Updates

[Roader]

 

Please, if you can, includes:

 

• Support for: <em>WPGlobus Multilingual Everything</em>, qTranslate X is very outdate, abandoned.

 

• Security Measure: A honeypot in comments, registration and login form. Or, a reCaptcha.

If you can, in Theme Options you can includes a new Tab named: Optimizations (yes my friend, nice and userfull for new customers and noobs).

Security:

* Htaccess recommendations

* Enable some functions php

Speed:

Recommends Wp Super Cache and  htaccess for Speed.

 

• Ajax Search more criteria => Members, Groups, Forums or whatever. The plugin Bp Global Search does not work with your Theme.  And for now, Ajax Search does not have sense if only works for search Posts from the Blog. :-/  Please, think about this.

• Copyright Widget Area by Default.

 

• <a href=”https://buddydev.com/buddypress/add-send-private-message-button-in-members-directory-on-a-buddypress-network/”>Send Private Message from Members Directory</a> (actually only has: View Profile and Add Friend).

• Private Message Privacy:

Code:

// Restrict Private Message to friends function pp_check_message_recipients( $message_info ) { // Site admins are not restricted if ( is_super_admin() ) return $message_info; $recipients = $message_info->recipients; $friend_ids = friends_get_friend_user_ids( bp_displayed_user_id() ); $nf = 0; foreach ( $recipients as $key => $recipient ) { if ( ! in_array( $recipient->user_id, $friend_ids ) ) $nf++; } // If any recipients are not friends, remove everyone from the recipient’s list if ( $nf > 0 ) unset( $message_info->recipients ); return $message_info; } add_action( ‘messages_message_before_save’, ‘pp_check_message_recipients’ );

 

But, this functions has not option. It says: Allow users to choice: everyone or friens_only from Message Settings. 

And this code needs to include: if ( is_super_admin() ) and Editor, Collaborator, Shop_Manager… you know.

• <a href=”https://archived.seventhqueen.com/forums/topic/scroll-down-user-notifications-or-whatever”><strong>Scroll Down User Notify</strong></a>.

 

 

————–

If you want:

 

• A Chat Messenger. Yes, there is one, nice for SweetDate, <a href=”https://codecanyon.net/item/wordpress-buddypress-users-chat-plugin/10776067″><strong>BpChat by Mircode</strong></a> but, is outdate!  And does not work very well with your Theme.

 

Or if you can and wants. Picture ..>

 

 

 

 

 

 

 

 

[Roader]

Code (correction):

COPY CODE

// Restrict Private Message to friends.
function pp_check_message_recipients( $message_info ) {

	//  site admins are not restricted
	if ( is_super_admin() )
		return $message_info;
	
	$recipients = $message_info->recipients;

	$friend_ids = friends_get_friend_user_ids( bp_displayed_user_id() ); 

	$nf = 0; 
		
	foreach ( $recipients as $key => $recipient ) {

		if ( ! in_array( $recipient->user_id, $friend_ids ) ) 
			$nf++;

	}

	// if any recipients are not friends, remove everyone from the recipient's list
	if (  $nf > 0 ) 
		unset( $message_info->recipients );

	return $message_info;
}
add_action( 'messages_message_before_save', 'pp_check_message_recipients' );

[Roader]

Example:

Theme Options / Optimizations (yes my friend, nice and userfull for new customers and noobs).

Security:

* Htaccess Basic Protection. Recommendations (open in a new Tab or Windows if you want, with Copy Code and Instructions). The problem with this is the Server of the customer. Apache or Nginx. I’m using Apache – HostGator–, so, my htaccess is:)

Recommended plugin: WordFence.

Note: Chance example for your own URL.

