Forum Replies Created

Viewing 15 replies - 1 through 15 (of 27 total)
  • Hi Damien, glad to hear that!

    The UI can be easily styled because it’s in the front end actually and any custom CSS code added in Customizer will do 😉
    Had no idea that USP already offers size limits, I believe it didn’t long time ago – thanks for heads up!

    Alex.

    Alex Moise

    (@alexmoise)

    Hi Damien,

    That is definitely possible, with a trick 🙂 I did it already some years ago, using these:

    1. For the user submission form in the front end there is this plugin:
    https://wordpress.org/plugins/user-submitted-posts/ It can be configured to allow more images for one post and the images get attached to that post.

    2. Use a function to add the [gallery] shortcode after post content (that’s the trick). If that’s too technical then use an Ad Inserter plugin like this one https://wordpress.org/plugins/ad-inserter/ and consider the shortcode as an Ad to be inserted after content.
    Beyond that I believe there are a lot of plugins which take that shortcode and style the gallery in countless ways – just need to try a few. There are also paid options that does the same (I ended up using one)

    Other than that I believe it’s important to have a mean to control the image sizes – and for that there’s https://wordpress.org/plugins/imsanity/ which adjust image size on-the-fly at upload.

    I still have that website and just checked it and still works 🙂 Don’t know if I’m allowed to link it here but if you need more details please ask me and I’ll gladly help with the info I have.

    Regards,
    Alex.

    Hi Kanger,

    First thing coming to my mind is how did you disabled the child theme without access to wp-admin? 🙂

    Now, assuming you have FTP or some other kind of file access to the website the best way is to enable debug mode and look in the log file,
    For this open the wp-config.php file situated in the root of your website and replace anything you have about debug there ( by default one line: “define(‘WP_DEBUG’, false);” ) with these:

    define( 'WP_DEBUG', true );
    define( 'WP_DEBUG_LOG', true );
    define( 'WP_DEBUG_DISPLAY', false );
    @ini_set( 'display_errors', 0 );

    Then make sure you have the troublesome child theme active, go to your wp-admin page (that will be blank), then open the “debug.log” file inside the /wp-content/ directory – there will be the thing that caused the blank screen.
    Don’t forget to change back “‘WP_DEBUG’, false” when finished 😉

    Another place to search for information about this is the web server logs (Apache?) – access to this log is provided by your hosting provider somewhere in your web hosting control panel.

    Good luck!
    Alex.

    Hi @iamkingsleyf

    You would need a wildcard certificate for that to work. A wildcard certificate would cover you for all your subdomains,

    I see you are using a free Let’s Encrypt certificate for your main domain and you are hosted on Plesk,

    Now, you could get a wildcard certificate from Let’s Encrypt but not automatically in Plesk, because Plesk extension doesn’t support that yet, as declared yesterday here: https://support.plesk.com/hc/en-us/articles/115000490174-Is-it-possible-to-use-Let-s-Encrypt-for-wildcard-certificates-

    So, you would need to generate the custom wildcard certificate by yourself, starting details here: https://zerossl.com/ssl-faq.html#Do_you_support__wildcards___so_I_could_use_one_certificate_for_any_name_in_my_domain_
    Then upload your custom certificate in Plesk following this steps: https://support.plesk.com/hc/en-us/articles/213946825 section “Purchased or custom SSL certificate”

    Regarding the WordPress part, you would need to use a translation plugin like WPML, or Loco Translate combined with qTranslate-X, configured with language subdomains.

    Cheers!
    Alex.

    Hi Sam,

    Please add the following code in the functions.php file of your child theme to change the commenter “Name” into “Nickname”:

    // change "Name" label in comments form
    add_filter( 'comment_form_default_fields', 'mo_comment_name_field_custom_html' );
    function mo_comment_name_field_custom_html( $fields ) {
    	// first unset the existing author field:
    	unset( $fields['author'] );
    	// ... then re-define it as needed:
    	$new_author = '<p class="comment-form-author">' . '<label for="author">' . __( 'Nickname', 'textdomain'  ) . ( $req ? ' <span class="required">*</span>' : '' ) . '</label> ' .
    			'<input id="author" name="author" type="text" value="' . esc_attr( $commenter['comment_author'] ) . '" size="30" maxlength="245"' . $aria_req . $html_req . ' /></p>';
    	// ... and put it on top of the fields array:
    	array_unshift($fields, $new_author);
    	// done customizing, now return the fields:
    	return $fields;
    }

    I would appreciate a bit of feedback on these last 2 changes: are they working as expected on your website?

    Thanks!
    Alex

    Hi TallSam, I updated the plugin and now, if you enable the option named “Disable cookie” it will also stop displaying that checkbox as it’s not needed.
    If you do this I guess it would be a good thing to write in your privacy policy that you are not setting the comments cookie at all.

