WP-Admin “Open Sesame” or yet another magic way to protect your wp-admin from attacks

There are obviously a lot of ways to block our WordPress admin area login page from attackers, there are a lot of plugins for that.

But what if we want to build own logic – the secret key which changes itself daily, but we always know it, because we know its built logic.

For example what about if our secret key to wp-admin is today’s date + any custom string? Funny yeah? Or md5 encrypt of today’s date + any custom string – in this case nobody will recognize how this keys are generated.

Let’s write a little 2 functions which fulfill this solution.

In this sample our logic is ” secret key is current date + sesame” , so for example if today is 2016-10-10, our secret key would be 2016-10-10-sesame.
So yoursite.com/wp-admin?call=2016-10-10-sesame will work, yoursite.com/wp-admin will give 404 error.

not-found-page-wordpress

You can also build your own funny logic which changes keywords by the current date, last post name or any other dynamic data. Or to hide how your key is built you can use md5 encryption for that.

For that purpose just use $secretstring = md5(date(‘Y-m-d’) . ‘-sesame’) in the code above.

wordpress-login-screen

Create your own plugin for your custom scripts

Let’s create our own WordPress plugin with the fastest way – where we will use write our custom hack codes.

And i will give a link to this article in the next tutorials when we need to add new code from new article to be added to our website.

In WordPress Codex you can get how to create plugin, there are a lot of template strings which you should change. But actually we don’t need most of them,

To create your own simplest WordPress plugin you just need a single file and name in it.

create your own wordpress plugin

  1. Create new file in wp-content/plugins folder.
  2. Put the single line  /* Plugin Name: My Custom Plugin */ to it
  3. Go to wp-admin/plugins and activate the plugin “My Custom Plugin”.

That’s all with the creating.

But how will we use it for our own purposes?

Let’s add our first useful code and see how it works. In the future articles we will add more useful codes to this plugin.

Let’s add Google Analytics support to our WordPress website. For that we should add Google Analytics code to our website’s footer or header section. Let’s add to header section.

That’s all. With this simple code Google Analytics code will automatically be added to the all pages of our WordPress website.

Check if some plugin installed & active or not

If you want to check this inside the some hook, which runs after plugins_loaded hook, it is very simple. Just check some plugin specific constant or function exists or not.
For example, to check WooCommerce we will need to check any WOO constant is defined or not. Or it is enough to check if class WooCommerce exists or not.

Check if WP plugin installed & active?

But what if you want it to check it before the plugins loaded? In this case you will not be able to check some constant,function, class of the plugin is defined or not, because they are not loaded yet. So we will need some additional trick for that. We can check $wpdb->options table and get the list of active plugins, process it and get the results. Let’s see how it works.

Running AJAX sequence script in WP Admin custom settings page

If the data you are working with is too large for your server memory (for example you have millions of table rows which you should process and get some result.) you may need process it part by part- but with one single click. So we need some javascript-ajax code which should process this sequence itself and corresponding backend code for providing the needed data for each request.
Here is sample code for that:

In javascript part i have written sample js code which runs when you click to some button with “button” ID. It starts and sends its first request to the backend.
Backend gets the first requests and does some operation and returns done percentage. (in this sample there should be 10 steps, so each requests completes the next 10%).
Javascript receives “10” % message from the backend and sends the second requests.

When the last message comes from backend, javascript completes the sequence – part by part ajax process is now completed.

Hello, World!

Hi, it’s me, Elvin. I am WordPress Developer with >7 years experience and i would like to speak about WordPress.  I have already written hundreds posts about WordPress development in several websites, but now i’ve decided to create dedicated weblog for this.

In this blog i will share my custom solutions, approaches, hacks, tricks on WordPress Development.