Tag: security

Auto-Upgrading users in WordPress

I made a small site recently where I wanted all newly registered users from a specific email domain to automatically be administrators (this is a terrible idea, don’t do it). The user registration was restricted by Single-Sign-On and 2-Factor Authentication, so I felt relatively safe doing this, especially since it was only a “for fun” project.

The interesting bit of code that upgraded users to admins is as follows:

add_action( 'user_register', 'upgrade_email_to_admin', 10, 1 );
function upgrade_email_to_admin( $user_id ) {
$user = get_user_by( 'ID', $user_id );
if ( false !== $user ) {
$email = $user-&gt;data-&gt;user_email;

   // Only example.com please.
    if ( false === strpos( $email, '@example.com' ) ) {
        return;
    }

    $roles = $user-&amp;gt;roles;

    if ( ! in_array( 'administrator', $roles, true ) ) {
        $user_update = array();
        $user_update['ID'] = $user_id;
        $user_update['role'] = 'administrator';
        wp_update_user( $user_update );
    }
}
Code language: PHP (php)

This is 100% insecure, please do not do this 🙂

September 28, 2017

Let’s Encrypt SSL on SABnzbd+

Let’s Encrypt has been in public beta for some time now, so I thought it was time for me to test it out and see how it works.

I’ve been working on some automation for Let’s Encrypt, WordPress Multisite, Domain Mapping, and Apache for a while, but I don’t have anything that I feel comfortable sharing yet.

For now though, I was able to get Let’s Encrypt to work with SABnzbd+, which is a binary newsgroup downloader for things such as Linux ISOs.
(more…)

January 20, 2016

Tag: security

Auto-Upgrading users in WordPress

Let’s Encrypt SSL on SABnzbd+