Correct way check nonce (security) using old Options API
Correct way check nonce (security) using old Options API
security
WordPress login urls
ok, so it seems I overlooked a previous question asked here on stackexchange. For anyone interested, the solution might be found here: brute force attack even though it is limited by IP
Cookie nonce is invalid – Multisite
I found the problem. The links to the Network Admin are incorrect. For example, network users have: http://my-local-cms.dev/wp-admin/network/ It should be (if wordpress core is located in backend/) http://my-local-cms.dev/backend/wp-admin/network/ If you visit the first link and add /backend/ before wp-admin in the browser, then the network admin will behave correctly. Fix Edit 2017-08-30 New solution: … Read more
password protected post policy
I’ve had a look at WordPress’ core code and couldn’t find anything really useful to add a filter on the post password. You could use the filter wp_insert_post_empty_content, it is used to check whether the required fields of the post are set or not (e.g.: title). Here is an example on how it could be … Read more
Coding a plugin on WordPress; when should I sanitize? [duplicate]
Coding a plugin on WordPress; when should I sanitize? [duplicate]
WordPress Content Security Policy and Subresource Integrity
WordPress Content Security Policy and Subresource Integrity
Nonces, AJAX, script variables & security in WordPress
Nonces, AJAX, script variables & security in WordPress
Should I add the IP of the server that hosts my sites to the list of authorized IPs in the wp-admin/.htaccess?
Should I add the IP of the server that hosts my sites to the list of authorized IPs in the wp-admin/.htaccess?
Is it possible to post with Word 2007 via XML-RPC and limit categories by user?
As per comment it is hard to answer this without knowing specifics of setup. In general there are two generic approaches to this: Prevent unwanted terms from being returned by filtering get_terms_args or other available hooks. Prevent unwanted terms from being saved (or cancel them right after) by hooking somewhere in wp_insert_post(). The more complex, … Read more
Change WP-Login or WP-Admin
As far as i know you cannot rename wp-admin. Many themes and plugin uses wp-admin in path. So if you rename it then all your plugins and themes will be broken. If you don’t want your users to access wp-admin then restrict it using .htacess If anyone access your wp-admin url redirect them to other … Read more