COPY CODE

# Protect your wp-config.php
<files wp-config.php>
order allow,deny
deny from all
</files>

# Protect your htaccess
<files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</files>

# Block file access 
<FilesMatch "^(error_log|wp-config-sample\.php|php\.ini|php5\.ini|license\.txt|readme\.html)">
order allow,deny
deny from all
</FilesMatch>

# Block xmlrpc.php if you don’t use that
<files xmlrpc.php>
order allow,deny
deny from all
</files>

# Protect wp-includes directory 
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
</IfModule>
 
# Disable Index views
Options -Indexes

# Disable server signature
ServerSignature Off

# Limit file uploads to 10 megabytes
LimitRequestBody 10485760

# Display custom error pages 
ErrorDocument 403 /403.shtml
ErrorDocument 404 /404.shtml
ErrorDocument 500 /500.shtml

# Forbid proxy comments
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^POST
RewriteCond %{HTTP:VIA} !^$ [OR]
RewriteCond %{HTTP:FORWARDED} !^$ [OR]
RewriteCond %{HTTP:USERAGENT_VIA} !^$ [OR]
RewriteCond %{HTTP:X_FORWARDED_FOR} !^$ [OR]
RewriteCond %{HTTP:X_FORWARDED_HOST} !^$ [OR]
RewriteCond %{HTTP:PROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:XPROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
RewriteCond %{HTTP:HTTP_CLIENT_IP} !^$
RewriteRule wp-comments-post\.php - [F]
</IfModule>

# Deny bad query strings
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{QUERY_STRING} ftp:     [NC,OR]
RewriteCond %{QUERY_STRING} http:    [NC,OR]
RewriteCond %{QUERY_STRING} https:   [NC,OR]
RewriteCond %{QUERY_STRING} mosConfig [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
RewriteCond %{QUERY_STRING} (\;|'|\"|%22).*(request|insert|union|declare|drop) [NC]
RewriteRule ^(.*)$ - [F,L]
</IfModule>

# Protects the Login page from SpamBots, HackerBots & Proxies
RewriteCond %{REQUEST_URI} ^(/wp-login\.php|.*wp-login\.php.*)$
RewriteCond %{REQUEST_URI} ^(/wp-login\.php|/wp-comments-post\.php)$
RewriteCond %{HTTP_USER_AGENT} ^$ [OR]
RewriteCond %{THE_REQUEST} HTTP/1\.0$ [OR]
RewriteCond %{SERVER_PROTOCOL} HTTP/1\.0$
RewriteRule ^(.*)$ - [F,L]

# Disable Trace and Track
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
</IfModule>

# Restrict direct access to plugin and theme PHP files
RewriteCond %{REQUEST_URI} !^/wp-content/plugins/file/to/exclude\.php
RewriteCond %{REQUEST_URI} !^/wp-content/plugins/directory/to/exclude/
RewriteRule wp-content/plugins/(.*\.php)$ - [R=404,L]
RewriteCond %{REQUEST_URI} !^/wp-content/themes/file/to/exclude\.php
RewriteCond %{REQUEST_URI} !^/wp-content/themes/directory/to/exclude/
RewriteRule wp-content/themes/(.*\.php)$ - [R=404,L]

# Block user ID phishing requests
<IfModule mod_rewrite.c="">
RewriteCond %{QUERY_STRING} ^author=([0-9]*)
RewriteRule .* http://example.com/? [L,R=302]
</IfModule>

# Protect Headers
Header set X-XSS-Protection "1; mode=block"
Header set X-Content-Type-Options nosniff
Header always append X-Frame-Options SAMEORIGIN
Header set X-Content-Security-Policy "allow 'self';"
Header always unset "X-Powered-By"
Header always edit Set-Cookie "(?i)^((?:(?!;\s?HttpOnly).)+)$" "$1; HttpOnly"

# Block Spambots
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} ^(.*)?wp-comments-post\.php(.*)$
RewriteCond %{HTTP_REFERER} !^http(s)?://example\.com [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule .* http://127.0.0.1 [L]
</IfModule>

# Prevent image hotLinks
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{REQUEST_FILENAME} -f
RewriteCond %{REQUEST_FILENAME} \.(gif|jpe?g?|png)$ [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://example\.com [NC]
RewriteRule \.(gif|jpe?g?|png)$ - [F,NC,L]
</IfModule>

# Block cross-site scripting (XSS)
<IfModule mod_rewrite.c>
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule .* index.php [F,L]
</IfModule>

BuddyPress Anti-Spam Registration.
1. Create a new Page in WordPress with this slug: /spam-prevention
2. Copy/Add this next custom .htaccess. Remember to change example with your Domain or URL

COPY CODE

# BuddyPress Anti-Spam Registration
RewriteCond %{REQUEST_URI} ^/register/$
RewriteCond %{HTTP_REFERER} !^.*example.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^(|-?)$ [NC,OR]
RewriteCond %{THE_REQUEST} HTTP/1\.0$
RewriteRule ^(.*)$ /spam-prevention [R=301,L]

