Categories
WordPress

WordPress REST API

And the Copyrights.

Creating sign-up form for some website (source website) in another website (destination website): in the source website create access passwords with the plugin, in the destination website create sign-up form with the plugin and use the code (update the source website address and the access details):

add_action( 'wpcf7_posted_data', 'condless_create_remote_user' );
function condless_create_remote_user( $posted_data ) {
	$api_response = wp_remote_post( 'https://example.com/wp-json/wp/v2/users/', array(
		'headers' => array(
			'Authorization' => 'Basic ' . base64_encode( 'LOGIN:PASSWORD' )
		),
		'body' => array(
			'username'	=> $posted_data['your-name'],
			'email' 	=> $posted_data['your-email'],
			'password'	=> $posted_data['your-password'],
		)
	) );
	$body = json_decode( $api_response['body'] );
	if ( 'OK' === wp_remote_retrieve_response_message( $api_response ) ) {
		// Do something with $body
	}
}

As you probably have noticed- the largest Copyright controversy was agains Google for having distributed a new implementation of Java embedded in the Android operating system, the controversy reached the Supreme Court of the United States.

Categories
WordPress

WordPress Restrict Access

And The Little Trump.

Grant access to product pages for visitors only via the website search form:

add_action( 'template_redirect', 'condless_redirect' );
function condless_redirect() {
	if ( ! is_user_logged_in() && is_product() && strpos( wp_get_referer(), home_url() . '/?s' ) === false && wc()->cart->get_cart_contents_count() === 0 ) {
		wp_redirect( home_url() );
	}
}

Restrict submition to 1 form per email- install the pluginplugin and use:

add_filter( 'wpcf7_validate_email*', 'condless_email_validation_filter', 20, 2 );
function condless_email_validation_filter( $result, $tag ) {
	if ( Flamingo_Contact::find( array( 's' => trim( $_POST['your-email'] ) ) ) ) {
		$result->invalidate( $tag, __( 'Sorry, that email address is already used!' ) );
	}
        return $result;
}

Save attachments in folder restricted to logged-in users only- install the plugin, and plugin and create .htaccesss file in the wpcf7-submissions directory that inside the uploads directory with the content:

Options -Indexes
RewriteEngine On
RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]
RewriteRule ^(.*)$ - [R=403,L]

As you probably have noticed- unlike other WordPress default themes, the Twenty Twenty theme was written based on already existing theme, Chaplin by Anders Noren.

Categories
WordPress

User Posts Limit

Install the plugin and create user posts limit.

Why I see warning inside the plugin settings dropdown?
Depends on your previously installed plugins and unused DB tables, warning may appear in the plugin settings and when reaching the posts limit, you can save the settings and replace in the plugin code the “add_action( 'admin_notices', array( $this, 'wp_add_notice' ) );” line with “wp_die()“.

Categories
WordPress

WordPress Popups

And the Jazz Artists.

Install the plugin.

In WooCommerce notify the customer product page about discount ineligibility since purchase not enough items from it- add the Auto Open trigger, targeting the desired product id page, and the custom conditions (update the product id and the quantity for discount):

add_filter( 'pum_get_conditions', 'condless_pum_cart_product_quantity_conditions' );
function condless_pum_cart_product_quantity_conditions( $conditions ) {
        return array_merge( $conditions, array(
                'password_page_unlocked' => array(
                        'group'    => __( 'Products', 'woocommerce' ),
                        'name'     => __( 'Products', 'woocommerce' ) . ': ' . __( 'Cart', 'woocommerce' ) . ' ' . __( 'Quantity', 'woocommerce' ),
                        'callback' => 'cart_product_quantity',
                ),
        ) );
}
function cart_product_quantity() {
        foreach ( WC()->cart->get_cart() as $cart_item ) {
                if ( '772' === $cart_item['product_id'] && 3 > $cart_item['quantity'] ) {
                                return true;
                }
        }
        return false;
}

