Check this question How does wordpress restrict X-FRAME to sameorigin?. The questioner’s issue was resolved by modifying his site’s .htaccess file by adding the below line to it as his Web Host set the X-Frame-Option. Header always unset X-Frame-Options You can check if that works for you.
Looks like this is a defect. Ish. As @s_ha_dum mentioned, this is to prevent a directory traversal attack. However, WordPress’ Media Library will happily let you upload a file with two or more periods in a row, even if ms-files.php will refuse to serve it up. So, nothing is technically “broken”, but this certainly isn’t … Read more
You’re in a pretty good pickle here. There are a couple things you can do as far as I can tell. Both of them are a little tricky. Recommended The one I would recommend would be to make use of the do_action(‘print_media_templates’) at the bottom of that file. It’s not perfect, but you could add … Read more
First: don’t enqueue custom versions of WordPress core-bundled scripts, including (and especially) jQuery. Second, to answer your question: those Plugin scripts and stylesheets are enqueued, using add_action(), via a callback hooked into one of the following action hooks: wp_head wp_enqueue_scripts wp_print_scripts wp_print_styles (There are others, but those are the most likely.) Inside the callback, the … Read more
On the Users (wp-admin/users.php) page, WordPress uses wp_dropdown_users() to generate the users drop-down menu you’re referring to, so I’d suggest using the wp_dropdown_users_args hook to filter the users query, e.g. to show only 1 result (or 10, but surely not 55k!) and then use JavaScript to add/load the other results. So in this answer, I’m … Read more
You are acting on awfully big assumption that something like that would improve performance. Spoiler — no, it won’t. The load process in very loose terms consists of: Optionally running code responsible for looking up definitions (autoload or custom). Parsing the file or retrieving results from opcode cache. Loading results to be used. The “autoload … Read more
Assuming all the installs are on the same instance and thus can have the same files shared between them, then the main thing you need to do is to have all the custom content stuff live outside of the main WordPress folders. So first, you’re going to want a fresh copy of WordPress somewhere, untouched … Read more
I threw this question around on Twitter and asked for feedback from some other core developers. My gut instinct was to make $current_url either filterable or generated by a function that could be overridden. This is, apparently, the wrong way about it. @markoheijnen: @EricMann Resetting $_SERVER[‘HTTP_HOST’] sounds like a hackish solution. Same code then can … Read more
Yes you can do that… define( ‘DISALLOW_FILE_MODS’, true ); Put this snippet in your wp-config.php file and you will able to disable core and plugin updates.
Aha, so the $before_widget variable is a string representing div element: <div class=”widget my” id=”my-widget-1″> . So I checked the $before_widget for the “class” sub-string and added my $widget_width value to it. The code is from my custom widget file: function widget( $args, $instance ) { extract( $args ); … //other code $widget_width = !empty($instance[‘widget_width’]) … Read more