Skip to content

111 Recipes

How to disable manual uploading of WordPress themes and plugins in Apache 2.4

Published ·UPD ·In Recipes

Disabling manual uploading of themes plugins can be used as an extra layer of security in WordPress. The implementation in Apache 2.4 is simple:

<LocationMatch "^/wp-admin/update.php">
  <If "%{QUERY_STRING} =~ /.*action=upload-(plugin|theme).*/">
    Require all denied
  </If>
</LocationMatch>

Exceptions for trusted IP addresses can be made by adding extra requirements to the block:

<LocationMatch "^/wp-admin/update.php">
  <If "%{QUERY_STRING} =~ /.*action=upload-(plugin|theme).*/">
    Require all denied
    Require ip 192.0.2.1
    Require ip 192.0.2.2
  </If>
</LocationMatch>

Documentation: Apache HTTP Server version 2.4 – Documentation – Access Control

Changelog

  • 2020-10-23. Added link to the official documentation for the Require directive.

PHP versions in Linux distributions

Published ·UPD ·In Documentation

PHP versions in Linux distributions commonly used in web servers:

OS Release date PHP version
Ubuntu 20.04 2020-04-23 7.4.3
CentOS 8 2019-09-24 7.2.11
Debian 10 (Buster) 2019-07-06 7.3.4
Ubuntu 18.04 2018-04-26 7.2.3
Debian 9 (Stretch) 2017-06-18 7.0.19
Ubuntu 16.04 2016-04-21 7.0.4
Debian 8 (Jessie) 2015-04-26 5.6.7
CentOS 7 2014-07-07 5.4.16
Ubuntu 14.04 2014-04-17 5.5.9
CentOS 6 2011-07-10 5.3.3

Unsupported CSS selectors in a group invalidate the whole group

Published ·UPD ·In Recipes

According to the CSS Selectors specification, a group of selectors is invalid if any of the individual selectors it contains is invalid. Then the whole CSS rule with the invalid selector becomes invalid and is not applied at all.

Example case

This is a CSS rule with one declaration and a group of two selectors:

li:hover ul,
li:focus-within ul {
    background-color: yellow;
}

In browsers that don’t recognize both selectors, the whole group of selectors and, as a result, the whole rule become invalid.

For instance, Internet Explorer 11 and—as of 26 January 2020—Microsoft Edge do not understand :focus-within. So, they invalidate the whole group and, as a result, li:hover ul has no effect either, even though it is a selector perfectly understood by both browsers.

A solution

A solution is to avoid grouping and just make a separate rule for the unsupported selector. In this solution, the above example becomes:

li:hover ul {
    background-color: yellow;
}

li:focus-within ul {
    background-color: yellow;
}

Now browsers that don’t support :focus-within will not apply the style for li:focus-within ul, but at least they will apply the style for the universally supported li:hover ul.

Documentation and references

WordPress default roles and capabilities

Published ·UPD ·In Documentation

Table is current as of 8 August 2020, WordPress 5.5. See populate_roles().

Capability Administrator Editor Author Contributor Subscriber
read + + + + +
delete_posts + + + +
edit_posts + + + +
delete_published_posts + + +
edit_published_posts + + +
publish_posts + + +
upload_files + + +
delete_others_pages + +
delete_others_posts + +
delete_pages + +
delete_private_pages + +
delete_private_posts + +
delete_published_pages + +
edit_others_pages + +
edit_others_posts + +
edit_pages + +
edit_private_pages + +
edit_private_posts + +
edit_published_pages + +
manage_categories + +
manage_links + +
moderate_comments + +
publish_pages + +
read_private_pages + +
read_private_posts + +
unfiltered_html + +
activate_plugins +
create_users +
delete_plugins +
delete_themes +
delete_users +
edit_dashboard +
edit_files +
edit_plugins +
edit_theme_options +
edit_themes +
edit_users +
export +
import +
install_plugins +
install_themes +
list_users +
manage_options +
promote_users +
remove_users +
switch_themes +
unfiltered_upload +
update_core +
update_plugins +
update_themes +

How to search and replace in nano

Published ·In Recipes
  1. Press Ctrl+\
  2. Enter the search string and press Return
  3. Enter the replacement string and press Return
  4. Press A to replace all instances