WordPress Hooks, filters and actions

WordPress Hooks, filters and actions

What are wordpress Hooks Wordpress Hooks provide the ability to enhance, modify or customise a wordpress functionality by writing your own code without modifying the wordpress core code. A Wordpress Hook code can either be written directly in your themes (preferably child theme's) functions.php or by creating your own plugin (recommended way) Types of hooks There are 2 types of wordpress hooks action hooks: These hooks can also be called as trigger hooks as they gets triggered based on a certain action/event. e.g. when a user registers on your site an action hook can be set up to geocode the user address and add the latitude longitude to the user_meta table. filter hooks: This hook allows to enhance or modify wordpress functionality or data e.g. it allows to use a custom template for certain post types, allows to use your custom page for lost password functionality, filter user data before displaying on browser or storing in the database. Examples of hooks user_register action hook: This action hook allows you to access data...
Read More

WordPress Custom Login page

Creating a Wordpress custom login page has 2 benefits Login page can be created based on your own theme The URL for the login page would be different to the Wordpress login URL. This is a good security practice provided you block the Wordpress default login page or redirect it to your custom login page. This does not mean that you need to create your own methods to store and retreive cookies by creating your own login function. Wordpress provides easy to use functions using which you can create own own plugin to create a wordpress custom login page. So here is the sample login form Wordpress custom login page - form [crayon-59c7ea3e7f05c990841149/] Here the form action submits to a page which does the authentication part. If you have created your own plugin the page would most likely be in your plugin folder. Here is the page which does the authentication and sets the cookie Wordpress custom login page - authentication [crayon-59c7ea3e7f065718812173/] wp_authenticate authenticates the user. If ok wp_set_auth_cookie sets the cookie for...
Read More

Automatic Database backups using free Sypex Dumper tool

Automatic database backups can be set up very easily using a simple shell script and a cron job. However it may not be a practical solution for huge databases and the restoration process can also be difficult. There are various tools available to make this process simple. Sypex Dumper is just one of them. What is Sypex Dumper Sypex Dumper is a software product (PHP-script), which can help you create a backup copy (dump, export) of a MySQL database, and also restore the database from the backup file if needed. Read more and download With this tool huge databases can be backed up and restored with very high speed using least server resources and greatly reducing the size of the database dumps. Free version of the tool is enough to create the automatic backups. The Paid version allows to selectively restore a particular table from the entire database. Steps to set up automatic Database Backups Let's assume you want to create backup of your database every day and keep the...
Read More

MySQL archive records based on date column

Let's assume you have a logs table and you want to delete the logs which are more than 1 year old. Ideally you would like to automate this using a cron job. MySQL Between query [crayon-59c7ea3e7f988822679412/] Using the above query we can delete all the logs for the year 2014. However we cannot automate this query since we are providing the dates manually. MySQL DATE_SUB query [crayon-59c7ea3e7f990377238192/] Above query deletes all the records which are older than a year. Here we do not need to provide dates. It automatically finds the records which are older than a year using NOW and INTERVAL parameters. So let's say you want to delete all the records which are 6 months old then the query would be [crayon-59c7ea3e7f994266186221/] Now lets automate the process of archiving our logs table This can be done through a number of ways. Shell Script [crayon-59c7ea3e7f998820470527/] A shell script can be created with above code. The script can then be added to a cron job. MySQL event scheduler Read more [crayon-59c7ea3e7f99c282355033/] PHP Script Create a PHP page to run the query and...
Read More

WordPress XMLRPC attacks – How to prevent

What is wordpress XMLRPC RPC stands for Remote Procedure Call. Wordpress XMLRPC is a protocol which allows remote systems to communicate with Wordpress. The language to communicate is XML. With WordPress XMLRPC support, you can post to your WordPress blog using many popular Weblog Clients. XML-RPC functionality is turned on by default since WordPress 3.5. Brute Force Attack through wordpress XMLRPC Attackers user system.multicall method in XML-RPC to create hundreds of request combined in a single request to attack a system i.e. mostly to guess the username and password to the system. This is called as Brute Force Amplification Attacks  via WordPress XML-RPC How to prevent XMLRPC attack The most recommended way is to disable XML-RPC completely. To disable XML-RPC completely add following to your APACHE configuration file. [crayon-59c7ea3e7fe47829501306/] Some plugins in wordpress e.g. Jetpack is based on XML-RPC. In that case it is not possible to disable XML-RPC entirely. In that case you can disable system.multicall requests through your firewall Check server logs regularly and find IPs...
Read More