—————————
Speed Boost:

COPY CODE

# Enable Gzip compression
<ifModule mod_gzip.c>
mod_gzip_on Yes
mod_gzip_dechunk Yes
mod_gzip_item_include file .(html?|txt|css|js|php|pl)$
mod_gzip_item_include handler ^cgi-script$
mod_gzip_item_include mime ^text/.*
mod_gzip_item_include mime ^application/x-javascript.*
mod_gzip_item_exclude mime ^image/.*
mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
</ifModule>

# Time cheat sheet in seconds
# A86400 = 1 day
# A172800 = 2 days
# A2419200 = 1 month
# A4838400 = 2 months
# A15778476 = 6 months
# A29030400 = 1 year

# Remove the ETag (entity tag) response header field
# This is most likely the optimum choice to use.
<IfModule mod_headers.c>
Header unset ETag
Header unset Cookie
Header unset Set-Cookie
</IfModule>
FileETag None

<IfModule mod_mime.c>
AddType application/javascript                      js
AddType audio/mp4                                   f4a f4b m4a
AddType audio/ogg                                   oga ogg opus
AddType image/bmp                                   bmp
AddType image/svg+xml                               svg svgz
AddType image/webp                                  webp
AddType video/mp4                                   f4v f4p m4v mp4
AddType video/ogg                                   ogv
AddType video/webm                                  webm
AddType video/x-flv                                 flv
AddType image/x-icon                                cur ico
AddType application/font-woff                       woff
AddType application/font-woff2                      woff2
AddType application/vnd.ms-fontobject               eot
AddType application/x-font-ttf                      ttc ttf
AddType font/opentype                               otf
</IfModule>

<IfModule mod_expires.c>
ExpiresActive on
ExpiresDefault A2419200

# Not cached
ExpiresByType text/html A0
ExpiresByType text/xml A0
ExpiresByType application/xml A0
ExpiresByType application/json A0
ExpiresByType application/ld+json A0
ExpiresByType application/vnd.geo+json A0

# Miscellaneous
ExpiresByType text/x-component A2419200
ExpiresByType application/x-shockwave-flash A2419200

# CSS and JavaScript
ExpiresByType text/css A2419200
ExpiresByType text/plain A2419200
ExpiresByType text/javascript A2419200
ExpiresByType text/x-javascript A2419200
ExpiresByType application/x-javascript A2419200
ExpiresByType application/javascript A2419200

# Media
#Favicon
ExpiresByType image/x-icon A15778476
# Others
ExpiresByType image/vnd.microsoft.icon A2419200
ExpiresByType image/jpg A15778476
ExpiresByType image/jpeg A15778476
ExpiresByType image/gif A15778476
ExpiresByType image/png A15778476
ExpiresByType image/bmp A15778476
ExpiresByType image/webp A15778476
ExpiresByType image/svg+xml A15778476
ExpiresByType video/mp4 A2419200
ExpiresByType video/ogg A2419200
ExpiresByType video/webm A2419200
ExpiresByType audio/ogg A2419200

# Web Fonts
ExpiresByType font/eot  A2419200
ExpiresByType font/opentype A2419200
ExpiresByType font/woff  A2419200
ExpiresByType application/font-woff2 A2419200
ExpiresByType application/x-font-woff A2419200
ExpiresByType application/x-font-ttf A2419200
ExpiresByType application/vnd.ms-fontobject A2419200
</IfModule>

<IfModule mod_headers.c>
<FilesMatch "\.(js|css|flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|gif|jpg|jpeg|png|swf|webm)$">
Header append Cache-Control "max-age=2592000, public"
</FilesMatch>

<FilesMatch "\.(txt|html)$">
Header append Cache-Control "proxy-revalidate"
</FilesMatch>
<FilesMatch "\.(php|cgi|pl|htm|xml)$">
Header set Cache-Control "private, no-cache, no-store, proxy-revalidate, no-transform"
Header set Pragma "no-cache"
</FilesMatch>
</IfModule>

<IfModule mod_deflate.c>
#Force compression for mangled headers
<IfModule mod_setenvif.c>
<IfModule mod_headers.c>
SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
</IfModule>

