everywhere - WPCode Library

NVL – Descrizione prodotto collassabile in pagina modifica prodotto

/** * Rende collassabile (di default collassato) il box “Descrizione prodotto” * nella schermata di modifica prodotto WooCommerce (editor classico). * * Il contenuto vero viene gestito via UX Builder, quindi l’editor della * descrizione è normalmente rumore: lo si…Continue reading

WWPP – Exclude products from Cart Subtotal Price Discounts if they have an individual price or belong to a specific category

/** * Recalculate the cart subtotal discount to exclude products that: * – belong to a specific product category e.g., ‘music’ , OR * – have an individual wholesale price set for the customer’s role. */ add_filter( ‘wwpp_cart_subtotal_based_discount’, ‘wwpp_recalculate_discount_for_eligible_items’ );…Continue reading

Disable comments

add_action(‘admin_init’, function () { // Redirect any user trying to access comments page global $pagenow; if ($pagenow === ‘edit-comments.php’) { wp_safe_redirect(admin_url()); exit; } // Remove comments metabox from dashboard remove_meta_box(‘dashboard_recent_comments’, ‘dashboard’, ‘normal’); // Disable support for comments and trackbacks in…Continue reading

Completely Disable Comments

add_action(‘admin_init’, function () { // Redirect any user trying to access comments page global $pagenow; if ($pagenow === ‘edit-comments.php’) { wp_safe_redirect(admin_url()); exit; } // Remove comments metabox from dashboard remove_meta_box(‘dashboard_recent_comments’, ‘dashboard’, ‘normal’); // Disable support for comments and trackbacks in…Continue reading

Security: Aufruf der Benutzer-URL über ID verhindern

if ( ! is_admin() && isset($_SERVER[‘REQUEST_URI’])){ if(preg_match(‘/(wp-comments-post)/’, $_SERVER[‘REQUEST_URI’]) === 0 && !empty($_REQUEST[‘author’]) ) { wp_die(‘Du hast keine Rechte diese Adresse aufzurufen’); } }Continue reading

Security: WordPress REST API schließen

function kb_disable_wp_rest_api($access) { // Überprüfung, ob der Benutzer im Admin-Bereich (Backend) ist if (is_user_logged_in() || is_admin()) { return $access; // Zugriff erlauben } // REST-API für nicht eingeloggte Benutzer deaktivieren return new WP_Error(‘rest_API_cannot_access’, __(‘REST API access is restricted.’), array(‘status’ =>…Continue reading

Security: Security Headers

add_action(‘send_headers’, function() { header(“X-Frame-Options: SAMEORIGIN”); header(“X-Content-Type-Options: nosniff”); header(“Strict-Transport-Security: max-age=31536000; includeSubDomains; preload”); header(“X-XSS-Protection: 1; mode=block”); header(“Referrer-Policy: strict-origin-when-cross-origin”); header(“Content-Security-Policy: upgrade-insecure-requests”); });Continue reading

Security: GraphQL Blocker

add_action(‘init’, function() { // Wenn der Nutzer eingeloggt ist, darf er zugreifen if (is_user_logged_in()) { return; } // Prüft, ob “graphql” in der aufgerufenen URL vorkommt if (isset($_SERVER[‘REQUEST_URI’]) && strpos(strtolower($_SERVER[‘REQUEST_URI’]), ‘graphql’) !== false) { status_header(403); header(‘Content-Type: application/json’); echo json_encode([‘error’ =>…Continue reading

Security: Version Disclosure

// 1. WordPress Generator-Tag entfernen remove_action(‘wp_head’, ‘wp_generator’); // 2. Elementor-Versionen im HTML-Code unkenntlich machen (Sicher für Schriften) add_action(‘wp_loaded’, function() { ob_start(function($buffer) { // Löscht das Meta-Generator-Tag von Elementor im Quelltext $buffer = preg_replace(‘/Continue reading

Add Checkbox Field To Donation Form (copy) (copy)

/** * Collect a checkbox field in the donation form. * * This snippet only works in Charitable 1.5 or above. * * Related examples: * * @see Register a text field (detailed example) – https://github.com/Charitable/library/blob/master/donation-form/register-new-donation-field-1.5.php * @see Register multiple…Continue reading