I want to write a plugin to return HTTP 404 when user request license.txt, what is the correct action to hook (both efficient and effective way to block)?
Update:
Because I don't have control to the web server, I must do this as a plugin
Solution is actually pretty straightforward.
You need to create plugin which writes to .htaccess.
In the /wp-content/plugins create licence_redirect folder.
In that folder create licence_redirect.php file.
Paste code below to this licence_redirect.php php file:
<?php
/*
Plugin Name: Licence redirect
Description: Redirects license.txt. to 404
Author: J. Wrong
Version: 0.1
*/
?>
<?php
function lr_flush_rewrites() {
global $wp_rewrite;
$wp_rewrite->flush_rules();
}
function lr_add_rewrites() {
global $wp_rewrite;
$lr_wp_rules = array(
'license\.txt$' => '[R=404,L]',
);
$wp_rewrite->non_wp_rules = $lr_wp_rules + $wp_rewrite->non_wp_rules;
}
register_activation_hook( __FILE__, 'lr_flush_rewrites' );
add_action('generate_rewrite_rules', 'lr_add_rewrites');
Install and activate plugin.
In admin panel go to Setting -> Permalinks
Press save changes
From now on your license.txt requests will be redirected to 404.
If you can't create folders on server then you'll need to zip the plugin's folder and upload it using WP admin.
Cheers... counting bounty now :P
You can't. With a standard WordPress .htaccess, requests to static files are not passed to PHP at all, so there is no way to hook them.
There is a plug-in that will do this for you. Just set the file you want to redirect and its target. It even keeps a log
http://wordpress.org/extend/plugins/redirection/
Related
I need to add some of my own php files to an existing Wordpress site (from Bitnami) so it can be accessed from a 3rd-party service. I don't need to access anything from Wordpress in my code, but I need my code to be accessible from a url for 3rd-party services.
Like this:
https://myWordPressSite.com. <- normal WP site
https://myWordPressSite.com/myCustomDirectory/generateSerial.php <- my code
https://myWordPressSite.com/myCustomDirectory/doSomething1.php <- my code
https://myWordPressSite.com/myCustomDirectory/doSomething2.php <- my code
How can I add my directory of code to the Wordpress file structure, and how to access it from a URL?
You can add a $_GET OR $_POST to wp in the plug side
if you want I would add a code to help with not getting hack
Your url https://myWordPressSite.com?name=yes
function getdata(){
if(($_GET['name'] == "yes") || ($_POST['name'] == "Run")){
}
}
This is one way
Good Luck
Karl K
Create a folder in your theme's root folder called myCustomDirectory and place your php file inside that.
then add to your functions.php the following:
This will handle the Rewrite Rules:
add_action('init', 'custom_add_rewrite_rule');
function custom_add_rewrite_rule() {
add_rewrite_rule('^myCustomDirectory/generateSerial.php', 'index.php?generateSerial=true', 'top');
}
This will handle the Wordpress Query Vars:
function add_query_vars_filter( $vars ){
$vars[] = 'generateSerial';
return $vars;
}
add_filter( 'query_vars', 'add_query_vars_filter' );
This will tell wordpress to pull the correct file:
function load_custom_template($template){
if(get_query_var('generateSerial') ){
$template = get_template_directory() ."/myCustomDirectory/generateSerial.php";
}
return $template;
}
add_filter('template_include', 'load_custom_template');
make sure to flush your rewrite rules when you are done by going to: Settings > Permalinks and clicking 'save changes'
It turns out it was much simpler than I thought, or any of the other answers presented here.
The answer is to just add a directory of my own code inside the Wordpress home folder.
In the case of a AWS/Lightsail/Bitnami/Wordpress package, the home directory is:
/opt/bitnami/wordpress
So I created a directory and put my code in it..
/opt/bitnami/wordpress/myDirectory
/opt/bitnami/wordpress/myDirectory/generateSerial.php
/opt/bitnami/wordpress/myDirectory/doSomething.php
And it was then accessible from a url like:
https://myWordPressSite
https://myWordPressSite/generateSerial.php //etc
One small catch is that some Wordpress packages and some other Bitnami packages are laid out a bit different, so check on your specific installation.
I'm developing a wordpress plugin and was wondering how I can make it so only my plugn can access its own files. basically looking for something similar to this:
defined('ABSPATH') or die();
I think I saw something like this in someone elses plugin once:
defined('PLUGINNAME') or die();
I didn't understand how it worked, but was wondering if there is anything similar that will only allow my plugin to "require_once(plugin_dir_path(__ FILE __).'secondpluginfile.php');" its own files. (spaces between __ and FILE because otherwise stackoverflow tries to make it bold instead) Not sure if this restriction is built into wordpress(probobly not because some plugins have add-ons), or if I have to add something to make this happen. do I just put the pluginname or something in the "defined()" function, or do I need to set something up first?
So basically, if your plugin was a single php file, all the functions and logic included in the file would be accessible to the rest of the application once the plugin was installed and activated.
Most plugins are not designed that way, however. The plugin filename that acts as the entry point to your plugin usually loads the rest of the files in your plugin directory either by simply including them or calling classes and functions based on events occurring on the site via hooks.
