Pingbacks/Trackbacks: This is most likely a harmless case of link notifications to your blog (A) from the other blog (B), where: the comment_author_email field is usually empty, the comment_type field is either pingback or trackback, the comment_author field has the form: The title of the post that contains a link to a post of blog … Read more
Here is an untested suggestion for wp-cli approach: We can list post IDs of published posts with open comment status with: wp post list –post-status=publish –post_type=post comment_status=open –format=ids and update a post to a closed comment status with: wp post update 123 –comment_status=closed where 123 is a post id. We can then combine those two … Read more
I did some debugging and was able to reproduce and solve the issue, but unfortunately I was not able to figure out the specific cause. Generally speaking, it seems that .vtt files are failing the check performed by wp_check_filetype_and_ext(). I was able to upload .vtt files (Only tested on WP 5.0.1) after creating a simple … Read more
It’s actually a good question. Of course user input cannot be trusted, but also sanitizing the same value twice “just in case” isn’t the best solution for a problem. The only real answer to this question can be given by looking at the code and following what goes on. And after reading it for a … Read more
Personal Opinion: I had the same thing with (mt) mediatemple twice last year. They told me/us that it was a wordpress issue, but it wasn’t. I heard the same from dreamhost last year. So: don’t think about it too much, just remove the hack and blame your host (again). Anyway: You could read this thread. … Read more
How can I prepare() my wpdb query? I tried but couldn’t manage because of the second parameter. The prepare() works is explained in Codex, you need to have a query with placeholders and additional arguments to replace that placeholders. If you have no placeholders (so no variable parts in the query) then you can use … Read more
When accepting user data inputs, I think that data validation must be performed if possible, not only sanitization. For example, you could expect a number, a bool value, a text string (even when the input is a selectbox it can have a string value), etc. You can santize for that data types; then you can … Read more
In your specific case, I don’t think the answer is a technical one (see my comment on the question for more details). For everyone else, the answer to “How can I easily verify a core or plugin update has not broken anything?” is automated testing. That’s the whole purpose of automated testing, because it’s unreasonable … Read more
You’ll want directories to have 755 and files to have 644. you can navigate to your www directory and use these 2 commands: find . -type d -print0 | xargs -0 chmod 0755 # For directories or find . -type f -print0 | xargs -0 chmod 0644 # For files (Obviously don’t input the # … Read more
No. WordPress sanitizes the search query. To use the sanitized search query, use the_search_query() to echo, or get_search_query() to return, the search query. Edit Based on your edit: Don’t use $_GET[‘s’]. Use get_search_query(). Don’t use $_GET[‘cat’]. Use get_the_category(). All $_GET and $_POST data should be assumed to be inherently unsafe, and should be sanitized/validated accordingly.