Blog

Restrict a post or a page to a specific user role – multiple select version

Chad Butler · Jan 7, 2015 ·

Similar to how we took the post/page restriction for specific users to a multiple select version, this post takes the restrict content by role idea and expands it to a multiple select version.

This is an extension of the ideas presented in the tutorial Restrict Content by Role with the twist that this version makes some minor changes to incorporate an HTML multi-select for selecting multiple roles for access to content.

The differences between these two code snippets is minimal, so I won’t actually repeat the concept in this post. But you should read the original version to get an understanding of what is being done and how it works. This post will just highlight what’s different. Continue Reading →

Log in with Email or Username

Chad Butler · Jan 6, 2015 ·

This article is provided free. Find out how you can get full access to premium content, including how-to articles and support forums, as well as priority email support and member exclusive plugin extensions..

Here is a simple method for allowing users to log in with either their username or their email address.

This process allows the user to log in using either their username or their email address. It’s not difficult to implement and leaves you with a clean process where you don’t have to worry about what to do when users change their email address.

Continue Reading →

Add current password confirmation to change password form

Chad Butler · Dec 30, 2014 ·

Recently, a question came up about adding an additional field to the change password form for the user to confirm their current password as a requirement of changing the password.

Adding the extra field is very easy with a filter. The trickier part is to handle validating the new form input and providing an error message. But this example will show you a reasonable approach to doing that. Continue Reading →

Login form honey pot

Chad Butler · Dec 28, 2014 ·

We’ve discussed building a honey pot for the registration form to prevent spam signups by bots. But what about the login form? With WordPress being so much more ubiquitous across the Internet today, there are many more attempts to hack and exploit it. Many of these attempts are automated by bots.

Whether the login attempt comes from a bot or a human, the most common attempt for an exploit is to use the username “admin”. WordPress used to install the default admin account with the username “admin”. Fortunately, it no longer does this so you don’t have to delete the account to create a more secure admin account. But unfortunately, a great many people still create admin accounts with “admin” as the username.

An ounce of prevention is worth a pound of cure, so your best initial defense is to not have obvious usernames for administrative users. But a good second line of defense is to create a honey pot for the login form.

Continue Reading →

Restrict Post or Page Access to Specific Users – Multiple Select Version

Chad Butler · Dec 23, 2014 ·

This is an extension of the ideas presented in the tutorial Restrict Post or Page Access to a Specific User with the twist that this version makes some minor changes to incorporate an HTML multi-select for selecting multiple users for access to a post.

Continue Reading →