Chad Butler

PSA: Fake CVE-2023-45124 Phishing Scam Tricks Users Into Installing Backdoor Plugin

Chad Butler · Dec 1, 2023 ·

This article is provided free. Find out how you can get full access to premium content, including how-to articles and support forums, as well as priority email support and member exclusive plugin extensions..

There is currently a phishing scam targeting WordPress users. It involves an email indicating that you have a vulnerability on your WordPress site and leads you to download a patch plugin for the vulnerability. The plugin, however, installs a backdoor exploit that hackers can use to gain access to your site.

Continue Reading →

Display an icon with email link in the User List

Chad Butler · Oct 24, 2023 ·

I chose the basic email icon that is in the WP dashicons, but there are a couple of dashicon alternatives. And certainly, you could modify this code snippet to use any type of image/icon, such as font awesome. I used the WP dashicons because they are already loaded.

Adding the icon itself (without the link) is nothing more than adding the following span tag to the user profile:

<span class="dashicons dashicons-email"></span>

Adding to the user list view can be done with the wpmem_ul_user_rows filter. There is a verbose example below.

add_filter( 'wpmem_ul_user_rows', function( $rows, $list_id ) {
    
    // User ID is a field in the $rows array, get it as $user_id.
    $user_id = $rows['ID'];
    
    // User email will be in the $rows array by its meta key (see WP-Members Fields tab).
    // HOWEVER, it will have a div wrapper, so we'll strip that out first. (I put them
    // in variables to reuse later when we rewrap the field before returnning).
    $user_email = $rows['user_email'];
    $wrapper_start = '<div class="user_email">';
    $wrapper_end = '</div>';
    $raw_email = str_replace( array( $wrapper_start, $wrapper_end ), array( '', '' ), $user_email );
    
    // Get the dashicon.
    $icon = '<span class="dashicons dashicons-email"></span>';
    
    // Linked icon with the email text.
    $email_w_icon = '<a href="mailto:' . $raw_email . '">' . $icon . '</a> ' . $raw_email;
    
    // Put the div tag back.
    $rows['user_email'] = $wrapper_start . $email_w_icon . $wrapper_end;

    // Return the filtered result.
    return $rows;
    
}, 10, 2 );

WP-Members Advanced Options 2.2.5 Update

Chad Butler · Oct 23, 2023 ·

Version 2.2.5 of the WP-Members Advanced Options has been released. This package includes a couple of key updates:

First, this package addresses a couple of nagging issues with the duplicate emails functionality that allows users to register using an email that is already registered in WP. The functionality had been addressed in previous updates, but there were some isolated instances where this was still a problem.

In researching the users with ongoing issues, it turns out to be a problem when the core plugin has the confirmation link setting enabled. This changes when and how the plugin actions are fired.

That problem is addressed and fixed in this update.

The other updates include a general review and improvement of code as well as the removal of some deprecated functions in WP-Members (such as wpmem_inc_regmessage()), so this update requires that you be running WP-Members 3.4 or higher.

WP-Members Download Protect 1.9.7

Chad Butler · Oct 9, 2023 ·

An update to the WP-Members Download Protect extension was released today. This update includes a bug fix for the search table, a bug fix and improvement to the exclusions in the settings array, and some code cleanup and syntax improvements.

WP-Members User Tracking 1.4.5

Chad Butler · Sep 8, 2023 ·

The User Tracking extension has received an update and this was pushed out to production this morning. The new version is 1.4.5 and it includes a number of updates.

Fixes a bug that causes an invalid page link when clicking a individual user. Previous versions were pointing to users.php. This version corrects it to index.php. All previous versions have this bug and should update.
Updates to load default settings if no settings are loaded. This is particularly for initial activation and setup in production systems where debugging is enabled. If no previous settings were saved, it would display undefined variable notices. This is more of an annoyance than a bug, but never-the-less, it is corrected in this update.
Updates to replace wpmem_create_formfield() with wpmem_form_field(). The former is an older, obsolete function in WP-Members core. That function will be completely obsolete in future versions of WP-Members starting with 3.5.0, which is due out this month. You’ll need to update User Tracking to 1.4.5 to be compatible with WP-Members 3.5.0 going forward. (It will remain compatible with earlier versions of WP-Members).