Tag: WordPress

How to prevent Tor users from viewing or commenting on a WordPress site

The Tor network is an important tool for anonymity, privacy, and censorship circumvention, which in some countries is being fought even at the state level.

But Tor is a public tool, so it can sometimes be used for online trolling and bullying. This article will show you how:

  • prevent Tor users from commenting on your WordPress site
  • prevent Tor users from registering and logging into the site
  • prevent Tor users from viewing WordPress site

WordPress plugin to control allowed actions from the Tor network

VigilanTor is a free WordPress plugin that can block comments, browsing, and registration for Tor users.

This plugin automatically updates the list of IP addresses of the Tor network and, after configuration, automatically controls and blocks Tor users.

To install VigilanTor, go to WordPress Admin Panel → Plugins → Add New.

Search for “VigilanTor”, install and activate it.

Then go to Settings →VigilanTor Settings.

We will perform all subsequent actions on the plugin settings page.

How to disable commenting on a site from Tor

Enable two settings:

  • Block Tor users from commenting (prevent Tor users from commenting your WordPress site)
  • Hide comment form from Tor users

Now Tor users will still be able to view your site, but when they try to leave a comment, they will receive a message:

Error: You appear to be commenting from a Tor IP address which is not allowed.

How to prevent Tor users from registering and logging into the site

To prevent Tor users from registering on a WordPress site and preventing registered users from logging in from the Tor network, enable the following settings:

  • Block Tor users from registering
  • Flag users who signed up using Tor
  • Block Tor users from logging in (Useful for preventing brute for attacks)

How to Block Tor Users from Viewing a WordPress Site

Enable setting:

  • Block Tor users from all of WordPress

This setting will prevent any activity, including logging into the site, commenting, and browsing.

When trying to open a site in Tor, the user will receive a message:

Sorry, you cannot access this website using Tor.

How often does VigilanTor update the list of Tor IP addresses

The Tor network often changes IP addresses, that is, new ones are added, and old ones are removed. Once downloaded, the Tor network IP list becomes obsolete over time.

VigilanTor automatically downloads the list of Tor IP addresses and updates it automatically.

By default, the update is performed every 10 minutes. You can increase this interval to 6 hours, or enable real-time updates.

iThemes Security locked out a user – how to login to WordPress admin when user is banned (SOLVED)

iThemes Security is a plugin for WordPress that makes it difficult for hackers to attack the site and collect information.

Among other features, iThemes Security has protection against brute-form paths (search for “hidden” folders and files), as well as protection against hacking user credentials by brute force passwords.

Once set up, the iThemes Security plugin usually works fine and doesn't require much attention. But sometimes there may be a problem with blocking your user, because someone tried to guess the password to your account.

The situation may arise in the following scenario:

1. You have activated the function of protecting accounts from brute-force passwords

2. The attacker repeatedly tried to guess the password from your account

3. As a result, the account was blocked

4. When you try to enter your username and password from your account to get into the WordPress administration panel, you get a message that it is blocked (banned):

You have been locked out

You don't have to wait until the account is unlocked.

If you have access to the file system, then you can immediately log into the WordPress admin panel.

I don't know how to bypass the iThemes Security lock, instead the plan of action is the following:

1. Disable iThemes Security

2. Login to the WordPress admin area

3. Enable iThemes Security

To disable any WordPress plugin, simply remove the plugin folder. And it is not necessary to delete it – just rename it.

Open the file manager of your sites and find the following path there: SITE/wp-content/plugins/

If you are using the command line, then the path to the plugin is: SITE/wp-content/plugins/better-wp-security

Find the better-wp-security folder and rename it to something like “-better-wp-security”.

Right after that, you can log into the WordPress admin panel.

Once you are logged into the WordPress admin panel, you can reactivate the iThemes Security plugin. To do this, rename the “-better-wp-security” folder to “better-wp-security”.

All is ready! No additional iThemes Security configuration is required.

Checking the logs showed that the attack (brute-force user credentials) was carried out through the xmlrpc.php file.