    To get the new version you would need to disable & delete the plugin then download, install and activate the new version. The download location is the same, it’s listed in the previous messages.

    Regarding the Name -> Nickname change: I’ll be back with details about that 🙂

    Cheers!
    Alex.

    Hi Tri, that’s simple: please add the following function in functions.php file of your child theme:

    // automatically make post sticky 
    add_action('wp_insert_post', 'mo_make_it_sticky_if_role');
    function mo_make_it_sticky_if_role( $post_id ) {
    	if( current_user_can('author') ) {
    		stick_post( $post_id );
    	}
    }

    This will make any new post sticky if currently logged user has “author” role, right at the moment when he/she clicks Posts -> Add New.

    Hope it helps 🙂
    Alex.

    Then you could go with https://wordpress.org/plugins/complete-open-graph/

    It globally removes the site title part of titles by default and it adds an Open Graph Settings box on individual posts and pages where you could edit shared title and description individually and independently from post/page title and content. Otherwise it pulls these info from the post/page itself (but removing the site title part as I said).

    This is the simple, plugin approach, otherwise there are some code snippets to achieve more customized results with some more effort – please let me know if you would like to go that way.

    Have a great weekend!
    Alex.

    Hi Rolf, thanks for coming back with a solution,

    I understand the need to quickly upload the fix to a lot of websites, but I suspect redirecting user archives will not stop bots from enumerating your usernames (read below why),

    First, if you would like a quick solution easy to upload please use this file – just unzip, then upload the “stop-wordpress-user-phishing.php” file directly in the /wp-contents/plugins/ directory of each website, then go to Plugins and activate this plugin, named “Stop Username Phishing”.

    It’s just one step more than just uploading and it’s guaranteed to work (and tested).

    If you would like to see what’s in the file before downloading please see it here: https://gist.github.com/alexmoise/d5d9073e6165d4e5ac098a184d5405e6

    ===

    Now, why redirecting author archive to site homepage will not prevent bots from enumerate your usernames: The mechanism used by user phishing bots is a bit different and works before that;

    These bots access the website using these URLs:

    http://your-domain.com/?author=1
    http://your-domain.com/?author=2
    … and so on,

    Then they get back from the website the address where the author archive is, which translates into something like:
    http://your-domain.com/?author=1 -> http://your-domain.com/author/admin
    http://your-domain.com/?author=2 -> http://your-domain.com/author/anotheruser
    … etc.

    But then, the bot doesn’t actually follow that newly obtained link; instead the bot removes the “http://your-domain.com/author/&#8221; from the author archive URL sent by the website and stores the list of users; then accesses the “http://your-domain.com/wp-login.php&#8221; and fils the username field with the username and the password with dictionary words …

    So, we need to drop the communication right after receiving the request to access something that contains “?author=” – that’s way there’s a “die();” thing in the file above 🙂

    That’s all, hope it helps!
    Cheers!
    Alex.

    Ahh, about the GDPR … I guess first technical solutions will start to show up across web in the form of functions developed by independent developers to cover various issues they encounter; then some of these functions will become more widely known, improved and used; then based on these some plugins will start to pop in the Plugin Directory … maybe some well-known plugins will include these … and so on, something like this.
    This is the way it evolves all the time 🙂

    Welcome Rolf,

    With such a vast array of situations where WordPress could be used it’s hard to predict all the things people could do to it,
    But the good thing is that it’s pluggable enough that it can be easily protected (beside turning it into … almost anything 🙂 )

    So, which approach would you choose from the above? Code or plugin? If you could disclose this, of course!

    Cheers!
    Alex.

    Hi Rolf,

    It seems that somebody (a bot?) managed to enumerate the usernames and tried to log in using them; That could be easily stopped using more than one method:

    The simplest approach is to block the most trivial user enumeration at the server level, by adding the following code in the “.htaccess” file in your website root directory:

    # Stop User ID Phishing
    <IfModule mod_rewrite.c>
    	RewriteCond %{QUERY_STRING} ^author=([0-9]*) [NC]
    	RewriteRule .* http://your-domain.com/? [L,R=302]
    </IfModule>

    Please beware that before adding this code to “.htaccess” you need to go to “Settings” -> “Permalinks” and switch permalinks to any setting except the default “Plain”, then you need to replace “your-domain.com” in the code above with your own domain name.

    Another approach is to use a plugin like WPBruiser, which has an option named “Prevent User Enumeration” in its “Security” tab that literally “Prevents bots from enumerating users through ‘/?author=N’ scans, the oEmbed API, and the WordPress REST API”.
    That’s a pretty easy and powerful thing to do, and there’s other security goodies included for website protection.

    Good luck and have fun! I’d love to know which approach you choose and the results you get!
    Alex.

