Skip to content

Instantly share code, notes, and snippets.

View paulgoodchild's full-sized avatar

Paul Goodchild paulgoodchild

View GitHub Profile
@paulgoodchild
paulgoodchild / functions.php
Last active May 8, 2019 10:42
Hide WordPress Core Update Nag/Notification
View functions.php
<?php
add_action( 'admin_init', function () {
remove_action( 'admin_notices', 'update_nag', 3 );
} );
@paulgoodchild
paulgoodchild / custom_roles.php
Created June 2, 2019 08:38
[Shield Security] Add custom user roles for email two-factor authenticaton
View custom_roles.php
<?php
add_filter( 'odp-shield-2fa_email_user_roles', function ( $aRoles ) {
$aRoles[] = 'your_custom_role';
return $aRoles;
} );
@paulgoodchild
paulgoodchild / shield_custom_offenses.php
Created June 11, 2019 08:59
[Shield Security] Fire custom security offences. Use this to trigger an offence against an IP address for custom actions that you'd like to consider an offence.
View shield_custom_offenses.php
<?php
/**
* Trigger Custom Shield Offense.
*
* Use a WP do_action() call to register a custom offense against an IP address.
* Supported in Shield Security 7.5+
*
* Parameters:
* 1) The action name that we use to register your custom offense. This never changes.
@paulgoodchild
paulgoodchild / adjust_2fa.php
Created August 26, 2019 13:17
Filter to adjust whether Two-Factor Authentication is applied to a logged-in user in Shield
View adjust_2fa.php
<?php
add_filter( 'icwp-wpsf-user_subject_to_login_intent', function ( $bUserSubjectTo2FA, $oWpUser ) {
/**
* Insert Your logic here.
* Parameter $oWpUser is a WP_User object.
* Always return a boolean true/false from this function.
* In this example, if User ID is 1, always apply 2FA rules
*/
@paulgoodchild
paulgoodchild / functions.php
Created August 29, 2019 08:42
Shield Security - force English display in international sites
View functions.php
<?php
/**
* You can force Shield to display in any language (assuming the translation exists)
* regardless of which language your site is currently configured to operate in.
*
* In this example, we are forcing English. Adjust line #10 to change preferred locale.
*/
add_filter( 'shield_force_locale', function () {
return 'en_US';
@paulgoodchild
paulgoodchild / restrict_subscribers.php
Created September 18, 2019 09:45
Restrict WP Admin Dashboard Access From Subscribers
View restrict_subscribers.php
<?php
add_action( 'init', function () {
if ( is_admin() && !( defined( 'DOING_AJAX' ) && DOING_AJAX ) && !current_user_can( 'edit_posts' ) ) {
wp_safe_redirect( home_url() );
}
} );
@paulgoodchild
paulgoodchild / functions.php
Created February 17, 2020 11:32
Show Shield Dashboard Widget to admins only
View functions.php
<?php
add_action( 'admin_init', function () {
if ( function_exists( 'shield_security_get_plugin' ) ) {
$oShield = shield_security_get_plugin();
if ( !empty( $oShield ) ) {
add_filter(
$oShield->getController()->prefix( 'show_dashboard_widget' ),
function ( $bShow ) {
// restrict display to administrators only (i.e. they have capability to "manage_options")
View functions.php
<?php
/**
* You can whitelist certain directories from the Shield malware scanner using
* the following WordPress filter.
*
* All paths you provide must be relative to your ABSPATH
* (i.e. from the directory where your wp-settings.php file resides)
*
* You must always return the $paths variable at the end.
@paulgoodchild
paulgoodchild / functions.php
Created April 21, 2020 09:37
Find your outgoing server IP addresses.
View functions.php
<?php
/**
* Add this to your functions.php and then call your site URL with "get_my_server_ip" in your query.
* e.g. https://www.example.com/?get_my_server_ip=1
*/
if ( isset( $_GET[ 'get_my_server_ip' ] ) ) {
add_action( 'init', function () {
echo 'Server IPs:<br/>'.implode( '<br/>', array_unique( [
wp_remote_get( 'https://api.ipify.org' )[ 'body' ],
@paulgoodchild
paulgoodchild / functions.php
Last active February 19, 2021 12:40
Increase Shield Security's 2FA timeout
View functions.php
<?php
/**
* Shield Security's 2FA timeout defaults to 5 minutes. This means that a user must
* supply their 2FA code(s) within this time or they'll need to start again (re-login).
*
* Some email providers can be a bit slow at times with their email delivery, and
* 5 minutes isn't long enough. To provide a bit more time, you can use a filter to
* extend the timeout to as many minutes as you need.
*
* Reference: https://support.getshieldsecurity.com/support/solutions/articles/3000101220