The xmlrpc.php file provides features that most webmasters don't use but are actively exploited by hackers. For this reason, you can safely block access to the xmlrpc.php file. If you do not know what this file is for, then most likely you do not use it, and you can block access to it without consequences for you.

You can disable XML-RPC with an .htaccess file or a plugin.

.htaccess is a configuration file that you can create and modify.

Just paste the following code into your .htaccess file at the root of your WordPress site (the solution uses mod_rewrite):

# Block requests for WordPress xmlrpc.php file
RewriteRule ^xmlrpc\.php - [NC,F]

Your server must support .htaccess and mod_rewrite files – most hosts can do this.

How to make images on a site (including WordPress) maintain the correct aspect ratio

How to maintain aspect ratio with HTML IMG tag

An image inserted into a page has the correct proportions by default unless you change it.

When viewing images on a mobile phone, the images are scaled, that is, resized to fit completely on the screen.

Web pages work in a similar way, including sites running WordPress.

But I noticed one issue of displaying large images for which the size is set. On larger screens, these images still display correctly, that is, they retain the correct aspect ratio. But on mobile phones, when the screen width is less than the image width, the image is displayed with distortion, it is stretched vertically, for example:

To fix this problem, add the following rule to the style file:

	object-fit: contain;

How to fix wrong image aspect ratio in WordPress

You need to add the specified image style to your WordPress theme's stylesheet. To do this, go to WordPress Dashboard → Appearance → Theme File Editor.

Open the style.css file for editing (it is open by default when you switch to the Theme File Editor).

If you can't use the Theme File Editor, that's not a problem – below is how to edit the style.css file without using the Theme Editor.

Look in the style.css file for the tag:

img {

In some themes it is already present, in some themes it is not.

If this tag is missing, then add to the style.css file

img {
	object-fit: contain;

Another site of mine already has an img tag with the following content:

img {
	max-width: 100%;
	height: auto;

In this case, I add a new style to the existing ones, it turned out:

img {
	max-width: 100%;
	height: auto;
	object-fit: contain;

After the changes made, images on small screens retain their aspect ratio, even if they do not fit the width of the screen.

Note: If the image is still stretched after making changes to the style file, you need to wait for the site cache to refresh or reset the cache manually. To redownload files from the web server without using the web browser cache, press Ctrl+F5 on the site page. If caching is enabled on your server or at the WordPress level, you need to flush this cache, or wait for it to be updated.

How to edit style.css file without Theme File Editor

If for some reason you cannot use the Theme Editor, then you can edit the style.css file in any other way.

You need access to your site's file system. The specific way to access site files depends on the host and usually webmasters know what to do.

The style.css file is located at the following address:


WordPress error “Another update is currently in progress” (SOLVED)

When updating a WordPress site, for example, when migrating to a new version of WordPress, you may encounter an error:

Another update is currently in progress.

This problem is fairly easy to fix. It is especially pleasing that this error is not fatal, unlike, this error does not prevent users from browsing the site, and the webmaster can go to the WordPress admin area to solve the problem.

Why does the error “Another update is currently in progress” occurs?

You may see this message if the site has multiple administrators and you are trying to update WordPress at the same time. In this case, wait until another webmaster completes his job.

If you are the only administrator of the site, then the cause of this error may be a failed previous update, which was interrupted, for example, due to a broken connection.

How to fix “Another update is currently in progress” with a plugin

Due to the fact that it is possible to go to the WordPress admin panel, this error can be solved using a plugin.

The plugin is called “Fix Another Update In Progress” and can be installed through the WordPress Admin Panel.

To do this, in the admin panel, go to “Plugins” → “Add New”.

Search for “Fix Another Update In Progress”, install and activate this plugin.

Then go to “Settings” → “Fix Another Update In Progress” and click the “Fix WordPress Update Lock” button.

After that, the problem should be fixed.

How to fix “Another update is currently in progress” in phpMyAdmin

If you don't want to install the plugin, then this error can be fixed by deleting one value from the database of the WordPress site. For ease of editing the database, you can use phpMyAdmin.

Start by finding the database of the site you want to fix.

Open a table named “wp_options”.

Find the line named “core_updater.lock”. To speed up the search, you can use the search in database. Search by the “option_name” column.

