WordPress Hide Author page from Unauthenticated users

I wanted to hide author pages from authenticated users on a WordPress site for a couple of reasons:

  • Security – By going to http://wordpresssite.com/?author=1 you can usually get the WordPress admin username (even if its changed) which opens an attack vector
  • Privacy – The user profiles displayed additional user information that would be better kept private

The following code snippit stops the author request from resolving the username, and immediately displays an error.

function hide_author_request($request)
{
    //Disable the redirect
    if (isset($request['author']) && !is_user_logged_in()) {
        unset($request['author']);
 
        //Immediately display the 404, and exit
        status_header(404);
        nocache_headers();
        include( get_404_template() );
        exit;
    }
 
    return $request;
}
 
add_filter('request', 'hide_author_request');

No Comments

Show Gitlab Version

GitLab doesn’t display an obvious version number in the admin interface. To determine your current version (useful for upgrading), open a shell:

# Navigate to your gitlab installation folder
cd /home/git/gitlab
# Run the following to show information on your enviornment
sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production
 
#If the above command doesn't complete, determine the version with git:
git describe --tags

, , ,

No Comments

Getting started with zfc-user-doctrine-orm

zfc-user-doctrine-orm Is a Zend Framework 2 Module that enables Doctrine 2 support for the ZfcUser module.

Basic Setup

Installation via composer:

composer require "zf-commons/zfc-user-doctrine-orm:0.1.*"

An appropriate version of ZfcUser should be pulled in during installation.

Configuration Setup

  • Copy vendor/zf-commons/zfcuser.global.php.dist to config/autoload/zfcuser.global.php
  • Edit your application.config.php to include
    modules => array('ZfcBase',
            'ZfcUser',
            'ZfcUserDoctrineORM')

You don’t have to edit zfcuser.global.php – the default values will work fine, and zfc-user-doctrine-orm will inject itself such that you don’t even have to edit the zend_db_adapter (as I initially thought you would).

Custom User Entity

If you wish to use a custom user entity definition (too add additional fields, for example).

To do this, modify your zfcuser.gloabl.php to include the following configuration values:

'zfcuser' => array(
     'UserEntityClass' => '\UserEntityNamespace\UserEntityClass',
     'EnableDefaultEntities' => false
),

, , , ,

No Comments

Reset Zend Server password on OpenShift

If you are using the Zend Zerver Installation on the OpenShift cloud and happen to forget your password, you may find yourself wondering where gui_passwrd.sh is located.

When you ssh into your openshift gear, you find that the zend/bin folder does not include the gui_passwrd.sh script. This is because this folder stores the openshift scripts to install / maintain / remove the zend server itself. The Zend Server’s bin folder is located at zend/usr/local/zend/bin

#To Change your password, login to your openshift instance and enter the following command
zend/usr/local/zend/bin/gui_passwd.sh

Alternatively, use the new configuration utility, as gui_passwd.sh is deprecated:

zend/usr/local/zend/bin/zs-setup set-password <password>

, , , ,

No Comments

Hack WordPress Version Number

Recently when developing a plugin that examines available updates for WordPress, I needed to test situations where the WordPress Core is out of date.

Rather than going and installing an old version of WordPress, its much easier to simply modify the internal version number to an older version.

Head over to wp-includes/version.php and modify the $wp_version variable.

, , ,

No Comments