[Resolved] define( 'GENERATE_HOOKS_DISALLOW_PHP', true );

[Frances]

Hi Leo,

Yes and Ah-ha! I have one GP hook for adding breadcrumbs after the header

<?php if ( function_exists(‘yoast_breadcrumb’) ) { ?>

<?php yoast_breadcrumb(‘<p id=”breadcrumbs”>’,'</p>’); ?>

<?php } ?>

After I added the other code in code snippets the breadcrumbs disappeared and in their place are those ‘mysterious’ marks.

Thanks,
Frances

[Tom]

Thinking about this, and the snippet should go in the wp-config.php file.

The reason being is if a bad person gains access to your Dashboard, they could just turn off the code snippet and still execute PHP. They wouldn’t have access to the wp-config.php file, so it’s the safest place to add the snippet.

Documentation: http://docs.generatepress.com/
Adding CSS: http://docs.generatepress.com/article/adding-css/
Ongoing Development: https://generatepress.com/ongoing-development

[Frances]

Good morning Tom,

OK, so I need to add the following code to my wp.config.php file to make my entire WP more secure from malevolent n’ere do wells:

define( ‘GENERATE_HOOKS_DISALLOW_PHP’, true );
}

Where does this code snip get added, at the end? (I might as well ask the dumb questions since my forte is printmaking and fiber art and not WP!)

Can you point me to a document explaining how to do this? Happy to learn but green on this stuff.

Thank you!

[Tom]

You can add it right above this line:

/* That's all, stop editing! Happy blogging. */

Documentation: http://docs.generatepress.com/
Adding CSS: http://docs.generatepress.com/article/adding-css/
Ongoing Development: https://generatepress.com/ongoing-development

[Frances]

Hi Tom – thanks for the scoop. I added the code to my wp config file and those darn mystery marks (the remnants of my YOAST breadcrumbs) showed back up. So I deleted the define( ‘GENERATE_HOOKS_DISALLOW_PHP’, true ); code and exited my control panel file manager.

then I went over to the GP Hooks section and deleted the yoast breadcrumbs code that I had in there.

With that out of the way, I just added the define( ‘GENERATE_HOOKS_DISALLOW_PHP’, true ); back to the Code snippet plugin and voila, the dashboard message is gone, and all appears to be fine and dandy.

Didn’t really care about the breadcrumbs anyway!

I’m all set. Again, thank you!

Frances

[Tom]

No problem 🙂

You can add your breadcrumbs using a manual hook – feel free to open a support topic if you need help with that.

It should be mentioned that having a plugin like Code Snippets active kind of defeats the purpose of DISALLOW_FILE_EDIT and GENERATE_HOOKS_DISALLOW_PHP, as anyone who gains access to your Dashboard could execute PHP inside that plugin.

Documentation: http://docs.generatepress.com/
Adding CSS: http://docs.generatepress.com/article/adding-css/
Ongoing Development: https://generatepress.com/ongoing-development

[Frances]

Hi again Tom,
Will start another support ticket regarding the breadcrumbs if I decide I want them back. I thought I had a manual hook placed in the Generate Press Hooks section.

I’m still confused about the Code Snippet plugin. I thought you liked and recommended the plugin for inserting code…AND I understand why putting the Disallow_file edit etc code here defeats the purpose should someone gain access to my dashboard. I will go ahead and insert the DISALLOW_FILE_EDIT and GENERATE_HOOKS_DISALLOW_PHP directly into my wp.config php file via my Control Panel.

But: can I still use the Code Snippets plugin for other purposes? I installed the it back in March (upon your recommendation) so that I could change the wording of the comment reply title (ie:”leave a comment”) after my posts

here’s the link to the support convo:

https://generatepress.com/forums/topic/change-wording-of-leave-a-comment-for-comment-reply-title/

I only have one code snippet active, should this filter be applied differently somewhere else? And I should I delete the Code Snippets plugin?

thanks,
Frances

[Tom]

The purpose of those constants is to prevent PHP execution in your Dashboard.

The Code Snippets plugin defeats that purpose, as someone could execute PHP if they gained access to your Dashboard.

Personally I keep PHP execution, as I have 2FA to login, and it’s unlikely anyone could login to my Dashboard.

It’s really just an additional layer of security – not 100% essential if your Dashboard is secured in other ways.

Documentation: http://docs.generatepress.com/
Adding CSS: http://docs.generatepress.com/article/adding-css/
Ongoing Development: https://generatepress.com/ongoing-development

[Frances]

Hi again – ok thanks for the additional explanation!

[Tom]

No problem 🙂

Documentation: http://docs.generatepress.com/
Adding CSS: http://docs.generatepress.com/article/adding-css/
Ongoing Development: https://generatepress.com/ongoing-development

[Garth Dryland]

Hey Tom

Been following through this thread as I have the same problem.

Can you expand on what you mean by manual hook ?
Do you mean adding the breadcrumb code to hooks in the theme hooks area as opposed to the snippet plugin mentioned?

Also, as I use 2 factor I realise exclusions is less important.
I activated the rule in wp-config.php as I wanted to remove the dashboard prompt.

Is there another way to achieve that ?

Cheers

[Garth Dryland]

Tom, you can scratch part of the last post.
I found this

add_action( 'after_setup_theme', 'tu_remove_hooks_php_check' );
function tu_remove_hooks_php_check() {
    remove_action( 'admin_notices','generate_hooks_php_check' );
}

Just need clarification on the remaining question re manual hook ?

Thanks

[Tom]

Manual hook meaning writing the actual PHP and placing it in your child theme or custom plugin.

Using a plugin like Code Snippets makes this change redundant, as someone with access to your Dashboard can run PHP. So if you use Code Snippets, you might as well allow PHP execution in GP Hooks and within the WP file editor.

Documentation: http://docs.generatepress.com/
Adding CSS: http://docs.generatepress.com/article/adding-css/
Ongoing Development: https://generatepress.com/ongoing-development

[Garth Dryland]

Thanks Tom

I use two factor and I also have other forms of protection with ithemes security. Plus my host is fantastic and are big on security so I will just use the function to remove the prompt and continue to use breadcrumbs.

I use your Simple CSS plugin and the functionality plugin for such changes. I don’t use code snippets but looks like maybe I should given its updated to 4.8 whereas the functionality plugin is lagging behind now at v4.6.6. Ironically they are made by the same developer.

Cheers.

[Tom]

Sounds good! 🙂

Documentation: http://docs.generatepress.com/
Adding CSS: http://docs.generatepress.com/article/adding-css/
Ongoing Development: https://generatepress.com/ongoing-development

[Author]

Posts