How To Archives - Tweaks WP

$WordPress dynamic hooks code example showing save_post_{$post_type} pattern with dark developer theme$

WordPress Dynamic Hooks: The Complete save_post_{type} Guide

Learn how WordPress dynamic hooks like save_post_{$post_type}, manage_{$screen->id}_columns, and theme_mod_{$name} work, with code examples and gotchas.

Varun Dubey · June 4, 2026 · 16 min read

Code Snippets

WordPress Shutdown Hook: How to Run Code After Page Output Is Complete

How the WordPress shutdown action fires, how it differs from register_shutdown_function, and practical patterns for deferred logging, post-response API calls, fastcgi_finish_request, and fatal error capture.

Varun Dubey · June 4, 2026 · 16 min read

Sanitize input vs escape output WordPress XSS prevention split layout

How To

How to Prevent XSS in WordPress: Sanitization and Escaping Functions Guide

Maps every WordPress esc_*, wp_kses_*, and sanitize_* function to its exact context, with the 'sanitize on input, escape on output' rule that eliminates XSS.

Varun Dubey · May 23, 2026 · 16 min read

WordPress hook priority execution order with add_action priorities

How To

WordPress Hook Priority Explained: How Action and Filter Execution Order Works

How WordPress hook priority numbers work, how to remove object method and closure callbacks, and runtime tools like doing_action(), did_action(), and $wp_filter inspection.

Varun Dubey · May 23, 2026 · 16 min read

PHP-FPM pm.max_children worker calculation formula for WordPress

How To

PHP-FPM Tuning for WordPress: How to Calculate Workers, Memory, and Timeouts

PHP-FPM tuning guide for WordPress: how to calculate pm.max_children from actual memory usage, set spare server counts, configure request timeouts, and monitor pool health.

Varun Dubey · May 23, 2026 · 16 min read

Nginx FastCGI cache hit and miss timing grid for WordPress

How To

Nginx FastCGI Cache for WordPress: Complete Setup and Purge Guide

Complete Nginx FastCGI cache setup for WordPress: cache zone config, logged-in user bypass, WooCommerce exclusions, purge on publish, and HIT/MISS header debugging.

Varun Dubey · May 23, 2026 · 16 min read

PHP OPcache configuration values for WordPress shown as memory bars

How To

PHP OPcache Settings for WordPress: Configuration Guide with Benchmarks

OPcache configuration guide for WordPress covering memory_consumption, max_accelerated_files, revalidate_freq, JIT settings, and how to verify hit rate on production.

Varun Dubey · May 23, 2026 · 16 min read

WordPress malware cleanup recovery checklist in terminal style

How To

WordPress Malware Cleanup: Developer’s Step-by-Step Recovery Checklist

Step-by-step WordPress malware cleanup checklist covering core file verification, database injection scans, hidden admin detection, cron backdoors, and post-cleanup hardening.

Varun Dubey · May 23, 2026 · 16 min read

WordPress SQL injection prevention with wpdb prepare placeholder code example

How To

WordPress SQL Injection Prevention: $wpdb->prepare() Deep Dive

Every WordPress database query that concatenates user input without $wpdb->prepare() is a ticking time bomb. This guide covers every prepare() pattern in production code.

Varun Dubey · May 23, 2026 · 16 min read

WordPress file permissions chmod guide showing correct values: 400 for wp-config.php, 755 for directories, 644 for files, 444 for .htaccess

How To

Correct File Permissions for WordPress: chmod Guide for Every File and Folder

Set correct chmod values for wp-config.php, directories, files, uploads, and .htaccess. Includes one-liner fix commands and wp-config.php constants.

Varun Dubey · April 30, 2026 · 16 min read

WordPress login security hardening: rate limiting with transients, custom login URL via rewrite rules, and brute force protection code diagram on dark developer background

Backup and Security

WordPress Login Security: Rate Limiting, Custom URL, and Brute Force Protection

Harden WordPress login with PHP rate limiting via transients, a custom login URL using rewrite rules, Application Password controls, and TOTP 2FA. No plugins required.

Varun Dubey · April 30, 2026 · 16 min read