This is a problem: public function __contruct() it should be __construct, the S is missing, meaning there is no constructor and the add_filter calls never happen The function that registers the routes also never runs because the add_action call is commented out: //add_action( ‘rest_api_init’, array( $this, ‘extend_default_routes’ ) ); This means the constructor never runs, … Read more
As Jacob Peattie mentioned in the comments, the filter should return a value, if the condition is not met, as demonstrated below. Another thing to consider is the question of when are you instantiating the class? I.e. immediately on the main plugin file or on some action hook. Although I doubt that this is the … Read more
This will try to load PHP code from one of three servers, the three base64-encoded strings, and execute the first one it successfully fetches on your server. Those domains do still exist, so this is potentially an active hack. They don’t return any data to me when tested but I hadn’t set a domain in … Read more
Once a user logs in, you’d want to check whether they’ve made a submission to your particular form. Gravity Forms keeps all of its entries (which is what it calls form submissions) stored away neatly, so we can simply check in there. If the user has no entries for your form, we’ll send them one … Read more
The potentially nefarious plugin might filter itself out of the plugins list table by attaching a filter callback to all_plugins hook, which is used in WP_Plugins_List_Table->prepare_items(). One option could be that you inspect the global $wp_filter variable and see, if there are any suspicious (but what counts as suspicious?) callbacks attached to the above hook. … Read more
Found it! If you are googling ypyp-sym-tsym, almost nothing comes up, so I’m adding the answer here, in case somebody else stumbles upon this issue. The plugin that added this was yellowpencil (ypyp), now known as Visual CSS style editor
To restrict unauthorized software downloads on your WordPress website, you can implement the following approaches: Membership/Subscription System: You can use a membership or subscription plugin to control access to your downloads. Users must create an account and pay for a subscription to access the download links. This way, you can track who has paid and … Read more
It’s not something that WordPress supports out of the box, but I think you can whip up some custom code to achieve this. I think you can use WordPress cron job that will check the current date and time for this to activate/deactivate the plugin accordingly. Here’s an example for deactivating: add_action(‘wp’, ‘plugin_deactivation_schedule’); function plugin_deactivation_schedule() … Read more
In WordPress, nonces (number used once) are security tokens that help protect against CSRF (Cross-Site Request Forgery) attacks. Nonce verification is generally recommended for actions that involve user interactions to ensure that the request is legitimate and not forged by a malicious party. When it comes to custom bulk user actions in WordPress, nonce verification … Read more
Since you found a suspicious user, there’s a good chance your site has been hacked. The easiest thing to do is have the professionals take a look. At minimum, install a new security plugin and scan your site, delete suspicious files, take the time to weed out unused plugins and update everything, change your login … Read more