Skip to content

Instantly share code, notes, and snippets.

Avatar

Paul Goodchild paulgoodchild

View GitHub Profile
@paulgoodchild
paulgoodchild / functions.php
Created Jan 20, 2022
Customize whether a request is blocked in Shield
View functions.php
<?php declare( strict_types=1 );
/**
* Use this filter to tell Shield to block a request.
*
* By default, Shield will block requests solely based on the IP reputation for that site.
*
* With this filter, you can change these criteria.
*
* In this example we want to block all access to the WP admin and WP login areas and
@paulgoodchild
paulgoodchild / functions.php
Created Oct 19, 2021
Prevent running of NotBot JS based on other factors on site
View functions.php
<?php declare( strict_types=1 );
/**
* Use this filter to tell Shield to NOT run the NotBot JS system.
*
* If you disable the NotBot JS system then you will likely lock-out visitors.
*
* Use of this filter is at your own risk.
*/
add_filter( 'shield/can_run_antibot', function ( $canRun ) {
@paulgoodchild
paulgoodchild / functions.php
Last active May 21, 2021
[Shield Security for WordPress] Filter whether the Plugin Security Badge is displayed
View functions.php
<?php
/**
* Note: Only available from Shield v11.2+
*
* Use this filter to tell Shield whether or not the Plugin Security Badge should be displayed or not.
*
* More Info on badge here: https://getshieldsecurity.com/blog/feature-plugin-badge/
*
* For example, you may only want to show the badge if the visitor is not on a mobile (see below).
@paulgoodchild
paulgoodchild / functions.php
Last active Mar 27, 2021
Set Service Providers to be "untrusted" in Shield Security
View functions.php
<?php
/**
* Use this filter to tell Shield to NOT automatically whitelist certain providers.
*
* By default Shield will never block official service providers and web crawlers. You can turn off this behaviour on
* a per-service basis using this filter.
*
* Understand that Shield doesn't then "block" the provider, it simply no longer gives it a free pass. If it abuses your
* resources or performs requests that cause offenses, it may be then blocked by Shield.
@paulgoodchild
paulgoodchild / functions.php
Last active Mar 27, 2021
Specify the hour of the day that the Shield Security plugin executes its daily cron
View functions.php
<?php
/**
* The Scanner cron job run by the Shield plugin is responsible for executing the scans.
* If you're running ShieldFREE, the scans runs automatically once per day. On ShieldPRO, it can repeat up to every hour.
*
* The Cron is configured to have a start time - i.e. the first time that the cron will execute. Then it repeats based on your settings.
*
* If the hour at which the cron is set to run is 3 a.m. (the default), it will first run the next day at 3am, and then
* every day thereafter at 3 a.m. If this default hour doesn't suit, you can change it using a WordPress filter.
*
@paulgoodchild
paulgoodchild / functions.php
Created Dec 12, 2020
Automatically add WordPress site to your iControlWP control panel from ManageWP (or other)
View functions.php
<?php
/**
* You may automatically add any WordPress site to your iControlWP account by using the "code run"
* or "code snippets" feature in ManageWP.
*
* Please follow these steps:
*
* 1) Install and activate the iControlWP plugin on your WordPress site.
* 2) Grab your "AUTHENTICATION_KEY" from your iControlWP account:
* - https://app.icontrolwp.com/profile/preferences
@paulgoodchild
paulgoodchild / functions.php
Created Dec 7, 2020
WordPress: How to set that a request may use Application Password
View functions.php
<?php
/**
* WordPress (5.6+) allows the use of Application Passwords when authenticating logins.
* However, only certain requests are considered to be requests from an "Application". Officially, these are
* XML-RPC and REST API requests.
*
* However, you may customize this to ensure that authenticated requests from your service
* (if they don't use XML-PRC/RESTAPI) are put through the appropriate authentication process.
*
* To achieve this, you make use of the filter: application_password_is_api_request
@paulgoodchild
paulgoodchild / functions.php
Created Nov 3, 2020
Customise the contents and styles of Shield Security Plugin Badge
View functions.php
<?php
/**
* The plugin badge array has 5 attributes represented by the following keys:
* name, url, logo, protected_by, custom_css
*
* This filter is only available is the plugin is activated for ShieldPRO.
*
* You may also use your Whitelabel settings to overwrite many of the defaults:
* See: https://icontrolwp.freshdesk.com/support/solutions/articles/3000078466
@paulgoodchild
paulgoodchild / functions.php
Created Sep 23, 2020
Customise the hook/location where Shield's Antibot feature will output any content
View functions.php
<?php
/**
* Use this filter to change the precise location where Shield's Antibot features will be
* output within the Woocommerce checkout form.
*/
add_filter( 'icwp-wpsf-woocommerce_checkout_hook_location', function ( $hook ) {
/**
* This is the default hook location used by Shield.
@paulgoodchild
paulgoodchild / functions.php
Last active Dec 10, 2021
Add custom user roles to enforce 2FA by email using Shield Security plugin for WordPress
View functions.php
<?php
/**
* Adding custom roles is a case of using the filter provided, adding your
* roles to the array of roles that has 2FA by email forced upon them.
*
* The role you add will be the 'slug' of the role, not the name of the role.
* For example, WordPress comes with built-in roles such as Administrator.
* The slug for this role is 'administrator', not 'Administrator'.
*/