The following code to restrict access to wp-login.php and wp-admin works for me, but could someone tell me if I miss something? I placed it in my function.php
if ( ! is_super_admin() && ! preg_match( '#admin-ajax\.php#', $_SERVER[ 'REQUEST_URI' ] ) ) {
if ( preg_match( '#^/wp-#', $_SERVER[ 'REQUEST_URI' ] ) || preg_match( '#wp-admin#', $_SERVER[ 'REQUEST_URI' ] ) ) {
wp_safe_redirect( 'https://...' );
exit;
}
}
Related
My "werknemers" post type need an MD5 generated slug to make them unique. In order to do that, I have added the following code:
function isValidMd5($md5 =''){
return preg_match('/^[a-f0-9]{32}$/', $md5);
}
function custom_unique_post_slug( $slug, $post_ID, $post_status, $post_type ) {
if(isValidMd5($slug)) { } else {
if ( 'werknemers' == $post_type ) {
$slug = md5( time() );
}
}
return $slug;
}
add_filter( 'wp_unique_post_slug', 'custom_unique_post_slug', 10, 4 );
Works perfectly however, the posts are now not accessible, giving a "Page not found" error. Changing the permalinks doesn't help and neither did resetting ".htaccess". I assume I need something specific to be placed in ".htaccess", but I don't know what. Any ideas?
Because I removed the post type slug, the post couldn't be found.
It actually had nothing to do with the MD5 generator.
To fix it, I had to apply the following code (in case anyone else has this problem)
function na_remove_slug( $post_link, $post, $leavename ) {
if ( 'werknemers' != $post->post_type || 'publish' != $post->post_status ) {
return $post_link;
}
$post_link = str_replace( '/' . $post->post_type . '/', '/', $post_link );
return $post_link;
}
add_filter( 'post_type_link', 'na_remove_slug', 10, 3 );
function na_parse_request( $query ) {
if ( ! $query->is_main_query() || 2 != count( $query->query ) || ! isset( $query->query['page'] ) ) {
return;
}
if ( ! empty( $query->query['name'] ) ) {
$query->set( 'post_type', array( 'post', 'werknemers', 'page' ) );
}
}
add_action( 'pre_get_posts', 'na_parse_request' );
Wordpress Search
1). www.example.com/?s=perticularword - Not Working
example particular word:"booking"
2). www.example.com/blog/?s=booking - Entered manually in URL it is working
3). If I am using the code - It returns too many redirections - Not Working
function fb_change_search_url_rewrite() {
if ( is_search() && ! empty( $_GET['s'] ) ) {
wp_redirect( home_url( "/blog/?s=" ) . urlencode( get_query_var( 's' ) ) );
exit();
}
}
add_action( 'template_redirect', 'fb_change_search_url_rewrite' );
I want www.example.com/blog/?s=booking this search results how to get results ??
Your if condition is also true for your redirected url. Use
if ( ( is_search() && ! empty( $_GET['s'] ) && stripos( $_SERVER['REQUEST_URI'], 'blog' ) === false ) {
to make the condition false on your redirected url.
My question basically is: are the "back-end" plugins, which in nothing affects the blog front-end, loaded when an anonymous user, for example, browse my blog?
Let's say the EWWW image optmizer, for instance: it just optmize the images, in the back-end. It has a admin interface to optimize the images, but the end-user doesn't use it at all. Still it gets loaded in each page visit?
I'm not sure if I'm making myself clear. Hope so.
As far as I know there is no way to specify a plugin as admin only in the WordPress API. The only plugin types I know about are 'must use', 'network activitate' (for multi user sites) and 'active' so I think an admin plugin will also load in non admin mode. The plugins are loaded in wp-settings.php. I read the code and it seems to me that WordPress doesn't distinguish between admin mode and non-admin mode as far as plugin loading is concerned. The relevant code is:
// Load must-use plugins.
foreach ( wp_get_mu_plugins() as $mu_plugin ) {
include_once( $mu_plugin );
}
unset( $mu_plugin );
// Load network activated plugins.
if ( is_multisite() ) {
foreach ( wp_get_active_network_plugins() as $network_plugin ) {
wp_register_plugin_realpath( $network_plugin );
include_once( $network_plugin );
}
unset( $network_plugin );
}
...
// Load active plugins.
