Disable all WordPress update notice

Posted on by
Reply

Once again from the the WP developer holy bible …  ;-)

Disable Plugin and Theme update notice

IMHO, I think this is the right way

This will block users being able to use the plugin and theme installation/update functionality from the WordPress admin area. Setting this constant also disables the Plugin and Theme editor (i.e. you don’t need to set DISALLOW_FILE_MODS and DISALLOW_FILE_EDIT, as on it’s own DISALLOW_FILE_MODS will have the same effect).
 
define('DISALLOW_FILE_MODS',true);

 

Disable Core update notice

It’s true that to keep it secure, it would better to update the core as soon as a new stable release or sub-release is out; but it’s true that some clients (i call them ‘smanettoni’) keep all days trying to broke things so in that cases I prefer to lock down the site to prevent accidental and unwanted issues.

There are thousands of pages if you google the subject but what i prefer (as a developer) is the solution based on WP filters and not on plugins taken from wpmu.org ; ok so.. here it is:

Simply add this to your functions.php file and click save and the notices will disappear.
 
add_filter( 'pre_site_transient_update_core', create_function( '$a', "return null;" ) );

Thats the way i like it..  ah ah

And what about you ???

Overriding Aruba default file permissions

Posted on by
Reply

Ever had a bad 500 Error while updating wordpress or plugins ???

I’had lot’s of time ;-( and always the cause was a file permission issue due to the fact that i’m hosting my site with Aruba linux server.. .

But no more headscratch from today !!! :-)))
Reading deeper the documentation i’ve found an other great tip to share with you all..
So, open up your ears:

It’s possible to override default file permission by defining some constants in wp-config.php !!!

Once again what follow is taken from the codex …

The FS_CHMOD_DIR and FS_CHMOD_FILE define statements allow override of default file permissions. These two variables were developed in response to the problem of the core update function failing with hosts (e.g. some Italian hosts) running under suexec. If a host uses restrictive file permissions (e.g. 400) for all user files, and refuses to access files which have group or world permissions set, these definitions could solve the problem. Note that the ’0755′ is an octal value. Octal values must be prefixed with a 0 and are not delineated with single quotes (‘). See Also: Changing File Permissions

define('FS_CHMOD_DIR', (0755 & ~ umask()));
define('FS_CHMOD_FILE', (0755 & ~ umask()));

And there is a lot more in wp-config.php documentation ..
Once again.. go read the entire article on the codex
;-)

Post-scriptum:
I’ve marked in red the evidence that we italians always make ourself recognized

Disable WordPress File Editing

Posted on by
Reply

It’s very important to turn off default wordpress file editing feature !
What follow is taken from the codex

The WordPress Dashboard by default allows administrators to edit PHP files, such as plugin and theme files. This is often the first tool an attacker will use if able to login, since it allows code execution. WordPress has a constant to disable editing from Dashboard. Placing this line in wp-config.php is equivalent to removing the ‘edit_themes’, ‘edit_plugins’ and ‘edit_files’ capabilities of all users:

define('DISALLOW_FILE_EDIT', true);

This will not prevent an attacker from uploading malicious files to your site, but might stop some attacks.

And there is a lot more in wp-config.php documentation ..
Go read the entire article on the codex
;-)