1. Create a .htpasswd file:
   Use an online htpasswd generator to create a user and encrypted password.
   Save it outside the public directory (e.g., /home/username/.htpasswd).

2. Edit your .htaccess file:
   Open the .htaccess file in the root of your WordPress site, or create one in the same directory as wp-login.php:

   <Files wp-login.php>
AuthType Basic
AuthName "Restricted Access"
AuthUserFile /full/path/to/.htpasswd
Require valid-user
</Files>


   ⚠️ Replace /full/path/to/.htpasswd with the actual path to your .htpasswd file.

3. Save and test:
   When you visit wp-login.php, it will now prompt for a username and password before showing the login page.

The post How can we protect wp-login without any plugins? appeared first on CNERIS.

How to disable REST API access for unauthenticated users?

By default, WordPress allows certain REST API endpoints to be publicly accessible. To restrict this access, you can use the rest_authentication_errors filter. The following code blocks REST API requests for any unauthenticated user and returns a custom error message.

What does this code do?

1. Filter rest_authentication_errors: This filter is used to handle authentication errors in the REST API.
2. Check for pre-existing errors: If $result already contains an error, it returns it as is.
3. User session verification: If the user is not logged in (!is_user_logged_in()), it returns a WP_Error with a custom message and an HTTP 401 (Unauthorized) status code.
4. Return results: If none of the above conditions are met, it proceeds with normal request handling.

Result

With this code in place, any unauthenticated user will receive an error message stating they must log in to access the REST API. This effectively secures your REST API from unauthorized access.

The post How to disable REST API access for unauthenticated users? appeared first on CNERIS.

Steps:

1. Open the functions.php file of your active theme or create a custom plugin for this adjustment.
2. Add the following PHP code to disable the REST API for unauthenticated users:

3. Save the changes and verify that unauthenticated users can no longer access the REST API.

The post How to disable the REST API in WordPress using PHP code appeared first on CNERIS.

1. Limit Access to Sensitive Information

• Disable the ability to view user details via URLs like ?author=1.
  Add the following code to your functions.php file:
  php

  Copiar código

  add_action('template_redirect', function() {
if (is_author()) {
wp_redirect(home_url());
exit;
}
});


2. Use Security Plugins

Install plugins like Wordfence or All In One WP Security to monitor and block suspicious activities. These plugins can detect and prevent user enumeration attempts.

3. Block User Enumeration via .htaccess

For Apache servers, use the following code in the .htaccess file to block requests targeting usernames:

4. Implement Strong Password Policies

Encourage all users to use strong passwords and enable two-factor authentication (2FA) to add an extra layer of security.

5. Monitor Logs for Suspicious Activity

Regularly review your website logs for unusual activity or repeated attempts to access user information.

6. Keep WordPress Updated

Always use the latest version of WordPress, plugins, and themes to ensure known vulnerabilities are patched.

By following these steps, you can significantly reduce the risk of user enumeration and keep your WordPress site secure.

The post How to Protect WordPress from User Enumeration appeared first on CNERIS.

Option 1: Use predefined rules

1. Go to WooCommerce > Settings > Shipping and select your shipping zone.
2. Configure:
   • A Free Shipping method with a minimum order of 60 euros.
   • A Flat Rate Shipping method with a base cost of 5 euros.
3. While WooCommerce may not automatically hide the flat rate, customers will be able to choose free shipping when eligible.

Option 2: Use custom code

Add this code to your functions.php file to automatically hide other shipping methods when free shipping is available:

Final Step

• Save your changes and refresh the checkout page to test

The post The option “Hide other shipping methods when free shipping is available” is not displayed appeared first on CNERIS.

• Install a system information plugin
  Go to the WordPress admin panel, select Plugins > Add New, and search for plugins like Site Health, WP-ServerInfo, or Query Monitor.
• Use “Site Health”
  WordPress includes a Site Health tool under Tools > Site Health. Here, you can view server environment details such as PHP version, memory limit, and maximum execution time.
• View additional details
  For more specific information, you can install WP-ServerInfo. This plugin shows data about the server, such as MySQL version, CPU usage, RAM, and more.

The post In the WordPress administration panel, how can I see the server’s performance? appeared first on CNERIS.

