What you’re doing at the moment is okay, but there are far far better ways to do it. The problem of man in the middle attacks here is that to insert yourself between wordpress.org and a server at a data centre is no easy task, so this scenario is very unlikely. However If you abandon … Read more
This maybe just a personal distinction but I consider: data validation to mean is the data ‘correct’? Is it what we expect? data sanitisation to mean is the data *safe to use * Though there can be some blurring, typically data validation will only occur when a user-input is taken, or some data is obtained … Read more
No, but you can just run stripslashes on it.
Just to continue few important things on the excellent answer @MarkKaplun provided that should be accepted. disable-functions is PHP world. Here is the more broad list: exec, passthru, shell_exec, system, proc_open, popen, show_source, apache_child_terminate, apache_get_modules, apache_get_version, apache_getenv, apache_note, apache_setenv, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, posix_getpwuid, posix_uname, pclose, dl, disk_free_space, diskfreespace, disk_total_space, pcntl_exec, proc_close, proc_get_status, proc_nice, … Read more
It’s not completely clear how your provider is handling the the resource overage, but the situation described in the question can be reproduced by setting up wp-config.php to connect to an empty database. From the looks of it, someone would be able to proceed with the WordPress installation. This solution will prevent WordPress from being … Read more
Does WordPress core has this function defined somewhere? While I haven’t used it, you are probably looking for wp_salt or wp_generate_password. wp_salt is located in wp-includes/pluggable.php. can these salts be generated randomly Yes, of course. are there any specific rules for creating them There is no specific rule. The generic rule is to create long, … Read more
You should be able to filter out some tests by using the filter site_status_tests Quoting the WordPress documentation: Usage: add_filter(‘site_status_tests’, function (array $test_type) { unset($test_type[‘direct’][‘theme_version’]); // remove warning about Twenty* themes unset($test_type[‘async’][‘background_updates’]); // remove warning about Automatic background updates return $test_type; }, 10, 1); You can get the list of tests from the WP_Site_Health->get_tests() method … Read more
Here is an untested suggestion for wp-cli approach: We can list post IDs of published posts with open comment status with: wp post list –post-status=publish –post_type=post comment_status=open –format=ids and update a post to a closed comment status with: wp post update 123 –comment_status=closed where 123 is a post id. We can then combine those two … Read more
In your specific case, I don’t think the answer is a technical one (see my comment on the question for more details). For everyone else, the answer to “How can I easily verify a core or plugin update has not broken anything?” is automated testing. That’s the whole purpose of automated testing, because it’s unreasonable … Read more
You do cite experience with WP going back farther than that of mine… Yet I do not see these issues as that major. What scale of sites are we talking about? It’s fairly slow I feel this is bit too much of generalization. Slow can be put in context of specific hardware, tasks and level … Read more