Skip to content

Instantly share code, notes, and snippets.

Avatar

Paul Goodchild paulgoodchild

View GitHub Profile
@paulgoodchild
paulgoodchild / functions.php
Last active Mar 27, 2021
Set Service Providers to be "untrusted" in Shield Security
View functions.php
<?php
/**
* Use this filter to tell Shield to NOT automatically whitelist certain providers.
*
* By default Shield will never block official service providers and web crawlers. You can turn off this behaviour on
* a per-service basis using this filter.
*
* Understand that Shield doesn't then "block" the provider, it simply no longer gives it a free pass. If it abuses your
* resources or performs requests that cause offenses, it may be then blocked by Shield.
@paulgoodchild
paulgoodchild / functions.php
Last active Mar 27, 2021
Specify the hour of the day that the Shield Security plugin executes its daily cron
View functions.php
<?php
/**
* The Scanner cron job run by the Shield plugin is responsible for executing the scans.
* If you're running ShieldFREE, the scans runs automatically once per day. On ShieldPRO, it can repeat up to every hour.
*
* The Cron is configured to have a start time - i.e. the first time that the cron will execute. Then it repeats based on your settings.
*
* If the hour at which the cron is set to run is 3 a.m. (the default), it will first run the next day at 3am, and then
* every day thereafter at 3 a.m. If this default hour doesn't suit, you can change it using a WordPress filter.
*
@paulgoodchild
paulgoodchild / functions.php
Created Dec 12, 2020
Automatically add WordPress site to your iControlWP control panel from ManageWP (or other)
View functions.php
<?php
/**
* You may automatically add any WordPress site to your iControlWP account by using the "code run"
* or "code snippets" feature in ManageWP.
*
* Please follow these steps:
*
* 1) Install and activate the iControlWP plugin on your WordPress site.
* 2) Grab your "AUTHENTICATION_KEY" from your iControlWP account:
* - https://app.icontrolwp.com/profile/preferences
@paulgoodchild
paulgoodchild / functions.php
Created Dec 7, 2020
WordPress: How to set that a request may use Application Password
View functions.php
<?php
/**
* WordPress (5.6+) allows the use of Application Passwords when authenticating logins.
* However, only certain requests are considered to be requests from an "Application". Officially, these are
* XML-RPC and REST API requests.
*
* However, you may customize this to ensure that authenticated requests from your service
* (if they don't use XML-PRC/RESTAPI) are put through the appropriate authentication process.
*
* To achieve this, you make use of the filter: application_password_is_api_request
@paulgoodchild
paulgoodchild / functions.php
Created Nov 3, 2020
Customise the contents and styles of Shield Security Plugin Badge
View functions.php
<?php
/**
* The plugin badge array has 5 attributes represented by the following keys:
* name, url, logo, protected_by, custom_css
*
* This filter is only available is the plugin is activated for ShieldPRO.
*
* You may also use your Whitelabel settings to overwrite many of the defaults:
* See: https://icontrolwp.freshdesk.com/support/solutions/articles/3000078466
@paulgoodchild
paulgoodchild / functions.php
Created Sep 23, 2020
Customise the hook/location where Shield's Antibot feature will output any content
View functions.php
<?php
/**
* Use this filter to change the precise location where Shield's Antibot features will be
* output within the Woocommerce checkout form.
*/
add_filter( 'icwp-wpsf-woocommerce_checkout_hook_location', function ( $hook ) {
/**
* This is the default hook location used by Shield.
@paulgoodchild
paulgoodchild / functions.php
Last active Aug 11, 2020
Add custom user roles to enforce 2FA by email using Shield Security plugin for WordPress
View functions.php
<?php
/**
* Adding custom roles is a case of using the filter provided, adding your
* roles to the array of roles that has 2FA by email forced upon them.
*
* The role you add will be the 'slug' of the role, not the name of the role.
* For example, WordPress comes with built-in roles such as Administrator.
* The slug for this role is 'administrator', not 'Administrator'.
*/
@paulgoodchild
paulgoodchild / functions.php
Last active Jul 31, 2020
Check Is The Current Visitor IP WhiteListed?
View functions.php
<?php
/**
* Both of these functions return a boolean (true|false) on whether the current visitor
* IP address is whitelisted.
*
* Be sure to use the most appropriate, depending on your Shield version.
*/
if ( class_exists( '\FernleafSystems\Wordpress\Plugin\Shield\Controller\Controller' ) ) {
@paulgoodchild
paulgoodchild / functions.php
Last active Feb 19, 2021
Increase Shield Security's 2FA timeout
View functions.php
<?php
/**
* Shield Security's 2FA timeout defaults to 5 minutes. This means that a user must
* supply their 2FA code(s) within this time or they'll need to start again (re-login).
*
* Some email providers can be a bit slow at times with their email delivery, and
* 5 minutes isn't long enough. To provide a bit more time, you can use a filter to
* extend the timeout to as many minutes as you need.
*
* Reference: https://support.getshieldsecurity.com/support/solutions/articles/3000101220
@paulgoodchild
paulgoodchild / functions.php
Created Apr 21, 2020
Find your outgoing server IP addresses.
View functions.php
<?php
/**
* Add this to your functions.php and then call your site URL with "get_my_server_ip" in your query.
* e.g. https://www.example.com/?get_my_server_ip=1
*/
if ( isset( $_GET[ 'get_my_server_ip' ] ) ) {
add_action( 'init', function () {
echo 'Server IPs:<br/>'.implode( '<br/>', array_unique( [
wp_remote_get( 'https://api.ipify.org' )[ 'body' ],