I have an image sharing site built on WordPress and recently I've had a lot of bots registering a user and creating a spam post with links to various sites.
After installing WP-reCAPTCHA the numbers have reduced but there are still 'attacks' every hour or so.
I'm trying to handle this programmatically now, by hooking into wp_insert_post_data (which is called whenever a post/revision is saved). I inspect the post data and if it contains a link I remove the post's content and set the status to draft so that it isn't published.
But it's still a nuisance to delete spam users and posts from the back end.
Is there a better hook I can use to stop the saving of the post even happening? i.e. can I reject the call to save the post?
Here is the code I'm currently using:
function block_spam_posts($data, $postarr) {
// if the post contains a link, set it to draft status
$post_content = $data['post_content'];
if (strpos($post_content,'http') !== false) {
$data['post_content'] = 'Post data removed by anti-spam measures.';
$data['post_status'] = 'draft';
}
}
add_filter('wp_insert_post_data', 'block_spam_posts',1,2);
Thanks for your help.
I found the answer here:
https://wordpress.stackexchange.com/questions/82354/how-can-i-hook-into-creating-a-new-post-and-execute-wp-die-before-the-post-is
I'm using the right hook. All I need to do is call wp_die() once the criteria for a spam post has been met.
Hope this helps others.
Related
I have created a website whereby users register and create their own templated profile pages. The profile pages are automatically created as Custom Posts upon registration, with the user being set as the Author of their specific post (profile).
(Users can only ever have one Custom Post)
I want to redirect a "dumb" URL like www.website.com/my-profile to a user's custom post when they are logged in.
For example, when John Smith visits www.website.com/my-profile he is directed to his profile page: www.website.com/users/john.smith
I have found many PHP solutions going the other way, but I can't seem to find a solution that does what I need. Any help would be greatly appreciated. Thanks!
This may not be the correct answer to the original query, but proved to be a solid workaround:
Instead of redirecting www.website.com/my-profile to www.website.com/users/john.smith every time it is entered in the URL bar, I created a shortcode that could be used when needed throughout the site.
add_shortcode('bt_redirect_user_link', 'bt_redirect_user_link');
function bt_redirect_user_link ($atts) {
// check if user is logged in
if (is_user_logged_in()) {
// get current user object
$current_user = wp_get_current_user();
// get user nickname
$user_nickname = $current_user->data->user_nicename;
// set the link href
$link_href = '/users/' . $user_nickname;
// output the link html
return $link_href;
}
}
Fortunately for me, the www.website.com/my-profile link (which needs to be redirected) is only available on buttons/icons visible to logged in users. This may not be a fully workable solution for websites that need to display the link to logged out users, and I assume IF/ELSE statements would needed to be added in those cases.
I encountered a problem while sending a link to my new Wordpress site to a friend. While the link on every other platform shows exactly the same description, as it should. Discord, on the other hand, puts author above description so that when the link is sent it sais:
[mydomain.com]
admin
[description]
It is not that much of a problem but I think that it should not take a place, especially when I often link lot of things on discord.
Adding this block of code to your wordpress functions.php (use child theme if necessary)
This is the shortest method of removing the data that discord pulls in though it will remove the data from being view from every site that wants to embed a link.
/* Disable oEmbeds author name & author url ~ Stops Showing in embeds */
add_filter( 'oembed_response_data', 'disable_embeds_filter_oembed_response_data_' );
function disable_embeds_filter_oembed_response_data_( $data ) {
unset($data['author_url']);
unset($data['author_name']);
return $data;
}
Note this was taken from another post on stackOverflow and isnt my own code : there is also a more compliacted solution on this thread as well. original post
This can also have so negative effects on SEO due to not sharing the data, and we all know google loves data.
An alternative solution is to set the author of the post to the site name rather than the admin user.
Side note you really should change your username from admin to something less generic so a potentual hacker has to work out the username as well as the password.
Mail not sending when status changed from processing to on-hold and processing to failed.
Kindly tell me how to achieve this. Thanks in advance
Even that kind of questions (directly asking the need without any research or any part of code) are not welcomed here, I want to help you about that by giving the basic idea.
In the file "wp-content/plugins/woocommerce/includes/class-wc-emails.php", search for the "public static function init_transactional_emails()" and check "$email_actions" array there.
