How to Add Content Locking in WordPress

Do you want to add content locking in your WordPress site? Many websites use content locking to boost their lead generation, increase sales, or build their email list. In this article, we will show you how to add content locking in WordPress without annoying users.

Adding content locking in WordPress

What is Content Locking & When You Need It?

Content Locking is a technique used by site owners. It forces users to perform an action before getting access to your content.

Content lock example

If it is not used properly, then it could annoy your users. But when it is done right, it could be very effective in generating leads and achieving your marketing goals.

The best time to use content locking is when you are offering highly valuable content such as a free course, an ebook download, or something similar.

It uses the same psychological trick as content upgrades. Users wouldn’t mind performing a little task in exchange of valuable content.

Now that you know the use case, let’s see how you can easily add content locking in WordPress like a pro.

What Do You Need for Content Looking in WordPress?

For this tutorial, we will be using OptinMonster. It is the best lead generation solution in the market. You will need a plus or pro plan of OptinMonster for content locking.

WPBeginner users can get a 10% discount by using this OptinMonster coupon.

Adding Content Locking in WordPress

First thing you need to do is install and activate the OptinMonster plugin. For more details, see our step by step guide on how to install a WordPress plugin.

This plugin is just a connector between your WordPress site and your OptinMonster account.

Upon activation, click on the OptinMonster menu item in your WordPress admin bar. You will be asked to provide your OptinMonster API username and key.

Authentic OptinMonster account

You can find the API information under your account on the OptinMonster website. Simply login and then click on the API link.

OptinMonster API Keys

Next, copy and paste the API username and key into the OptinMonster plugin page and then click on connect to OptinMonster button.

Once you are successfully connected, you need to click on the create new optin button.

New optin

This will take you to the OptinMonster website. You need to provide a title for your optin campaign and select your website from the drop down menu.

You also need to select ‘After post / Inline’ as your optin type. This will load some ready to use templates in the right column. Click on a template to use it as a starting point.

Create new optin screen

It will open OptinMonster’s form builder where you can customize the appearance of your optin and configure its settings.

Feel free to edit fonts, add text or images, change colors, etc.

OptinMonster's optin builder

Next you need to click on the ‘Optin’ Menu and scroll down to content blocking section. Turn on content blocking for this optin by clicking on the on/off switch.

Turn on content blocking for this optin

Turning it on will show you the options to determine how you want content blocking to work. First you need to choose a content blocking method.

You can use obfuscation which blurs content, or removal which totally removes the content below optin.

Content blocking options

You also need to change success cookie duration to 0. This will prevent cookie from being set until users submits the optin.

After that go through the Integration setting to connect your email marketing service and also configure the analytics setting.

Once you are done, click on the Save button on the top right corner of the builder to save your settings.

Save your optin and get the embed code

Now you need to visit your WordPress site and click on the OptinMonster menu.

You will see your content lock optin under the list of optins. If you don’t see it, then click on refresh optins button.

Edit optin output settings

Take your mouse to the optin title and then click on ‘Edit optin output settings’ link.

On the next page, click on the checkbox below ‘Enable optin on site’ option.

Enable optin on site

Don’t forget to click on the save settings button at the bottom of the page.

Next, you need to click on the OptinMonster menu again to go back to Optins overview page. This time you need to copy the optin slug.

Copy the optin slug

Now you need to edit the post or page where you want to enable content locking and add this shortcode before any other content in your post (or after the first paragraph).

Replace your-optin-slug with the optin slug you copied earlier.

OptinMonster Shortcode

Now you can save and publish your post or page. Visit the post or page in a new browser window to see content locking in action.

How to Add Content Lock to All WordPress Posts

If you want to automatically add content locking to all your WordPress posts, then there is an easier way to do this.

Simply install and activate the Insert Post Ads plugin.

Upon activation, you need to visit Post Adverts » Settings to configure the plugin settings.

Post ad settings

Select where you want to enable post ads plugin posts or pages and then click on save settings button.

Now you need to visit Post Adverts » Add New page. Provide a title for this content locking script and then add your content lock optin shortcode in the advert code section.

Site wide content lock in WordPress

Under ‘Display the advert’ dropdown menu, you can select before the content or choose to add this after the first paragraph and click on the publish button.

That’s all, the plugin will now enable content locking for all your WordPress posts.

Pro Tip: The reason why you may want to add it after the first paragraph is because you can use the first paragraph as a teaser to tell users why they really need to read the rest.

We hope this article helped you add content locking in WordPress. You may also want to see this 63-point checklist for creating the ultimate optin form (with examples).

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

The post How to Add Content Locking in WordPress appeared first on WPBeginner.

Security Alert: Httpoxy

You may have heard about this already. Even so, please read this post. Normally we email all possibly impacted developers directly. In this case, trying to generate a list gave me over 6 gigs of results. I trimmed it down, but given the volume of people using Guzzle and possibly using suspect code, it was more straightforward to post an alert.

httpoxy is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. It comes down to a simple namespace conflict:

  • RFC 3875 (CGI) puts the HTTP Proxy header from a request into the environment variables as HTTP_PROXY
  • HTTP_PROXY is a popular environment variable used to configure an outgoing proxy

This leads to a remotely exploitable vulnerability.

You can read about the entire situation on httpoxy.org. While the fix is, as most are, a server one, all developers should be aware of this.

Don’t bother doing the following:

  • Using unset($_SERVER['HTTP_PROXY']) – it does not affect the value returned from getenv(), so is not an effective mitigation
  • Using putenv('HTTP_PROXY=') – it does not work either (to be precise: it only works if that value is coming from an actual environment variable rather than a header – so, it cannot be used for mitigation)

You can prevent and mitigate some of this in your code. Read up on httpoxy Prevention.

Yoast SEO 3.4: accessibility first

Today we’re releasing Yoast SEO 3.4, a release mostly aimed at improving our accessibility. Which means you won’t see most of the changes, but they’ll make a world of difference to others. We’ve also improved our readability checks and how we deal with some languages, more on that below.

Accessibility changes

When we hired Andrea a while back (more on that here), we knew we were in for a treat. He’s one of the leading accessibility developers for WordPress, and he didn’t disappoint. This release is, in large part, his work. Improving accessibility means a ton of small changes, and we have the changelog to show for it.

Some simple highlights that show that where accessibility is concerned, the devil is in the details:

  • Improved the headings hierarchy on several admin pages.
  • Improved the knowledge base search and admin menu by making it focusable and operable with a keyboard.
  • Adding labels and titles to several fields.

