http

Clarity needed on usage of multiple 403 forbidden header() functions at the beginning of the plugin files

The proper way to send a status (when WordPress is not available) is: http_response_code( 403 ); See the PHP Manual for its definition. But in Plugin files, this should never be the “default” code on top of a file header. See Worthwhile to restrict direct access of theme files? for a discussion. In WordPress, use … Read more

How do I use the ‘http_request_host_is_external’ filter

You can do this: add_filter( ‘http_request_host_is_external’, ‘__return_true’ ); However, note that this disables this security feature. If you know the host or url isn’t going to change and is always going to be that, you can be more secure by checking for that explicitly: add_filter( ‘http_request_host_is_external’, ‘allow_my_custom_host’, 10, 3 ); function allow_my_custom_host( $allow, $host, $url … Read more

How to receive HTTP POST in WP?

Easy! You have a couple of options to do so. The easiest one, but less safe, is to create a brand new PHP file in the root folder of WordPress. Let’s say we will call it get_post.php and add WordPress functionality to it. Like so: <?php require_once(‘wp-load.php’); // add wordpress functionality $post = $_POST; if … Read more

Where to get information about array fields in $_REQUEST?

This is mostly pure PHP, but it does have WordPress twist. PHP has number of superglobal variables, that contain information relevant to current request. Out of those: $_GET contains info from URL (HTTP GET request) $_POST info from form submission (HTTP POST request) $_COOKIES about cookies set and $_REQUEST is combination of the above (according … Read more

Chrome Version 44.0.2403.89 m is trying to force HTTPS

Solution 1: Enable mod_header on the server and added this rule to my appache2.conf file: <IfModule mod_headers.c> RequestHeader unset HTTPS </IfModule> Solution 2: Or you need to add the code to fonction.php file of your current theme: function https_chrome44fix() { $_SERVER[‘HTTPS’] = false; } add_action(‘init’, ‘https_chrome44fix’,0);

Switch from https back to http

You can try these: 1. make sure the values changed in database If you can’t login to wp-admin > settings to confirm that, you can go to database, wp_options table and look for siteurl and home values 2. add code to wp-config.php Add these lines to wp-config.php define(‘WP_HOME’,’http://example.com’); define(‘WP_SITEURL’,’http://example.com’); 3. Clear your cache Make sure … Read more

Prevent WordPress from sending Cache-control http header

Thanks to @chrisguitarguy’s answer, you can control the http headers sent by WordPress via the “send_headers” hook. Here is the function I added to my theme’s functions.php file, and that solved the issue with the Varnish server. function varnish_safe_http_headers() { header( ‘X-UA-Compatible: IE=edge,chrome=1’ ); session_cache_limiter(”); header(“Cache-Control: public, s-maxage=120”); if( !session_id() ) { session_start(); } } … Read more

+ More