Langmans · February 16, 2017 08:04
diff --git a/.htaccess b/.htaccess
 ###DMG SECURITY BEGIN###
 <IfModule mod_rewrite.c>
 RewriteEngine On
 #whitelist:
 RewriteRule ^/?wp-content/plugins/wp-spamshield/ - [QSA,L]
 #blacklist:
 RewriteRule ^/?xmlrpc.php$ - [F,L]
 RewriteRule ^/?wp-admin/includes/ - [F,L]
 RewriteRule ^/?wp-includes/[^/]+\.php$ - [F,L]
 RewriteRule ^/?wp-includes/js/tinymce/langs/.+\.php - [F,L]
 RewriteRule ^/?wp-includes/theme-compat/ - [F,L]
 RewriteRule ^/?wp-content/.+\.php - [F,L]
 </IfModule>
 ###DMG SECURITY END###
diff --git a/auto-updates.php b/auto-updates.php
 <?php

 // file: /wp-content/mu-plugins/auto-updates.php

 // https://codex.wordpress.org/Configuring_Automatic_Background_Updates

 add_filter( 'allow_dev_auto_core_updates', '__return_false' );           // Enable development updates 
 add_filter( 'allow_minor_auto_core_updates', '__return_true' );         // Enable minor updates
 add_filter( 'allow_major_auto_core_updates', '__return_true' );         // Enable major updates

 add_filter( 'auto_update_theme', '__return_true' );

 function auto_update_specific_plugins ( $update, $item ) {
    // Array of plugin slugs to not auto-update
    $no_auto_updates = array ();
    // Array of plugin slugs  not auto-update
    $auto_updates = array();
    if ( in_array( $item->slug, $no_auto_updates ) ) {
        return false;
    } elseif( in_array($item->slug, $auto_updates ) ) {
        return true;
    } else {
        return $update;
    }
 }
 add_filter( 'auto_update_plugin', 'auto_update_specific_plugins', 10, 2 );
diff --git a/create_user.php b/create_user.php
 <?php
 // ADD NEW ADMIN USER TO WORDPRESS
 // ----------------------------------
 // Put this file in your Wordpress root directory and run it from your browser.
 // comment it with die() when done.

 // call it like: /create_user.php?username=woopdiedoo&password=xxxx&[email protected]

 header('Location: https://piv.pivpiv.dk/');
 die('');

 require_once('wp-blog-header.php');
 require_once('wp-includes/registration.php');
 // ----------------------------------------------------
 // CONFIG VARIABLES
 // Make sure that you set these before running the file.
 $newusername = filter_input(INPUT_GET, 'username');
 $newpassword = filter_input(INPUT_GET, 'password');
 $newemail = filter_input(INPUT_GET, 'email');

 // ----------------------------------------------------
 if ( $newpassword && $newemail && $newusername) {
 	// Check that user doesn't already exist
 	if ( !username_exists($newusername) && !email_exists($newemail) )
 	{
 		// Create user and set role to administrator
 		$user_id = wp_create_user( $newusername, $newpassword, $newemail);
 		if ( is_int($user_id) ) {
 			$wp_user_object = new WP_User($user_id);
 			$wp_user_object->set_role('administrator');
 			echo 'Successfully created new admin user. Now comment it with die()';
 		}
 		else {
 			echo 'Error with wp_insert_user. No users were created.';
 		}
 	}
 	else {
 		echo 'This user or email already exists. Nothing was done.';
 	}
 }
 else {
 	echo 'Whoops, looks like you did not set a password, username, or email';
 	echo 'before running the script. Set these variables and try again.';
 }
diff --git a/move.htaccess b/move.htaccess
 # Append the following to 301 redirect files from /new/ to the root:

 <IfModule mod_rewrite.c>
 RewriteEngine On
 RewriteBase /
 RewriteCond %{REQUEST_FILENAME} !-f
 RewriteCond %{REQUEST_FILENAME} !-d
 RewriteRule ^/?new/(.*)$ /$1 [QSA,L,R=301]
 </IfModule>
diff --git a/readme.md b/readme.md
diff --git a/wp-config.debug.php b/wp-config.debug.php
 <?php
 $is_development = false;
 if(is_file('wp-config.development.php')) {
  require 'wp-config.development.php';
  $is_development = true;
 } elseif(is_file('wp-config.production.php')){
  require 'wp-config.development.php';
 }

 define('DISALLOW_FILE_EDIT', true);

