All standard login / registration action are done using ‘wp-login.php’ file. The standard comments are saved using ‘wp-comments-post.php’ file. Blocking this 2 files you block standard flow for comments, login, registration and password recover. Very early in its bootstrap WordPress save a global variable $pagenow that contain the name of the file being loaded. You … Read more
Hopefully this is a temporary fix for you. The idea is to override the nonce. Add the following in a functions.php file or in the plugin itself function wp_verify_nonce($nonce, $action = -1) { return 1; } For now, this works on the bridge I use on my site (A different bridge for a different forum … Read more
Irrespective of the plugin you use > each plugin will give you an option to save / view the PHP code generated for the custom post type. This code will also include the capabilities added and generated by the plugin. All you need to do is copy this code into your functions.php and before that … Read more
Not out of the box, but you could implement it by: Adding a user meta on user create. Dropping that meta on user password update. Redirecting the user to his profile page, from anywhere else, if the user meta is around.
A simple way could be hooking into the login process and check if the user is already logged. There is a ‘wp_authenticate’ action that runs just before loggin in an user.
If you can write the non-wp site to work with the users and usermeta table then you can use wordpress to create and verify the login cookies. If this is not an option, you can do something along the lines of checking for the login information from the other site in wordpress and if it … Read more
You can use the auth_cookie_expiration filter to change the expiration time of the cookie WordPress sets to remember you. The user won’t be logged out unless they change browser or clear their cookies (normally part of clearing history). The problem is that you can’t set a cookie to never expire, so you have to set … Read more
You could make it a mu-plugin (‘Must Use’ plugin). Any PHP file you put into /wp-content/mu-plugins/ will automatically get included in WordPress. You can’t deactivate the plugin (unless you have ftp access to the server). If you go with a mu-plugin, make sure to put the functionality into a subdirectory and bootstrap it with a … Read more
To me it makes sense to send via GET to the page you are currently on. That way you just hook into admin_init and check for your GET variables. As for security you can pass nonces via URLS: http://codex.wordpress.org/Function_Reference/wp_nonce_url
Don’t do what seems to be possible… You can use the possibility to change the WordPress constants WP_CONTENT_DIR and WP_CONTENT_URL in your wp-config.php. BUT it really, really, really, really is not recommended. Why? not recommended?? It’s pretty easy: Just do a cross file search (with your IDE or for e.g. Notepad++) for wp-content and you’ll … Read more