So, if you want only your plugin to be able to access its own files you could do a few things.
First of all, add defined('ABSPATH') or die(); at the top of the main plugin file. As user Ifty wrote, "ABSPATH is a constant defined in wp-config.php line 86. When wordpress will try to execute your plugin, the ABSPATH constant will be defined. But if someone else try to execute your plugins file directly, ABSPATH will not be defined and in that case your script will not get executed."
So that protects your file from being accessed directly outside the context of Wordpress.
To protect your plugin's files from the rest of the site itself, simple wrap any include or require_once statement or code in your main plugin file in a function or class which is only called based on conditions you set. For example
<?php
/*
Plugin Name: Example plugin
Plugin URI: http://stackoverflow.com/
Version: 1.0
*/
defined('ABSPATH') or die();
add_action('your-custom-action', 'protector_function');
function protector_function(){
if ( current_user_can('manage_options') ) { //checks if user is admin you can use whichever conditions you want here
require_once plugin_dir_path( __FILE__ ) . 'filename-with-plugin-code.php';
// any other plugin code here
}
}
You can define your own action and call it using do_action() (reference) so that you can ensure your plugin code is only called where you have specified throughout the application.
Wordpress plugins exist to extend the functionality of Wordpress so if you do not want your code to be accessed from Wordpress in any way at all, I am not sure a plugin is the correct solution.
Hope this helps!
You can put
defined('ABSPATH') or die();
at the beginning of your plugins code. Actually what it does is check if ABSPATH is defined or not. If it's not defined then it will execute die() and stop executing your plugin file.
ABSPATH is a constant defined in wp-config.php line 86. When wordpress will try to execute your plugin, the ABSPATHconstant will be defined. But if someone else try to execute your plugins file directly, ABSPATHwill not be defined and in that case your script will not get executed.
Another way of accomplishing the same result is to check for add_action function.
if ( !function_exists( 'add_action' ) ) {
echo 'Hi there! I\'m just a plugin, not much I can do when called directly.';
exit;
}
Code Reference: Akismet Plugin. You can take a look at their source code. As far as I know this plugin comes with wordpress package.
Hello Everyone and thank you for your help!
I have an external (outside wordpress in root directory) php file that I would like to use the custom_rewrite_rule function to make the url pretty as well as pass on information for variables that will look up an API record from that URL. You might ask why I haven't done it the regular way and made it a page template inside wordpress, and that is because I am using a custom JQuery slideshow that seems to have trouble running inside a wordpress environment.
So what I have in my child themes functions.php is:
function custom_rewrite_rule() {
add_rewrite_rule('^yacht-details/([^/]*)/([^/]*)/?','yacht-details.php?info=$matches[1]&boatid=$matches[2]','top');}
add_action('init', 'custom_rewrite_rule', 10, 0);
and in the php file am using the standard $_GET to acquire the information.
$info = $_GET["info"];
$boatid = $_GET["boatid"];
My actual problem is what I am actually getting is literally $matches[1] and $matches[2] instead of the variables.
What am I doing wrong? Does this need to be done with .htaccess instead of functions.php? The problem I run in to going that route is wordpress does not seem to like more than one subfolder.
Thank you again.
I am developing my own theme for private use and i have a lot of scripts working with urls with extra parameters.
I'm finding my self adding a lot of empty pages to my site just to be able to connect some php file to specific url so i will be able to send parameters to that specific address.
Is there a better way i can have urls that can be associated with specific php files without adding pages or other things to the site. just like work out of the box when installing my theme?
You should try like this code:
//page url: http://www.example/myurl
add_action( 'init', 'my_rewrite' );
function my_rewrite() {
global $wp_rewrite;
//wp-content/plugins/myplugin/myurl.php
add_rewrite_rule('myurl/$', WP_PLUGIN_URL . '/myplugin/myurl.php', 'top');
$wp_rewrite->flush_rules(true);
}
More info:
https://developer.wordpress.org/reference/classes/wp_rewrite/
https://codex.wordpress.org/Class_Reference/WP_Rewrite
I've made a Wordpress plugin that requires a site visitor to browse to a .php file in a subfolder in the plugin.
However, I've noticed that if the visitor is not logged in, the PHP script redirects to a 404 page.
I need to stop this redirection, and allow the script to be executed.
How would I do this?
WordPress doesn't block PHP files with a 404 page by default. It could be your host, htaccess, or a variety of other issues.
Either way, you don't want to call the PHP file directly if this is a WordPress plugin. If you did call it directly, you would not have access to WordPress (for example, you cannot use get_option or bloginfo()).
Rather, you should include it using PHP's include function from within your plugin. See plugin_dir_path for information about getting your plugin's working directory.
You can hook a page to call your function pretty easily. For example:
function call_my_php_script() {
if ( isset($_GET['myscript']) && $_GET['myscript'] == 'run' ) {
include( plugin_dir_path( __FILE__ ) . 'scripts/my-script.php' );
exit;
}
}
add_action('init', 'call_my_php_script');
And then access your script via: http://example.org/?myscript=run
You may want to store your plugin directory in a global/constant variable, as the plugin_dir_path function only works for the original plugin file.