<IfModule mod_filter.c>
AddOutputFilterByType DEFLATE text/plain text/html text/xml text/css text/javascript
AddOutputFilterByType DEFLATE application/javascript application/x-javascript
AddOutputFilterByType DEFLATE application/x-httpd-php application/x-httpd-fastphp
AddOutputFilterByType DEFLATE application/xml application/xhtml+xml application/xml-dtd
AddOutputFilterByType DEFLATE application/rdf+xml application/rss+xml application/atom+xml
AddOutputFilterByType DEFLATE font/eot font/otf font/opentype application/font-otf application/x-font-otf
AddOutputFilterByType DEFLATE font/ttf font/truetype application/font-ttf application/x-font-ttf
AddOutputFilterByType DEFLATE image/bmp image/svg+xml image/x-icon image/vnd.microsoft.icon

# Drop problematic browsers
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html

# Make sure proxies don't deliver the wrong content
Header append Vary User-Agent env=!dont-vary
</IfModule>

Recommends to install Wp Super Cache.

* Enable some functions.php (optionals)

COPY CODE

//  Change Buddypress username for nickname. This function works fine for new users, but, for old users you need to update their profiles. Go to Users on your Dashboard, and change their nickname for the full name, example: john doe.// 

function set_default_display_name( $user_id ) {
$user = get_userdata( $user_id );
$name = sprintf( '%s %s', $user->first_name, $user->last_name );
$nickname = sanitize_user( strtolower( str_replace( ' ', '', $name ) ) );
$args = array(
'ID' => $user_id,
'display_name' => $name,
'nickname' => $nickname,
'user_nicename' => $nickname
);
wp_update_user( $args );
}
add_action( 'user_register', 'set_default_display_name' );

COPY CODE

// Force new users to use strong passwords
function strong_validation() {
 global $bp;

 if ( !empty( $_POST['signup_password'] ) )
   if ( !valid_pass( $_POST['signup_password'] ) ){
    $bp->signup->errors['signup_password'] = __( 'Your password is not strong enough. Please, write a strong password using characters: A-Z, a-z, 0-9, @#$%&*-:;,.!', 'buddypress' );
   }
 }
 add_action( 'bp_signup_validate', 'strong_validation');

 function valid_pass($candidate) {
   $r1='/[A-Z]/';  //Uppercase
   $r2='/[a-z]/';  //lowercase
   $r3='/[!@#$%^&*()-_=+{};:,<.>]/';  // whatever you mean by special char
   $r4='/[0-9]/';  //numbers

   if(preg_match_all($r1,$candidate, $o)<1) return FALSE;
   if(preg_match_all($r2,$candidate, $o)<1) return FALSE;
   if(preg_match_all($r3,$candidate, $o)<1) return FALSE;
   if(preg_match_all($r4,$candidate, $o)<1) return FALSE;
   if(strlen($candidate)<8) return FALSE;

   return TRUE;
}

COPY CODE

// Protect comment box 
add_filter('pre_comment_content', 'wp_specialchars');

COPY CODE

// Enable shortcodes in text widgets
add_filter('widget_text','do_shortcode');

COPY CODE

// Restricted Email Domains
add_option('limited_email_domains', array('yahoo.com', 'outlook.com', 'hotmail.com', 'gmail.com', 'aol.com', 'mail.com'));

COPY CODE

// Exclude Admins from Directories and BP Widgets 
add_filter( 'bp_after_has_members_parse_args', 'buddydev_exclude_users' );

function buddydev_exclude_users( $args ) {
	//do not exclude in admin
	if( is_admin() && ! defined( 'DOING_AJAX' ) ) {
		return $args;
	}
	
	$excluded = isset( $args['exclude'] )? $args['exclude'] : array();

	if( !is_array( $excluded ) ) {
		$excluded = explode(',', $excluded );
	}
	
	$user_ids = array( 1 ); //user ids
	
	
	$excluded = array_merge( $excluded, $user_ids );
	
	$args['exclude'] = $excluded;
	
	return $args;
}

COPY CODE

// Add an invisible field to comment form box (Honeypot)
add_action('comment_form', 'wpp_add_honeypot');
function wpp_add_honeypot($postID) {
	
