WordpPress “out of the box” is not GDPR complaint. Even putting aside the integration with non complaint services like akismet and gravatar, just storing comments will probably require to give users the ability to delete them, but there is no real way to identify which users created which comment as comment authors are never verified. … Read more
You have to sanitize or escape the data based on type and application of the data. Like below- $title = sanitize_text_field( $_POST[‘title’] ); update_post_meta( $post->ID, ‘title’, $title ); It’s a quite huge topic. You better read this Validating Sanitizing and Escaping User Data.
My original comment: Is chmod 777 a good idea? if it’s not absolutely necessary (which if your server’s users and groups are properly configured it’s usually not) then avoid it. is it as terrible and the omg you’re gonna get hacked any second now disaster everyone makes it out to be? not quite, but again … Read more
It turns out that the shared server I have at Network Solutions is forcing HSTS through their service. And since it’s a shared hosting server, they refuse to change it. The solution: I purchased a Wildcard certificate, and installed it on multiple servers for each subdomain.
By Using following hook, you can customize your login page and password validations with ajax or PHP. add_action( ‘login_form’, ‘myplugin_add_login_fields’ ); function myplugin_add_login_fields() { //Get and set any values already sent $user_extra = ( isset( $_POST[‘user_extra’] ) ) ? $_POST[‘user_extra’] : ”; ?> <p> <label for=”user_extra”><?php _e(‘Extra Field’,’mydomain’) ?><br /> <input type=”text” name=”user_extra” id=”user_extra” class=”input” … Read more
There are many things that I do to check a possible hack on the site. Changing FTP users/passwords, reinstalling WP, reinstalling themes/plugins, changing user account passwords (especially admin level), change hosting credentials. I wrote an entry on my own site to remind me (most of the stuff there is my own ‘notes’ to myself). May … Read more
Any subscriber can’t do any harm to your site even if he wants it. https://wordpress.org/support/article/roles-and-capabilities/
It looks like your server is using Apache’s Combined Log Format. So here’s what’s actually in your logfile lines: 91.207.9.226 {Remote client’s IP address} – {Remote user ID, generally unused} – {Authenticated user ID, unused in most cases} [23/Apr/2013:17:41:19 +0530] {Date} “GET / HTTP/1.1” {Request – here they asked for your site’s home page, essentially} … Read more
Malware/Permission bug removal?
Please try this: 1) Save the rewrite rules to the file: /absolute/path/to/wp_security.conf. 2) Then include it in your NginX configuration file, with the line: include /absolute/path/to/wp_security.conf; and place it in the server context: server { #… cut … ## # include the Better WP Security configuration file ## include /absolute/path/to/wp_security.conf; location / { try_files $uri … Read more