Click the “Delete” button.

After that, the problem will be solved.

Redirect to HTTPS not working in WordPress

This is not an obvious problem, because for some pages the redirect to HTTPS works, but for some it does not. I ran into this problem on WordPress quite by accident. Therefore, if you are a webmaster with WordPress sites, then I would recommend that you check your sites too.

Redirecting from HTTP to HTTPS is quite simple, you need to add the following lines to the .htaccess file:

RewriteEngine on
RewriteCond %{HTTPS} !on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI}

This is how I redirect to HTTPS on most of my sites.

To test the redirect to HTTPS, it is advisable to look at the HTTP response headers, since web browsers tend to open the site over HTTPS even if you explicitly specified the HTTP protocol in the URL, at least I noticed this with pages already opened over HTTPS.

In Linux, the response HTTP headers can be viewed with a command of the form (it will show both the headers and the response body):

curl -v 'URL'

And this command will show only headers:

curl -I 'URL'

If you run Windows, then you can use an online service to display HTTP headers.

We enter the site address http://site.ru/

Received HTTP redirect code:

HTTP/1.1 302 Found

We were redirected to the HTTPS version:

Location: https://site.ru/

Is everything working as it should?

We continue to check. We enter the site address http://site.ru/page-on-site

And… we get the code 200, that is, the page would be shown to us at the specified address, without redirecting to HTTPS.

This behavior can be observed on sites with beautiful (sometimes referred to as SEO) page URLs. In WordPress, this can be selected in Control Panel → Settings → Permalinks. Examples:

 Day and name	https://suay.site/2021/05/21/sample-post/
 Month and name	https://suay.site/2021/05/sample-post/
 Numeric	https://suay.site/archives/123
 Post name	https://suay.site/sample-post/

The point is that in order for any of these options to work, WordPress adds the following lines to the .htaccess file:

# BEGIN WordPress
# Директивы (строки) между `BEGIN WordPress` и `END WordPress`
# созданы автоматически и подлежат изменению только через фильтры WordPress.
# Сделанные вручную изменения между этими маркерами будут перезаписаны.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# END WordPress

These lines contain conditions and a rule for mod_rewrite with the [L] flag, which means that the check should be aborted according to the mod_rewrite rules. As a result, the HTTP to HTTPS redirect rule does not reach the queue.

That is, the redirect lines must be placed before the fragment that is generated by WordPress. Let's try:

The document has moved here.

Additionally, a 302 Found error was encountered while trying to use an ErrorDocument to handle the request.

The situation has changed but has not improved.

It is necessary to add the [L] flag to the rewrite rule, and place these rules in the .htaccess file before the fragment from WordPress:

RewriteEngine on
RewriteCond %{HTTPS} !on
RewriteCond %{REQUEST_URI} !^/.well-known/
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L]

# BEGIN WordPress
# Директивы (строки) между `BEGIN WordPress` и `END WordPress`
# созданы автоматически и подлежат изменению только через фильтры WordPress.
# Сделанные вручную изменения между этими маркерами будут перезаписаны.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# END WordPress

After that, everything will work exactly as you expect. All URLs, both the Front Page and other posts, starting with http:// will be redirected to https://

By default, the code will be “302 Moved Temporarily”. If you wish, you can select the code “301 Moved Permanently”:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Permanent message “Briefly unavailable for scheduled maintenance. Check back in a minute.” (SOLVED)

When updating plugins, themes or WordPress engine, the site is automatically closed for users and instead they see the message “Briefly unavailable for scheduled maintenance. Check back in a minute”.

This is normal and the site reopens immediately after the update is complete. But if the updates were interrupted, for example, due to your unstable Internet connection, then the website unavailable message will not disappear. This article will guide you on how to fix the problem after an interrupted WordPress update.

How to update WordPress and plugins

To check available updates and update the WordPress engine, plugins and themes go to WordPress Admin Panel → Dashboard → Updates:

Or click on the two arrows in the form of a circle – the number shows the amount of available updates. If you do not see this icon, then there are no updates – all files are up to date.

