I don’t think that disabling admin-post.php is a good idea. Such solution may break WP, some plugins and themes. But there is another, much simpler solution. Just add your action for admin_post (without nopriv) and process it properly – so if it’s a login action and user is already logged in, redirect him to proper … Read more
If you don’t have database access for some reason, you can also use // use these in your wp-config.php define( ‘WP_HOME’, ‘http://example.com’ ); define( ‘WP_SITEURL’, ‘http://example.com’ ); or // use these in your functions.php update_option( ‘siteurl’, ‘http://example.com’ ); update_option( ‘home’, ‘http://example.com’ ); to regain access to your site. You can read more about changing the … Read more
The professional way would be for them to work on a copy of your website set up in their own servers. This means that you should give them all the ftp files + the related DB. Then they work on their website and when the work is done you can update your website. If you … Read more
If you think your site got hacked, there are several (many) things you must do to ‘de-hack’ it. Including: changing all passwords (WP admins, FTP, hosting, database) reinstalling WP (via the Updates page) and then reinstalling all themes (from the repository) and plugins manually. checking for unknown files (via your hosting File Manager; if you … Read more
If your bootstrap or other enqueued scripts have a dependency or name conflict, this could enqueue all these scripts. There are a large number of common scripts in WordPress core that are enqueued under common names. I always recommend prefixing your script names with something specific. wp_enqueue_script( ‘theme-bootstrap’, ‘https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js’, array( ‘jquery’ ), ‘4.3.1’, true );
There’s a flaw in your approach. The filter hook you are using – user_row_actions – is for adding a “hover link” to the user row. It is run on each user row in the Users > All Users screen. That part by itself would be OK if what you were doing with the filter was … Read more
The URL in the wp-options table (in two places) needs to include the protocol – the ‘http://’ or the ‘https://’ part. That’s why, I believe, you are getting the double ‘dev.site’ in your URLs. That’s the first think I would check.
Take a look at the pre_get_users hook. It is very similar to pre_get_posts if you are familiar with that, except it is for wp_user_query instead of wp_query. You will need to ensure that you only check the users screen in the dashboard, because that hook would affect any user listing otherwise. Here is an example … Read more
If you want to go with PHP solution, then the post_class filter hook (codex) would allow you to do that – see the example below. You can paste that to your functions.php. Just be aware that hiding the post from posts list doesn’t make it restricted from access, users can still use the post’s edit … Read more
After a few more days of frustrating testing, I managed to track the issue down to the External Links Rewrite option in Siteground’s Site Tools, under SSL options. When HTTP Enforce is enabled with the optional External Links Rewrite option (being able to see these changes virtually immediately in the browser requires a Force Refresh, … Read more