[Resolved] GENERATE_HOOKS_DISALLOW_PHP and DISALLOW_FILE_EDIT

Home Forums Support [Resolved] GENERATE_HOOKS_DISALLOW_PHP and DISALLOW_FILE_EDIT

Popular Articles

Missing style.css

Updating errors

Installing GP Premium

Installing GeneratePress

How to add CSS

How to add PHP

Home Forums Support GENERATE_HOOKS_DISALLOW_PHP and DISALLOW_FILE_EDIT

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • April 24, 2020 at 9:09 am #1253724
    Jennifer

    I cannot get your php to work under hooks when I disable disallow file edit. Whether I say true or false it does not work.
    https://livinghisword.org/wp-content/uploads/2020/04/wpconfig1.png
    https://livinghisword.org/wp-content/uploads/2020/04/wpconfighook1.png

    The only way it works is when I comment out this code define(‘DISALLOW_FILE_EDIT’, false);
    https://livinghisword.org/wp-content/uploads/2020/04/wpconfig2.png
    https://livinghisword.org/wp-content/uploads/2020/04/wpconfighook2.png

    The problem with this is it makes my site hackable. Can you please tell me how I can use your PHP under hooks without sacrificing my security under the wpconfig file.
    ————————–
    The instructions below do not tell you where to place this code, can you please tell me where and will this help my problem?

    If for some reason you want to keep PHP execution in GP Hooks (and disallow file editing), you can remove the admin message added by GP Premium with this function:

    add_action( ‘after_setup_theme’, ‘tu_remove_hooks_php_check’ );
    function tu_remove_hooks_php_check() {
    remove_action( ‘admin_notices’,’generate_hooks_php_check’ );
    }

    April 24, 2020 at 4:24 pm #1254306
    Tom
    Lead Developer
    Lead Developer

    The problem with this is it makes my site hackable. Can you please tell me how I can use your PHP under hooks without sacrificing my security under the wpconfig file.

    Allowing file editing in your Dashboard is the same thing as allowing the Hook Element to execute PHP, which is why the disallow file editing constant applies to the Hook Element. What makes it “risky” is the idea that if someone were to gain access to your Dashboard (already very bad), they could execute PHP in the Dashboard to gain access to your server.

    However, even with file editing disabled, they could just upload a custom plugin with their PHP and do the same thing.

    If you want to allow PHP in Hooks while disallowing file editing (defeats the purpose), you can do this:

    add_filter( 'generate_hooks_execute_php', '__return_true' );

    April 25, 2020 at 7:43 am #1255004
    Jennifer

    Hi Tom,

    Forgive me but you completely lost me on your wording. I do not have the full understanding of why the disallow only works when I comment it out and then have yours underneath. Why will it not work like this
    define(‘DISALLOW_FILE_EDIT’, true);
    define(‘GENERATE_HOOKS_DISALLOW_PHP’, false);

    I really love your hooks and they help my site a great deal. Maybe if I explain what I am using the php for that would help.

    I have a page where I bring in rss feeds.
    https://livinghisword.org/daily-biblical-news/
    In order to do this I am using a php code. This is why I need to execute php. I want to stay away from plugins, like php everywhere, if possible. I noticed I could bring in php with your hooks but I cannot seem to understand the correct way to layout the code. Can you help me please.

    1. Can you let me know if what I am currently doing is correct or is there a better way?
    Which is I have
    // define(‘DISALLOW_FILE_EDIT’, true); commented out
    define(‘GENERATE_HOOKS_DISALLOW_PHP’, false);

    2. Where do I place this code? And why does it defeat the purpose?
    add_filter( ‘generate_hooks_execute_php’, ‘__return_true’ );

    3. Where do I place this code? And do I need this?
    add_action( ‘after_setup_theme’, ‘tu_remove_hooks_php_check’ );
    function tu_remove_hooks_php_check() {
    remove_action( ‘admin_notices’,’generate_hooks_php_check’ );
    }

    Do they go under functions.php or wpcofig or ??

    Thank you for your time. I hope you and your family are well 🙂

    Jennifer

    April 25, 2020 at 8:12 am #1255166
    David
    Staff
    Customer Support

    Hi there,

    try this:

    1. Restore your wp-config PHP editing to its default ie. it only has this disallow rule:

    define( 'DISALLOW_FILE_EDIT', true );

    2. Then you need to add this PHP snippet to your site:
    add_filter( 'generate_hooks_execute_php', '__return_true' );

    Adding PHP is explained here:
    https://docs.generatepress.com/article/adding-php/

    TLDR: If you’re using a child theme – you can add that code to your functions.php. If you’re not using a Child Theme then install the Code Snippets plugin

    April 25, 2020 at 8:33 am #1255187
    Jennifer

    Thank you for actually answering my questions. I really appreciate that. It works, YEAH!!!

    I added this to the functions.php file, for I do have your child theme. Again thank you for making that simple and easy to understand :)!!

    Have a blessed day!
    Jennifer

    April 27, 2020 at 3:02 am #1257410
    David
    Staff
    Customer Support

    Glad we could be of help

  • Author
    Posts
Viewing 6 posts - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.

Start building better websites today.

Go Premium Documentation
GeneratePress

GeneratePress

Support

Articles

© 2024 EDGE22 Studios LTD.