- This topic has 35 replies, 8 voices, and was last updated 5 years, 2 months ago by
Leo.
-
AuthorPosts
-
June 28, 2017 at 4:30 pm #341024
Frances
Hi Leo,
Yes and Ah-ha! I have one GP hook for adding breadcrumbs after the header
<?php if ( function_exists(‘yoast_breadcrumb’) ) { ?>
<?php yoast_breadcrumb(‘<p id=”breadcrumbs”>’,'</p>’); ?><?php } ?>
After I added the other code in code snippets the breadcrumbs disappeared and in their place are those ‘mysterious’ marks.
Thanks,
FrancesJune 28, 2017 at 4:42 pm #341029Tom
Lead DeveloperLead DeveloperThinking about this, and the snippet should go in the wp-config.php file.
The reason being is if a bad person gains access to your Dashboard, they could just turn off the code snippet and still execute PHP. They wouldn’t have access to the wp-config.php file, so it’s the safest place to add the snippet.
Documentation: http://docs.generatepress.com/
Adding CSS: http://docs.generatepress.com/article/adding-css/
Ongoing Development: https://generatepress.com/ongoing-developmentJune 29, 2017 at 6:51 am #341375Frances
Good morning Tom,
OK, so I need to add the following code to my wp.config.php file to make my entire WP more secure from malevolent n’ere do wells:
define( ‘GENERATE_HOOKS_DISALLOW_PHP’, true );
}Where does this code snip get added, at the end? (I might as well ask the dumb questions since my forte is printmaking and fiber art and not WP!)
Can you point me to a document explaining how to do this? Happy to learn but green on this stuff.
Thank you!
June 29, 2017 at 10:49 am #341510Tom
Lead DeveloperLead DeveloperYou can add it right above this line:
/* That's all, stop editing! Happy blogging. */
Documentation: http://docs.generatepress.com/
Adding CSS: http://docs.generatepress.com/article/adding-css/
Ongoing Development: https://generatepress.com/ongoing-developmentJune 29, 2017 at 4:36 pm #341709Frances
Hi Tom – thanks for the scoop. I added the code to my wp config file and those darn mystery marks (the remnants of my YOAST breadcrumbs) showed back up. So I deleted the define( ‘GENERATE_HOOKS_DISALLOW_PHP’, true ); code and exited my control panel file manager.
then I went over to the GP Hooks section and deleted the yoast breadcrumbs code that I had in there.
With that out of the way, I just added the define( ‘GENERATE_HOOKS_DISALLOW_PHP’, true ); back to the Code snippet plugin and voila, the dashboard message is gone, and all appears to be fine and dandy.
Didn’t really care about the breadcrumbs anyway!
I’m all set. Again, thank you!
Frances
June 29, 2017 at 8:01 pm #341775Tom
Lead DeveloperLead DeveloperNo problem 🙂
You can add your breadcrumbs using a manual hook – feel free to open a support topic if you need help with that.
It should be mentioned that having a plugin like Code Snippets active kind of defeats the purpose of DISALLOW_FILE_EDIT and GENERATE_HOOKS_DISALLOW_PHP, as anyone who gains access to your Dashboard could execute PHP inside that plugin.
Documentation: http://docs.generatepress.com/
Adding CSS: http://docs.generatepress.com/article/adding-css/
Ongoing Development: https://generatepress.com/ongoing-developmentJuly 1, 2017 at 12:16 pm #342555Frances
Hi again Tom,
Will start another support ticket regarding the breadcrumbs if I decide I want them back. I thought I had a manual hook placed in the Generate Press Hooks section.I’m still confused about the Code Snippet plugin. I thought you liked and recommended the plugin for inserting code…AND I understand why putting the Disallow_file edit etc code here defeats the purpose should someone gain access to my dashboard. I will go ahead and insert the DISALLOW_FILE_EDIT and GENERATE_HOOKS_DISALLOW_PHP directly into my wp.config php file via my Control Panel.
But: can I still use the Code Snippets plugin for other purposes? I installed the it back in March (upon your recommendation) so that I could change the wording of the comment reply title (ie:”leave a comment”) after my posts
here’s the link to the support convo:
https://generatepress.com/forums/topic/change-wording-of-leave-a-comment-for-comment-reply-title/
I only have one code snippet active, should this filter be applied differently somewhere else? And I should I delete the Code Snippets plugin?
thanks,
FrancesJuly 2, 2017 at 12:02 am #342738Tom
Lead DeveloperLead DeveloperThe purpose of those constants is to prevent PHP execution in your Dashboard.
The Code Snippets plugin defeats that purpose, as someone could execute PHP if they gained access to your Dashboard.
Personally I keep PHP execution, as I have 2FA to login, and it’s unlikely anyone could login to my Dashboard.
It’s really just an additional layer of security – not 100% essential if your Dashboard is secured in other ways.
Documentation: http://docs.generatepress.com/
Adding CSS: http://docs.generatepress.com/article/adding-css/
Ongoing Development: https://generatepress.com/ongoing-developmentJuly 3, 2017 at 12:11 pm #343563Frances
Hi again – ok thanks for the additional explanation!
July 3, 2017 at 7:45 pm #343738Tom
Lead DeveloperLead DeveloperNo problem 🙂
Documentation: http://docs.generatepress.com/
Adding CSS: http://docs.generatepress.com/article/adding-css/
Ongoing Development: https://generatepress.com/ongoing-developmentJuly 5, 2017 at 7:33 pm #344789Garth Dryland
Hey Tom
Been following through this thread as I have the same problem.
Can you expand on what you mean by manual hook ?
Do you mean adding the breadcrumb code to hooks in the theme hooks area as opposed to the snippet plugin mentioned?Also, as I use 2 factor I realise exclusions is less important.
I activated the rule in wp-config.php as I wanted to remove the dashboard prompt.Is there another way to achieve that ?
Cheers
July 5, 2017 at 7:53 pm #344799Garth Dryland
Tom, you can scratch part of the last post.
I found thisadd_action( 'after_setup_theme', 'tu_remove_hooks_php_check' ); function tu_remove_hooks_php_check() { remove_action( 'admin_notices','generate_hooks_php_check' ); }
Just need clarification on the remaining question re manual hook ?
Thanks
July 6, 2017 at 12:20 am #344868Tom
Lead DeveloperLead DeveloperManual hook meaning writing the actual PHP and placing it in your child theme or custom plugin.
Using a plugin like Code Snippets makes this change redundant, as someone with access to your Dashboard can run PHP. So if you use Code Snippets, you might as well allow PHP execution in GP Hooks and within the WP file editor.
Documentation: http://docs.generatepress.com/
Adding CSS: http://docs.generatepress.com/article/adding-css/
Ongoing Development: https://generatepress.com/ongoing-developmentJuly 6, 2017 at 3:26 am #344928Garth Dryland
Thanks Tom
I use two factor and I also have other forms of protection with ithemes security. Plus my host is fantastic and are big on security so I will just use the function to remove the prompt and continue to use breadcrumbs.
I use your Simple CSS plugin and the functionality plugin for such changes. I don’t use code snippets but looks like maybe I should given its updated to 4.8 whereas the functionality plugin is lagging behind now at v4.6.6. Ironically they are made by the same developer.
Cheers.
July 6, 2017 at 9:47 am #345107Tom
Lead DeveloperLead DeveloperSounds good! 🙂
Documentation: http://docs.generatepress.com/
Adding CSS: http://docs.generatepress.com/article/adding-css/
Ongoing Development: https://generatepress.com/ongoing-development -
AuthorPosts
- You must be logged in to reply to this topic.