Have Team Yoast install and configure Yoast SEO premium for you!

Yoast SEO Configuration service

Yoast SEO configuration

Accessibility is more than just technical changes; it’s also allowing people without specific knowledge to use your product. That’s why we’re introducing the Yoast SEO configuration service today too! If you think setting up Yoast SEO Premium is too daunting, we’ll do it for you. If you’re migrating from another SEO plugin: we’ll do that for you too!

Readability checks

We’ve added one readability check this release. The plugin now warns you if you start 3 or more consecutive sentences with the same word. We’ve also improved the wording on some checks. Yoast SEO can now deal with characters with diacritics correctly in 75 languages.

The choice is yours!

As of this release you can disable the SEO analysis. You can also disable the readability analysis. You can do this just for yourself, or an admin can do it for an entire site. If you disable both, you’ve got just our snippet preview left. We’d obviously recommend using both features, but if you don’t want to, the choice is now yours!

Update!

We’ve, of course, fixed bugs in Yoast SEO and quite a few of the Yoast SEO extensions too. So… Go update!

Known issues with “pre-commit” to the plugins SVN

Have you seen this recently?


$ svn ci -m 'commit first version of plugin'
Adding trunk/readme.txt
Adding trunk/my-cool-plugin.php
Transmitting file data .......svn: E165001: Commit failed (details follow):
svn: E165001: Commit blocked by pre-commit hook (exit code 1) with output:

***********************************
PHP error in: my-cool-plugin/my-cool-plugin.php:
Errors parsing my-cool-plugin/my-cool-plugin.php
***********************************

A couple weeks ago, the PHP “lint” part of the SVN pre-commit check was changed from using PHP 5.4 to using PHP 7.0. Somewhere in that process, something got broken with regards to the output of the error messages resulting from this check. So, none of the errors show up.

This can be confusing, especially if you’re not running PHP 7.0 yet, because PHP 7 is actually a lot more strict about this sort of thing. You can run the PHP lint process yourself on your own files all day long and not see what the issue is, because it *only* comes up in PHP 7.

My advice: Grab a copy of PHP 7 for your machine, and run “php -l” on the file you’re getting an error message about. There is a valid error, you’re just not seeing it on older PHP versions, which were not quite so picky.

One known case that seems to be cropping up a lot:

The “break” and “continue” keywords are only valid inside a for, foreach, while, do-while, or switch structure. You’ll get the error message of “Fatal error: ‘break’ not in the ‘loop’ or ‘switch’ context in my-cool-plugin.php on line 123”

We’ve been seeing code that has something like this in it:

if ( is_thing() ) {
  do_thing();
  break;
}

And that is invalid in PHP unless that if is inside a loop. But, previous versions of PHP didn’t show the problem in their lint processes. Not so with PHP 7.

So, make sure to check your code with PHP 7. It’s no fun for people using the newest systems, like we always recommend, to be running into syntax errors. Note that these were actually syntax errors in previous versions of PHP as well (using break and continue makes no sense outside of a loop structure), but now you’re getting told about them by the lint process.

We’re still working on finding the bug not showing you these errors in the pre-commit checks too. 🙂

Planning your website like your holiday

Planning your website is much like planning your holiday. If you rush into things, your hotel might be crappy, the surroundings without anything to do, and you might even pay way too much for it. In this post, I’ll explain the process of planning a (new) website from scratch. And make that process clear by highlighting similarities with planning a holiday.

Your website is like your holiday

We are all working towards our summer holiday, right? Our kids have their last days at school. The office is buzzing with holiday destinations. In the back of our mind, we’re already thinking about that sunny day at the beach this summer. It struck me how many similarities there are between planning your holiday and planning your website. Think about it:

  • Why are you going on a holiday / why are you setting up a website?
  • What is your destination / what is the main goal of your website?
  • Where do you want to go sightseeing / what do you want your visitor to see?
  • Will you be using a travel agency / are you going to build the site yourself?
  • What is your budget?

I’m sure you can come up with more similarities, but let’s focus on these five in this article!

What are we going to do?

You can set deadlines all you want, if the purpose of your website isn’t clear, you might as well not set up a website. It’s like planning a trip without thinking about what kind of trip you want to make. Spending two weeks on a beach is totally different from hiking from mountain top to mountain top.

For your website, there are a couple of things to consider up front:

  • Is your website strictly meant as an online brochure / reference material?
  • Do you want people to get in touch with you?
  • Is your website a place to sell stuff immediately (eCommerce site)?

Obviously, there can be combinations of the three as well.

Online brochure

If your website is solely a brochure, don’t mind optimizing the website, if I can be that blunt. If you only have a website so you can refer people to it for more information, get the cheapest website you can find, make sure to put a logo and some text on it.

Get in touch

If you want people to contact you or subscribe to your newsletter, SEO becomes important. You might want to focus on local SEO, or do some proper keyword research to make sure you have the right, optimized information for your visitor. Make it as easy as possible for a visitor to contact you. For instance show your phone number in all the right places or add forms or email links in spots where you feel you’ve convinced them to send you an email.

eCommerce sites

An eCommerce site obviously needs a different approach. Be sure to think of a proper category structure and start optimizing landing pages for predefined target audiences. Think of great introductory content for your category pages and set up your call-to-action on every page. Optimize your homepage to show all shopping ‘aisles’ of your website.

Of course, you can come up with more variations, like websites that mainly provide information or websites that have a business model based upon ad revenue. It’s very important to think about what kind of website yours is or will be. Keep that goal in mind during the entire process of creating or improving your website.

Order a website review NOW and get our Complete SEO Pack for free!

Get a Yoast website review

Where are we going?

This is tougher than you might think. In my post about live website reviews, I already mentioned a website owner might have a different idea about of the main purpose of a website. The goal of your website depends on what you want to get out of your website. It is much less about what your website can do for your visitor. Sounds manipulative? Perhaps it is.

Where are we going? Road signs

If you plan a trip, your destination is obviously very important. You can combine hiking and leisure. But if your goal is just sipping martini at the beach, you don’t want to end up in Nordkapp. For your website, this is pretty similar. A website meant to establish contact with new customers, has a different look and feel than a website that is meant to support existing customers, for instance. The core of your site will be different. Finding that main, core element your website revolves around can be hard. As it can be to pick a destination for your holiday.

Take a look at the website of your local car dealer. He might occasionally sell a used car, but chances are most of his business is about repairs and service and not per se sales. Especially if he’s not selling a specific car brand. His website, however, probably has the newest used cars listed smack in the middle of the homepage.