$email_actions = apply_filters(
'woocommerce_email_actions', array(
'woocommerce_low_stock',
'woocommerce_no_stock',
'woocommerce_product_on_backorder',
'woocommerce_order_status_pending_to_processing',
'woocommerce_order_status_pending_to_completed',
'woocommerce_order_status_processing_to_cancelled',
'woocommerce_order_status_pending_to_failed',
'woocommerce_order_status_pending_to_on-hold',
'woocommerce_order_status_failed_to_processing',
'woocommerce_order_status_failed_to_completed',
'woocommerce_order_status_failed_to_on-hold',
'woocommerce_order_status_on-hold_to_processing',
'woocommerce_order_status_on-hold_to_cancelled',
'woocommerce_order_status_on-hold_to_failed',
'woocommerce_order_status_completed',
'woocommerce_order_fully_refunded',
'woocommerce_order_partially_refunded',
'woocommerce_new_customer_note',
'woocommerce_created_customer',
)
);
Since after every update of Woocommerce plugin any changes you made on those files will be gone, you need to add your email trigger for status changes you mentioned by either using a hook or overriding the files using your child theme.
About your request, for "from processing to on-hold" you need to add:
'woocommerce_order_status_processing_to_on-hold',
About overriding a file (or function) from includes folder of Woocommerce you may check this post: Override woocommerce files from includes folder
I hope this will help you to solve it. Have a good day.
We have a wordpress website that does marketing display, but now we want to allow a customer to submit an email and selection to a separate website with a landing page that will handle the backend DB work and finish them in the other website.
Something like,
www.ourmarket.com/getdata (on Submit button click GETS to...)
www.ouradminsite/landingpage.aspx (which processes the data that the use will not see then...)
www.ouradminsite/login.aspx (where the user can now login)
I am not familiar with WP at all, but I was able to create a page with a form that has the textbox/combobox I need.
I thought it would be something simple, but somehow it seems not. I read about AJAX and doing something in functions.php and creating a custom .js file, but when working on the marketing site I find no way to add this type of function in.
My fall back is to have the WP page just have a link to a generic landing page where they enter data, but it would be visually jarring to the customer unless I duplicate the WP site for one page.
Is there an easy way to just tell WP to redirect to an external page with a GET?
UPDATE--------------
I like to think I'm making progress. I found a link that may have given me a good start. I added a function to the functions.php file located in my WP theme. It starts like this:
add_action("gform_post_submission_4", "set_post_content", 10, 2);
function set_post_content($entry, $form){
//Gravity Forms has validated the data
//Our Custom Form Submitted via PHP will go here
// Lets get the IDs of the relevant fields and prepare an email message
$message = print_r($entry, true);
// In case any of our lines are larger than 70 characters, we should use wordwrap()
$message = wordwrap($message, 70);
// Send
mail('myuser#mycompany.com', 'Getting the Gravity Form Field IDs', $message);
**wp_redirect("http://my.hearbuilder.com/hellomoto.aspx",301);**
}
From there I tried to edit the function to do that wp_redirect, just a simple one to start. This is added under the mail statement:
wp_redirect("http://my.hearbuilder.com/hellomoto.aspx",301);
From this link, when I fill out the form I can get the email, but the new page did not display. I added the exit; line and still got the same result, the page seems like it hangs.
The end result is that I need to have the new website landing page display (after it processes the data from the Wordpress form.
What am I still missing?
yes use wp_redirect()
if($_POST):
$textbox=$_POST['textboxname'];
$url= 'url'.'?custom=hello&textbox='.$textbox.'&anothervalue='.$anothervalue;
wp_redirect($url);
exit;
endif;
you can easily add the variables to the string as needed. The easiest way to control the url properly is to post the information to the same page , catch the post and redirect (place before get_header call or any output has started)
The other way is php Curl which is more difficult esp when dealing with .asp pages, but if you have access to the other server it makes figuring it out easier!
I am setting up an ecommerce site using Wordpress and WooCommerce. We are using the wordpress member accounts to track customer information, and we need a way for logged in members only to be able to choose to purchase their cart "on credit", meaning no payment is required to place the order. Basically what I have done is hi-jacked the "Check" option (since we don't need it anywhere else) and renamed it "Credit" since it allows for the functionality we need.
However, I need a way for the "Credit" (check) option to only display if the user is logged in. Is there any way I can just "unhook" this option if the user isn't logged in? This seems like something that would be easy to do, but I couldn't find anything about it. Any help is appreciated.
The original answer to this question (from BWDesign) no longer works due to changes in WooCommerce (at least from WooCommerce 2.1.7 onwards, possibly before). This does the trick now (tested on 2.1.7 and 2.1.8), add it to e.g. your functions.php file:
add_filter( "woocommerce_available_payment_gateways", "rp_filter_gateways", 9999 );
function rp_filter_gateways($args) {
if(!is_user_logged_in() && isset($args['cheque'])) {
unset($args['cheque']);
}
return $args;
}
I just found the solution. In the class-wc-cheque.php file, the check or "cheque" (crazy brits) option is hooked using add_filter('woocommerce_payment_gateways', 'add_cheque_gateway' );. So the solution was simply to add this code to my functions.php file:
if(!is_user_logged_in()){
remove_filter('woocommerce_payment_gateways', 'add_cheque_gateway' );
}
Hope this helps!