permissions - Read For Learn

How to hide wordpress error message?

Depends on what you mean by “redirect”. If you want to 404 them, this will do the job: add_filter(‘wp_die_handler’,’custom_404_die_handler’); function custom_404_die_handler() { global $wp; $wp->handle_404(); load_template(get_404_template()); die(); } If you actually want to redirect them somewhere, then you could do something like this, but that’s not exactly a “404”, as such. add_filter(‘wp_die_handler’,’custom_404_die_handler’); function custom_404_die_handler() { … Read more

Restrict access to trash, only admin

First of all you have to deny access to trash page in admin. To show trash, the ‘post_status’ argument for main query must be ‘trash’, so you can check that and redirect if current user is not an administrator: add_action( ‘pre_get_posts’, ‘deny_trash_access’ ); function deny_trash_access( $query ) { // nothing to do if not in … Read more

Auto-update failing with “hardened” permissions

The point of hardening is to avoid the core files to be manipulated by external users (on shared hosting) and by the webserver (as it is the main source of exploits). Since the update runs via the webserver it is obvious that if you hardened your files against webserver initiated manipulation, the update will fail. … Read more

What is the “user account” for WordPress’ file permissions?

»your user account« describes the system user of the remote host. Depending on the environment of your hosting provider, this is typically the same as the basic FTP account. In fact, it’s a user on an operating system. So yes, you should be able to change it via FTP. As there are typically many users … Read more

Reseting file permissions

In this context /path/to/site means the absolute path to the root of the content directory of the website. You can find this by navigating to the directory where you installed wordpress and running the command pwd (assuming you are on linux). That will output the path you are looking for. By default in many linux/apache … Read more

Implement Javascript Code in the footer if user is logged in

You don’t need to echo your script code you can tell your footer.php file to proceed with JavaScript with if statement if user is logged in: <?php if ( is_user_logged_in() ): ?> // Your JavaScript code here <?php endif; ?>

How to prevent plugins from being uninstalled

Yes, you can use the same filter, just remove the delete key of the $actions array. If you want to remove the “delete” link for the plugin “myplugin”, you’d go for something like this: add_filter(“plugin_action_links”, function($actions, $plugin_file, $plugin_data, $context) { if($plugin_file == “myplugin/myplugin.php”) { unset($actions[“delete”]); } return $actions; }, 10, 4); Obviously, you cannot put … Read more

failed to open stream: Permission denied for WordPress plugin

All files should be owned by the actual user’s account, not the user account used for the httpd process. Group ownership is irrelevant unless there are specific group requirements for the web-server process permissions checking. This is not usually the case. All directories should be 755 or 750. All files should be 644 or 640. … Read more

Permission of 775 not enough

The “user” running your webserver (sometimes _www, sometimes www-data, sometimes “nobody”) lacks the permissions to edit these files. You can either change them to be owned by that user or change them to 777. To find out what your web server user is, assuming you’re running apache, run ps aux | grep httpd in the … Read more

wp-content Folder Permissions (777 OK?)

As listed down the bottom (http://codex.wordpress.org/Changing_File_Permissions#The_dangers_of_777) having 777 permissions allows anybody with know how to go in and modify and execute your code making it available to hackers. I was reading an article yesterday and it stated that about 80% of all hacks came from uploading/inserting a file into the uploads folder creating a backdoor … Read more

+ More