Have you tried updating the permissions for your WordPress files to 755 or 777? UPDATE 1 Thanks to @anu in the comments (~/Sites assumes you put websites are in the Mac’s default website directory): cd ~/Sites sudo chmod -R 777 * I just checked my httpd.conf file, which has the path /Applications/XAMPP/etc/httpd.conf and here is … Read more
What you (and probably 99% of the theme authors) are trying to do is just wrong. Users should not be expected to know CSS to customize a theme, and if they do need to go into such a low level, the right thing for them to do is to create a child theme and insert … Read more
According to the WP_Session_Tokens class documentation, this token is used to validate the user’s session. It does this by checking the provided token against the existing session tokens stored in the user meta table for that user. Session tokens are generated using the wp_generate_password function, and are 43 characters long. So no, it should not … Read more
I know this question is ancient, but no, it’s not very secure. Anyone with knowledge of the AJAX endpoint would be able to generate valid nonces, which defeats the purpose in the first place. That being said, nonces are a low level defence in the first place: they only stop the simplest of attacks. A … Read more
Contrary to what you have been looking at, esc_html does not strip all the HTML, it escapes it, meaning it encodes it into safe HTML entities that do not break HTML tags. wp_filter_nohtml_kses strips all the HTML. When in doubt always consult the source code. It is accessible online. esc_attr is short and sweet, uses … Read more
I found this: Exclude Users from Members directory on a BuddyPress based social network We will need to hook to ‘bp_ajax_querystring’ filter. The following code will allow to exclude the users from the members directory. They will be still listed in the friends list of other users with whom they are friends with. add_action(‘bp_ajax_querystring’,’bpdev_exclude_users’,20,2); function … Read more
If I follow the description right the vulnerability refers to PHP applications which read, trust, and use HTTP_PROXY environment value (which might be compromised). From quick search through WordPress core source code I found no instances of that value being accessed. Since WP ships its own HTTP client implementation its also not affected by upstream … Read more
Why not just disable comments and registration? This comes to mind also: (Redirect all requests to login page or admin pages to homepage. A little irreversible.) $currentURL = $_SERVER[“HTTP_HOST”] . $_SERVER[“REQUEST_URI”]; if (strpos($currentURL, ‘wp-admin’ ) or strpos($currentURL, ‘wp-login’ )) { header( ‘Location: ‘.site_url() ); } Caution: this stops you from logging in also. Edit: And … Read more
You should (if available) submit the code you are working with, even if just a snippet, so we can assess your process in relation to your question. The short answer however is YES, it is safe, so long as you, prevent input fields being displayed on user profile page for certain user roles prevent unauthorized … Read more
You can use wpdb insert function. It’s better in every way. It can care about data’s escapeing itself and it’s shorter. You can use your own query anyway but I would recommended this article for reading https://codex.wordpress.org/Data_Validation#Database