How to disable XMLRPC in WordPress

Since WordPress 3.5 xmlrpc is enabled by default without the possibility to disable it from the admin dashboard.

Recently there was a post published in Sucuri’s Blog about Brute Force Amplification Attacks Against WordPress XMLRPC, recommending to turn off the XMLRPC in our WordPress installations.

You are able to turn off the XMLRPC via a filter hook

add_filter('xmlrpc_enabled', '__return_false');

But I would say the best way to do this is blocking the requests from the .htaccess file before the actual requests get to WordPress.
In order to let plugins that use xmlrpc ( if you have any installed ) continue to do so you may deny all access except the IP you need it to access.

# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
allow from ( hosting IP )
</Files>

How to use plugin_action_links and plugin_row_meta filters

In the list of installed plugins on the WordPress admin area you can find links under the plugin’s name at the left (Deactivate, Edit), and other links under the plugins description at the right next to other information like the version of the plugin (By The Author, View Details).

default_action_links

The links you see in the screenshot above these lines are the default ones displayed by WordPress, except the author’s link that is provided in the plugin main file where we enter all the details like Plugin Name, Description, Version, Author, Author URI…

Not long ago I published a very simple snippet to add action links under the plugin’s name, like a Settings or a FAQ link (or both). But with this snippet you can only add the links at the end of the already existing ones.

Maybe what you want is to display additional links and be able to choose if you want them at the beginning or at the end of the default ones. And you also may want to display additional links on the right hand side just under the plugin’s description.

There are two different filters available to do this, plugin_action_links to add links under the plugin’s name and plugin_row_meta to add links under the plugin’s description.

additional_action_links

So the following code we will see how to use plugin_action_links and plugin_row_meta filters. The functions my_add_action_links and my_plugin_row_meta basically would do the same thing, so I created a third function plugin_action_links that will be called by the two first ones, where you can pass as arguments an array of the links to display and the position of these links (before or after the default ones).

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
add_filter( 'plugin_action_links', 'my_add_action_links', 10, 5 );
add_filter( 'plugin_row_meta',     'my_plugin_row_meta', 10, 2 );
 
/**
 * my_add_action_links
 */
 
function my_add_action_links( $actions, $plugin_file ) {
 
 $action_links = array(
 
   'settigns' => array(
      'label' => __('Settings', 'my_domain'),
      'url'   => get_admin_url(null, 'options-general.php?page=my-plugin-options')
    ), 
 
   'faq' => array(
      'label' => __('FAQ', 'my_domain'),
      'url' => 'http://www.my-plugins-site.com/faq'
       )
   );
 
  return plugin_action_links( $actions, $plugin_file, $action_links, 'before');
}
 
/**
 * my_plugin_row_meta
 */
 
function my_plugin_row_meta( $actions, $plugin_file ) {
 
 $action_links = array(
 
   'donate' => array(
      'label' => __('Donate', 'my_domain'),
      'url'   => 'http://www.my-plugins-site.com/donate'
    ));
 
  return plugin_action_links( $actions, $plugin_file, $action_links, 'after');
}
 
/**
 * plugin_action_links
 */
 
function  plugin_action_links ( $actions, $plugin_file,  $action_links = array(), $position = 'after' ) { 
 
  static $plugin;
 
  if( !isset($plugin) ) {
      $plugin = plugin_basename( __FILE__ );
  }
 
  if( $plugin == $plugin_file && !empty( $action_links ) ) {
 
     foreach( $action_links as $key => $value ) {
 
        $link = array( $key => '<a href="' . $value['url'] . '">' . $value['label'] . '</a>' );
 
         if( $position == 'after' ) {
 
            $actions = array_merge( $actions, $link );    
 
         } else {
 
            $actions = array_merge( $link, $actions );
         }
 
 
      }//foreach
 
  }// if
 
  return $actions;
 
}

Feel free to ask anything in the comments of this post.

Add custom functionality to Contact Form 7

You can add custom functionality on Contact Form 7 plugin after different actions have taken place, for example when an email has been sent. Contact Form 7 triggers some JavaScript events that you can easily access, here you will find an example using JQuery.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
if( $('.wpcf7').length > 0 ) {
 
  $(document).on('spam.wpcf7', function () {
    console.log('submit.wpcf7 triggered!');
  });
 
  $(document).on('invalid.wpcf7', function () {
    console.log('invalid.wpcf7 triggered!');
  });
 
  $(document).on('mailsent.wpcf7', function () {
    console.log('mailsent.wpcf7 triggered!');
  });
 
  $(document).on('mailfailed.wpcf7', function () { 
    console.log('mailfailed.wpcf7 triggered!');
  });
}

Install Jetpack without connecting to WordPress.com

You can install Jetpack without connecting to WordPress.com by using development mode.

There are two ways to enable this, one is by adding this line to the wp-config.php file:

define( 'JETPACK_DEV_DEBUG', true);

Or you can use the filter:

add_filter( 'jetpack_development_mode', '__return_true' );

How to set a global var for all displayed post IDs like Genesis

The Genesis theme framework sets a global var $_genesis_displayed_ids which is an array with all the displayed post IDs.

I needed this kind of data for a WordPress installation without Genesis. We have the function the_post() but we also have the action hook the_post, which helped me to retrieve the data.
This is the snippet that makes use of this action hook to retrieve all the IDs in a global var.

1
2
3
4
5
6
7
8
add_action( 'the_post', 'set_displayed_items' );
 
public static function set_displayed_items( $post_object ) {
 
 global $_displayed_ids;
 $_displayed_ids[] = $post_object->ID;
 
}

Add multiple order options to the query

You can add multiple orderby columns to the WP_Query arguments, but WP_Query doesn’t support adding different order options (DESC,ASC) to each value of the orderby argument (or I can’t seem to find it).

In order to do this you will have to use the posts_orderby filter.

1
2
3
4
5
6
7
 
$args = array(......
	      'orderby'        => 'post_title comment_count', 
	      'order'          => 'ASC', 
	      .....
	       );
new WP_Query( $args );

This would generate in your query the following:

 
SELECT .... FROM ..... ORDER BY post_title ASC, comment_count ASC

But if what we want is

 
SELECT .... FROM ..... ORDER BY post_title ASC, comment_count DESC

we would use the post_orderby filter like this:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
 
function my_new_order_option($orderby) {
 
  global $wpdb;
  $order  = $wpdb->posts . '.post_title ASC, ';
  $order .= $wpdb->posts . '.comment_count DESC';
 
  return $order;
} 
 
add_filter( 'posts_orderby', 'my_new_order_option' ); 	
 
$query = new WP_Query( $args );
 
remove_filter( 'posts_orderby', 'my_new_order_option' );