Check visa slots login.REGISTER NOW GET FREE 888 PESOS REWARDS!

Securing WordPress While Using Custom Plugins

sharizkhan — Mon, 04 Nov 2024 20:04:51 +0000

Considering the flexibility that custom-developed WordPress plugins bring, enhancing functionality to meet unique needs, what are your thoughts on the potential security risks they introduce? How do you approach finding the balance between customization and safety? Often, custom plugins aren’t scrutinized in the same way as popular ones from the WordPress repository, so vulnerabilities could expose the site to attacks. Do you feel the benefits of customization outweigh these risks, or is there a point where you’d prioritize standardized, vetted solutions over tailor-made options?

I have developed a custom plugin for my website that can generate font styles for the visitors but from the day of installation website is facing remote attacks. The thing is there should be a plat form that can help you to test the developed content before deploying it.

Thanks Pros

How to add Custom plugin to List

sadesades — Mon, 22 Jan 2024 13:31:03 +0000

Is there any hook to add a custom plugin to the list of allowed or function or method?

And of no method is available can you add that on future release?

Odd template and plugin url

nanny7 — Thu, 29 Dec 2022 05:57:22 +0000

Hi I see in the source and htaccess file that the themes and plugins are given a number text sequence instead of a seo friendly url. How to fix please. For example a theme called beauty is being called 54159e1dbd

How Do I Include wp-load.php in a Plugin?

PayDelete — Fri, 14 Jan 2022 21:37:45 +0000

I am trying to get a plugin approved, but WordPress won’t allow me to use the following line of code:

require_once(‘../../../wp-load.php’);

WordPress says that I need to use hooks instead. How do I call wp-load.php using a hook?

They sent me an email saying:

## Calling core loading files directly

Including wp-config.php, wp-blog-header.php, wp-load.php directly via an include is not permitted.

These calls are prone to failure as not all WordPress installs have the exact same file structure. In addition it opens your plugin to security issues, as WordPress can be easily tricked into running code in an unauthenticated manner.

Your code should always exist in functions and be called by action hooks. This is true even if you need code to exist outside of WordPress. Code should only be accessible to people who are logged in and authorized, if it needs that kind of access. Your plugin's pages should be called via the dashboard like all the other settings panels, and in that way, they'll always have access to WordPress functions.
?	https://developer.www.ads-software.com/plugins/hooks/

If you need to have a ‘page’ accessed directly by an external service, you should use query_vars and/or rewrite rules to create a virtual page which calls a function. 
?	https://developer.www.ads-software.com/reference/hooks/query_vars/
?	https://codepen.io/the_ruther4d/post/custom-query-string-vars-in-wordpress

If you're trying to use AJAX, please read this: 
?	https://developer.www.ads-software.com/plugins/javascript/ajax/

Clicking on custom built plugin admin menu redirects to “Update Database”

arobce — Sun, 07 Mar 2021 05:33:21 +0000

I built a custom WordPress plugin that sends Woocommerce purchase info to a CRM. The plugin works perfectly on localhost. But on the live site, whenever I click on the admin menu, I always get redirected to “No Update Required” page.

What are some of the reasons that can happen? Any help would be highly appreciated.

If you need to take a look at the main plugin file code. Check here

Building Custom Plugin with Dead Link Deletion Feature

PayDelete — Fri, 19 Feb 2021 01:29:28 +0000

Hi,

I have never built a WordPress plugin before, so I am not really sure where to start. The first feature I want to add is one that displays a button beneath the heading on single posts that allows users to delete the post if it links to a page that returns a 404 error. This feature is going to be used on aggregators and is intended for instances in which an article is removed from its source.

I have done this in the past by altering themes, but the way I did that depended on functions within the theme. I no longer use those themes and want to achieve the same result using a plugin that I can install on any site.

The next phase will be to add options to restrict which posts display the dead link removal button. That will be done by category and source URL, so if I only wanted to make that feature available for certain categories or where the source is from certain domains I could do that without it impacting other posts.

Adding ShortCode twice on the page does not work

mubaraba — Thu, 12 Nov 2020 07:10:43 +0000

I created a custom plugin for ajax call
The problem when I add the shortcode twice(two instance) on the page; One of them will not work

I tried to make static id for each element or unique identifier but it does not work

I tried also to wrap the functions on PHP/JS with a class and call action functions with instance of that class but it does not work either

I am using “Elementor” if that is related.

Note : I am newbie to WordPress and PHP

This is a sample of my code in the custom plugin : PHP file which is ts.php

';
    
    $content .='';
    $content .='';
    $content .='';
    
    $content .='';
    $content .='';
    $content .='';
    
    $content .='';
    
    $content .='';
    
    return $content;
}
add_shortcode('tsform','ts');

/* Include CSS and Script */
add_action('wp_enqueue_scripts','plugin_css_jsscripts');
function plugin_css_jsscripts() 
{

   // JavaScript
   wp_enqueue_script( 'script-js', plugins_url( '/ts.js', __FILE__ ),array('jquery'));

   // Pass ajax_url to script.js
   wp_localize_script( 'script-js', 'ts_object',
   array( 'ajax_url' => admin_url( 'admin-ajax.php' ) ) );
}