    //Adding a invisible textarea with name igotyoubot for spambots, visitors won't see this.
	echo '<p style="display:none">';
	echo '<textarea name="igotyoubot" cols="100%" rows="10" autocomplete="off"> </textarea>';
	echo '<label  for="igotyoubot">' . __("I don't like an input here. You Must Leave This Empty") . '</label>';	
	echo '</p>';
	
}

// Check if comment is a spam
add_filter('pre_comment_approved', 'wpp_detect_honeypot');
function wpp_detect_honeypot($comment_status) {

   if (!empty($_POST['igotyoubot'])) { 	// Mark as spam if bot filled out the hidden textarea
        $comment_status = 'spam';
    }
	return $comment_status;
}

COPY CODE

// Add a honeypot to the BuddyPress registration form to prevent spam registrations
load_plugin_textdomain( 'pj-buddypress-honeypot', null, basename( dirname( __FILE__ ) ) );
class pjbp_honeypot {
	
	CONST BPPJ_HONEYPOT_NAME	= 'oh_no_you_dint';
	CONST BPPJ_HONEYPOT_ID		= 'sucka';
	function __construct() {
		add_action( 'bp_after_signup_profile_fields', array( &$this, 'add_honeypot' ) );
		add_filter( 'bp_core_validate_user_signup', array( &$this, 'check_honeypot' ) );
	}
	
	function add_honeypot() {
		
		echo '<div style="display: none;">';
		echo '<input type="text" name="'.apply_filters( 'bppj_honeypot_name', self::BPPJ_HONEYPOT_NAME ).'" id="'.apply_filters( 'bppj_honeypot_id', self::BPPJ_HONEYPOT_ID ).'" />';
		echo '</div>';
	}
	
	function check_honeypot( $result = array() ) {
		global $bp;
		$bppj_honeypot_name = apply_filters( 'bppj_honeypot_name', self::BPPJ_HONEYPOT_NAME );
		if( isset( $_POST[$bppj_honeypot_name] ) && !empty( $_POST[$bppj_honeypot_name] ) )
			$result['errors']->add( 'pjbp_honeypot', apply_filters( 'bppj_honeypot_fail_message', __( "You're totally a spammer. Go somewhere else with your spammy ways." ) ) );
		
		return $result;
	}
}
new pjbp_honeypot;

COPY CODE

// Remove Query Strings From Static Resources
if ( ! is_admin() ) {
function _remove_script_version( $src ){
$parts = explode( '?ver', $src );
return $parts[0];
}
add_filter( 'script_loader_src', '_remove_script_version', 15, 1 );
add_filter( 'style_loader_src', '_remove_script_version', 15, 1 );
}

COPY CODE

// Defer jQuery Parsing using the HTML5 defer property
if (!(is_admin() )) {
    function defer_parsing_of_js ( $url ) {
        if ( FALSE === strpos( $url, '.js' ) ) return $url;
        if ( strpos( $url, 'jquery.js' ) ) return $url;
        // return "$url' defer ";
        return "$url' defer onload='";
    }
    add_filter( 'clean_url', 'defer_parsing_of_js', 11, 1 );
}

COPY CODE

// BP redirect to Profile after Login 
function redirect_to_profile( $redirect_to_calculated, $redirect_url_specified, $user ) {
if ( ! $user || is_wp_error( $user ) ) {
		return $redirect_to_calculated;
	}
//If the redirect is not specified, assume it to be dashboard
	if ( empty( $redirect_to_calculated ) ) {
		$redirect_to_calculated = admin_url();
	}
// if the user is not site admin, redirect to his/her profile
	if ( ! is_super_admin( $user->ID ) ) {
		return bp_core_get_user_domain( $user->ID );
	} else {
		//if site admin or not logged in, do not do anything much
		return $redirect_to_calculated;
	}
}
add_filter( 'login_redirect', 'redirect_to_profile', 100, 3 );

COPY CODE

// Remove WP Header Junk 
        // all actions related to emojis
        remove_action( 'wp_head', 'print_emoji_detection_script', 7 );
        remove_action( 'wp_print_styles', 'print_emoji_styles' );
        
