- This topic has 5 replies, 3 voices, and was last updated 3 years, 11 months ago by David.
-
AuthorPosts
-
April 24, 2020 at 9:09 am #1253724Jennifer
I cannot get your php to work under hooks when I disable disallow file edit. Whether I say true or false it does not work.
https://livinghisword.org/wp-content/uploads/2020/04/wpconfig1.png
https://livinghisword.org/wp-content/uploads/2020/04/wpconfighook1.pngThe only way it works is when I comment out this code define(‘DISALLOW_FILE_EDIT’, false);
https://livinghisword.org/wp-content/uploads/2020/04/wpconfig2.png
https://livinghisword.org/wp-content/uploads/2020/04/wpconfighook2.pngThe problem with this is it makes my site hackable. Can you please tell me how I can use your PHP under hooks without sacrificing my security under the wpconfig file.
————————–
The instructions below do not tell you where to place this code, can you please tell me where and will this help my problem?If for some reason you want to keep PHP execution in GP Hooks (and disallow file editing), you can remove the admin message added by GP Premium with this function:
add_action( ‘after_setup_theme’, ‘tu_remove_hooks_php_check’ );
function tu_remove_hooks_php_check() {
remove_action( ‘admin_notices’,’generate_hooks_php_check’ );
}April 24, 2020 at 4:24 pm #1254306TomLead DeveloperLead DeveloperThe problem with this is it makes my site hackable. Can you please tell me how I can use your PHP under hooks without sacrificing my security under the wpconfig file.
Allowing file editing in your Dashboard is the same thing as allowing the Hook Element to execute PHP, which is why the disallow file editing constant applies to the Hook Element. What makes it “risky” is the idea that if someone were to gain access to your Dashboard (already very bad), they could execute PHP in the Dashboard to gain access to your server.
However, even with file editing disabled, they could just upload a custom plugin with their PHP and do the same thing.
If you want to allow PHP in Hooks while disallowing file editing (defeats the purpose), you can do this:
add_filter( 'generate_hooks_execute_php', '__return_true' );
April 25, 2020 at 7:43 am #1255004JenniferHi Tom,
Forgive me but you completely lost me on your wording. I do not have the full understanding of why the disallow only works when I comment it out and then have yours underneath. Why will it not work like this
define(‘DISALLOW_FILE_EDIT’, true);
define(‘GENERATE_HOOKS_DISALLOW_PHP’, false);I really love your hooks and they help my site a great deal. Maybe if I explain what I am using the php for that would help.
I have a page where I bring in rss feeds.
https://livinghisword.org/daily-biblical-news/
In order to do this I am using a php code. This is why I need to execute php. I want to stay away from plugins, like php everywhere, if possible. I noticed I could bring in php with your hooks but I cannot seem to understand the correct way to layout the code. Can you help me please.1. Can you let me know if what I am currently doing is correct or is there a better way?
Which is I have
// define(‘DISALLOW_FILE_EDIT’, true); commented out
define(‘GENERATE_HOOKS_DISALLOW_PHP’, false);2. Where do I place this code? And why does it defeat the purpose?
add_filter( ‘generate_hooks_execute_php’, ‘__return_true’ );3. Where do I place this code? And do I need this?
add_action( ‘after_setup_theme’, ‘tu_remove_hooks_php_check’ );
function tu_remove_hooks_php_check() {
remove_action( ‘admin_notices’,’generate_hooks_php_check’ );
}Do they go under functions.php or wpcofig or ??
Thank you for your time. I hope you and your family are well 🙂
Jennifer
April 25, 2020 at 8:12 am #1255166DavidStaffCustomer SupportHi there,
try this:
1. Restore your wp-config PHP editing to its default ie. it only has this disallow rule:
define( 'DISALLOW_FILE_EDIT', true );
2. Then you need to add this PHP snippet to your site:
add_filter( 'generate_hooks_execute_php', '__return_true' );
Adding PHP is explained here:
https://docs.generatepress.com/article/adding-php/TLDR: If you’re using a child theme – you can add that code to your functions.php. If you’re not using a Child Theme then install the Code Snippets plugin
April 25, 2020 at 8:33 am #1255187JenniferThank you for actually answering my questions. I really appreciate that. It works, YEAH!!!
I added this to the functions.php file, for I do have your child theme. Again thank you for making that simple and easy to understand :)!!
Have a blessed day!
JenniferApril 27, 2020 at 3:02 am #1257410DavidStaffCustomer SupportGlad we could be of help
-
AuthorPosts
- You must be logged in to reply to this topic.