/* AJAX request */

## Search record
add_action( 'wp_ajax_searchTSList', 'searchTSList_callback' );
add_action( 'wp_ajax_nopriv_searchTSList', 'searchTSList_callback' );

function searchTSList_callback() {
    
    $return = [];
    $msg='';
    $ts=array();

        if( isset($_POST['tsSubmit']) && $_POST['tsSubmit']=='1')// data submission success
    {

     /*get information form the post submit */
    $ID=($_POST['ID'] ?? '');
    
    /* get data from database using CID or NID */
    
    $path = $_SERVER['DOCUMENT_ROOT'];
    include_once $path . '/pioneer/wp-load.php';
    include_once $path . '/pioneer/wp-config.php';
    
 

    $db = new mysqli(DB_HOST, DB_USER,DB_PASSWORD, DB_NAME); //connect to database
    
    // Test the connection:
    
    if (mysqli_connect_errno())// Connection Error
    {
    
        $msg=("**Couldn't connect to the database: ".mysqli_connect_error());
    $return['success']=0;
    $return['message']=$msg;
    }
    else //connection success
    {
    
    //query the database
    $sql='';
    
    
    $sql = "SELECT Full_Name,Type,Status,Note FROM Individual WHERE ID ='" . $ID ;
    
    }
    
    $result = $db->query($sql);
    
    //get the result 
    $rowsNo=$result->num_rows;
    if ( $rowsNo > 0) { 
    $en_data = array();
    while($row = $result->fetch_assoc())// output data of each row 
    {
    
        
    $ts[] = array(  'Name' => $row['Full_Name'],'Type' => $row['Type'], 'Status' =>$row['Status'], 'Note' => $row['Note']); 
    }
    
    $msg .= $rowsNo . ' records are found.'; //record the number of records found 
    
    }else {
    $msg.='**No records are found!';
    }
    
    
    //close connection to db
    $db->close();
 

    /* return info for the user */
    
    $return['success']=1;
    $return['message']=$msg;
    $return['rows']= $ts;
    }   
    }else // data submission error
    {
    $msg='**Your data was not submitted ! ';
    $return['success']=0;
    $return['message']=$msg;
    }

    echo json_encode($return,JSON_FORCE_OBJECT);
    wp_die();  
    
}

and this is the Script File : ts.js

jQuery(document).ready(function($){

  // AJAX url
  var ajax_url = ts_object.ajax_url;

  
  // Search record
  $('#btn_submit').click(function(){
    
    
    var ID = $("#txt_ID").val();
    
    
    if ( !validateID(ID))
    {
        return false; //exit process inputs
        
    }
    
    
    // Fetch filtered records (AJAX with parameter)
    var data = {
      'tsSubmit':'1',
          'action': 'searchTSList',
      'ID': ID
    };

    $.ajax({
      url: ajax_url,
      type: 'post',
      data: data,  
      success: function(data){
    
        // Add new rows to table
       createmsg(data)
       
      }
    });
  });
  
  // validate ID
function validateID(ID)
{
    //blank or empty or null or whitespace
    if(!$.trim(ID))
    {
        
        $("#div_msg").css('display','block'); 
        $("#m_msg").text('**You must enter your ID !');
        return false;   
    }
    
    //not digit
    if(/\D/g.test(ID ))
    {
        
        $("#div_msg").css('display','block');
        $("#m_msg").text('**You must enter digit ID !');
        return false;
    }

    //not valid len
    var validLen= 10;
    if(ID.length != validLen)
    {
        
        $("#div_msg").css('display','block');
        $("#m_msg").text('**You must valid length ID !');
        return false;
        
    }
    
    return true;    
}
  // Add response object
  function createmsg(data)
  {
    var jdata = JSON.parse(data);

    if( jdata.success == 1) //submission sucess
    {       
        $("#m_msg").text(jdata.message);
        $("#div_msg").css('display','block');
        
    }else //submission failed
    {
        
        var mess ='';
        mess = '**Your information has not been submitted! ';
        $("#div_msg").css('display','block');
        $("#m_msg").text(mess);
        
    }
  }
});

Custom plugins

William — Wed, 07 Aug 2019 13:18:28 +0000

How your plugin works with custom plugins, which have different menu structure. For example I have ten custom plugins on blog. Is it safe? Could I be sure that my menu wouldn’t brake down after reconfiguration ?

Custom estimated delivery dates based on per-product attribute

zhpeh — Sat, 02 Feb 2019 08:45:01 +0000

Hi,

I would like to know whether there is anyway (either through custom code or free / paid plugins) that would enable me to customize my woocommerce estimated delivery dates based on each variable product’s attributes. Been trying to find high and low, but can’t seem to find any suitable ones.

For example, if I have a product that comes in 2 different colors, I would like to set different estimated delivery dates for each of the colors.

Thanks!

Is customizing an existing plugin legal and safe?

miguelsoares — Tue, 14 Nov 2017 21:03:09 +0000

Hi guys, total WP noob here.

I would like to know if I can buy a plugin and then ask a developer to customize its code to expand it’s functionality and meet my business requirements.

Is this legal?

What about safety? I was reading that if I do this, when the plugin gets updated the customization changes may be lost. But can’t I simply create my own custom plugin by copy/pasting the code from an existing plugin and use that as a base to start writing more code on top to build my plugin?

If the original plugin has some vulnerability, when hackers scan my website, they will not find that plugin but instead a custom one, so would that make it more secure because they know nothing about this plugin?

Or they scan for functions/scripts within the plugin?

I hope my questions are not too stupid… sorry if they are.