How to fix “Briefly unavailable for scheduled maintenance. Check back in a minute”

If the update was interrupted – for example, you closed the page before the updates were completed, or you lost your Internet connection, or you received the ERR_NETWORK_CHANGED message in your web browser, then you can fix the problem by having access to the file system of the site.

1. First, wait a while to make sure that the updates are actually complete and that the message does not disappear automatically.

2. Go to the site folder

3. In the root directory (folder) of the site, find and delete the .maintenance file

Note that files starting with a dot are considered hidden on Linux systems. Therefore, if you have opened the correct folder, but you do not see this file, try to enable the display of hidden files in the file manager settings.

How to fix “Another update is currently in progress”

In some situations, for example, if you wait a long time after an unsuccessful update, the message that the site is unavailable for maintenance disappears and it seems that everything starts working as before, but when you try to perform the WordPress update, a message appears:

WordPress auto-update failed to complete – please try again.

Update WordPress

Another update is currently in progress.

This message will not disappear on its own. To correct this error, follow the steps above – that is, locate and delete the .maintenance file.   

How to find out the publication date of any article

The world is changing rapidly, the information published 5 years ago is rarely valuable at the present time, because everything has changed too much: the mentioned store no longer exists, and a huge shopping mall was built in its place; the procedure for obtaining a visa has changed; the proposed service has lost relevance along with the disappearance of a whole economy field.

Sometimes the information is not of interest if it was published more than 3 or even more than 1 year ago. If we are talking about current events (news), then today's morning publication deserves attention only until the appearance of today's evening publication on this issue.

Some sites provide the date of publication, but some do not. This article will show you how to find out the date a WordPress article was published, as well as the date of publication on other CMS.

Sometimes you need to find out the actual time of publication of an article if there is any doubt that the displayed date is correct – many sites practice ‘refreshing’ the date of publication of the article – after updating the material, and sometimes even without it.

1. Carefully look for the date of publication or change on the page itself

Look on the page, perhaps with Ctrl+f, for words like:

  • Last updated
  • Updated
  • Posted

Perhaps the date of publication is present, but it is not easy to find among the many elements of website design and advertising.

2. Date output on other sections of a site

Quite often, for the site owner, the date of publication of the article is not indicated, not for the reason that he wants to hide it, but simply because there was no place for it in the design template. In these cases, the publication date can be found on the main page, in the categories of the site and its other sections:

By the way, such screenshots of the entire page of the site, with support for rendering and JavaScript, you can do using this service.

3. View the source code

Many plugins in meta tags indicate information such as:

  • published_time
  • modified_time
  • updated_time


<meta property="article:published_time" content="2020-04-08T13:44:28+00:00" />
<meta property="article:modified_time" content="2020-04-08T13:44:32+00:00" />
<meta property="og:updated_time" content="2020-04-08T13:44:32+00:00" />

To simplify the search, use the keyboard shortcut Ctrl+f, because sometimes the source code is unreadable due to the fact that spaces have been removed from it (to speed up page loading).

4. Look at the folder where the images are uploaded

This method is primarily suitable for WordPress, but it cannot be ruled out that other CMS does this way (if you know, write in the comments).

The bottom line is that WordPress saves the images for this article into files of the form https://site.com/wp-content/uploads/YEAR/MONTH/PICTURE.png (for example, https://www.repairwin.com/wp-content/uploads/2019/07/image-9.png).

Please note that there is YEAR/MONTH in the path, which are quite truthful (truer than the tags above), saying that the article was created in July 2019.

Look for the string “/uploads/”, use Ctrl+f for help:

5. Search engines know the date of publication

Enter in Google a search query of the form:


Instead of PAGE_ADDRESS, specify the URL of the post whose publication date you are interested in, for example:


Yandex also knows how to do this, but instead of inurl: you need to use url:. Unfortunately, Yandex shows the publication date only for very fresh pages:


6. Look at the first comment

This is an indirect and approximate method, but it can clearly show that the indicated date of publication of the page is not true.

The point is very simple: find the first comment by date – the publication date of the article cannot be later than it.

