Investigating the filter authenticate, we can find that it is called inside the function wp_authenticate, which is a pluggable function. That means that it can be replaced by one of our own making. This is the original function, plus a marked entry point: function wp_authenticate($username, $password) { $username = sanitize_user($username); $password = trim($password); $user = … Read more
Here’s one way to add this feature using the following flowline : The admin updates the user option page: -> edit_user_profile_update or personal_options_update hooks activated -> edit_user() function is called -> wp_update_user() function is called within edit_user() -> wp_insert_user() function is called within wp_update_user() -> profile_update hook activated within wp_insert_user() for user updates, not user … Read more
My favorite way to do something like this is not via database hacking (which I am always concerned will have side effects), but via a command line tool. For example, giving a functioning WP CLI install, you can simply do this: wp user delete $(wp user list –role=subscriber –field=ID –number=10) –reassign=1 The reassign parameter is … Read more
Not allowed by design: If we try to change the user login by the email: wp user update [email protected] –user_login=mary_new or by the user id: wp user update 123 –user_login=mary_new we get the following warning: User logins can’t be changed. This is the reason: if ( isset( $assoc_args[‘user_login’] ) ) { WP_CLI::warning( “User logins can’t … Read more
You worded it as you want to check if user has administrator role. It is considered more proper to check for capability, relevant to specific action. In practice this is usually expressed as current_user_can( ‘manage_options’ ) for current user. For arbitrary user it would be user_can( $user_id, ‘manage_options’ ). Of course this is capability that … Read more
By the looks of it, there’s a plugin to achieve exactly this, so save you rolling your own for it. The plugin is: https://wordpress.org/plugins/permalinks-customizer/ I installed it to test that it does what you’re looking for. Here’s a screenshot that shows what you’d do:
Your query is wrong because your third argument to TIMESTAMPDIFF is incorrect. You should be using meta_value instead of SELECT meta_value. SELECT user_id FROM wp_usermeta WHERE meta_key = ‘wp_wp_kc_last_active_time’ AND TIMESTAMPDIFF( second, now(), TIMESTAMP(meta_value) ) > 5184000; Try that and see if the results start looking correct. I just checked over the mySQL Date Function … Read more
The solution that we have gone with in the end uses a single call to get_user_meta passing just the $user_id – this way all user data is returned in a single query, reducing a heavy load on the DB during large user data exports. We then run a series of checks against the returned data … Read more
This isn’t really a WordPress question – but you can add a rewrite rule to prevent access unless the referrer is your own domain. [Update] You’ll need to do 2 things Add a rewrite rule (either directly with .htaccess or by using WP_rewrite (Codex reference). The aim here is to deny requests to your documents … Read more
The difference is really no difference in regular (single install) WordPress. It’s in a multisite install (network) where there is a difference. In multisite, only a Super Admin (who can manage everything on the network) has delete_users capability, while an “admin” (who would own/manage a single site) can remove_users from their site, but cannot delete … Read more