You can hook on an early action and apply the filter for your use case: add_action( ‘load-profile.php’, ‘allow_profile_html_wpse_91564’ ); function allow_profile_html_wpse_91564() { global $current_user; if( ‘2’ == $current_user->ID ) remove_filter(‘pre_user_description’, ‘wp_filter_kses’); } The hook load-$pagenow runs in all default admin pages (i.e., not added by a third party), and it’s declared in the file /wp-admin/admin.php. … Read more
There is no security risk in a pluggable function: If someone installs a plugin that lowers the security it is his/her own fault. On the other hand, you can override the functions to make nonces more unique or to change their format. In a custom function wp_verify_nonce() you could use an optional third parameter or … Read more
Instead of manually removing the safety filters like this, you should simply set the correct user for these processes to be running as. When you are logged in and running a process manually, you are logged in and thus you have your credentials being used, and your permissions being used. I’m betting you’re an administrator … Read more
You can create a file called custom_logout.php and place it in the root wordpress directory. This contains <?php require_once(“wp-load.php”); //load wordpress wp_logout(); //logout exit(); //end page ?> Then in your subdomain site open the url with an anchor tag <a href=”http://youwebsite.com/custom_logout.php”>Logout</a> You can’t create a whitelist easily because it would involve checking where the user … Read more
The only way to do this would be to whitelist the allowed arguments, being very careful to limit them so as not to introduce an DOS attack vector. Having said that, this is not how most infinite scroll implementations are built, and you may have better results relying on the WP API rest api instead … Read more
I went for the solution as suggested by @Rup in the comments. Replacing the two nonce functions, wp_create_nonce() and wp_verify_nonce() to prefix a nonce with a 1 or a 0 for logged-in and logged-out users respectively. The logged out nonces work by IP rather than User ID and session Token. Thus, allowing for nonces to … Read more
I was busy writing up a plugin for this without even checking of one already existed. So I did a little research and found out that it does indeed already exist and that the path I was going down was the right one. Well, there’s no need to reinvent the wheel here, so here’s the … Read more
Technical difference is kinda obvious. PHP one is single function, using logic in PHP code. WP one is one of family of functions, based on third party KSES library. Is there practical difference between these two specific functions? I think the important point is that strip_tags() was made for utility, while KSES was made for … Read more
From the WordPress Codex: The secret key is located in two places: the database in case the secret key isn’t defined in the second place, which is in the wp-config.php file. If you are going to set the secret key, then you must do so in the wp-config.php file. The secret key in the database … Read more
Why not make a new account for this user which will generate a new database ID. Then delete the user with the ID of 1 and attribute all posts / content to the new user you created for them? Then you don’t have to worry about queries or messing up your database. Also, as said … Read more