Ask yourself “what’s my main business” and make sure that that business, or proper content about it, is the centerpiece of your website. The ‘destination’ of your website shouldn’t stop you to plan day trips to other locations, by the way.

Will you be planning day trips?

Where do you want to go sightseeing? In your website, there should be a proper internal link structure to all the other good stuff you want to present your visitor. At Yoast, we often refer to this as setting up cornerstone content. We actually wrote about that a couple of times. Optimizing your website isn’t just about writing that one main page about your main subject, but it is about optimizing all pages related to that as well. If you are selling trips to Paris, just one page about Paris as a whole doesn’t cut it. In addition, you also want a page about the Notre Dame, the Tour Eiffel, and the Sacré-Cœur, just to name a few. These could be your cornerstone pages.

Play your trips to these pages by adding links on the appropriate pages of your website. By linking these pages from related pages, your cornerstone content becomes easy to find for both Google and your visitor. As you don’t want to take the same day trip every day, don’t keep linking to the same cornerstone content from every page. Instead, decide what cornerstone content is valuable for that specific page. An example: it would make no sense to add a link to Yoast SEO for WordPress here.

What travel agency should you use?

Why would you want to try to book that entire trip yourself? Your main business is probably not building websites or writing content. It is convenient to use a web partner that knows what plugins to use or how to optimize your images for speed or mobile. It simply means you don’t have to worry about any of this, as is the case when using a travel agency. All will be taken care of.

Choosing the right travel agency or web design company / web developer can be hard. There are web design agencies on every street corner. After our reviews, we are often asked which companies we recommend for the implementation of our advice. So we created a list of implementation partners. We know these companies, have seen their work and know and like their approach. If you are looking for a local developer instead, check our friends at Codeable.io, as they have set up a great marketplace for local WordPress developers. Simply post your job there, and get quotes delivered right to your inbox. Pick the travel agency that is best for your voyage.

And what budget should you reserve?

As with your holiday, a new website, or adding improvements to your website, will cost you money. There is no standard for this, but let me assure you that a good developer comes at a certain price. People have asked us why they should pay $699 for a review, when they can buy a new website for that. No, you can’t. If your web design agency or web developer charges $699 for a website, start running and never look back. It’s like booking a trip, arriving at your destination only to find out that the trip did not include an accommodation. Where it initially appeared to include that. Paying $699 for a website is a start, but your developer will charge you for every email you send and every feature request you mention. Buy cheap and waste your money.

As mentioned, there is no golden rule for your budget. Just keep in mind that people ‘window shop’ online as much as offline. Your store just has to be appealing, and your door should be open at all times. And yes, that will cost you money, depending on the project you have in mind. Having built and sold my share of websites, I can tell you with 100% certainty that you will talk to your web designer or developer a lot after your website goes live. It will help if you hire a trustworthy, client-friendly company. A company that doesn’t just do what you tell ’em to, but shares knowledge and helps you to lift your online presence to a higher level. Don’t be afraid to pay for that.

Have a nice holiday!

Of course, there is more to planning your holiday. And more to planning your website. As you will understand by now, there is a lot to consider. But as your holiday is meant to relax after working hard for all these weeks, so is a properly planned website. You don’t build a house without thinking about the foundation first, right. Make sure you have answered the questions above first, and then start designing that website. It’ll be a nicer trip that way!

Read more: ‘What’s the mission of your website?’ »

5 things to do after a hack

Even if you try your utmost best, chances are hackers will find a way to hack your site. Following our WordPress security article, I’ll show you five things you should do right after you find your site to be hacked. Some of those things you should probably do before it even happens!

1. Understand what just happened

Your site has been hacked. There are a number of ways this can happen. It might be due to poor maintenance (more on that later), or due to bad plugins. Regardless of what the cause is, you’d better prepare yourself. Your website is on WordPress, and because of the huge user base WordPress has, hackers like WordPress as well. I think my personal website is under brute force attack a couple of times a day. Don’t even get me started on the site you are reading now. This isn’t an invitation, but please realize that hackers try to hack your website all the time. You are no exception.

Tony Perez did a webinar about how websites get hacked earlier this year:

A few things that might lead you to believe you’re suffering a hack might include:

  • Google has blacklisted your website;
  • Google search result pages show “This site may be hacked”;
  • Your host has disabled your site;
  • Customers notify you via their local AntiVirus applications;
  • Your website is not behaving correctly or generating odd errors.

There are some free tools available to help you in the process, like the SiteCheck Scanner and Unmaskparasites Security Scanner.

Knowing what happens and realizing that you are vulnerable, is half the battle. Please read our WordPress security article and monitor your website at all times. On top of that, you might want to install a web application firewall and a local application security plugin.

2. Harden WordPress

There are a lot of things you can do, but at least address the following:

  1. Generate new security keys for WordPress. These are in your wp-config.php file and you can generate these here. Copy/paste in your wp-config.php file, save the file and step 1 is done.
  2. Reset your user passwords. Somehow, the hacker managed to hack your site. In a brute force attack, the method is just to guess your username (please don’t use ‘admin’) and password. After a hack, change all passwords just to make sure. Use a unique password with a complex structure. It’s always best to use a randomly generated password instead of a human generated one. Combine upper/lowercase, use special characters and numbers. WordPress helps with that these days. Use a password manager like 1Password or LastPass to store your passwords.
  3. Reinstall the core. Post-compromise, we highly recommend you always remove and reinstall the WordPress core manually. Do not use the update/reinstall feature via your dashboard. Instead, use your favorite FTP/SFTP client and manually replace the files. Attackers like to embed their files deep in your file structures, and a very common place is within the core directories (i.e., /wp-admin/ and /wp-includes/).
  4. Reinstall your plugins. Of course, that sounds drastic. But if you want to make sure no malicious code remains on your website, do a fresh install and hope all the additions and insertions of the hack disappear. We follow strict security guidelines here at Yoast and have our software reviewed by Sucuri on a regular basis. That’s still a best-effort, by the way, but it makes sure we can immediately address any vulnerabilities. All things considered, it’s our job as a plugin developer to do our very best. Unfortunately, not all plugin developers are as strict in this as we are. So reinstalling your plugins might be a good idea.

By the way, you can also find these three immediate actions in the Sucuri Scanner plugin, as Post-Hack recommendations.

Order a website review NOW and get a plugin of your choice for free. We'll even configure it for you!

