We us Event Espresso for our event management. It allows for multiple events as well as multiple payment gateways, even a ticket addon so users can print custom tickets to your events. Seems like it would be perfect for what you need. http://eventespresso.com/
This was a case of UTF-8 character encoding taking over the presentational view of your browser and converting those HTML entities into their counter parts, human readable text. After all, you might have very well wanted a string that looked like; “BLA for some reason or another to the eyes of your viewer instead of … Read more
As @montrealist says, using an insecure username and password combination on a local webserver installation that is not publicly accessible is not necessarily a security concern. If the server is publicly accessible, a secure username and password should be used of course.
Basically, it should look like this: AuthType Basic AuthName NAME_THIS_THING AuthUserFile PATH_TO_USER_FILE <Files ‘*’> Require valid-user </Files> <Files ‘admin-ajax.php’> Allow from all Satisfy any </Files> Replace the upper case parts with something real. admin-ajax.php is the only file that should be available without restriction. The details of the user file are a little bit out … Read more
Not sure about the best practices, but I have a few custom login-sensitive pages which simply display a message if user is not logged and is trying to view the page directly: $logged_in = is_user_logged_in(); if($logged_in) { ?> <article id=”post”> <?php the_content(); ?> </article> <?php } else { _e(‘You are not logged in. Please ‘, … Read more
register_post_type() has quite a few related arguments, of which publicly_queryable controls precisely what you are describing. However note that it will completely kill the CPT on front end — individual posts, archives, even post previews. If you want to do this conditionally you’ll have to manage this with code from scratch, which might get very … Read more
Definitely a really bad idea. Just send what you need, exposing all this data publicly opens a lot (and some more) attack vectors.
wp_create_nonce is a pluggable function loaded after plugins are loaded. Be sure to call your class method on proper hook, ‘init’ (or later) is a good place: once your function output something (a form) there is no reason to run earlier than that.
What I would do is this: Since wp_hash_password() is a “pluggable” function, create a simple plugin or MU-Plugin and define a function called wp_hash_password() in that plugin/mu-plugin. WordPress will use your function instead of the core function. Just copy the original code into your plugin/mu-plugin and change the one relevant line.
(Partial answer as I’m familiar with AWS, not Google Drive.) Having a WordPress DB stored somewhere on a cloud service is, in my opinion, no worse that hosting the site on a virtual or cloud server (given virtualisation platforms all allow you to reset the server’s root password – albeit typically with a reboot – … Read more