When writing WordPress plugins there is often a need to set up options for which roles on the site have access to certain functionality or content. To do this a plugin dev needs to fetch the list of roles that exist on the site to use in the option. Because custom roles can be created we cannot assume the default roles are the only ones available.
and of course it is a must that the .htaccess file is in place
I want to add a front end posting functionality to one of my WordPress sites. For more control and for more understanding of how this works (I am not a professional programmer) I choosed to use as a base for future development a solution from the wpkb.com site (see the bellow code). This solution works, but the question is how it is protected against security issues/malicious attacks?
I’m currently developing a plugin and the chances are that I will more than likely release it on the public plugin repository so others can use it.
I’m looking to use a few APIs and many come with keys, secret keys and passwords required to work. Where in WordPress can you store that information? Assuming anyone can hack your DB is there anyway for WordPress to make saving that information more secure? Also, consider the ability to change these keys ever so often so I would need to update the keys on an options page.
Just a quick question that might help a tad bit with security. I noticed that the readme.html file has the version number listed. It reappears after each upgrade and so do the licence.txt, and wp-config-sample.php.
After a certain amount of time WP logs out all users and forces them to log back in again. For development environments on my local machine this is obnoxious and absolutely unnecessary.
On a site with premium user account subscriptions, I’d like to be able to limit logins to one computer at a time. The most straightforward way to accomplish this would be to limit by IP, but I haven’t had any luck finding a plugin to accomplish this. Does anybody know of one I can use to get this functionality?
The security settings of a website we have was done according to WordPress Recommendations and we did not have any single hacking attempts for months. Especially that wp-login.php and wp-admin are only limited by IP Address as follows:
I have created a plugin wherein I have a custom post type. I am using post_content for some simple text. I do not need to offer any fancy editing or insertion of data for this field, so I looked for a way to remove the buttons from the tinyMCE editor.