Hook for URL Request

Actually, my recommendation would be to do things a bit differently. You can add a custom rewrite endpoint to WordPress to handle these files specifically. For example, the URL http://site.com/download-xml/the_filename would automatically download the specified file as an attachment. First, you need to add a custom rewrite endpoint to set this up: function add_endpoint() { … Read more

Clarity needed on usage of multiple 403 forbidden header() functions at the beginning of the plugin files

The proper way to send a status (when WordPress is not available) is: http_response_code( 403 ); See the PHP Manual for its definition. But in Plugin files, this should never be the “default” code on top of a file header. See Worthwhile to restrict direct access of theme files? for a discussion. In WordPress, use … Read more

Custom endpoint and X-WP-TotalPages (headers)

I had a quick look and here’s how the headers are set in the WP_REST_Posts_Controller::get_items() method: $response = rest_ensure_response( $posts ); // … $response->header( ‘X-WP-Total’, (int) $total_posts ); $response->header( ‘X-WP-TotalPages’, (int) $max_pages ); // … return $response; where: $total_posts = $posts_query->found_posts; and we could use as @jshwlkr suggested: $max_pages = $posts_query->max_num_pages; You could emulate that … Read more

How to set custom cookies before output

Depends on whether or not you need to check against WordPress’ user authentication. If you need to know whether they’re a logged in user, hook onto ‘init’. Otherwise, the sooner the better. If it’s something that should fire on every page load, and only checks for existence of the cookie and doesn’t need to tap … Read more

Is it safe to fix Access-Control-Allow-Origin (CORS origin) errors with a php header directive?

Yes, you open your site to being requested via AJAX to any other script in the whole web. It would be better if you limit the origin to one specific remote domain from which you are consuming the API, like this example: header(“Access-Control-Allow-Origin: http://mozilla.com”); However as the mozilla documentation states, a client can fork the … Read more

How to prevent wordpress from loading old versions of jquery in wp_head();?

add_action(‘wp_enqueue_scripts’, ‘no_more_jquery’); function no_more_jquery(){ wp_deregister_script(‘jquery’); } That will deregister jquery. But why wouldn’t you want jQuery at all? If you mean to simply use your own, you should do it in that function, like this: add_action(‘wp_enqueue_scripts’, ‘no_more_jquery’); function no_more_jquery(){ wp_deregister_script(‘jquery’); wp_register_script(‘jquery’, “http” . ($_SERVER[‘SERVER_PORT’] == 443 ? “s” : “”) . “://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js”, false, null); wp_enqueue_script(‘jquery’); … Read more

Recommended location to set response headers?

There’s a filter for that: function wpse_203745_wp_headers( $headers ) { $headers[‘Expires’] = gmdate( $somedate ) . ‘ GMT’; return $headers; } add_filter( ‘wp_headers’, ‘wpse_203745_wp_headers’ );

How do I make my plugin load before the headers are output so I can redirect wordpress?

The correct hook to use is template_redirect which allows you to have the necessary info available to do checks while also early enough to actually redirect. As per the example on the codex page: function my_page_template_redirect() { if( is_page( ‘goodies’ ) && ! is_user_logged_in() ) { wp_redirect( home_url( ‘/signup/’ ) ); exit(); } } add_action( … Read more