Skip to content

Instantly share code, notes, and snippets.

Avatar
🎯
Focusing

Dipak C. Gajjar dipakcg

🎯
Focusing
View GitHub Profile
@dipakcg
dipakcg / .htaccess
Created Sep 21, 2020
HTTP Security Headers (WordPress)
View .htaccess
<IfModule mod_headers.c>
Header set X-XSS-Protection "1; mode=block"
Header always append X-Frame-Options SAMEORIGIN
Header set X-Content-Type-Options nosniff
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
</IfModule>
@dipakcg
dipakcg / whitelist.conf or exclude.conf
Created Jun 20, 2019
Specific rules for WordPress exclusion under ModSecurity (mod_security)
View whitelist.conf or exclude.conf
<locationmatch "/wp-admin/admin-ajax.php">
SecRuleRemoveById 300013
SecRuleRemoveById 300015
SecRuleRemoveById 300016
SecRuleRemoveById 300017
SecRuleRemoveById 949110
SecRuleRemoveById 980130
</locationmatch>
<locationmatch "/wp-admin/page.php">
@dipakcg
dipakcg / cloudSettings
Last active Mar 22, 2021
Visual Studio Code Settings Sync Gist
View cloudSettings
{"lastUpload":"2021-03-22T05:50:02.207Z","extensionVersion":"v3.4.3"}
@dipakcg
dipakcg / .htaccess
Last active Feb 5, 2021
WordPress: Security Headers
View .htaccess
# Add the following security headers in the root .htaccess file of WordPress #
# Get A+ Security Headers Score under securityheaders.com #
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
Header set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.api.twitter.com https://gist.github.com https://syndication.twitter.com https://platform.twitter.com https://js-agent.newrelic.com https://*.nr-data.net https://*.wp.com https://*.gravatar.com https://*.wp.com https://pagead2.googlesyndication.com https://ssl.google-analytics.com https://connect.facebook.net https://www.google-analytics.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com; img-src 'self' data: https://pbs.twimg.com https://platform.twitter.com https://syndication.twitter.com https://dashboard.wordpress.com https://s-ssl.wordpress.com https://dashboard.google.com https://wordpress.org https://*.w.org https://*.gravatar.co
@dipakcg
dipakcg / export.php
Created Dec 1, 2016
Export MySQL to Excel (.xls) using PHP
View export.php
<?php
/***** EDIT BELOW LINES *****/
$DB_Server = "localhost"; // MySQL Server
$DB_Username = "username"; // MySQL Username
$DB_Password = "password"; // MySQL Password
$DB_DBName = "databasename"; // MySQL Database Name
$DB_TBLName = "tablename"; // MySQL Table Name
$xls_filename = 'export_'.date('Y-m-d').'.xls'; // Define Excel (.xls) file name
/***** DO NOT EDIT BELOW LINES *****/
@dipakcg
dipakcg / functions.php
Last active Jan 25, 2021
📦 WordPress : Set first image as featured image
View functions.php
// Get the first embedded image from the content
function catch_the_first_image() {
global $post, $posts;
$first_img = '';
ob_start();
ob_end_clean();
$output = preg_match_all('/<img.+?src=[\'"]([^\'"]+)[\'"].*?>/i', $post->post_content, $matches);
if ( isset( $matches[1][0] ) ) {
$first_img = $matches[1][0];
@dipakcg
dipakcg / footer.php
Last active Oct 28, 2020
WordPress : Load any third-party script locally
View footer.php
@dipakcg
dipakcg / functions.php
Last active Sep 13, 2020
Check WordPress Plugin Dependency
View functions.php
/* Check plugin dependency */
dcg_check_plugin_dependency('Easy Digital Downloads - Product Gallery for Frontend Submissions', 'Easy Digital Downloads - Frontend Submissions', 'edd-fes/edd-fes.php', '', null);
dcg_check_plugin_dependency('Easy Digital Downloads - Product Gallery for Frontend Submissions', 'Olam Multiple Image', 'olam-multiple-images/olam-multiple-images.php', '', null);
/**
* Verify if a plugin is active, if not deactivate the actual plugin an show an error
* @param [string] $my_plugin_name
* The plugin name trying to activate. The name of this plugin
* Ex:
* WooCommerce new Shipping Method
@dipakcg
dipakcg / functions.php
Created Aug 16, 2020
Easy Digital Downloads - Front-End Submissions - Allow only specific mime types upload
View functions.php
// FES form field name : Prices and Files
add_filter( 'upload_mimes', 'dcg_restrict_mime_types', 1, 1 );
function dcg_restrict_mime_types( $mime_types )
{
$user = wp_get_current_user(); // get the current user
// if user is shop vendor or a shop manager
if ( in_array( 'shop_vendor', (array) $user->roles ) || in_array( 'shop_manager', (array) $user->roles ) ) {
@dipakcg
dipakcg / .htaccess
Last active Jul 20, 2020
Security Headers Fix to verify with securityheaders.com
View .htaccess
# Add the following to the WordPress installation's root .htaccess file
# Extra Security Headers
<IfModule mod_headers.c>
Header set X-XSS-Protection "1; mode=block"
Header always append X-Frame-Options SAMEORIGIN
Header set X-Content-Type-Options nosniff
Header set Strict-Transport-Security "max-age=31536000" env=HTTPS
Header set Referrer-Policy "no-referrer-when-downgrade"
Header set Feature-Policy: vibrate 'self'; usermedia *; sync-xhr 'self' https://dipakgajjar.com
Header set Expect-CT enforce,max-age=2592000,report-uri="https://dipakgajjar.com/report"