In WooCommerce update the customer while purchase temporary out of stock product (for simple products)- Enable the “Add To Cart button classes” and “Shortcodes” options in the plugin, create popup with the name simple_is_on_backorder1, targeting All Products, in the content insert the [current_add_to_cart] shortcode and notification about that he gonna add product which is temporary out of stock, if AJAX archive page option is enabled create another popup with trigger Click Open on .archive_is_on_backorder1 and the option “do not prevent…” and notification about that he just added product which is temporary out of stock, if not use the code:

add_filter( 'woocommerce_loop_add_to_cart_args', 'condless_add_class', 10, 2 );
function condless_add_class( $args, $product ) {
	if ( $product->is_type( 'simple' ) && $product->is_on_backorder() && ! is_product() && 'no' === get_option( 'woocommerce_enable_ajax_add_to_cart' ) ) {
		$product_id = $product->get_id();
		$args['class'] .= ' popmake-archive_backorder-' . $product_id;
		if ( isset( $product->get_availability()['availability'] ) ) $out = '<div>' . $product->get_availability()['availability'] . '</div>' . '<a href=' . $product->add_to_cart_url() . '>' . $product->add_to_cart_text() . '</a>';
		echo do_shortcode( "[popup id='archive_backorder-" . $product_id . "']" . $out . "[/popup]" );
	}
	return $args;
}

As you probably have noticed- Pastorius, Carter, Vald├ęs, and all other WordPress Version names, are names of popular jazz artists, inspired by WordPress core developers, who share a love of jazz music.

Categories
WordPress

WordPress Auto Generate Post

And Back to the Future.

Create post for a user when purchase some product (update the product ID):

add_action( 'woocommerce_order_status_completed', 'condless_create_page' );
function condless_create_page( $order_id ) {
	foreach ( wc_get_order( $order_id )->get_items() as $item ) {
		if ( '9' === $item->get_product_id() ) {
			$user_id = wc_get_order( $order_id )->get_user_id();
			$user = new WP_User( $user_id );
			$user->remove_role( 'customer' );
			$user->add_role( 'author' );
			wp_insert_post( array( 'post_title' => 'My New Page', 'post_status' => 'publish', 'post_author' => $user_id, 'post_type' => 'post') );
		}
	}
}

As you probably have noticed- Jigowatt ltd, the developers of Jigoshop on which WooCommerce code is based, was named after the pronunciation mistake of the word Gigawatt in the movie Back to the Future.

Categories
WordPress

WordPress Security

And the Chamber of Secrets.

Improve system security at the WordPress level:

  • Secure the server
  • Grant folder 755 and files 644 permission
  • Update frequently
  • Install few plugins as possible
  • Report any suspicious activity in your account to your hosting provider
  • Use the build-in tool “Site Health”
  • Remove unused themes
  • Install SSL certificate
  • Make use of an Editor user and use Admin only in need
  • Disable built-in dashbaord theme editor- add the directive to wp-config.php file:
define( 'DISALLOW_FILE_EDIT', true );

Disable directory browsing, prevent access to important files and directories, and XSS attacks protection- add the directives to the .htaccess file:

Options -Indexes

<FilesMatch "^.*(xmlrpc.php|error_log|wp-config\.php|php.ini|\.[hH][tT][aApP].*)$">
Order deny,allow
Deny from all
</FilesMatch>

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
# Comment the following directive if multisite
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L] 
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
</IfModule>

