Although a little clunky I’ve found a passable solution to this problem using mod_security. To implement this, enable modsecurity in Apache (presumably with a2enmod security). Then edit the config file. On my Ubuntu based systems this is at /etc/modsecurity/modsecurity.conf and as follows: Ensure SecRequestBodyAccess is On (and I assume SecRuleEngine to DetectionOnly). You may also … Read more
Unable to login with correct password
/* Add code below wp_set_auth_cookie( $user->ID, true, false ); */ $current_user = wp_get_current_user(); if($current_user->roles[0]==’personal_account’){ wp_redirect(site_url(‘/profile’)); }else if($current_user->roles[0]==’corporate_user’){ wp_redirect(site_url(‘/corporate-profile’)); }
Blocking the direct access to images in the upload folder WordPress
You can use a CDN to serve the content to users from the closest server to them.
You should use curl method. Here is a brief explaination: So you have a form in your abc.com site (no need for iframe) then you should use $_POST method to send the data to a page you have created before and includes your curl php codes. On the other server you should have created a … Read more
Since the file is in your theme directory, WordPress may not want the user to “directly” access it. Why not create a Page in wordpress, assign a Template Name to your PHP page and then assign that to the new page created in wordpress. For example, you would have a new page called “Members Only” … Read more
You can read cookies both on the front- and back-end sides. For the front-end, you have to provide both links, and show only the desired one with javascript. Use document.cookie.indexOf(‘cookie_name’) to check the cookie presence. For the back-end, you can read the special $_COOKIE variable to check the cookie presence in you template and change … Read more
I don’t know that I would use cookies for this as the user could just modify their cookie to match their current IP. You could store the user’s IP as user meta at signup and then compare that to their IP during subsequent logins via the wp_authenticate_user filter. Sample code (untested): add_action( ‘user_register’, ‘wpse157630_add_user_ip’, 10, … Read more
WordPress is not a platform for SSO, and do not include any API to support such a use case. You can develop a JSON end point to validate users, but the work flow you describe will probably not match it.