Get a Yoast website review

3. Keep your website up-to-date

Keeping your site up-to-date sounds like SEO advice: “Dynamic content makes your website rank better”. But please keep in mind that a healthy technical install really protects your website from hacks. Personally, I stay away from plugins without updates in the last two years. There is a reason WordPress.org tells you that. Hackers target vulnerabilities in older versions of WordPress. The version of your WordPress install is in your WordPress readme.html file (so remove that), and sometimes even right in your source code.

The bottom line is to keep both plugins and WordPress up-to-date at all times. Note that this advice goes for activated and deactivated plugins, as these are just as vulnerable. Make sure to update all of your software (after cleaning up your website) after a hack. This way you’ll have all the latest security updates and makes you less vulnerable. Nevertheless, we find lots of sites running old versions of WordPress and plugins during our website reviews.

4. Restore a backup after the hack

Valentin Vesa of Sucuri pointed me to this when discussing the subject with him. Create a backup strategy. Please don’t be the guy that installed Backup to Dropbox or Backup Buddy and has never restored a backup. Make sure you can. Monitor your backups. Store your backups offsite. Plus, you have to test your backups now and then, to make sure all is right.

Solid backups make it possible to quickly restore your website after a hack. It might cost you a few updates, but at least you’ll keep your site up and running. After restoring a backup, follow up on advice number three of this list and make sure to update your WordPress install and all of your plugins.

5. Don’t try this at home

Don’t take security lightly. In most cases, it’s a trade of its own. You are probably not the most capable person to take care of it. Webmasters, web agencies, and business owners have other qualities that matter. If you hire a security company like Sucuri to take care of your website security business, you can focus on the things you are good at.

And yes, quality security services cost money. But think of all the time you are saving not having to worry, or dealing with a hack yourself. To make it even better for you, Sucuri has a nice offer for our readers:

A 25% discount if you purchase a complete security package of Website AntiVirus & Firewall (basic) and pay for a year upfront (currently $199.99 / year). This also goes for any of the higher Firewall plans as long as the payment is made for the year up front.
Use coupon code YOAST252016 at checkout and get a 25% discount :)

All the more reason to prevent your site from being hacked, instead of dealing with security after the hack is already done!

This article was written with the help of our good friends at Sucuri.
Thanks, Valentin and Tony!

Read more: ‘Regular security audits: taking our responsibility’ »

Reviewing the Guidelines

The official plugin guidelines are currently found on DevHub under Detailed Plugin Guidelines. The older version now redirects (thank you!). Like the Codex and DevHub, we’re mid transition and apologize for any confusion when that redirect wasn’t happening.

Historically, any time someone has a patently clear misunderstanding about what a guideline means, they are asked if they can help us understand what was confusing and how to make it better. I’m sad to tell you that in the history of me asking that question, less than five people out of the hundreds have replied.

Since we have the goal in mind to expand the plugin review team, one of the requirements on me as the rep is to clarify the Plugin Repository Guidelines. In the last seven months (since the Community Summit 2015) I have been refining, tweaking, and editing them in an attempt to make them more clear so we can get them at a point where they will be easily enforceable by people who don’t have the deep history of understanding misbegotten behaviors that caused their creation in the first place.

The sole reason this has been done in private was so that those currently on the team were all on the same page before we bring it up to the rest of the world.  Once we know we understand the guidelines, then we can educate the next generation. It’s taking us this long to straighten things out in part because we don’t have a handbook. Not a one. I’ve started from scratch to make a passable one, which is now being converted into something understandable and sharable with others.

My personal goal is to have ‘beta’ release of the Handbook up by end of July and the revamped guidelines available for public discussion here no later than end of August.

I am greatly sorry if anyone thinks they weren’t listened to, or that the guidelines were some great big secret circle of conspiracy. Neither are the case. We have always listened, we have always been adjusting things, and we’ve (almost always) been working on a major overhaul of everything. We were just starting from a very different position than nearly any team out there on WordPress.org, which made it exceptionally difficult.

There have been a lot of hurt feelings both within the team and without, but I’m optimistic that we’re now, finally, at a good place to move forward.

Please keep an eye on this blog for what’s next.

WordPress 4.6 Expands register_meta() to Support Registration of Meta Keys

photo credit: Caio Resende
photo credit: Caio Resende

WordPress 4.6 will introduce some important updates to the register_meta() function that will allow for the registration of meta keys. According to the ticket for the enhancements, the goal was to “expand the scope of register_meta() so that specific information about that meta data could be registered in code rather than in the DB, similar to register_content_type().”

Jeremy Felt summarized the changes on the Make/Core blog today:

  • A global variable, $wp_meta_keys, contains all registered meta keys.
  • The function signature of register_meta() has changed to support 3 arguments, the last being an array.

In the post, Felt details a list of the key/values which the array should use to contain data about the meta. WordPress 4.6 will also introduce a new register_meta_args filter to add support for additional arguments and a set of helper functions to make the global data more accessible: get_registered_metadata(), get_registered_meta_keys(), unregister_meta(), and registered_meta_key_exists().

Felt said that while the ticket was originally created to help move the WordPress REST API forward, it benefits many other projects that build on top of meta:

This data can one day be useful to everything from the Customizer, the editing experience for all object types, the Fields API, and many plugins that rely on metadata. Work will continue on transforming this $wp_meta_keys object and the methods surrounding it to be flexible and explicit.

As WordPress core becomes familiar with register_meta() and more confident in the approach, the set of default arguments can and likely will expand to include more data about registered meta keys as required.

For a more detailed account of the register_meta() enhancements, including code examples for registering meta in 4.6, check out Felt’s post on the Make/Core blog.

WordPress Stats Page Redesigned, Adds New Data on Installs by Language

Last year the WordPress Stats page was updated to provide more sophisticated methods of collecting and processing the data, causing some dramatic shifts in the data reported. As of last week, the pie charts have been redesigned to display that information with a more pleasant color scheme and new data for languages is now available to the public.

For years the WordPress stats page has featured WordPress versions, PHP versions, and MySQL versions. Many of those who are involved in supporting and updating WordPress sites are particularly interested in the PHP version stats. With PHP 5.5 reaching end of life this weekend, roughly 80% of all WordPress sites will be running on PHP versions that are no longer supported.