 /**#@+
 * DEBUGGING STUFF
 */
 /** display of notices during development. if false, error_reporting is E_ERROR | E_WARNING | E_PARSE | E_USER_ERROR | E_USER_WARNING | E_RECOVERABLE_ERROR otherwise E_ALL */
 !defined('WP_DEBUG') && define('WP_DEBUG', false);

 /** The SAVEQUERIES definition saves the database queries to a array and that array can be displayed to help analyze those queries.
 *  The information saves each query, what function called it, and how long that query took to execute.  */
 !defined('SAVE_QUERIES') && define('SAVE_QUERIES', WP_DEBUG);

 !defined('ACTION_DEBUG') && define('ACTION_DEBUG', WP_DEBUG);

 /** This will allow you to edit the scriptname.dev.js files in the wp-includes/js and wp-admin/js directories.  */
 !defined('SCRIPT_DEBUG') && define('SCRIPT_DEBUG', WP_DEBUG);


 /** Add define('WP_DEBUG_LOG', true); to enable php debug logging to WP_CONTENT_DIR/debug.log */
 !defined('WP_DEBUG_LOG') && define('WP_DEBUG_LOG', true);

 /** This determines whether errors should be printed to the screen as part of the output or if they should be hidden from the user.
 *  Add define('WP_DEBUG_DISPLAY', false); to wp-config.php to use the globally configured setting for display_errors and not force it to On */
 !defined('WP_DEBUG_DISPLAY') && define('WP_DEBUG_DISPLAY', false);

 /** Turns the output of errors on or off, you really never want this on, you should only view errors by reading the log file. */
 ini_set('display_errors', WP_DEBUG_DISPLAY);

 /** Tells whether script error messages should be logged to the server's error log or error_log. */
 ini_set('log_errors', WP_DEBUG_LOG? 'On':'Off');

 /** Where to log php errors */
 //ini_set('error_log', ASKAPACHE_ROOT . '/logs/php_error.log');

 /** http://us.php.net/manual/en/timezones.php */
 ini_set('date.timezone', 'Europe/Amsterdam');

 /** Set the memory limit, otherwise defaults to '32M' */
 ini_set('memory_limit', WP_MEMORY_LIMIT);
diff --git a/wp-config.php b/wp-config.php
 <?php

 // add below DB details.
 //(Primary Preference) "direct" forces it to use Direct File I/O requests from within PHP. It is the option chosen by default.
 //(Secondary Preference) "ssh2" is to force the usage of the SSH PHP Extension if installed
 //(3rd Preference) "ftpext" is to force the usage of the FTP PHP Extension for FTP Access, and finally
 //(4th Preference) "ftpsockets" utilises the PHP Sockets Class for FTP Access.
 define( 'FS_METHOD', 'ftpext' );
 define( 'FTP_HOST', $_SERVER['HTTP_HOST'] );
 define( 'FTP_USER', DB_USER ); // or anything other
 define( 'FTP_PASS', DB_PASSWORD ); // or anything other
 define( 'FTP_SSL', false );

 define( 'DISALLOW_FILE_EDIT', true );

 // example. FTP_BASE, FTP_CONTENT_DIR and FTP_PLUGIN_DIR are detected automaticly.
 /*
 define( 'FS_METHOD', 'ftpext' );
 define( 'FTP_BASE', '/path/to/wordpress/' );
 define( 'FTP_CONTENT_DIR', '/path/to/wordpress/wp-content/' );
 define( 'FTP_PLUGIN_DIR ', '/path/to/wordpress/wp-content/plugins/' );
 define( 'FTP_PUBKEY', '/home/username/.ssh/id_rsa.pub' );
 define( 'FTP_PRIKEY', '/home/username/.ssh/id_rsa' );
 define( 'FTP_USER', 'username' );
 define( 'FTP_PASS', 'password' );
 define( 'FTP_HOST', 'ftp.example.org' );
 define( 'FTP_SSL', false );
 */
diff --git a/wp-move.php b/wp-move.php
 <?php

 require_once __DIR__ . '/wp-load.php';
 $host = $_SERVER['HTTP_HOST'];
 $path = dirname($_SERVER['SCRIPT_NAME']);
 $url = "http://{$host}{$path}";

