress, and most third-party plugins, are all powered by server-side scripting. WordPress is built on top of PHP which is a server-side programming language. Data is stored inside of a MySQL database. These two components, when combined, handle all of the server-side processing requests a WordPress site makes. High-quality hosting is important because so much of WordPress works on a server. This is why you see so many ads for expensive WordPress web hosting nowadays. In addition, you can offset the slowness of server-side scripting with one of the many popular WordPress caching plugins.

What Is Client-Side Scripting?

In simple terms, client-side scripting is code that makes changes to the page in the browser where it is being unpacked. This happens on the user’s end and so it depends on their computer, rather than a server. With client-side scripting, the code is sent to and temporarily stored in the browser of the person viewing it.

Client-side scripts, such as JavaScript, work by interacting with a page’s HTML code to add or change what is shown on the page under different conditions.

What Is Client-Side Scripting Used For?

Client-side scripting is used to make websites more interactive. Think pop-up boxes and other exciting visual changes in the browser. Client-side scripting runs on the browser (such as Chrome or Firefox) that the page is being loaded on.

Design elements that display and become interactive without needing the page to reload are generally using client-side scripts. An example would be clicking on a photo in your social media feed and it becomes larger. This works because the photo has already been sent to you by the server and stored temporarily in your browser. The client-side script then makes it interactive by pulling the information from the HTML file and altering the image size.

Which Parts of WordPress Scripting Are Client-Side?

At its core, most parts of WordPress are server-side as we discussed. You’ll most often see client-side scripting on a WordPress site through themes and plugins. For example, any WordPress site that has one of those infinite scrolling lists of posts is using client-side scripting. Many plugins with interactive front-end elements, like a WordPress popup plugin, are using come client-side scripting as well. For the majority of instances, WordPress client-side scripting is going to involve something visitor-facing and interactive.

WordPress Scripting Is Server-Side and Client-Side

Server-side scripting prepares WordPress content before it’s sent to the browser. This usually happens before the page is loaded. Client-side scripting is used to make sites more interactive. Most WordPress sites now rely on both client-side and server-side scripts to give a complete experience. A site’s files are sitting on a server waiting for someone to request to view them. When the server receives a request, it sends those site files along with any client-side scripts to the visitor’s browser. The client-side script is used to make the page more interactive.