The new data that breaks down installs by language is much less grim and offers a window into locations where WordPress usage has the opportunity for more growth. Although the pie chart is somewhat difficult to navigate, it’s easy to note the largest segments: English (US) takes the biggest piece of the pie at 53.9%, followed by Japanese (5.8%), German (4.9%), Spanish (4.5%), and French (3.4%).

wordpress-stats-installs-by-language

Contrasting this information with the world’s most widely used language families (Chinese, Spanish, English, Hindi, Arabic, and Portuguese), shows that WordPress usage is highly concentrated in just one of the top six languages. Chinese is the most widely spoken family of languages but it comes in at just 1% of WordPress users. WordPress, which is not among the most influential blogging platforms used by native Chinese speakers, has tremendous room to grow there as well as in the Spanish, Hindi, Arabic, and Portuguese communities.

Translations are key to making WordPress available to people in non-English speaking parts of the world. The Polyglots team is slowly making progress translating more of the top languages. As of April this year, WordPress was 100% translated into Marathi, the 19th most spoken language in the world with an estimated 73 million native speakers. This was the direct result of the Global WordPress Translation Day, an event which had a powerful impact on connecting local communities for translation sprints.

It would be great to be able to monitor the new language stats over time to track the growth of WordPress usage in different locales, but only the most recent data is displayed. As WordPress’ market share grows internationally and the percentage of English-speaking users gets smaller, it will be interesting to see how that affects the project in terms of prioritizing the creation of better ways to support multilingual content.

Why Drupal Faded

Drupal faded because its corporate steward, Acquia, placed its own success ahead of bolstering Drupal’s status as a truly open standard. WordPress has reached its current level of ubiquity because its steward, Automattic, has a chosen a path that commits much more thoroughly to the open source ethos.

— How Medium became LiveJournal for publishers by Matt Johnson (via ma.tt)


Never lose a single business lead or enquiry again! Get my latest plugin Storage for Contact Form 7 now!

Buy now for only $19 →

How to Add an Admin User in WordPress using FTP

Being locked of your WordPress admin is frustrating. That’s why we have shown you how to add an admin user in WordPress via MySQL. Recently one of our readers asked if it was possible to add an admin user in WordPress using FTP. Ofcourse it is. In this article, we will show you how to add an admin user in WordPress using FTP.

Adding an admin user in WordPress using FTP

Why You May Need to Add an Admin User in WordPress Using FTP?

Sometimes you may forget your username or email address on a WordPress site and cannot login to the admin area.

One way to do this is by adding an admin user to the WordPress database using MySQL. But you may be unable to connect to phpMyAdmin or don’t want to run MySQL queries directly.

Some users may get their site hacked and admin account deleted. In that case, adding an admin user using FTP can quickly restore your access to the WordPress admin area.

Having said that, let’s see how you can easily add an admin user in WordPress using FTP access.

Adding an Admin User in WordPress Using FTP

First thing you will need is an FTP client. If you are new to using FTP, then see our guide on how to use FTP to upload files in WordPress.

Once connected to your WordPress site, you need to locate your WordPress theme’s functions.php file. It would be at a location like this:

/yoursite.com/wp-content/themes/your-current-theme/functions.php

Right click on functions.php file and then select download. Your FTP client will download the functions.php file to your computer.

Downloading functions.php file to edit

Open the file you just downloaded on your computer using a plain text editor like Notepad. Now you need to add this code at the bottom of the file.

function wpb_admin_account(){
$user = 'Username';
$pass = 'Password';
$email = 'email@domain.com';
if ( !username_exists( $user )  && !email_exists( $email ) ) {
$user_id = wp_create_user( $user, $pass, $email );
$user = new WP_User( $user_id );
$user->set_role( 'administrator' );
} }
add_action('init','wpb_admin_account');

Don’t forget to replace Username, Password, and email@domain.com with your own values.

Next, save the file and then upload it back to your website using the FTP client.

You can now visit your WordPress site’s login area and sign in with the user account you just added.

Once you have logged in to your WordPress site, please edit the functions.php file and delete the code you added. Deleting the code will not remove the user you added, and you can always add new users and authors to your WordPress site.

We hope this article helped you learn how to add an admin user to WordPress using FTP. You may also want to see our list of 13 vital tips and hacks to protect your WordPress admin area.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

The post How to Add an Admin User in WordPress using FTP appeared first on WPBeginner.

Google maps API changes

Google has recently announced some changes to their Google Maps API. More specifically they have changed for which functionality in Google Maps they require API keys. This has a profound effect on our Local SEO plugin as that plugin allows you to easily embed maps with directions and/or store locator functionality. Unfortunately, Google made some breaking changes, so we urge you to update to our latest version (v 3.3.1) as soon as possible.

Changes in the Google Maps API

The most important change is that on site that didn’t already use directions or the store locator functionality, it won’t work without an API key. We’ve made a knowledge base article that explains when you need a Google Maps API key, which also explains which API key you need. For most functionality, this means you will need to get a Google Maps JavaScript API browser key.

If you embed maps on your site, through our plugin or another one, you might run into issues where the maps won’t work:

Google Maps error

The latest version of our Local SEO plugin allows you to enter that Maps JavaScript API key in the backend and have functional Google Maps once again without changing anything else.

If you have our Local SEO plugin but are not using the maps functionality, you’re really losing out. I would especially encourage you to use the store locator functionality if you have multiple locations.

I don’t know how to get the latest version

This should be as easy as logging in and updating. But we know that this sometimes doesn’t work. If you go to our licenses page, you can enter the email address you bought the plugin with and we’ll send you new download links.

I use another maps plugin and it’s broken!

We can’t really help you there. Except that maybe now is a good time to change your maps plugin to our Local SEO plugin!

How to Exclude Specific Categories from WordPress RSS Feed

Do you want to exclude specific categories from RSS feed on your WordPress site? Many site owners use some categories for content that they don’t want to appear in the RSS feed of their site. In this article, we will show you how to exclude specific categories from WordPress RSS feed.

exclude category exclude specific category RSS feed feed

Method 1: Exclude Specific Categories from WordPress RSS Feed Using Plugin

First thing you need to do is install and activate the Ultimate Category Excluder plugin. For more details, see our step by step guide on how to install a WordPress plugin.

Upon activation you need to visit Settings » Category Exclusion to configure plugin settings.

Category excluder

The settings page will display all categories on your WordPress blog with options to hide them from front page, RSS feeds, archive pages, and search results.

Simply select the exclude from feed box next to the categories that you want to exclude from your RSS feed.

Don’t forget to click on update button to save your settings.

That’s all, posts filed under your selected categories will disappear from your WordPress RSS feed.

Method 2: Manually Exclude Specific Categories from WordPress RSS Feed

This method requires you to paste code in your WordPress files. You can use this method if you are comfortable with pasting code snippets from web into WordPress.