RewriteCond %{HTTP_USER_AGENT} (libwww-perl|wget|python|nikto|curl|scan|java|winhttp|clshttp|loader) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (;|<|>|'|"|\)|\(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]
RewriteCond %{THE_REQUEST} \?\ HTTP/ [NC,OR]
RewriteCond %{THE_REQUEST} \/\*\ HTTP/ [NC,OR]
RewriteCond %{THE_REQUEST} etc/passwd [NC,OR]
RewriteCond %{THE_REQUEST} cgi-bin [NC,OR]
RewriteCond %{THE_REQUEST} (%0A|%0D) [NC,OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR]
RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC,OR]
RewriteCond %{QUERY_STRING} (\.\./|\.\.) [OR]
RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
RewriteCond %{QUERY_STRING} http\: [NC,OR] 
RewriteCond %{QUERY_STRING} https\: [NC,OR]
RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)cPath=http://(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR] 
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>).* [NC,OR]
RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR]
RewriteCond %{QUERY_STRING} (\./|\../|\.../)+(motd|etc|bin) [NC,OR]
RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR]
RewriteCond %{QUERY_STRING} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR]
RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR]
RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR]
RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR]
RewriteCond %{QUERY_STRING} (sp_executesql) [NC]
RewriteRule ^(.*)$ - [F,L]

Disable PHP execution in the uploads directory- create inside a .htaccess file with the content:

<Files "*.php">
Order Deny,Allow
Deny from All
</Files>

Hide the WordPress version and login errors- add to functions.php file in the child theme:

add_filter( 'the_generator', '__return_false' );
add_filter( 'login_errors', create_function( '$a', "return 'Invalid Input';" ) );

Scan frequently the code in the WordPress directory and database for malwares detection and delete unused items, create full backup before each modification, consider reinstalling WordPress (core files, themes and plugins) from the Dashboard. Make use of the recently modified files command:

find ./ -type f -mtime -15

Remove the Mobile Spam Popup malware- delete the wp-tmp.php, wp-vcd.php, wp-feed.php files from wp-includes directory and delete the code which is creating them from the themes’ functions.php.

Remove the Japanese Keyword Hack malware- clean the malicious code from .htaccess, wp-config.php, sitemap.xml files and uploads directory.

As you probably have noticed- many WordPress malwares were not created to shut down the website, but rather to use its infrastructure and create clients traffic to purchase products on a third-party site, usually advertising prohibited health and wellness products.

Categories
WordPress

WordPress RTL

And the Philosopher’s Stone.

Fix WordPress Gutenberg built-in code block (CSS):

pre.wp-block-code {
	text-align: left;
	direction: ltr;
}

Fix Owl Carousel based slider elements (CSS):

.owl-carousel,
.bx-wrapper { direction: ltr; }
.owl-carousel .owl-item { direction: rtl; }

Fix Chosen Drop based dropdown elements (CSS):

.chosen-container .chosen-drop { left: 9999px; }

Create Twenty Twenty child theme- create the path wp-content/themes/twentytwenty-child, and create inside the files style.css and style-rtl.css with the content:

/*
 Theme Name:   twentytwenty Child
 Template:     twentytwenty
*/

And the file functions.php with the content:

<?php
add_action( 'wp_enqueue_scripts', 'condless_theme_enqueue_styles' );
function condless_theme_enqueue_styles() {
        if ( is_rtl() ) {
                wp_enqueue_style( 'parent-style-rtl', get_template_directory_uri() . '/style-rtl.css' );
        } else {
                wp_enqueue_style( 'parent-style', get_template_directory_uri() . '/style.css' );
        }
}

Fix its fonts:


body {
	font-family: "Inter var", -apple-system, BlinkMacSystemFont, "Helvetica Neue", Helvetica, sans-serif;
}

Create Storefront child theme- create the path wp-content/themes/storefront-child, and create inside the files style.css and style-rtl.css with the content:

/*
Theme Name: Storefront Child
Template: storefront
*/

And the file functions.php with the content:

<?php
add_action( 'wp_enqueue_scripts', 'condless_theme_enqueue_styles', 9999 );
function condless_theme_enqueue_styles() {
	if ( is_rtl() ) {
        	wp_dequeue_style( 'storefront-child-style' );
		wp_enqueue_style( 'child-style-rtl', get_stylesheet_directory_uri() . '/style-rtl.css', 'storefront-style' );
	}
}

As you probably have noticed- most of the Middle Eastern languages are written from right to left, it is suggested that as stone was the main material used, it being easier to chisel right to left. With ink, suggestions continue, moving left to right prevented smudging.