        // Remove the REST API endpoint.
        remove_action( 'wp_head', 'rest_output_link_wp_head');
        remove_action( 'wp_head', 'wp_oembed_add_discovery_links' );
        remove_action( 'wp_head', 'wp_oembed_add_host_js' );
        
        remove_action('wp_head', 'rsd_link'); // remove really simple discovery link
        remove_action('wp_head', 'wp_generator'); // remove wordpress version
        
        remove_action('wp_head', 'feed_links', 2); // remove rss feed links (make sure you add them in yourself if youre using feedblitz or an rss service)
        remove_action('wp_head', 'feed_links_extra', 3); // removes all extra rss feed links
        
        remove_action('wp_head', 'index_rel_link'); // remove link to index page
        remove_action('wp_head', 'wlwmanifest_link'); // remove wlwmanifest.xml (needed to support windows live writer)
        
        remove_action('wp_head', 'start_post_rel_link', 10, 0); // remove random post link
        remove_action('wp_head', 'parent_post_rel_link', 10, 0); // remove parent post link
        remove_action('wp_head', 'adjacent_posts_rel_link', 10, 0); // remove the next and previous post links
        remove_action('wp_head', 'adjacent_posts_rel_link_wp_head', 10, 0 ); // remove the next and previous post links
        
        remove_action('wp_head', 'wp_shortlink_wp_head', 10, 0 );
        
        wp_deregister_script( 'comment-reply' ); // Remove comment-reply.min.js from footer

COPY CODE

// Remove WooCommerce Generator Tag
function remove_woo_commerce_generator_tag()
{
    remove_action('wp_head',array($GLOBALS['woocommerce'], 'generator'));
}
add_action('get_header','remove_woo_commerce_generator_tag');

COPY CODE

// Minify your HTML 
if ( ! is_admin() ) {	
function minify_output($buffer)
{
$search = array(
'/\>[^\S ]+/s',
'/[^\S ]+\</s',
'/(\s)+/s'
);
$replace = array(
'>',
'<',
'\\1'
);
if (preg_match("/\<html/i",$buffer) == 1 && preg_match("/\<\/html\>/i",$buffer) == 1) {
$buffer = preg_replace($search, $replace, $buffer);
}
return $buffer;
}
ob_start("minify_output");
}

[Roader]

Hi There. I try to add this, but… this functions does not work with SD.

Add-send-private-message-button-in-members-directory

[Roader]

Other important function:

COPY CODE

// Limit the access only to Admin
add_action( 'init', 'blockusers_init' );
function blockusers_init() {
 if ( is_admin() && !current_user_can( 'administrator' ) && !( defined( 'DOING_AJAX' ) && DOING_AJAX ) ) {
 wp_redirect( home_url() );
 exit;
 }
}

But, from the Theme Options, you put selection:

[ ] Enable limit the access only to Admins

Include others:

[ ] Editor
[ ] Author
[ ] Contributor
[ ] Shop Manager (for Woocommerce)
[ ] All

And that code will be added to functions.php.

Variants (for replace):

If you select Editor, the code is:

`add_action( ‘init’, ‘blockusers_init’ );
function blockusers_init() {
if ( is_admin() && !current_user_can( ‘administrator’ ) && !current_user_can( ‘editor’ ) && !( defined( ‘DOING_AJAX’ ) && DOING_AJAX ) ) {
wp_redirect( home_url() );
exit;
}
}`

If you select Contributor:

`add_action( ‘init’, ‘blockusers_init’ );
function blockusers_init() {
if ( is_admin() && !current_user_can( ‘administrator’ ) && !current_user_can( ‘contributor’ ) && !( defined( ‘DOING_AJAX’ ) && DOING_AJAX ) ) {
wp_redirect( home_url() );
exit;
}
}`

If you select Author:

COPY CODE

add_action( 'init', 'blockusers_init' );
function blockusers_init() {
 if ( is_admin() && !current_user_can( 'administrator' ) && !current_user_can( 'author' ) && !( defined( 'DOING_AJAX' ) && DOING_AJAX ) ) {
 wp_redirect( home_url() );
 exit;
 }
}

If you select Shop Manager:

`add_action( ‘init’, ‘blockusers_init’ );
function blockusers_init() {
if ( is_admin() && !current_user_can( ‘administrator’ ) && !current_user_can( ‘shop_manager’ ) && !( defined( ‘DOING_AJAX’ ) && DOING_AJAX ) ) {
wp_redirect( home_url() );
exit;
}
}`