You need to add this code to your theme’s functions.php file or a site-specific plugin.

function exclude_category($query) {
	if ( $query->is_feed ) {
		$query->set('cat', '-5, -2, -3');
	}
return $query;
}
add_filter('pre_get_posts', 'exclude_category');

This code simply excludes categories that match the given IDs. Simply replace the category IDs in the code with the IDs of categories that you want to exclude.

See our guide on how to find category IDs in WordPress.

If you just want to exclude a single category, then change the code like this:

function exclude_category($query) {
	if ( $query->is_feed ) {
		$query->set('cat', '-15');
	}
return $query;
}
add_filter('pre_get_posts', 'exclude_category');

Replace -15 with the ID of category that you want to exclude from RSS feed.

We hope this article helped you learn how to exclude specific categories from WordPress RSS feed. You may also want to see our list of 10 most wanted category hacks and plugins for WordPress.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

The post How to Exclude Specific Categories from WordPress RSS Feed appeared first on WPBeginner.

Repository Guideline Reminder: Do Not Remote Load Content

In a very irregular feature, we’re posting about various plugin guidelines and what they really mean to you.

This week, we want to remind you about a long-standing guideline in the repository, which is covered in item #7 – Don’t phone home without consent.

No “phoning home” without user’s informed consent. This seemingly simple rule actually covers several different aspects:

The guideline goes on to break down what we mean in four main points:

  1. No unauthorized collection of user data
  2. All images and scripts shown should be part of the plugin
  3. No 3rd party ad tracking
  4. No ad-spam

That second item (which I emphasized) is what we want to remind you of today.

Your images, your scripts, your CSS, etc, should all be included locally. Besides not tracking users, keeping everything locally will make your plugins faster. It obviates the problem of external load. It means when your server is down for maintenance, you didn’t just slow down everyone’s wp-admin. It means you’ll never DDoS yourself on accident.

Unless you’re a service, your plugin has no business phoning home to your own servers to load data. If you are a service, you must have this clear in your readme as to what the service entails, preferably with a link to your ToS and and explanation as to what is tracked. This is for your protection. By remote loading files, you have the ability to track users. Data tracking is a huge deal, and while we understand you want to do it for metrics, it someone was taking your data without permission or consent and selling it or using it to promote their code, you’d be pretty ticked off.

You can (and should) re-read all the guidelines on https://developer.wordpress.org/plugins/wordpress-org/detailed-plugin-guidelines/ – we rarely change them though we may reword things for clarity.

If you have suggestions as to how we can be more clear about #7, please leave a comment and let us know.

Keep in mind, we’re not going to spell out everything to the letter, as in our experience that leads to people playing nit-picky fake-lawyers about everything, and still violating the ultimate rule of the guidelines which is ‘Don’t be a spammer.’ For example, we’re not going to make a rule for not stealing other people’s plugins. You already know stealing is bad, right? 😈

Community Created Mockups Suggest Improvements to the WordPress Plugin Directory Redesign

When we announced that the new WordPress plugin directory redesign was in open beta, a number of readers provided us with their feedback. Some of the most common items mentioned include:

  • Missing tabs
  • Too many read more links
  • Everything displayed on one page leading to a lot of scrolling
  • A lack of search filters

Based on feedback and his own preferences, Paal Joachim Romdahl of EasyWebDesigntutorials, created a new set of wireframes for the WordPress plugin directory redesign.

CommunityCreatedPluginDirectoryWireframe
Mockup Design of the WordPress Plugin Directory Main Page

Romdahl’s wireframe of the WordPress plugin directory main page adds the ability to filter search results based on keyword, active installs, star ratings, author, and tag. It also adds last updated, compatibility, and active install information to the plugin cards. The page is responsive so those with larger monitors will see additional columns of plugins.

Romdahl also published a design mockup for the single plugin view. The plugin author and title is moved above the plugin banner. Permalinks are displayed beneath the plugin’s banner and the full description is shown by default.

CommunityCreatedPluginDirectorySinglePluginWireframe
Single Plugin View Mockup

In addition to these two pages, Romdahl created a mockup of the Add New plugins page in the WordPress backend that I encourage you to view.

After browsing the new plugin directory redesign, I discovered a couple of things I don’t like. I prefer clicking on tabs to see specific information rather than using my scrollwheel and having to scan the page to find what I’m looking for.

I also don’t like the number of read more links I have to click, especially the plugin’s description. I agree with many of our readers that it should be prominently displayed in full by default.

It’s hard to know from a screenshot whether something is useable or not. Hopefully, the WordPress Meta Team can implement a few of Romdahl’s ideas into the next iteration of the design to allow the public to test their practicality.

What do you think of the changes proposed in Romdahl’s mockups?

Stop User Enumeration in WordPress

[User Enumeration ] This tutorial explains how to block user-enumeration scans in WordPress. As explained in greater depth here, user enumeration happens when some malicious script scans a WordPress site for user data by requesting numerical user IDs. For example, requests for ?author=1 through some number, say, ?author=1000, may reveal the usernames for all associated users. With a simple enumeration script, an attacker can scan your site and obtain a list of login names in a matter of seconds.

How it works

When scanning a site for user IDs, disclosure of user data happens in two ways. First, for permalink-enabled sites, requests for ?author=n (where n equals any integer) are redirected to the permalink version of the URL for that user, which by default includes the author’s login username. So for example, on a permalink-enabled site, the following URI requests:

http://example.com/?author=1
http://example.com/?author=2
http://example.com/?author=3
.
.
.

..automatically are redirected by WordPress to their “pretty permalink” counterparts:

http://example.com/author/admin-user/
http://example.com/author/wordpress-user/
http://example.com/author/some-other-user/
.
.
.

..of course, the actual usernames will vary depending on your site, but you get the idea.

The second reason that user enumeration works to reveal user data is that theme templates typically display the author name on author-archive pages, in post meta information, and possibly in other locations, depending on the theme.

For more details on user enumeration, check out my article on blocking user ID phishing requests over at htaccessbook.com.

Should you be worried?

If you are sure that all of your users are using strong passwords that are updated regularly, then there is nothing to worry about. This tutorial is aimed at sites with multiple authors who may not be “password savvy”. If an author is being lazy with their passwords, then user-enumeration could definitely put your site at risk. Equipped with a known username, a perpetrator quickly may gain access using a simple brute-force attack.

So to be safe, check out the following techniques to protect your site against user-enumeration and brute-force attacks. They take only a minute to implement, and will serve to harden your WordPress-powered site with additional layers of security.