How to display the date of publication (update) of a page. Do I need to indicate the date of publication of the article

I am calm about the presence or absence of a publication date, since a fresh date does not guarantee that it is not a copy-paste of some junk. In addition, not all topics have an expiration date and/or updated analogues. But in general, it is more pleasant when the publication date and the date of modification are present – in case you need them for some reason, then you do not need to look for them.

In WordPress, the date of the last page modification can be added using the free “WP Last Modified Info plugin” – install and activate this plugin from the WordPress dashboard.

Go to the settings page of this plugin on the “Post Options” tab. There, turn on “Enable for Posts on Frontend”:

If you want the date of the last change to be displayed at the bottom of the article (and not at the beginning), then change the setting of “Last Modified Info Display Method” from “Before Content” to “After Content”.

Save your changes.


Do you know other ways or for other CMS (not WordPress)? Great, share them in the comments – it will be interesting to discuss!

WordPress: A critical error occurred on the site – impossible to enter the control panel (SOLVED)

After updating the plugins in WordPress on my VPS server, the site stopped opening. And it was even impossible to open the control panel – a message was displayed during all attempts (you can see a screenshot in the header of this article):

A critical error occurred on the site. Please check the incoming admin mail for further instructions.

Learn more about debugging in WordPress.

That is, it is impossible to fix the error through the control panel – it is impossible to get there, not change the settings, and not roll back the changes.

I didn’t receive the mentioned email – because it’s an experimental VPS and the mail service is not configured there.

In general, it is impossible to open the control panel, I did not receive a letter in the mailbox, and even if I received it, what can I do if the control panel is not available?!

It would seem a stalemate. The WordPress forums recommend “look for where you have the PHP error log on your hosting (you can ask for technical support of the hosting if you yourself can’t find it), see what's there at the end of the file, critical errors are marked as Fatal”.

I opened the error log for this site:

tail -n 50 /var/log/httpd/site.ru-error_log

But it turned out to be completely empty (maybe for this host I did not configure something).

By the way, Apache error logs on Debian, Linux Mint, Ubuntu, Kali Linux and their derivatives are placed in the /var/log/apache2/* files. And the Apache logs on Arch Linux and derivatives are placed in the /var/log/httpd/* files. This is the default – in fact, the logs can be anywhere in the file system, check the settings for a specific virtual host.

What to do if you cannot log in to your WordPress dashboard

So, the strategy is as follows:

  • since the problem arose after the update, I need to find the ability to roll back updates
  • I do not have access to the WordPress admin area, so I have to roll back changes at the file system level
  • I don’t remember which plugin or theme was updated, as a result the site stopped working. Therefore, to find out which plugins have been updated, I will look at the timestamps, when folders and files were changed.

So, by default (this can be changed by the settings of the web server and individual virtual hosts), website files in Debian, Linux Mint, Ubuntu and their derivatives are stored in the /var/www/html/ directory. And with Arch Linux, site files are stored along the/srv/http/ path.

So, I go to the folder with the site:

cd /srv/http/site.ru/

The plugin files are located in the wp-content/plugins/ folder, I run the ls command (shows the contents of the folder) with the options -l (list the files with file information) and -t (sort files in the list by time of change):

ls -lt wp-content/plugins/

And here is what I see:

Today, February 18th, only one folder was changed, it is sitetree. The solution is very simple – remove the sitetree plugin.

How to remove WordPress plugin without access to control panel

You can install and remove WordPress plugins simply by unpacking their contents into the wp-content/plugins folder or by removing files of a plugin in this folder. That is, I run the rm command:

rm -rf wp-content/plugins/sitetree/

It is dangerous to use the rm command on a working (production) server, so here is a description of the arguments:

-f	means ignore non-existent files and arguments, don't ask anything. Delete non empty folders
-r, -R, --recursive	means recursively delete directories and their contents

And… the problem is solved – the website is working, the entrance to the WordPress admin panel is open. The only change is that the sitetree plugin is no longer installed. But this does not matter, this plugin, after a long period of lack of updates, already had one unsuccessful update, as a result of which the links from the “All Articles”/“Site Tree” sections disappeared and on my more popular sites I already found an alternative to this plugin. That is, I do not need to figure out what exactly this plugin did not like in my server with PHP 7.4.