If you select Editor and Shop Manager:

`add_action( ‘init’, ‘blockusers_init’ );
function blockusers_init() {
if ( is_admin() && !current_user_can( ‘administrator’ ) && !current_user_can( ‘editor’ ) && !current_user_can( ‘shop_manager’ ) && !( defined( ‘DOING_AJAX’ ) && DOING_AJAX ) ) {
wp_redirect( home_url() );
exit;
}
}`

If you select All:

`add_action( ‘init’, ‘blockusers_init’ );
function blockusers_init() {
if ( is_admin() && !current_user_can( ‘administrator’ ) && !current_user_can( ‘editor’ ) && !current_user_can( ‘author’ ) && !current_user_can( ‘contributor’ ) && !current_user_can( ‘shop_manager’ ) && !( defined( ‘DOING_AJAX’ ) && DOING_AJAX ) ) {
wp_redirect( home_url() );
exit;
}
}`

You can create more combinations with editor, etc.

[Laura]

Hello, will assign the ticket to a higher support level who can help and advise you in your query.
Thanks! ?

Hi there!!! Help others from the community and mark any reply as solution if it solved your question. Mark as a solution

[Roader]

Hola Laura.
Bueno, este Ticket no requiere de ayuda en realidad. Lo abrí para que uds tengan pendiente ciertas Updates que necesita el Theme, como esa Opción de Seguridad Básica.

[Radu]

Sorry, we cannot include that cuz, the theme should be lighter as possible(speed, performance, code
quality), every webmaster that uses sweetdate theme can develop and improve functionalities of the theme for the client needs.

Cheers
R.

Hi there!!! Help others from the community and mark any reply as solution if it solved your question. Mark as a solution

[Radu]

We will launch Sweetdate 3.0 in future and after then we can see how some plugin behaves with that and then we will implement most needed plugins for sweetdate users.

Cheers
R

Hi there!!! Help others from the community and mark any reply as solution if it solved your question. Mark as a solution

[Roader]

Hi Radu,
Okey, but, for security measure:

The Registration Form, needs:

When a New User enters his username, if it is equal to his personal name and last name,

You should automatically receive this message:

Your username must be different from your personal name.

So: If his username is johndoe, and his personal name is John Doe, = Error!
But, If his username is john02 and his personal name is John Doe, = No Problem!

Laura (in spanish)
Lo que le estoy diciendo a Radu es, que en el Formulario de Registro, si un Nuevo Usuario pone de username: johndoe y de nombre completo John Doe, que automáticamente reciba un aviso: Su nombre de usuario debe ser diferente de su Nombre personal. Pues lógicamente, si alguien usa como username el mismo nombre personal, será fácil de adivinar por cualquier hacker.

Por otro lado convertí esa función php que encontré en un plugin básico.

BuddyPress Strong Username And Password

[Radu]

Hi,

The logic and conditions that you have recommended for us cannot be implemented thru the theme cuz it depends on every user project, so my advice for you it’s to implement yourself the logic that you needs.

Cheers
R.

Hi there!!! Help others from the community and mark any reply as solution if it solved your question. Mark as a solution

[Roader]

#167555

My solution was:

COPY CODE

// Force Strong Username
function strong_username() {
 global $bp;

 if ( !empty( $_POST['signup_username'] ) )
   if ( !valid_username( $_POST['signup_username'] ) ){
    $bp->signup->errors['signup_username'] = __( 'Your username is too weak or short. Please, use uppercase, lowercase and numbers.', 'bp-strong-username-password', 'buddypress' );
   }
 }
 add_action( 'bp_signup_validate', 'strong_username');

 function valid_username($candidate) {
   $r1='/[A-Z]/';  //Uppercase 
   $r2='/[a-z]/';  //lowercase
   $r3='/[0-9]/';  //numbers

   if(preg_match_all($r1,$candidate, $o)<1) return FALSE;
   if(preg_match_all($r2,$candidate, $o)<1) return FALSE;
   if(preg_match_all($r3,$candidate, $o)<1) return FALSE;
   if(strlen($candidate)<8) return FALSE;

   return TRUE;
}

[Radu]

Great
Cheers
R.

Hi there!!! Help others from the community and mark any reply as solution if it solved your question. Mark as a solution

[Author]

Posts