Using debug log in production, is that a security concern?

I would consider it a security concern if everyone is able to view the debug.log file from the browser. It could reveal e.g. paths, plugins and their problems. There are though ways to restrict access to it via Nginx or Apache. Another problem I’ve seen with logging to debug.log on production sites is that it’s … Read more

xdebug connects but won’t break in WordPress with vvv

In my case it turned out to be a path mapping issue. Adding… “pathMappings” : { “/srv/www” : “C:\\Users\\tmorgan\\websites\\local\\www” } …fixed it for me. In other words, explicitly specifying how the server path related to my local file path was necessary. I did not think this was the case because xdebug was connecting to my … Read more

How to dump/log default values that are passed to hooks/filter functions?

If you want to keep your log on the server, try using php’s error_log() which is more flexible than just writing to files on disk. Something along the lines of: add_filter(‘manage_edit-member_columns’, ‘set_custom_edit_member_columns’); function set_custom_edit_member_columns($columns) { error_log(print_r($columns,true),3,__DIR__.”/log.txt”); $columns[‘photo’] = “Photo”; return $columns; } OTOH, if you find the browser console more convenient, you should include a … Read more

if(!is_user_logged_in()) returns true when 404

Please try this for your redirect: add_action( ‘template_redirect’, function(){ // no non-authenticated users allowed if( ! is_user_logged_in() ) { wp_redirect( home_url( ‘/wp-login.php’ ), 302 ); exit(); } }); to allow only logged in users to view your site. It’s generally too late to use redirect directly in the header.php file, so it’s better to use … Read more

Send specific users an email when posts are published

Do you know if your wp_mail() function is working at all? Do you know whether or not your function isn’t failing higher in the chain? I’d re-write the function like this, which makes it a little easier to read and also slightly more efficient as we are only running functions that we absolutely need to … Read more

Where’s The Best Place to use Register_Shutdown_Function()?

WordPress core register a shutdown function on its own (source) the function shutdown_action_hook registered to be ran on shutdown, call do_action( ‘shutdown’ ); and little more (source). So, if you want to register a shutdown function in WordPress way just add your function on ‘shutdown’ hook: add_action( ‘shutdown’, ‘my_shutdown_callback’ ); function my_shutdown_callback() { error_log(‘Goodbye’); } … Read more

Intercepting wp_mail() to view contents

The first link on Google is to https://developer.wordpress.org/reference/functions/wp_mail/ which says that wp_mail is in wp-includes/pluggable.php It also has the full function source code showing that the first active line of the function is: $atts = apply_filters( ‘wp_mail’, compact( ‘to’, ‘subject’, ‘message’, ‘headers’, ‘attachments’ ) ); … which suggests that if you hook into the filter … Read more