Dan Knauss dknauss
dknauss
/ session_check_intervals.php
Created
September 16, 2024 14:11
Set Wordpress auth/session cookie check interval and heartbeat interval.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Set the authentication check interval in seconds. | |
| add_filter( 'wp_auth_check_interval', 'auth_check_interval_filter', 99, 1 ); | |
| function auth_check_interval_filter ( $interval ) { | |
| $interval = 1; | |
| return $interval; | |
| } | |
| // Set the heartbeat interval in seconds. | |
| function wb_set_heartbeat_time_interval($settings) { | |
| $settings['interval']=1; | |
| return $settings; |
dknauss
/ set_session_limits.php
Created
September 16, 2024 14:11
Set WordPress user session expiration (hard, upper) limits.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Set session expiration limits in seconds. | |
| add_filter('auth_cookie_expiration', 'session_expiration_filter', 99, 3); | |
| function session_expiration_filter($seconds, $user_id, $remember){ | |
| //if "remember me" is checked; | |
| if ( $remember ) { | |
| //WP defaults to 2 weeks (14*24*60*60); | |
| $expiration = 60; //UPDATE HERE; | |
| } else { | |
| //WP defaults to 48 hrs/2 days (2*24*60*60); |
dknauss
/ expire_idle_sessions.php
Last active
December 30, 2024 17:11
Expire idle WordPress user sessions
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Set a short expiration for the user's auth/session cookie. | |
| add_filter ( 'auth_cookie_expiration', 'set_session_limit', 10, 3 ); | |
| function set_session_limit ( $expire, $user_id, $remember ) { | |
| $remember = false; // Turn off the "Remember Me" extended session limit for all users. | |
| return 300; // Set login session limit in seconds, 300 = 5 minutes | |
| } | |
| // Hook this function to the 'init' action to run on every page load. | |
| add_action( 'init', 'if_idle_reset_cookie_expiration' ); | |
| function if_idle_reset_cookie_expiration() { |
dknauss
/ failed_login_401.php
Last active
January 6, 2026 21:19
Return 401 error response for failed WordPress logins.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| add_action( 'wp_login_failed', function ():void { | |
| status_header( 401 ); // Generates PHP header("HTTP/1.1 401 Unauthorized"); | |
| wp_die( 'Your login attempt failed.' ); // Kill WP/PHP execution with WSOD + error message. | |
| }); | |
| // By default WordPress handles failed login attempts by reloading the login page and returning a HTTP 200 "OK" response | |
| // with a message that reads "Error: The username/email address or password is incorrect. Please try again." | |
| // | |
| // By returning a HTTP 401 "Unauthorized" response instead, rate limiting tools watching the HTTP access log, like fail2ban | |
| // and mod_security, will pick up on repeated bad login attempts from single IPs and ban them. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * == Psudo == | |
| * | |
| * Plugin Name: Psudo | |
| * Version: 1.0 | |
| * Author: Dan Knauss | |
| * Contributors: | |
| * Donate link: https://example.com/ | |
| * Tags: security, user management |
dknauss
/ always_five_if_active.php
Last active
December 30, 2024 17:04
Every time a WordPress Admin user refreshes a page, reset their session cookie expiration to five minutes.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| add_filter('auth_cookie_expiration', function (int $default_duration, int $user_id) { | |
| if (user_can($user_id, 'manage_options')) { | |
| return 5 * MINUTE_IN_SECONDS; | |
| } | |
| return $default_duration; | |
| }, 10, 2); | |
| // Note: This filter expires sessions that are idle for more than five minutes and keeps active admin user sessions | |
| // alive continuously as long as there has been activity (page loads/GET requests) within the last five minutes. |
dknauss
/ expire_idle_wp.html
Last active
January 6, 2025 19:22
Expire Idle WordPress Sessions (JavaScript)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <script type="text/javascript"> | |
| var logoutUrl = '<?php echo htmlspecialchars_decode( wp_logout_url() ); ?>'; | |
| var timeout; | |
| document.onload = resetTimeout; | |
| document.onmousemove = resetTimeout; | |
| document.onkeypress = resetTimeout; | |
| function resetTimeout() { | |
| clearTimeout( timeout ); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| if ( ! defined( "ABSPATH" ) ) { | |
| die( "Invalid request." ); | |
| } | |
| /* WordPress Tweaks */ | |
| // Remove mandatory classic theme. | |
| function disable_classic_theme_styles():void { | |
| wp_deregister_style( "classic-theme-styles" ); |
OlderNewer