WordPress does not work after updating the theme

By the way, if the problem is caused by updating the theme, then you can view the last changed themes like this:

ls -lt wp-content/themes/

If the problem is caused by updating the theme, then you can delete the folder even with the current active theme, in this case, the site will stop working with something like this error:

The catalog of the theme "........" does not exist.

But this is not a very big problem – entering the WordPress dashboard will still be available and you can select and install a new theme in the Appearance → Themes settings.


Errors caused by updating website or web server components are rarely so serious that you need to remove everything and install/configure it again. Even if the site “doesn’t work at all”, just find the reason and fix it.

By the way, for Linux users, what I described, that is, the ls and rm commands are the most elementary things. But for Windows users, perhaps, even after reading, nothing is clear. It’s not even clear where to enter these commands. Therefore, I recommend that webmasters switch to Linux, this will help to better understand this operating system.

UPD: email ‘Technical problems occurred on the site’

I managed to get the email that was mentioned in the first error (I updated the same plugin on another site laugh):

Starting with version 5.2, WordPress can detect errors with plugins or a theme on the site and send you similar messages automatically.

This time WordPress found an error with one of the plugins - SiteTree.

First go to your website (https:/site.ru/) and check all the visible problems. Next, go to the page on which the error occurred (https://site.ru/wp-admin/) and check the visible problems on it.

Please contact hosting technical support to further diagnose this problem.

Most importantly, this post indicates the plugin that caused the problem. If you have access to the admin panel, then delete it.

But, as I described my situation, it may be that there is no access to the admin panel, and therefore the second part is especially interesting:

If your site is broken and you can’t log into the console normally, you can now use the special “recovery mode”, which will allow you to safely log into the console for further actions.


For security reasons, this link expires in 1 day. But do not worry, if the error occurs again after this time, a new link will be sent to you.

To solve the problem, you need the following information:

WordPress Version 5.3.2

Current theme: Asteroid (version 1.2.8)

Problem plugin: SiteTree (version 2.1)

PHP Version 7.2.23

That is, with the help of the sent link there is even a chance to go into a broken WordPress.

How to disable dash replacement in WordPress. AutoCorrect settings for characters and words in WordPress

Before each output of the text of the article, WordPress checks this text and can format it in accordance with its ideas of beauty. For example, in the text of the article, two dashes in a row will be replaced with one dash, three dashes in a row will also be replaced with one, a large dash can be replaced with a small one if, according to WordPress, it is used incorrectly (an example of incorrect use of a large dash is in the range, for example ‘In 2-3 days’).

For the overwhelming majority of webmasters, this simply does not matter, since the formatting affects, besides dashes, spaces, apostrophes (used not in all languages), single and double quotes (used not in all languages), therefore there are no problems with that for the most web masters.

Only one category was not lucky – those who write technical articles about programs with the command line interface, when you need to specify options. These are usually programs for Linux. So, in their articles, the type option --version turns into —version. In this form, the option becomes inoperative. There may be other examples where auto-replacement and automatic removal of characters is harmful.

In this post, I’ll show you how to disable two-dash auto-replace into one dash, and we’ll also find out where in WordPress you can set up word and character auto-change.

How to disable the replacement of two dashes into one

To disable the automatic replacement of dashes in WordPress, open the file wp-includes/formatting.php, find the lines there:

and delete them all.

The first line changes three dashes in a row to one big dash. The second changes two dashes in a row, followed by a space, on the big dash. The third line changes two dashes in a row to a small dash. The fourth, under certain conditions, changes a large dash to a small one.

Here is the code snippet from my article about the WordPress plugin, as a result of the automatic replacement, the text became like this (all short-codes are not functional):

After deleting the above lines, all the short-codes have taken their original form:

AutoCorrect words and characters in WordPress

In the same file (wp-includes/formatting.php), apostrophes and quotes are replaced, unnecessary spaces are removed. Sections of the code have comments, so you can navigate which line bothers you and delete it, so as not to perform the corresponding replacement.