1. Locate the session_start() code
   Search your theme or active plugins for the session_start() function. It may be in the theme’s functions.php file or in a custom plugin.
2. Add session_write_close() after session_start()
   Ensure session_write_close() is called after each session_start() call, before making any HTTP requests. This will close the session and allow the REST API to work correctly. For example:
   session_start();
// Your code here
session_write_close();

3. Use the init hook in WordPress
   If session_start() needs to be in functions.php, make sure to wrap it in the init hook and use session_write_close() like this:
   add_action('init', function() {
if (!session_id()) {
session_start();
session_write_close();
}
});

The post A PHP session was created by a session_start() function call. This interferes with REST API and loopback requests. The session should be closed by session_write_close() before making any HTTP requests. appeared first on CNERIS.

Code to Assign Default Featured Image by Category

1. Open your theme’s functions.php file (preferably a child theme to avoid losing changes with updates).
2. Add the following code, replacing the URLs with your default images for each category:

function set_default_thumbnail($post_id) {
if (has_post_thumbnail($post_id)) {
return;
}

// Define default images for each category
$default_images = [
‘category-1’ => ‘https://your-site.com/wp-content/uploads/category-image1.jpg’,
‘category-2’ => ‘https://your-site.com/wp-content/uploads/category-image2.jpg’,
‘category-3’ => ‘https://your-site.com/wp-content/uploads/category-image3.jpg’,
];

// Get post categories
$categories = get_the_category($post_id);

// Check if categories are assigned and find a matching default image
foreach ($categories as $category) {
if (array_key_exists($category->slug, $default_images)) {
$image_url = $default_images[$category->slug];

// Download image and set as featured image
$image_id = attach_image_from_url($image_url, $post_id);
if ($image_id) {
set_post_thumbnail($post_id, $image_id);
}
break;
}
}
}
add_action(‘save_post’, ‘set_default_thumbnail’);

// Function to download and attach the image to the post
function attach_image_from_url($image_url, $post_id) {
$upload_dir = wp_upload_dir();
$image_data = file_get_contents($image_url);
$filename = basename($image_url);

if (wp_mkdir_p($upload_dir[‘path’])) {
$file = $upload_dir[‘path’] . ‘/’ . $filename;
} else {
$file = $upload_dir[‘basedir’] . ‘/’ . $filename;
}

file_put_contents($file, $image_data);

$wp_filetype = wp_check_filetype($filename, null);
$attachment = [
‘post_mime_type’ => $wp_filetype[‘type’],
‘post_title’ => sanitize_file_name($filename),
‘post_content’ => ”,
‘post_status’ => ‘inherit’
];

$attach_id = wp_insert_attachment($attachment, $file, $post_id);
require_once(ABSPATH . ‘wp-admin/includes/image.php’);
$attach_data = wp_generate_attachment_metadata($attach_id, $file);
wp_update_attachment_metadata($attach_id, $attach_data);

return $attach_id;
}

Code Explanation

• $default_images: Defines default images for each category using the category slug as the key and the image URL as the value.
• set_default_thumbnail: This function runs when a post is saved. If the post has no featured image, it finds the first category with a default image in $default_images and sets it as the featured image.
• attach_image_from_url: This function downloads the image from the URL and attaches it to the post as a media file, making it the featured image.

This code will automatically assign a default featured image for new or edited posts based on their category.

Note: Make sure to test this code in a development environment before implementing it on your live site, and replace the example URLs with your actual default image URLs.

The post How you can set a default featured image for each post category appeared first on CNERIS.

• Install an Advanced Form Plugin
  Use a plugin like WPForms or Gravity Forms. These plugins let you create advanced forms that gather user data.
• Create a Code to Generate a Custom Image
  In your theme’s functions.php file (preferably in a child theme), add a PHP code to generate an image based on form data:
  function generate_custom_image($data) {
$image = imagecreatetruecolor(400, 200);
$bg_color = imagecolorallocate($image, 255, 255, 255);
$text_color = imagecolorallocate($image, 0, 0, 0);
imagefill($image, 0, 0, $bg_color);
imagestring($image, 5, 10, 10, "Name: " . $data['name'], $text_color);
imagestring($image, 5, 10, 50, "Message: " . $data['message'], $text_color);
$file_path = '/path/to/save/image.jpg';
imagejpeg($image, $file_path);
imagedestroy($image);
return $file_path;
}


  Here, $data represents form data (e.g., $data['name'] for the user’s name).

• Set Up the Autoresponder to Attach the Image
  In WPForms or Gravity Forms, configure notifications to send an email to the user. Use the generate_custom_image function to create the file and attach it to the email.
• Testing and Adjustments
  Make sure to test the form to confirm the JPG is generated and sent correctly.

The post How can you create an autoresponder in WordPress that returns a jpg to the user whose content is generated from a form? appeared first on CNERIS.

The post How to create an autoresponder in WordPress that sends a PDF generated with the form data appeared first on CNERIS.