Wordpress comments security - php

The comments section of the wordpress accepts anything that the user write without filtering the content of it for any malicious entry. I checked this by adding a javascript comment as a comment to my site. Please see the below two points regarding this issue.
1) I have setup my Wordpress site to show comments when the admin approves them. Therefore at the moment any user from the outside will not see any spam comments which I haven't been approved. However, these spam comments are appears when I login as an admin and view the site. Can I block unapproved comments on my posts when I login and view the site as an admin?
2) Are there any technical solutions for this issue? I am using "All-in-one-security&firewall" plugin and "Wordfence" plugin in my blog. It looks like these plugins are not protecting my site from commnts. Are there any free plugin that I can use to stop this thing happening again?

You can always mark comments as spam in the comments section of your wordpress backend.
Also, like some suggested, it's possible to install a plugin that takes care of comments right away, so they will be put in the spam section automatically. Here are two plugins that worked fine for me and are free to use, that you could try:
https://wordpress.org/plugins/invisible-captcha/
https://wordpress.org/plugins/antispam-bee/

Related

Allow users to edit a Single page on Wordpress

i manage my company website which runs WordPress. There are several chapters across the USA. I have pages setup for them so that people can view our chapters content. I was wondering, instead of them emailing me the changes they want. Is there a way where i can allow the users to only be able to edit a single page, without giving them access to the entire WordPress admin page/ website.
I would be willing to pay for a commercial plug if this option exists. Thanks for reading this.
There are Various Free / Paid Solution will be available for this based on your Model You can Choose any one of the following or there could be many other ways to get this done these are some of the way
You Can make them Editor and The Owner of the Chapter which they blong so in this way they will not have any rights to Edit other Chapters they will be only able to edit the Chapters which they own.To restrict other access in this case you can use plugin like User Role Editor and many other available at Wordpress repo.
You can also customize plugin like WP User Frontend to achieve the front end edit possible.
A Complete Custom Solution where use need not to login they simply submit the Changes which will be logged as article draft and you can later review and approve.
i think there will be much more way but it will be completely based on your applications nature so hope this helps to you.

How do I password protect WordPress user posts?

I'm developing a site that allows signed-in users to create blogs posts. There needs to be an option to make it either public or password protected. It's being designed to allow users to stay on the front end of the site, which is absolutely necessary. I'm currently using DJD Site Post, which gives other options for post visibility in the admin console. I'm open to any other plugin, even, as long as I can upload videos using that plugin. Any plugins, code snippets, or other items of interest I can use? Thanks!
Are you trying to create your own module for user submitted posts? If yes, then please consider using existing plugins for the same purpose. It will cut down your work to nothing.
Visit http://wordpress.org/plugins/front-end-publishing/
This plugin provides a new front-end publishing module for registered users, you can control if the post gets published immediately or not.

Joomla Administrator Plugins?

Is it possible to have Admin Plugins? Or are plugins only for the Site?
What I want is to have a notification system (not email) on the Admin side very much like Facebook. The trigger for such notifications is from the Site.
I've scanned through these events for Plugins and implemented a very simple content plugin (just testing onContentAfterTitle) for Site only.
Questions
Do these events also apply to the Admin side?
Is it possible to have an Admin Plugin that selects notifications from the database and displays them on screen?
Or if you guys can recommend an existing extension, that would be of great help. Thanks
The plugins are available for both side admin and site.
the difference is based on the events used inside the plugin.
for example onContentAfterSave event on the content plugin trigger when an article is saved.
its available in both side when an admin saves articles it trigger, also from site users post articles then also it will trigger.
Some events that are applied only on the site like
onContentPrepare,onContentAfterTitle, onContentBeforeDisplay,onContentAfterDisplay etc
so which event is choose based on that the plugin works!.
The notification plugins you are looking for is what does exactly ? then only we can suggest an event or plugin like its related to article, user or something else.
Hope its make sense..

Cannot post comments in wordpress

We have made a duplicate of one of our sites, this is the duplicate:
http://test.blog.aias.com.au/
Cannot get the comments to work for anonymous or admin users on the front end of the site. What I mean by that is that if I am admin I can only post comments via the administration interface (writing a comment in the comments section) but not on the fron-end of the website.
What is most bizzare is that the comments work fine on the original site but not on the duplicate site.
In the "Discussion" settings, "Users must be registered and logged in to comment" is tuned off but that still doesn't explain why even admin users cannot post comments via the "Add comment" link on the front-end of the website.
How can I get the Comments to work for the duplicate site?
Is there any back-end configurations files that need changing after doing the deployment to the duplicate website?
thanks,
Andrei
I suggest using this plugin once in the wp-admin, in tools you'll see "Search and Replace" type in the old url(original) and replace with the new url..click go and it will replace every single line in your database with the new value. I've done this with many wordpress sites moving from dev to production.

How can I let the vistors publish a post in wordpress?

How can I let the visitors publish a post without registration in wordpress ?
Any programming modifications suggestions ?
TDO Mini Forms will do what you what you want without too much programming, if any. Here's part of the description from the plugin page:
This plugin allows you to add highly customisable forms that work with your Wordpress Theme to your website that allows non-registered users and/or subscribers (also configurable) to submit and edit posts and pages. New posts are kept in "draft" until an admin can publish them (also configurable). Likewise edits can be kept be automatically kept as revisions until an admin approves them. It can optionally use Akismet to check if submissions and contributions are spam. TDO Mini Forms can be used to create "outside-the-box" uses for Wordpress, from Contact Managers, Ad Managers, Collaborate Image Sites, Submit Links, etc.
Correct me if I'm wrong, but I think the standard WordPress settings will allow you to open up the comments. Assuming you're using at least version 2.8, go to Dashboard > Settings > Discussion. Here you'll find the standard options, try this combo ('yes' and 'no' indicate if the boxes are checked):
Other comment settings:
no - Users must be registered and logged in to comment
Before a comment appears:
yes - An administrator must always approve the comment
no - Comment author must have a previously approved comment
Try this on for size ;-)
WordPress does have a 'post by email' feature:
WordPress can be configured to use
e-mail to post to a blog. To enable
this functionality, you need to:
Create a dedicated e-mail account to be used solely for posting
to your blog,
Configure WordPress to access that account, and
Configure WordPress to publish messages from the e-mail account
You can blog by e-mail using most
standard e-mail software programs or a
Weblog Client -- a program
specifically designed to send posts
via email.
Link to the documentation: http://codex.wordpress.org/Blog_by_Email
For this purpose, you can use the following plugins: gravity forms (one of the best, but not free) post from site and quick post widget.
TDO forms is a waste of time, in my opinion: it's very difficult to use and to learn.

Categories