Tips and Tricks

Login form honey pot

Chad Butler · Dec 28, 2014 ·

We’ve discussed building a honey pot for the registration form to prevent spam signups by bots. But what about the login form? With WordPress being so much more ubiquitous across the Internet today, there are many more attempts to hack and exploit it. Many of these attempts are automated by bots.

Whether the login attempt comes from a bot or a human, the most common attempt for an exploit is to use the username “admin”. WordPress used to install the default admin account with the username “admin”. Fortunately, it no longer does this so you don’t have to delete the account to create a more secure admin account. But unfortunately, a great many people still create admin accounts with “admin” as the username.

An ounce of prevention is worth a pound of cure, so your best initial defense is to not have obvious usernames for administrative users. But a good second line of defense is to create a honey pot for the login form.

Continue Reading →

Restrict Post or Page Access to Specific Users – Multiple Select Version

Chad Butler · Dec 23, 2014 ·

This is an extension of the ideas presented in the tutorial Restrict Post or Page Access to a Specific User with the twist that this version makes some minor changes to incorporate an HTML multi-select for selecting multiple users for access to a post. Continue Reading →

Add a meta box in the post editor for blocking custom post types

Chad Butler · Nov 21, 2014 ·

Users who configure to block custom post types will notice that you don’t get the meta box that WP-Members shows for blocking (or unblocking) posts and pages. While you can still use custom fields directly for custom post blocking/unblocking at the individual post level, it’s nice to have the meta box. So I’ve put together a code snippet for you to use to implement this on your custom post type editors.

Continue Reading →

Blocking Custom Post Types

Chad Butler · Nov 21, 2014 ·

This article is provided free. Find out how you can get full access to premium content, including how-to articles and support forums, as well as priority email support and member exclusive plugin extensions..

Note: As of WP-Members 3.0, you can add custom post types to the plugin’s main blocking options. See the options documentation section on Custom Post Types.

This is a new method of blocking custom post types. There are two main differences over the method described here and the original method.

First, this method is a little more scalable. If you have multiple custom post types and want to set a blocking value for each, you only need to add to the settings array. Second, this method allows you to override the blocking value on an individual custom post type post than you have set for the custom post type as a group. This operates the same as regular posts and pages. It also takes advantage of the new extra settings that WP-Members version 3.0 offers.

(If you want to add a meta box for blocking/unblocking individual custom post type posts, there is an additional code snippet you can add here.) Continue Reading →

Customized sidebar widget

Chad Butler · Nov 11, 2014 ·

I often get questions about the filters that I use on this site for the sidebar widget. This post has the exact custom filters that I use, copy/pasted from my own functions.php file.

For those with questions about how the sidebar widget is styled, that is all CSS and a lot of it is from the Genesis Theme Framework. This post does not address that. What it does address is how I add the gravatar image and change the log out link to include “edit profile”. Continue Reading →