Categories
WordPress

WordPress Auto Generate Post

Create post for a user when purchase some product (update the product ID):

add_action( 'woocommerce_order_status_completed', 'condless_create_page' );
function condless_create_page( $order_id ) {
	foreach ( wc_get_order( $order_id )->get_items() as $item ) {
		if ( '9' === $item->get_product_id() ) {
			$user_id = wc_get_order( $order_id )->get_user_id();
			$user = new WP_User( $user_id );
			$user->remove_role( 'customer' );
			$user->add_role( 'author' );
			wp_insert_post( array( 'post_title' => 'My New Page', 'post_status' => 'publish', 'post_author' => $user_id, 'post_type' => 'post') );
		}
	}
}
Categories
WordPress

WordPress Storefront Theme

And the Canvas.

Edit the mobile menu button text:

add_filter( 'storefront_menu_toggle_text', 'condless_storefront_menu_toggle_text' );
function condless_storefront_menu_toggle_text( $text ) {
	$text = __( 'Menu' );
	return $text;
}

As you probably have noticed- this theme is not the first default theme for the WooCommerce, the Canvas theme preceded it, it included an editor and was replaced when Gutenberg, the new WordPress default editor, was announced.

Categories
WordPress

WordPress Twenty Twenty Theme

And The Little Trump.

Customize the header structure (CSS):

.cover-header-inner-wrapper { min-height: 60vh !important; }
.home .entry-header { display: none; }
.home .post-inner { padding: 0; }

As you probably have noticed- unlike other WordPress default themes, this one was written based on already existing theme, Chaplin by Anders Noren.

Categories
WordPress

WordPress Security

And the Chamber of Secrets.

Improve system security at the WordPress level:

  • Secure the server
  • Grant folder 755 and files 644 permission
  • Update frequently
  • Install few plugins as possible
  • Report any suspicious activity in your account to your hosting provider
  • Use the build-in tool “Site Health”
  • Remove unused themes
  • Install SSL certificate
  • Make use of an Editor user and use Admin only in need
  • Disable built-in dashbaord theme editor- add the directive to wp-config.php file:
define( 'DISALLOW_FILE_EDIT', true );

Disable directory browsing, prevent access to important files and directories, and XSS attacks protection- add the directives to the .htaccess file:

Options -Indexes

<FilesMatch "^.*(xmlrpc.php|error_log|wp-config\.php|php.ini|\.[hH][tT][aApP].*)$">
Order deny,allow
Deny from all
</FilesMatch>

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
# Comment the following directive if multisite
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L] 
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
</IfModule>

RewriteCond %{HTTP_USER_AGENT} (libwww-perl|wget|python|nikto|curl|scan|java|winhttp|clshttp|loader) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (;|<|>|'|"|\)|\(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]
RewriteCond %{THE_REQUEST} \?\ HTTP/ [NC,OR]
RewriteCond %{THE_REQUEST} \/\*\ HTTP/ [NC,OR]
RewriteCond %{THE_REQUEST} etc/passwd [NC,OR]
RewriteCond %{THE_REQUEST} cgi-bin [NC,OR]
RewriteCond %{THE_REQUEST} (%0A|%0D) [NC,OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR]
RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC,OR]
RewriteCond %{QUERY_STRING} (\.\./|\.\.) [OR]
RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
RewriteCond %{QUERY_STRING} http\: [NC,OR] 
RewriteCond %{QUERY_STRING} https\: [NC,OR]
RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)cPath=http://(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR] 
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>).* [NC,OR]
RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR]
RewriteCond %{QUERY_STRING} (\./|\../|\.../)+(motd|etc|bin) [NC,OR]
RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR]
RewriteCond %{QUERY_STRING} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR]
RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR]
RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR]
RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR]
RewriteCond %{QUERY_STRING} (sp_executesql) [NC]
RewriteRule ^(.*)$ - [F,L]

Disable PHP execution in the uploads directory- create inside a .htaccess file with the content:

<Files "*.php">
Order Deny,Allow
Deny from All
</Files>

Hide the WordPress version and login errors- add to functions.php file in the child theme:

add_filter( 'the_generator', '__return_false' );
add_filter( 'login_errors', create_function( '$a', "return 'Invalid Input';" ) );

Scan frequently the code in the WordPress directory and database for malwares detection and delete unused items, create full backup before each modification, consider reinstalling WordPress (core files, themes and plugins) from the Dashboard. Make use of the recently modified files command:

find ./ -type f -mtime -15

Remove the Mobile Spam Popup malware- delete the wp-tmp.php, wp-vcd.php, wp-feed.php files from wp-includes directory and delete the code which is creating them from the themes’ functions.php.

Remove the Japanese Keyword Hack malware- clean the malicious code from .htaccess, wp-config.php, sitemap.xml files and uploads directory.

As you probably have noticed- many WordPress malwares were not created to shut down the website, but rather to use its infrastructure and create clients traffic to purchase products on a third-party site, usually advertising prohibited health and wellness products.

Categories
WordPress

WordPress RTL

And the Philosopher’s Stone.

Fix WordPress build-in code block (CSS):

pre.wp-block-code {
	text-align: left;
	direction: ltr;
}

Fix Owl Carousel based slider elements (CSS):

.owl-carousel,
.bx-wrapper { direction: ltr; }
.owl-carousel .owl-item { direction: rtl; }

Fix Chosen Drop based dropdown elements (CSS):

.chosen-container .chosen-drop { left: 9999px; }

Create Twenty Twenty child theme- create the path wp-content/themes/twentytwenty-child, and create inside the files style.css and style-rtl.css with the content:

/*
 Theme Name:   twentytwenty Child
 Template:     twentytwenty
*/

And the file functions.php with the content:

<?php
add_action( 'wp_enqueue_scripts', 'condless_theme_enqueue_styles' );
function condless_theme_enqueue_styles() {
        if ( is_rtl() ) {
                wp_enqueue_style( 'parent-style-rtl', get_template_directory_uri() . '/style-rtl.css' );
        } else {
                wp_enqueue_style( 'parent-style', get_template_directory_uri() . '/style.css' );
        }
}

Create Storefront child theme- create the path wp-content/themes/storefront-child, and create inside the files style.css and style-rtl.css with the content:

/*
Theme Name: Storefront Child
Template: storefront
*/

And the file functions.php with the content:

<?php
add_action( 'wp_enqueue_scripts', 'condless_theme_enqueue_styles', 9999 );
function condless_theme_enqueue_styles() {
	if ( is_rtl() ) {
        	wp_dequeue_style( 'storefront-child-style' );
		wp_enqueue_style( 'child-style-rtl', get_stylesheet_directory_uri() . '/style-rtl.css', 'storefront-style' );
	}
}

As you probably have noticed- most of the Middle Eastern languages are written from right to left, it is suggested that as stone was the main material used, it being easier to chisel right to left. With ink, suggestions continue, moving left to right prevented smudging.