[Resolved] GENERATE_HOOKS_DISALLOW_PHP and DISALLOW_FILE_EDIT

Home Forums Support GENERATE_HOOKS_DISALLOW_PHP and DISALLOW_FILE_EDIT

This topic contains 5 replies, has 3 voices, and was last updated by  David 1 month ago.

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #1253724

    Jennifer

    I cannot get your php to work under hooks when I disable disallow file edit. Whether I say true or false it does not work.
    https://livinghisword.org/wp-content/uploads/2020/04/wpconfig1.png
    https://livinghisword.org/wp-content/uploads/2020/04/wpconfighook1.png

    The only way it works is when I comment out this code define(‘DISALLOW_FILE_EDIT’, false);
    https://livinghisword.org/wp-content/uploads/2020/04/wpconfig2.png
    https://livinghisword.org/wp-content/uploads/2020/04/wpconfighook2.png

    The problem with this is it makes my site hackable. Can you please tell me how I can use your PHP under hooks without sacrificing my security under the wpconfig file.
    ————————–
    The instructions below do not tell you where to place this code, can you please tell me where and will this help my problem?

    If for some reason you want to keep PHP execution in GP Hooks (and disallow file editing), you can remove the admin message added by GP Premium with this function:

    add_action( ‘after_setup_theme’, ‘tu_remove_hooks_php_check’ );
    function tu_remove_hooks_php_check() {
    remove_action( ‘admin_notices’,’generate_hooks_php_check’ );
    }

    Jennifer
    Living His Word Ministries, Inc.
    www.livinghisword.org

    #1254306

    Tom Lead Developer

    The problem with this is it makes my site hackable. Can you please tell me how I can use your PHP under hooks without sacrificing my security under the wpconfig file.

    Allowing file editing in your Dashboard is the same thing as allowing the Hook Element to execute PHP, which is why the disallow file editing constant applies to the Hook Element. What makes it “risky” is the idea that if someone were to gain access to your Dashboard (already very bad), they could execute PHP in the Dashboard to gain access to your server.

    However, even with file editing disabled, they could just upload a custom plugin with their PHP and do the same thing.

    If you want to allow PHP in Hooks while disallowing file editing (defeats the purpose), you can do this:

    add_filter( 'generate_hooks_execute_php', '__return_true' );

    #1255004

    Jennifer

    Hi Tom,

    Forgive me but you completely lost me on your wording. I do not have the full understanding of why the disallow only works when I comment it out and then have yours underneath. Why will it not work like this
    define(‘DISALLOW_FILE_EDIT’, true);
    define(‘GENERATE_HOOKS_DISALLOW_PHP’, false);

    I really love your hooks and they help my site a great deal. Maybe if I explain what I am using the php for that would help.

    I have a page where I bring in rss feeds.
    https://livinghisword.org/daily-biblical-news/
    In order to do this I am using a php code. This is why I need to execute php. I want to stay away from plugins, like php everywhere, if possible. I noticed I could bring in php with your hooks but I cannot seem to understand the correct way to layout the code. Can you help me please.

    1. Can you let me know if what I am currently doing is correct or is there a better way?
    Which is I have
    // define(‘DISALLOW_FILE_EDIT’, true); commented out
    define(‘GENERATE_HOOKS_DISALLOW_PHP’, false);

    2. Where do I place this code? And why does it defeat the purpose?
    add_filter( ‘generate_hooks_execute_php’, ‘__return_true’ );

    3. Where do I place this code? And do I need this?
    add_action( ‘after_setup_theme’, ‘tu_remove_hooks_php_check’ );
    function tu_remove_hooks_php_check() {
    remove_action( ‘admin_notices’,’generate_hooks_php_check’ );
    }

    Do they go under functions.php or wpcofig or ??

    Thank you for your time. I hope you and your family are well 🙂

    Jennifer

    Jennifer
    Living His Word Ministries, Inc.
    www.livinghisword.org

    #1255166

    David Customer Support

    Hi there,

    try this:

    1. Restore your wp-config PHP editing to its default ie. it only has this disallow rule:

    define( 'DISALLOW_FILE_EDIT', true );

    2. Then you need to add this PHP snippet to your site:
    add_filter( 'generate_hooks_execute_php', '__return_true' );

    Adding PHP is explained here:
    https://docs.generatepress.com/article/adding-php/

    TLDR: If you’re using a child theme – you can add that code to your functions.php. If you’re not using a Child Theme then install the Code Snippets plugin

    #1255187

    Jennifer

    Thank you for actually answering my questions. I really appreciate that. It works, YEAH!!!

    I added this to the functions.php file, for I do have your child theme. Again thank you for making that simple and easy to understand :)!!

    Have a blessed day!
    Jennifer

    Jennifer
    Living His Word Ministries, Inc.
    www.livinghisword.org

    #1257410

    David Customer Support

    Glad we could be of help

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.