 if (WP_DEBUG) {
    update_option('siteurl', $url);
    update_option('home', $url);
 //    if (!get_option('permalink_structure')) {
    update_option('permalink_structure', '/%year%/%monthnum%/%day%/%postname%/');
 //    }
    flush_rewrite_rules(true);
    echo got_mod_rewrite()
        ? '.htacccess aangepast'
        : 'rewriterules aangepast (nginx of IIS7)';
    die;
 }

 header('Location: ' . $url);
	###DMG SECURITY BEGIN###
	<IfModule mod_rewrite.c>
	RewriteEngine On
	#whitelist:
	RewriteRule ^/?wp-content/plugins/wp-spamshield/ - [QSA,L]
	#blacklist:
	RewriteRule ^/?xmlrpc.php$ - [F,L]
	RewriteRule ^/?wp-admin/includes/ - [F,L]
	RewriteRule ^/?wp-includes/[^/]+\.php$ - [F,L]
	RewriteRule ^/?wp-includes/js/tinymce/langs/.+\.php - [F,L]
	RewriteRule ^/?wp-includes/theme-compat/ - [F,L]
	RewriteRule ^/?wp-content/.+\.php - [F,L]
	</IfModule>
	###DMG SECURITY END###
	<?php

	// file: /wp-content/mu-plugins/auto-updates.php

	// https://codex.wordpress.org/Configuring_Automatic_Background_Updates

	add_filter( 'allow_dev_auto_core_updates', '__return_false' ); // Enable development updates
	add_filter( 'allow_minor_auto_core_updates', '__return_true' ); // Enable minor updates
	add_filter( 'allow_major_auto_core_updates', '__return_true' ); // Enable major updates

	add_filter( 'auto_update_theme', '__return_true' );

	function auto_update_specific_plugins ( $update, $item ) {
	// Array of plugin slugs to not auto-update
	$no_auto_updates = array ();
	// Array of plugin slugs not auto-update
	$auto_updates = array();
	if ( in_array( $item->slug, $no_auto_updates ) ) {
	return false;
	} elseif( in_array($item->slug, $auto_updates ) ) {
	return true;
	} else {
	return $update;
	}
	}
	add_filter( 'auto_update_plugin', 'auto_update_specific_plugins', 10, 2 );
	<?php
	// ADD NEW ADMIN USER TO WORDPRESS
	// ----------------------------------
	// Put this file in your Wordpress root directory and run it from your browser.
	// comment it with die() when done.

	// call it like: /create_user.php?username=woopdiedoo&password=xxxx&[email protected]

	header('Location: https://piv.pivpiv.dk/');
	die('');

	require_once('wp-blog-header.php');
	require_once('wp-includes/registration.php');
	// ----------------------------------------------------
	// CONFIG VARIABLES
	// Make sure that you set these before running the file.
	$newusername = filter_input(INPUT_GET, 'username');
	$newpassword = filter_input(INPUT_GET, 'password');
	$newemail = filter_input(INPUT_GET, 'email');

	// ----------------------------------------------------
	if ( $newpassword && $newemail && $newusername) {
	// Check that user doesn't already exist
	if ( !username_exists($newusername) && !email_exists($newemail) )
	{
	// Create user and set role to administrator
	$user_id = wp_create_user( $newusername, $newpassword, $newemail);
	if ( is_int($user_id) ) {
	$wp_user_object = new WP_User($user_id);
	$wp_user_object->set_role('administrator');
	echo 'Successfully created new admin user. Now comment it with die()';
	}
	else {
	echo 'Error with wp_insert_user. No users were created.';
	}
	}
	else {
	echo 'This user or email already exists. Nothing was done.';
	}
	}
	else {
	echo 'Whoops, looks like you did not set a password, username, or email';
	echo 'before running the script. Set these variables and try again.';
	}
	# Append the following to 301 redirect files from /new/ to the root:

	<IfModule mod_rewrite.c>
	RewriteEngine On
	RewriteBase /
	RewriteCond %{REQUEST_FILENAME} !-f
	RewriteCond %{REQUEST_FILENAME} !-d
	RewriteRule ^/?new/(.*)$ /$1 [QSA,L,R=301]
	</IfModule>
	<?php
	$is_development = false;
	if(is_file('wp-config.development.php')) {
	require 'wp-config.development.php';
	$is_development = true;
	} elseif(is_file('wp-config.production.php')){
	require 'wp-config.development.php';
	}

	define('DISALLOW_FILE_EDIT', true);