Also in this file there is a function to replace the cockney – by analogy, you can make the replacement of words in the text on the fly. Although, perhaps, if it is not related to editing, then for this it is better to use some kind of plugin.


Since we edited the source file wp-includes/formatting.php, with every major update, and sometimes with minor updates of WordPress, all settings are reset – you have to do everything again. You may need to configure an automatic patcher.

If you have websites in different languages, then this file is identical for all of them, so you can make changes in one file and download it with overwriting to all sites, regardless of language.

Free plugin to add ads in WordPress

How to work with Quick Adsense plugin to insert ads in WordPress

You can insert ads on the site in different ways. For example, you can edit the HTML code. I want to talk about a much simpler version, while very flexible.

There are many plugins to insert ads in WordPress. Including, there are various paid. I use a free plugin that can do everything that most webmasters need. I have been working with this plugin since 2014, i.e. at the time of writing, this is already the fifth year. During this time, the plugin has shown its reliability.

This plugin is called Quick Adsense. Do not be confused by the word AdSense in the title – you can advertise any networks. For example, besides AdSense, I use the same plugin for CPA. Previously, I used it to insert my own ads, banners from other partner networks, just alerts for users.

Install Quick Adsense

Quick Adsense is present in the official WordPress plugin repository, so it installs directly from the WordPress control panel.

During the installation of the plugin, do not confuse it with similar ones. Especially with Quick Adsense Mobile – this plugin mimics under Quick Adsense, including repeating its design. Be careful – Quick Adsense Mobile appeared relatively recently, and apart from the fact that it tries to be ‘the second Quick Adsense’ and has not been updated for a long time, there is nothing special to say about it.

How does Quick Adsense work?

This plugin has 20 slots: 10 slots for inserting ads into text (Ads on Post Body), as well as 10 slots for inserting ads into widgets (Sidebar Widget).

The slots look like windows for entering the ad network code:

If you click on the Show All button, you can see them all:

In these slots, insert the code of ad units that you want to show on your site. Do not forget to click the Save Changes button to save the changes made.

Although AdSense allows you to use the same ad code multiple times on the same page (show the same ad unit multiple times), this plugin requires each ad to be unique: ads with duplicate code can cause problems in the display of advertisements; the same ad is never shown on the page more than once.

At the top of the Quick Adsense settings page are the controls – this is where you specify where the ad units will be placed on the page:

The inscription Reset to Default Settings means reset to the initial settings – be careful with this! wink

Next comes Place up to NUMBER Ads on a page. This means the number of ads that can be used. This setting refers to the time when you could use no more than three ad units per page (I mean AdSense). Just set the maximum number (10) no matter how many blocks you will use: 1, 2, 5 or all 10.

Automatic display of ads in certain places of the site

Moving on to the most interesting – Assign position – assigning position to ad units.

Beginning of Post - means the beginning of the article, i.e. after the title, but before the text. If you want to use this location, then tick. By default, a random slot will be used (Random Ads) to change this, select a specific ad that should be inserted at the beginning of the article, for example, Ads1 - this means that the ad code from the first slot will be inserted at the beginning of the article.

Middle of Post – the middle of the article. If you want to use, check the box and select the ad that should appear in the middle. The middle is considered according to the number of paragraphs, i.e. the total number of paragraphs is taken and divided in half.

End of Post – the end of the article. Please note that the end of the article is considered the last paragraph. Different plugins can display social buttons, related articles, and so on - most likely, the ad unit will be in front of them.

right after the <!--more--> tag – immediately after the <!--more--> tag. The <!--more--> tag separates in the article the beginning of the text, which is shown, for example, on the main page as the first words of the article, to continue which you need to click the Read More button. In my opinion, this block is too close to the block at the beginning of the article and it does not suit me. If you, for example, do not use the block at the beginning of the article, then this option may be suitable for you.

right before the last Paragraph – just before the last paragraph. This block is obtained very close to the block at the end of the article. In my opinion, it is better to use only one of these blocks – either before the last paragraph, or at the end of the article.

Next come three identical points:

after Paragraph NUMBERS repeat CHECKBOX to End of Post if fewer paragraphs are found – means insert ad after the set paragraph number. Or the article is shorter and a checkbox is ticked, the ad will be inserted at the end of the article.

