As you can see here, WordPress will use WordPress as sender name and wordpress@<SITENAME> as sender email, if these params were note passed to wp_mail. You can use wp_mail_from and wp_mail_from_name filters to modify these values though. So if you want to change the sender e-mail address, just use this code: add_filter( ‘wp_mail_from’, function( $email … Read more
Nice job recovering your password, however, the exploit probably still exists so you might get hacked again. Your next step is to find and seal up the security hole. It could be a plugin. It could be a theme. Download and run the Sucuri plugin to help you figure it out.
There’s a whole article on this in the Codex: http://codex.wordpress.org/Resetting_Your_Password I’m partial to the Emergency Password Script, but the FTP method is probably also equally as easy. Upload the following as a file to your server. Visit its URL and follow the prompts. Immediately delete the file from your server. <?php /* This program is … Read more
I’m the author of the linked article (thanks for the shout-out, by the way). The WordPress function that does the hashing is wp_has_password() and, by default, it will run the password through 8 rounds whatever the “best” algorithm the server makes available to PHPass is. WordPress, again by default, uses MD5. However you can also … Read more
Sending password or as you said key in email is not the safe way. WordPress send a link in email when click on forgot password button. When you click that link it redirects to a default WordPress page for reset password there you have enter and that’s it and this is the easiest way for … Read more
Ok, figured it out myself! I had used add_filter to customize the password form in order to add css classes. Everything in add_filter was either old or simply wrong. I found it in a tutorial, but this has been a lesson to me. Never trust code found on the web unless it from the Codex … Read more
I’ve used the following to protect individual pages: First add a field to the Publish Metabox: add_action( ‘post_submitbox_misc_actions’, ‘my_post_submitbox_misc_actions1’ ); function my_post_submitbox_misc_actions1(){ echo ‘<div class=”misc-pub-section my-options”> <input type=”checkbox” id=”fgpsn_protected_content” name=”fgpsn_protected_content” value=”true”‘; if ( get_post_meta(get_the_ID(), ‘fgpsn_protected_content’, true) == ‘true’ ){ echo ‘ checked’; } echo ‘> <label for=”fgpsn_protected_content”>FGPSN Content</label></div>’; } Then save the meta data – … Read more
maybe this could help you. Devise automatically redirects on sign in and sign up as long as you store the location of the current page using devise’s store_location_for(resource). https://github.com/plataformatec/devise/wiki/How-To:-Redirect-back-to-current-page-after-sign-in,-sign-out,-sign-up,-update
I’m guessing you’ve tried clicking on the “Your post password?” link below the login, and are (for some reason) unable to receive the resulting email. If you have direct access to the database, you can update the password directly: update wp_users set user_pass=md5(‘my_new_password’) where user_name=”my_login”);
By Using following hook, you can customize your login page and password validations with ajax or PHP. add_action( ‘login_form’, ‘myplugin_add_login_fields’ ); function myplugin_add_login_fields() { //Get and set any values already sent $user_extra = ( isset( $_POST[‘user_extra’] ) ) ? $_POST[‘user_extra’] : ”; ?> <p> <label for=”user_extra”><?php _e(‘Extra Field’,’mydomain’) ?><br /> <input type=”text” name=”user_extra” id=”user_extra” class=”input” … Read more