[Resolved] define( 'GENERATE_HOOKS_DISALLOW_PHP', true );

Home Forums Support define( 'GENERATE_HOOKS_DISALLOW_PHP', true );

Viewing 15 posts - 16 through 30 (of 36 total)
  • Author
    Posts
  • #341024
    Frances

    Hi Leo,

    Yes and Ah-ha! I have one GP hook for adding breadcrumbs after the header

    <?php if ( function_exists(‘yoast_breadcrumb’) ) { ?>

    <?php } ?>

    After I added the other code in code snippets the breadcrumbs disappeared and in their place are those ‘mysterious’ marks.

    Thanks,
    Frances

    #341029
    Tom
    Lead Developer
    Lead Developer

    Thinking about this, and the snippet should go in the wp-config.php file.

    The reason being is if a bad person gains access to your Dashboard, they could just turn off the code snippet and still execute PHP. They wouldn’t have access to the wp-config.php file, so it’s the safest place to add the snippet.

    #341375
    Frances

    Good morning Tom,

    OK, so I need to add the following code to my wp.config.php file to make my entire WP more secure from malevolent n’ere do wells:

    define( ‘GENERATE_HOOKS_DISALLOW_PHP’, true );
    }

    Where does this code snip get added, at the end? (I might as well ask the dumb questions since my forte is printmaking and fiber art and not WP!)

    Can you point me to a document explaining how to do this? Happy to learn but green on this stuff.

    Thank you!

    #341510
    Tom
    Lead Developer
    Lead Developer

    You can add it right above this line:

    /* That's all, stop editing! Happy blogging. */

    #341709
    Frances

    Hi Tom – thanks for the scoop. I added the code to my wp config file and those darn mystery marks (the remnants of my YOAST breadcrumbs) showed back up. So I deleted the define( ‘GENERATE_HOOKS_DISALLOW_PHP’, true ); code and exited my control panel file manager.

    then I went over to the GP Hooks section and deleted the yoast breadcrumbs code that I had in there.

    With that out of the way, I just added the define( ‘GENERATE_HOOKS_DISALLOW_PHP’, true ); back to the Code snippet plugin and voila, the dashboard message is gone, and all appears to be fine and dandy.

    Didn’t really care about the breadcrumbs anyway!

    I’m all set. Again, thank you!

    Frances

    #341775
    Tom
    Lead Developer
    Lead Developer

    No problem 🙂

    You can add your breadcrumbs using a manual hook – feel free to open a support topic if you need help with that.

    It should be mentioned that having a plugin like Code Snippets active kind of defeats the purpose of DISALLOW_FILE_EDIT and GENERATE_HOOKS_DISALLOW_PHP, as anyone who gains access to your Dashboard could execute PHP inside that plugin.

    #342555
    Frances

    Hi again Tom,
    Will start another support ticket regarding the breadcrumbs if I decide I want them back. I thought I had a manual hook placed in the Generate Press Hooks section.

    I’m still confused about the Code Snippet plugin. I thought you liked and recommended the plugin for inserting code…AND I understand why putting the Disallow_file edit etc code here defeats the purpose should someone gain access to my dashboard. I will go ahead and insert the DISALLOW_FILE_EDIT and GENERATE_HOOKS_DISALLOW_PHP directly into my wp.config php file via my Control Panel.

    But: can I still use the Code Snippets plugin for other purposes? I installed the it back in March (upon your recommendation) so that I could change the wording of the comment reply title (ie:”leave a comment”) after my posts

    here’s the link to the support convo:

    https://generatepress.com/forums/topic/change-wording-of-leave-a-comment-for-comment-reply-title/

    I only have one code snippet active, should this filter be applied differently somewhere else? And I should I delete the Code Snippets plugin?

    thanks,
    Frances

    #342738
    Tom
    Lead Developer
    Lead Developer

    The purpose of those constants is to prevent PHP execution in your Dashboard.

    The Code Snippets plugin defeats that purpose, as someone could execute PHP if they gained access to your Dashboard.

    Personally I keep PHP execution, as I have 2FA to login, and it’s unlikely anyone could login to my Dashboard.

    It’s really just an additional layer of security – not 100% essential if your Dashboard is secured in other ways.

    #343563
    Frances

    Hi again – ok thanks for the additional explanation!

    #343738
    Tom
    Lead Developer
    Lead Developer
    #344789
    Garth Dryland

    Hey Tom

    Been following through this thread as I have the same problem.

    Can you expand on what you mean by manual hook ?
    Do you mean adding the breadcrumb code to hooks in the theme hooks area as opposed to the snippet plugin mentioned?

    Also, as I use 2 factor I realise exclusions is less important.
    I activated the rule in wp-config.php as I wanted to remove the dashboard prompt.

    Is there another way to achieve that ?

    Cheers

    #344799
    Garth Dryland

    Tom, you can scratch part of the last post.
    I found this

    add_action( 'after_setup_theme', 'tu_remove_hooks_php_check' );
    function tu_remove_hooks_php_check() {
        remove_action( 'admin_notices','generate_hooks_php_check' );
    }

    Just need clarification on the remaining question re manual hook ?

    Thanks

    #344868
    Tom
    Lead Developer
    Lead Developer

    Manual hook meaning writing the actual PHP and placing it in your child theme or custom plugin.

    Using a plugin like Code Snippets makes this change redundant, as someone with access to your Dashboard can run PHP. So if you use Code Snippets, you might as well allow PHP execution in GP Hooks and within the WP file editor.

    #344928
    Garth Dryland

    Thanks Tom

    I use two factor and I also have other forms of protection with ithemes security. Plus my host is fantastic and are big on security so I will just use the function to remove the prompt and continue to use breadcrumbs.

    I use your Simple CSS plugin and the functionality plugin for such changes. I don’t use code snippets but looks like maybe I should given its updated to 4.8 whereas the functionality plugin is lagging behind now at v4.6.6. Ironically they are made by the same developer.

    Cheers.

    #345107
    Tom
    Lead Developer
    Lead Developer
Viewing 15 posts - 16 through 30 (of 36 total)
  • You must be logged in to reply to this topic.