Home of WP-Members, The Original WordPress Membership Plugin
Chad Butler · ·
Recently, a question came up about adding an additional field to the change password form for the user to confirm their current password as a requirement of changing the password.
Adding the extra field is very easy with a filter. The trickier part is to handle validating the new form input and providing an error message. But this example will show you a reasonable approach to doing that. Continue Reading →
Chad Butler · ·
We’ve discussed building a honey pot for the registration form to prevent spam signups by bots. But what about the login form? With WordPress being so much more ubiquitous across the Internet today, there are many more attempts to hack and exploit it. Many of these attempts are automated by bots.
Whether the login attempt comes from a bot or a human, the most common attempt for an exploit is to use the username “admin”. WordPress used to install the default admin account with the username “admin”. Fortunately, it no longer does this so you don’t have to delete the account to create a more secure admin account. But unfortunately, a great many people still create admin accounts with “admin” as the username.
An ounce of prevention is worth a pound of cure, so your best initial defense is to not have obvious usernames for administrative users. But a good second line of defense is to create a honey pot for the login form.
Continue Reading →Chad Butler · ·
This is an extension of the ideas presented in the tutorial Restrict Post or Page Access to a Specific User with the twist that this version makes some minor changes to incorporate an HTML multi-select for selecting multiple users for access to a post.
Continue Reading →Chad Butler · ·
Users who configure to block custom post types will notice that you don’t get the meta box that WP-Members shows for blocking (or unblocking) posts and pages. While you can still use custom fields directly for custom post blocking/unblocking at the individual post level, it’s nice to have the meta box. So I’ve put together a code snippet for you to use to implement this on your custom post type editors.
Chad Butler · ·
Note: As of WP-Members 3.0, you can add custom post types to the plugin’s main blocking options. See the options documentation section on Custom Post Types.
This is a new method of blocking custom post types. There are two main differences over the method described here and the original method.
First, this method is a little more scalable. If you have multiple custom post types and want to set a blocking value for each, you only need to add to the settings array. Second, this method allows you to override the blocking value on an individual custom post type post than you have set for the custom post type as a group. This operates the same as regular posts and pages. It also takes advantage of the new extra settings that WP-Members version 3.0 offers.
(If you want to add a meta box for blocking/unblocking individual custom post type posts, there is an additional code snippet you can add here.) Continue Reading →
Ready to get started?