Step 1: Disable the scans

The first thing we want to do is block the malicious enumeration scanning. This can be done in one of two ways:

  • Add a code snippet to your theme’s functions.php file
  • Add a code snippet to your site’s root .htaccess file

Let’s check out each of these methods..

Block user-enumeration via functions.php

To block user-enumeration via functions.php, add the following code to your theme’s functions file:

// block WP enum scans
// http://m0n.co/enum
if (!is_admin()) {
	// default URL format
	if (preg_match('/author=([0-9]*)/i', $_SERVER['QUERY_STRING'])) die();
	add_filter('redirect_canonical', 'shapeSpace_check_enum', 10, 2);
}
function shapeSpace_check_enum($redirect, $request) {
	// permalink URL format
	if (preg_match('/?author=([0-9]*)(/*)/i', $request)) die();
	else return $redirect;
}

No editing is required for this to work, just copy/paste and done. Here’s how it works:

  1. Check if the request is made by a user with admin-level capabilities
  2. Block the request if it’s for a query-string author archive

That’s the basic gist of it. Hit me up in the comments section for more specifics on what this code is doing, how it works, etc.

Block User Enumeration via .htaccess

If you would rather block requests at the server level, you can add the following slice of .htaccess to your site’s root .htaccess file:

# Block User ID Phishing Requests
<IfModule mod_rewrite.c>
	RewriteCond %{QUERY_STRING} ^author=([0-9]*)
	RewriteRule .* http://example.com/? [L,R=302]
</IfModule>

The only edit that’s required is the domain/URI, http://example.com/, which you should change to match your own. For more information about this technique, check out my tutorial on blocking user-id phishing.

Step 2:

At this point, we’ve added a code snippet (in either functions or .htaccess) that will block those nasty user-enumeration scans. The second part of the equation is to make sure that your theme does not disclose the login username of any authors or users. Unfortunately, there is no quick, one-step solution for this step, as it requires careful examination of your theme. Here are some things to check:

  • Author name displayed for each post
  • Author name displayed for author-archive views
  • Author name displayed anywhere else on the front-end

If your theme displays author names anywhere (as most themes do), there are few ways to prevent username disclosure:

  • Change all user Display Names to anything other than the login name
  • Make sure any author/user template tags are not displaying the login name
  • Remove any template tags that display author/user login names
  • Disable author archives entirely (if not needed)

Of course, this is a general guide that may not be applicable to every theme on the face of the planet (there’s only like a billion of them). But it should be enough to give you the idea and help you implement the best possible solution for your site.


WordPress 4.6 Beta 1 is Available For Testing

The WordPress development team has released WordPress 4.6 beta 1. This release includes a new process for installing, updating, and deleting plugins and themes, native fonts in the WordPress backend, and improvements to the post editor. It also contains a number of changes that developers should be aware of.

WordPress 4.6 Beta 1 is still in development and should not be used in a production environment. Instead, use the WordPress Beta Tester plugin to install the beta on a test site. If you come across any issues or think you’ve found a bug, please report it to the Alpha/Beta area of the support forums.

WordPress 4.6 is scheduled for release on August 16th.

How to Remove Items from the Toolbar

The WordPress Toolbar makes it easy for plugin and theme developers to add links and other items. This is great news if you find the added links useful; otherwise, the additional links may be more of a nuisance, cluttering up your current workflow. For example, the database-backup plugin UpdraftPlus adds an "UpdraftPlus" link. Some users probably think this is awesome, but for my own sites it's just not necessary, and is something I would like to remove. So for this DigWP tutorial, we'll use the UpdraftPlus Toolbar link to demonstrate how to remove unwanted items from the WordPress Toolbar in general.

Note that the techniques provided in this tutorial can be used to disable ANY unwanted Toolbar items, even those that may seem impossible to remove.

(more…)

WCEU Love & a discount on all Yoast products!

WordCamp Europe was so wonderful! Fourteen members of our Yoast team went to Vienna and had a fantastic time. We enjoyed the many inspiring talks, catching up with old friends and meeting so many new people. We want to celebrate WordCamp Europe by offering a great discount on all of our products!

IMG_7166IMG_7176IMG_7165IMG_7164

Brexit….

WordCamps enable us to befriend people from all over the world. Building connections with all kinds of people in order to improve and to build WordPress. Together. While we were strengthening our bonds with many British friends in Vienna, Great-Britain voted to leave the EU. We feel very sad about the Brexit. We love all our British WordPress friends so dearly and saw that they were in shock…

Love conquers all

We want to express our love to all of our WCEU friends by offering a 20% discount on all of our products to everyone. All of our other EU-loving clients can also profit from 20% discount. Use our discount code EULOVEFEST and get a 20% discount on all of our products until the end of June (that’s only a few more days). 

Compliments to the WCEU 2016 organization!

We all enjoyed WordCamp Europe very much. It was amazing. So many people and it still felt like being part of a family. Talks were great, social events superb and the Yoast team had a blast at the WCEUball. We want to compliment and thank the organization of WCEU 2016 for their excellent work! Next year, WordCamp Europe will be in Paris! We hope to see you there!

WCEU Contributor Day

I want to thank everyone for coming to the first ever plugin review contributor workshop!

We did not get half as much covered as I’d like to but I hope that we were able to enlighten some of you as to how the repository and review system works.

I’m looking forward to the near future when we’ll be able to start adding some of the wonderful people who came to contributor day to the review team! Since that’s still a bit in the future, what we can do right now is welcome everyone to #pluginreview !

Slack

That’s right, we have #pluginreview as a channel now. This channel is for us (yes, you and us) to talk about plugins, finding issues like base64 and creative commons code. At this time, in order not to put users at risk, please continue to send security issues to plugins@wordpress.org only.

I plan on posting some plugins for you to download and look at and discuss, as well as possibly have open hours or a scheduled time every once in a while to talk about reviewing a plugin as a group.

Also if you have a question about the plugin repository in general, please feel free to ask there. Please remember to be reasonable, though, and try not to ask “When will my plugin be reviewed?” 😁

Getting Started

In the mean time, what can you do to get started?

First, read the guidelines. Read all the guidelines. Memorize them. Be familiar with things like phoning home, and the difference between a serviceware API and a license check that cripples software needlessly. Don’t worry too much about that, but do get familiar with the guidelines.

Next! Grab the Mark Jaquith Plugin Directory Slurper. The repo is about 25 gigs, more or less, and will take you a few hours to download. By a few what I mean is set your laptop not to sleep, put it in a cool room with a fan, and go to bed. The Slurper doesn’t work well on Windows that I know of (sorry Windows people). Anyone who wants to improve that, pull requests and forks are welcome.