As you can see in my screenshot, I actively use the insertion of ad units into an article. It all depends on the specific site and conditions, but I try to make it so that between the advertising was 10-20 paragraphs of text.

Selecting WordPress pages where to show or not show ads

Next comes the Appearance block:

Here you specify which pages to display ads:

Tick on those types of pages where you want to display ads:

  • Posts
  • Pages
  • Homepage
  • Categories
  • Archives
  • Tagss
  • Place all possible Ads on these pages
  • Disable AdsWidget on Homepage
  • Hide Ads when user is logged in to WordPress – That is, do not show ads to registered users.

Be careful with the Main page – usually there are Ads in the feed, or a special arrangement of ad units is configured, because the appearance of this page is different from the pages of Articles, and the page itself is the “face” of the site.

Do not show ads to registered users is also quite a reasonable solution, i.e. regular visitors stop noticing advertising banners. If the same user regularly clicks on advertising on the same site, then these clicks will most likely will not be taken into account.


If you set up automatic placement of ad units (at the beginning of the article, after the tenth paragraph, at the end of the article, etc.), then you do not need to manually write the tags where you want to add advertising.

However, this can be useful for setting up advertisements on pages where automatic ad blocks output does not work well enough. For example, you can completely disable ads for a specific page; or you can turn off automatically displayed advertisements and indicate your places by showing ad units.

You can display ad insertion buttons next to the editor, for this you have the following options:

Show Quicktag Buttons on the HTML Edit Post SubPanel

Hide <!--RndAds--> from Quicktag Buttons

Hide <!--NoAds-->, <!--OffDef-->, <!--OffWidget--> from Quicktag Buttons

Hide <!--OffBegin-->, <!--OffMiddle-->, <!--OffEnd-->, <!--OffAfMore-->, <!--OffBfLastPara--> from Quicktag Buttons

The item Insert Ads into a post, on-the-fly contains information about tag names, which you can use to insert ad units into an arbitrary place while editing HTML code:

  1. Paste <!--Ads1-->, <!--Ads2-->, etc into the article for displaying a particular ad in the specified location.
  2. Paste <<!--RndAds--> (one or more times) into the article to display a random ad in the specified location.

Section Disable Ads in a post, on-the-fly is useful if you do not want to display ads on some page automatically – for example, because the article is too small, or it is sponsorship material, or this is important information and advertising should not distract from content. Examples of tags for managing ads:

  1. Insert <!--NoAds--> to disable all ads on the page (does not affect ads on the sidebar).
  2. Insert <!--OffDef--> to disable automatic inserted ads, use <!--Ads1-->, <!--Ads2--> to insert ads (no effect on the sidebar).
  3. Insert <!--OffWidget--> to disable all ads in the sitebar.
  4. Insert <!--OffBegin-->, <!--OffMiddle-->, <!--OffEnd--> to disable ads at the beginning, middle or end of the post.
  5. Insert <!--OffAfMore-->, <!--OffBfLastPara--> to disable ads immediately after the <!--more--> tag or before the last paragraph.

Tags can be inserted through additional Quicktag buttons when editing HTML. If you use an alternative text editor, switch to HTML code and insert these tags manually.

Insert ads in the sidebar

Quick Adsense, as we remember, has 10 slots for inserting ads into the sidebar.

If you saved the ad code in these slots, the corresponding widget appears:

Insert code in the header, footer

Quick Adsense allows you to insert the code in the header (header) and footer (footer) of the site. To do this, go to the Header / Footer Codes tab:

To embed the code in the header, copy it into the Header Embed Code field. An example of code for placing in the header can be the code of Automated AdSense ads.

To paste the code into the footer, copy it into the Footer Embed Code field. For example, I sometimes place counter codes in the footer — here, like in any Quick Adsense slot, the placed code does not have to be the ad code.


Quick Adsense is a free WordPress plugin that allows you to perform almost all the basic advertising manipulations that most webmasters need.

As the pasted code, you can use not only the ad code, but any HTML and JavaScript code, as well as WordPress and plug-ins short-codes.