	/**#@+
	* DEBUGGING STUFF
	*/
	/** display of notices during development. if false, error_reporting is E_ERROR \| E_WARNING \| E_PARSE \| E_USER_ERROR \| E_USER_WARNING \| E_RECOVERABLE_ERROR otherwise E_ALL */
	!defined('WP_DEBUG') && define('WP_DEBUG', false);

	/** The SAVEQUERIES definition saves the database queries to a array and that array can be displayed to help analyze those queries.
	* The information saves each query, what function called it, and how long that query took to execute. */
	!defined('SAVE_QUERIES') && define('SAVE_QUERIES', WP_DEBUG);

	!defined('ACTION_DEBUG') && define('ACTION_DEBUG', WP_DEBUG);

	/** This will allow you to edit the scriptname.dev.js files in the wp-includes/js and wp-admin/js directories. */
	!defined('SCRIPT_DEBUG') && define('SCRIPT_DEBUG', WP_DEBUG);


	/** Add define('WP_DEBUG_LOG', true); to enable php debug logging to WP_CONTENT_DIR/debug.log */
	!defined('WP_DEBUG_LOG') && define('WP_DEBUG_LOG', true);

	/** This determines whether errors should be printed to the screen as part of the output or if they should be hidden from the user.
	* Add define('WP_DEBUG_DISPLAY', false); to wp-config.php to use the globally configured setting for display_errors and not force it to On */
	!defined('WP_DEBUG_DISPLAY') && define('WP_DEBUG_DISPLAY', false);

	/** Turns the output of errors on or off, you really never want this on, you should only view errors by reading the log file. */
	ini_set('display_errors', WP_DEBUG_DISPLAY);

	/** Tells whether script error messages should be logged to the server's error log or error_log. */
	ini_set('log_errors', WP_DEBUG_LOG? 'On':'Off');

	/** Where to log php errors */
	//ini_set('error_log', ASKAPACHE_ROOT . '/logs/php_error.log');

	/** http://us.php.net/manual/en/timezones.php */
	ini_set('date.timezone', 'Europe/Amsterdam');

	/** Set the memory limit, otherwise defaults to '32M' */
	ini_set('memory_limit', WP_MEMORY_LIMIT);
	<?php

	// add below DB details.
	//(Primary Preference) "direct" forces it to use Direct File I/O requests from within PHP. It is the option chosen by default.
	//(Secondary Preference) "ssh2" is to force the usage of the SSH PHP Extension if installed
	//(3rd Preference) "ftpext" is to force the usage of the FTP PHP Extension for FTP Access, and finally
	//(4th Preference) "ftpsockets" utilises the PHP Sockets Class for FTP Access.
	define( 'FS_METHOD', 'ftpext' );
	define( 'FTP_HOST', $_SERVER['HTTP_HOST'] );
	define( 'FTP_USER', DB_USER ); // or anything other
	define( 'FTP_PASS', DB_PASSWORD ); // or anything other
	define( 'FTP_SSL', false );

	define( 'DISALLOW_FILE_EDIT', true );

	// example. FTP_BASE, FTP_CONTENT_DIR and FTP_PLUGIN_DIR are detected automaticly.
	/*
	define( 'FS_METHOD', 'ftpext' );
	define( 'FTP_BASE', '/path/to/wordpress/' );
	define( 'FTP_CONTENT_DIR', '/path/to/wordpress/wp-content/' );
	define( 'FTP_PLUGIN_DIR ', '/path/to/wordpress/wp-content/plugins/' );
	define( 'FTP_PUBKEY', '/home/username/.ssh/id_rsa.pub' );
	define( 'FTP_PRIKEY', '/home/username/.ssh/id_rsa' );
	define( 'FTP_USER', 'username' );
	define( 'FTP_PASS', 'password' );
	define( 'FTP_HOST', 'ftp.example.org' );
	define( 'FTP_SSL', false );
	*/
	<?php

	require_once __DIR__ . '/wp-load.php';
	$host = $_SERVER['HTTP_HOST'];
	$path = dirname($_SERVER['SCRIPT_NAME']);
	$url = "http://{$host}{$path}";

	if (WP_DEBUG) {
	update_option('siteurl', $url);
	update_option('home', $url);
	// if (!get_option('permalink_structure')) {
	update_option('permalink_structure', '/%year%/%monthnum%/%day%/%postname%/');
	// }
	flush_rewrite_rules(true);
	echo got_mod_rewrite()
	? '.htacccess aangepast'
	: 'rewriterules aangepast (nginx of IIS7)';
	die;
	}

	header('Location: ' . $url);