Now once you have the whole repo, start poking at things. Look for code you know is not allowed in the repository (non-GPL is a great start, pick a popular library you know isn’t GPL and grep or ack for it).

Talk about what you find in the Slack channel. Remember: Slack is public. Do not post anything rude, insulting, antagonistic, or mean there. Also don’t post security issues there. Please keep that to email.

Finally, if you’re really super into code ideas, download the (broken) Plugin Check plugin! Have a look at it. Try to figure out how you’d make it work, and maybe fork it onto GitHub and start tinkering. Start with the basics (check for non GPL, calling wp-load directly, including jquery etc) and see how far you can get. More hands make light work, after all.

When Will We Accept New Members?

Soon! I’m sorry, but I just don’t have an ETA.

We need the UX for the repository revamp to be usable and acceptable first. Until then, we’re on that lousy, single-threaded, bbPress setup. Once that changes, the plan is to start letting people apply (and yes, we will post requirements for that) and adding them with access to review privately. Think of it as moderated reviews. But trust me here, we can see the end and we have a plan.

We’re like Cylons.

WordPress 4.5.3 Fixes 7 Security Issues

photo credit: Lock - (license)
photo credit: Lock(license)

WordPress 4.5.3 was released today to fix seven important security issues that affect 4.5.2 and prior versions. Automatic background updates are already rolling out and all users are advised to update immediately. The release patches the following security issues:

  • Redirect bypass in the customizer (reported by Yassine Aboukir)
  • Two different XSS problems via attachment names (reported by Jouko Pynnönen and Divyesh Prajapati)
  • Revision history information disclosure (reported independently by John Blackbourn from the WordPress security team and by Dan Moen)
  • oEmbed denial of service (reported by Jennifer Dodd from Automattic)
  • Unauthorized category removal from a post (reported by David Herrera from Alley Interactive)
  • Password change via stolen cookie (reported by Michael Adams from the WordPress security team)
  • Some less secure sanitize_file_name edge cases (reported by Peter Westwood of the WordPress security team)

A host of different companies and independent volunteers worked together to responsibly disclose and fix these issues to make WordPress more secure. The release also fixes 17 bugs from 4.5, 4.5.1 and 4.5.2. Rolling them all into one security and maintenance release means fewer updates for users. Check out the release notes and closed tickets for a full list of fixes included in 4.5.3.

WordPress Hidden Gem: enter_title_here filter

When you’re working with custom post types, sometimes the post title isn’t a title. It might be a person’s name, a building number, or a course code (just to take a few examples from universities). So it’s great that WordPress has a simple filter that makes it easy to customize the “Enter title here” placeholder text to make it fit your content:

How to Create a Multi-Page Form in WordPress

Recently, one of our users asked us how to create a multi-page form in WordPress? Multi part forms allow you to collect more information without scaring the users away. In this article, we will show you how to create a multi-page form in WordPress.

Creating a multi-page form in WordPress

Why and When You Need Multi-Page Form in WordPress?

Forms are the easiest way to collect data and get in touch with your users. Whether it is a contact form, email capture form, or a simple survey.

However, lengthy forms are daunting for users and increases form abandonment.

To overcome this issue, user experience experts recommend multi-page forms. This way form fields are broken into sections and pages.

A multi-step checkout page example

With a progress bar on top and fewer fields on screen, users feel more at ease filling out the form. It provides a more engaging and interactive experience to your users.

Having said that, let’s see how to easily create a multi-page form in WordPress.

Creating A Multi-Page Form in WordPress with WPForms

We will be using WPForms which is the most beginner friendly contact form plugin for WordPress. You will need at least the Basic license which costs $39.

You can use the WPForms coupon: WPB10 to get 10% discount on your purchase of any WPForms plan.

First thing you need to do is install and activate the WPForms plugin. For more details, see our step by step guide on how to install a WordPress plugin.

Upon activation, you will need to enter your license key. You can get this key by signing into your account on WPForms website.

Copy the license key and then visit WPForms » Settings page on your WordPress site. Paste the license key and then click on the verify key button.

WPForms license key

After verifying your license key, you are now ready to create your first multi-page form in WordPress.

Simply go to WPForms » Add New page, and it will launch the Form Builder.

Adding a new form in WPForms

Provide a title for your form and then select one of the templates shown below. WPForms offers ready-made form to speed up the form creation process.

You can choose the one that closely matches your form requirements or choose a blank form. Clicking on a template will launch the form editor.

Form editor in WPForms

Simply click on the fields from left column to add them into your form. After that click on a field in the form to edit it. You can also drag and drop form fields.

Adding form fields in WPForms

After adding a few form fields, you are ready to add a new page to your form. Click on the Pagebreak field under fancy fields sections from the left column.

Adding pagebreak field

You will notice that WPForms will add a pagebreak marker to the bottom and a first page marker at the top of the page.

It will also push the submit button to the next page, and your first page will now have a ‘Next’ button instead.

Click on the first page marker at the top to edit your multi-page form properties. In the left hand column, you can select a progress bar type. WPForms allows you to use a simple progress bar, circles, connector, or no progress indicator at all.

Edit first page marker to select progress bar type

For this tutorial, we will be using Connectors as progress bar. You can also choose the color of your page indicator. Lastly, you can provide a title for the first page.

Now you need to click on the pagebreak marker to edit its properties. Here you can provide a title for the next page. You can also edit the text to display on the Next button.

Edit page title and next button text

You can continue adding form fields after the pagebreak. If you are using the PRO version of WPForms, then you can also use conditional logic to show and hide form fields based on user responses.

After adding more fields, you can add more pagebreaks if you need.

Once you are done creating your form, click on the save button on the top right corner of the screen.

Congratulations, you have successfully created your first multi-page form.

Adding Your Multi-Page Form into WordPress Posts and Pages

WPForms makes it super easy to add forms into WordPress posts and pages.

Create a new post/page or edit an existing one. On top of the post editor, you will see an ‘Add Form’ button.

Add form button

Clicking on it will bring up an insert form popup.

Select your form from the drop down list and then click Add Form button.

Select and insert your multipage form

You will notice WPForms shortcode added into your post/page. You can now save or publish this post or page.

Visit your website to see your multi-page form in action.

Preview of a paged form in WordPress

We hope this article helped you add a multi-page form in WordPress. You may also want to see our guide on how to add a contact form popup in WordPress.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

The post How to Create a Multi-Page Form in WordPress appeared first on WPBeginner.