    Welcome,

    There are a number of ways to customize that text,

    The easiest way would be to use a plugin like Loco Translate, create a new language (like “My custom English”) and change things around as needed 🙂

    Another approach is to redefine the comment form HTML as you need it, with the following bits of code added in the “functions.php” file of your (child?) theme:

    // comment form fields re-defined:
    add_filter( 'comment_form_default_fields', 'mo_comment_fields_custom_html' );
    function mo_comment_fields_custom_html( $fields ) {
    	// first unset the existing fields:
    	unset( $fields['comment'] );
    	unset( $fields['author'] );
    	unset( $fields['email'] );
    	unset( $fields['url'] );
    	// then re-define them as needed:
    	$fields = [
    		'comment_field' => '<p class="comment-form-comment"><label for="comment">' . _x( 'A CUSTOM COMMENT LABEL', 'noun', 'textdomain' ) . '</label> ' .
    			'<textarea id="comment" name="comment" cols="45" rows="8" maxlength="65525" aria-required="true" required="required"></textarea></p>',
    		'author' => '<p class="comment-form-author">' . '<label for="author">' . __( 'A CUSTOM NAME LABEL', 'textdomain'  ) . ( $req ? ' <span class="required">*</span>' : '' ) . '</label> ' .
    			'<input id="author" name="author" type="text" value="' . esc_attr( $commenter['comment_author'] ) . '" size="30" maxlength="245"' . $aria_req . $html_req . ' /></p>',
    		'email'  => '<p class="comment-form-email"><label for="email">' . __( 'A CUSTOM EMAIL LABEL', 'textdomain'  ) . ( $req ? ' <span class="required">*</span>' : '' ) . '</label> ' .
    			'<input id="email" name="email" ' . ( $html5 ? 'type="email"' : 'type="text"' ) . ' value="' . esc_attr(  $commenter['comment_author_email'] ) . '" size="30" maxlength="100" aria-describedby="email-notes"' . $aria_req . $html_req  . ' /></p>',
    		'url'    => '<p class="comment-form-url"><label for="url">' . __( 'A CUSTOM WEBSITE LABEL', 'textdomain'  ) . '</label> ' .
    			'<input id="url" name="url" ' . ( $html5 ? 'type="url"' : 'type="text"' ) . ' value="' . esc_attr( $commenter['comment_author_url'] ) . '" size="30" maxlength="200" /></p>',
    	];
    	// done customizing, now return the fields:
    	return $fields;
    }
    // remove default comment form so it won't appear twice
    add_filter( 'comment_form_defaults', 'mo_remove_default_comment_field', 10, 1 ); 
    function mo_remove_default_comment_field( $defaults ) { if ( isset( $defaults[ 'comment_field' ] ) ) { $defaults[ 'comment_field' ] = ''; } return $defaults; }

    Then, in the code above, change “A CUSTOM … LABEL” with the text you need,

    BUT please beware that the comment form HTML might be also replaced by theme or a plugin and re-replacing it this way could override that (and as far as I can see in your screenshot it seems that you already have a custom comment form).
    Also if you decide to go with the code above then the first re-ordering code is not necessary anymore, as the order in this code will set the fields order anyway.

    So, test around and see what you get. I’d love to know which way you go and the results you get 🙂

    Alex.

    Hi delifort, that would be easy, please add this code in the “functions.php” file in your currently active theme (hopefully a child one!):

    // change comment form fields order
    add_filter( 'comment_form_fields', 'mo_comment_fields_custom_order' );
    function mo_comment_fields_custom_order( $fields ) {
    	$comment_field = $fields['comment'];
    	$author_field = $fields['author'];
    	$email_field = $fields['email'];
    	$url_field = $fields['url'];
    	unset( $fields['comment'] );
    	unset( $fields['author'] );
    	unset( $fields['email'] );
    	unset( $fields['url'] );
    	// the order of fields is the order below, change it as needed:
    	$fields['comment'] = $comment_field;
    	$fields['author'] = $author_field;
    	$fields['email'] = $email_field;
    	$fields['url'] = $url_field;
    	// done ordering, now return the fields:
    	return $fields;
    }

    This unsets all comment form fields and then set them back, switching the Email and Name fields – but you could switch any of them by swapping the 4 lines before the “return” as you need.

    Hope this helps 🙂
    Cheers!
    Alex.

    Hi ordresser, I’d give this plugin a try: Sewn In Simple Social Optimization

    It’s neat and simple, specifically designed for Title and Descriptions, but could get really powerful while combined with its siblings plugins like this: https://wordpress.org/plugins/sewn-in-simple-seo/ of this: https://wordpress.org/plugins/sewn-in-xml-sitemap/

    There are also few code snippets in the plugin description (of each one), could use these to further enhance/modify the features.

    Hope these will help 🙂

    Cheers!
    Alex.

Viewing 15 replies - 1 through 15 (of 27 total)