foreach ( wp_get_active_and_valid_plugins() as $plugin ) {
wp_register_plugin_realpath( $plugin );
include_once( $plugin );
}
unset( $plugin );
function wp_get_mu_plugins() {
$mu_plugins = array();
if ( !is_dir( WPMU_PLUGIN_DIR ) )
return $mu_plugins;
if ( ! $dh = opendir( WPMU_PLUGIN_DIR ) )
return $mu_plugins;
while ( ( $plugin = readdir( $dh ) ) !== false ) {
if ( substr( $plugin, -4 ) == '.php' )
$mu_plugins[] = WPMU_PLUGIN_DIR . '/' . $plugin;
}
closedir( $dh );
sort( $mu_plugins );
return $mu_plugins;
}
function wp_get_active_network_plugins() {
$active_plugins = (array) get_site_option( 'active_sitewide_plugins', array() );
if ( empty( $active_plugins ) )
return array();
$plugins = array();
$active_plugins = array_keys( $active_plugins );
sort( $active_plugins );
foreach ( $active_plugins as $plugin ) {
if ( ! validate_file( $plugin ) // $plugin must validate as file
&& '.php' == substr( $plugin, -4 ) // $plugin must end with '.php'
&& file_exists( WP_PLUGIN_DIR . '/' . $plugin ) // $plugin must exist
)
$plugins[] = WP_PLUGIN_DIR . '/' . $plugin;
}
return $plugins;
}
function wp_get_active_and_valid_plugins() {
$plugins = array();
$active_plugins = (array) get_option( 'active_plugins', array() );
// Check for hacks file if the option is enabled
if ( get_option( 'hack_file' ) && file_exists( ABSPATH . 'my-hacks.php' ) ) {
_deprecated_file( 'my-hacks.php', '1.5.0' );
array_unshift( $plugins, ABSPATH . 'my-hacks.php' );
}
if ( empty( $active_plugins ) || wp_installing() )
return $plugins;
$network_plugins = is_multisite() ? wp_get_active_network_plugins() : false;
foreach ( $active_plugins as $plugin ) {
if ( ! validate_file( $plugin ) // $plugin must validate as file
&& '.php' == substr( $plugin, -4 ) // $plugin must end with '.php'
&& file_exists( WP_PLUGIN_DIR . '/' . $plugin ) // $plugin must exist
// not already included as a network plugin
&& ( ! $network_plugins || ! in_array( WP_PLUGIN_DIR . '/' . $plugin, $network_plugins ) )
)
$plugins[] = WP_PLUGIN_DIR . '/' . $plugin;
}
return $plugins;
}
Of course the easiest way to know for sure is to load a front end page on an WordPress installation with the suspect plugin and using the debugger to check if it loads.
Also, if a plugin was intended for admin use only the plugin author could just have
if ( ! is_admin() ) {
return;
}
at the start of the main plugin file. So the plugin essentially doesn't load.
I need to change the permalink struture of my custom post "product"
the default one is Domain_name.com./product/product_name
I need to change it to :
Domain_name.com./category_name/product_name
i used the plugin "Types" to create the custom post
i installed a plugin named wp-permastructure to change the permalink but
when i add %category%/%postname%/ in the new format structure i get a 404 error.
i add the follow code to remove the product slug :
function gp_remove_cpt_slug( $post_link, $post, $leavename )
{
if ( 'product' != $post->post_type || 'publish' != $post->post_status ) {
return $post_link;
}
$post_link = str_replace( '/' . $post->post_type . '/', '/', $post_link);
return $post_link;
}
add_filter( 'product', 'gp_remove_cpt_slug', 10, 3 );
function gp_parse_request_trick( $query ) {
// Only noop the main query
if ( ! $query->is_main_query() )
return;
// Only noop our very specific rewrite rule match
if ( 3!= count( $query->query ) || ! isset( $query->query['page'] ) ) {
return;
}
// 'name' will be set if post permalinks are just post_name, otherwise the page rule will match
if ( ! empty( $query->query['name'] ) ) {
$query->set( 'post_type', array( 'post', 'product', 'page' ) );
}
}
add_action( 'pre_get_posts', 'gp_parse_request_trick' );
But i still get the 404 error
have you some ideas for my problem
I'm creating a wordpress site where the registered user has the ability to create his own post via wp_editor() on the frontend, but just one post.
Now I want to restrict the user to be able to only see his uploaded media. I use the following script in the functions.php, which works in the backend. So if a user goes to the media section in the backend he will only see his uploaded media.
But if the user goes to "insert media" pop-up on the frontend wp_editor he can still see the uploaded media from all the users.
function restricted_media_view( $wp_query ) {
if ( strpos( $_SERVER[ 'REQUEST_URI' ], '/wp-admin/upload.php' ) !== false
|| strpos( $_SERVER[ 'REQUEST_URI' ], '/wp-admin/edit.php' ) !== false ) {
if ( !current_user_can( 'level_5' ) ) {
global $current_user;
$wp_query->set( 'author', $current_user->id );
}
}
}
add_filter('parse_query', 'restricted_media_view' );
Do you have any idea hot to solve this annoyance? Thank you!
You might try this plugin: http://wordpress.org/extend/plugins/view-own-posts-media-only/
Alternatively try this:
add_action('pre_get_posts','ml_restrict_media_library');
function ml_restrict_media_library( $wp_query_obj ) {
global $current_user, $pagenow;
if( !is_a( $current_user, 'WP_User') )
return;
if( 'admin-ajax.php' != $pagenow || $_REQUEST['action'] != 'query-attachments' )
return;
if( !current_user_can('manage_media_library') )
$wp_query_obj->set('author', $current_user->ID );
return;
}
Source: http://wpsnipp.com/index.php/functions-php/restricting-users-to-view-only-media-library-items-they-upload/#comment-810649773
alternatively since WordPress 3.7
add_filter( 'ajax_query_attachments_args', "user_restrict_media_library" );
function user_restrict_media_library( $query ) {
global $current_user;
$query['author'] = $current_user->ID ;
return $query;
}
I use API/Filter Reference/ajax query attachments args for WP 4.3.1 and works
add_filter( 'ajax_query_attachments_args', 'show_current_user_attachments', 10, 1 );
function show_current_user_attachments( $query = array() ) {
$user_id = get_current_user_id();
if( $user_id ) {
$query['author'] = $user_id;
}
return $query;
}
just add on functions.php
or check this link WP Codex