prevent the publication of posts with the default category

I’m not sure about the “Really Simple Security” plugin posting on its own. It’s possible that your site could have been compromised through other means.

To help prevent uncategorized (default category) posts from being published, you can create a custom function to block this. You can add the following code to your theme’s functions.php file:

function prevent_default_category_publish($data, $postarr) {
    if (in_category('uncategorized', $postarr['ID'])) {
        wp_die('Error: Posts cannot be published with the default category.');
    }
    return $data;
}
add_filter('wp_insert_post_data', 'prevent_default_category_publish', 10, 2);

This will stop posts from being published if they’re in the “Uncategorized” category. However, I’d also recommend checking for any vulnerabilities on your site. Update all plugins and themes, and ensure you’re using strong passwords for all accounts, especially admin ones. You might also want to review your site’s access logs for unusual activity.

For added security, consider a plugin like Wordfence or Sucuri to monitor any further suspicious behavior. It might be a good idea to reinstall or verify the integrity of your security plugin as well.

it’s not working. I replaced “uncategorized” with “affitti”, which is the default category in my wp. I need also to block all the admin activity during the night

Oh right, you didn’t mention you changed the default category name. Try this:

function prevent_default_category_publish($data, $postarr) {
    $default_category = 'affitti';
    if (has_term($default_category, 'category', $postarr['ID'])) {
        wp_die('Error: Posts cannot be published with the default category.');
    }
    return $data;
}
add_filter('wp_insert_post_data', 'prevent_default_category_publish', 10, 2);

You could use this for blocking admin activity during the night, just adjust the times as needed:

function restrict_admin_activity_time() {
    $current_hour = current_time('H');
    if ($current_hour >= 0 && $current_hour < 6) { // Set the time range (00:00 - 06:00 in this example)
        wp_die('Admin activity is restricted during these hours.');
    }
}
add_action('admin_init', 'restrict_admin_activity_time');

Hopefully that helps, let me know if you require anything else!

I tryed the first code but I still can publish/ see the already published posts under “affitti”

https://test.sacconicase.com/

the second code seems to work, can I set also the minutes? thank you

• This reply was modified 1 month ago by sacconi.

Sorry, I don’t have a WordPress instance loaded up to test at the moment. Perhaps this might work for you:

function prevent_affitti_category_publish($data, $postarr) {
    $default_category_slug = 'affitti'; // Your default category slug
    $default_category = get_term_by('slug', $default_category_slug, 'category');
    
    if (has_term($default_category->term_id, 'category', $postarr['ID'])) {
        wp_die('Error: Posts cannot be published with the default "affitti" category.');
    }
    return $data;
}
add_filter('wp_insert_post_data', 'prevent_affitti_category_publish', 10, 2);

To remove existing posts from the category you’ll need to updated them all on the posts listing in the CMS.

with your last code I still can publish under “affitti”. What I cant do is updating or deleting a post under “affitti”…

It’s difficult to prevent the initial publishing of a post based on category due to a race condition. has_term() relies upon a database value to return the right value. When the filter hook fires, the DB is still in the process of writing data and what will eventually be set is not yet available to has_term(). The suggested code will prevent updating of an existing post in the default category, but it will not work for a newly published post.

We used to be able to check for assigned categories in $_POST, but this no longer works because categories are now assigned by separate API requests. I don’t think there’s a good PHP solution to accomplish what you want. All I can think of in the PHP realm is to run a scheduled task once in a while to find posts with a default category and to remove them. If you did that, there’s little point in having a default category other than to signal that someone failed to explicitly assign a category.

A better solution would be to have JavaScript listen for a click on the publish button. On click, check to see if any categories are selected. If not, prevent publishing and put up an error message of some sort.

The javaScript solution is interesting, I imagine I’ll need a double click to publish instead of one? My purpose is double: prevent an authomatic malware to publish posts (as It happened 2 days ago), and remember myself to select the destination

JS, by the way could you see also this other topic “button for resetting all the custom meta fields”? I got a lot of code, also JS, but I dont know where to put it…

The script can first check to see if a category had been selected or not. If any are selected, the script would do nothing and publishing will proceed normally. It’s only when no category is selected does the script take action, such as putting up a message box saying “You must select a category”. It would not be possible to publish without selecting a category. Once one is selected, publishing only takes a single click as usual.

OK, there is track somewhere to start this script?

I’m unaware of a good reference, sorry. Maybe search for a plugin that does something similar and use their code as a model?

Or break down the concept into small discrete steps and search the internet for generic examples. For example, to check if any check boxes are checked I found this SO topic. The script can likely be adapted to work for category check boxes.

The script can be executed as a callback from a listener added to the publish button. Besides putting up an alert box, you’ll need to call preventDefault() to stop the publish action from happening.