Allow vendors to upload only specific file types in EDD Frontend Submissions

Easy Digital Downloads - Front-End Submissions - Allow only specific mime types upload

Frontend Submissions is an add-on that turns Easy Digital Downloads powered WordPress website into a complete multi-vendor marketplace. Based on your marketplace, you may need to restrict the certain file type uploads or allow specific file types upload only for your vendors.

I am sharing a code snippet that I just have written, and implemented on one of my client’s EDD FES website. Inserting it into WordPress theme’s functions.php will restrict vendors to upload any other file types and allow only zip file type upload.

// FES form field name : Prices and Files
add_filter( 'upload_mimes', 'dcg_restrict_mime_types', 1, 1 );
function dcg_restrict_mime_types( $mime_types )
{
$user = wp_get_current_user(); // get the current user
// if user is shop vendor or a shop manager
if ( in_array( 'shop_vendor', (array) $user->roles ) || in_array( 'shop_manager', (array) $user->roles ) ) {
// add the mime types you want to allow to upload
$mime_types = array(
'zip' => 'application/zip',
);
// Use unset to remove specific mime types uploads.
// unset( $mime_types['xls'] ); // Remove .xls extension
// unset( $mime_types['xlsx'] ); // Remove .xlsx extension
// unset( $mime_types['docx'] ); // Remove .docx extension
return $mime_types;
}
}

view raw
functions.php
hosted with ❤ by GitHub

Have you any better solutions? I would love to read your comments.

Fix : LayerSlider conflict with Fast Velocity Minify Plugin in WordPress

Do you use LayerSlider and Fast Velocity Minify WordPress plugins together? Did your Slider(s) stop to work after activating Fast Velocity Minify plugin? If the answer to any of the questions is Yes, you’ve to possibly exclude few LayerSlider scripts from Fast Velocity Minify.

Here are the steps you can follow to fix LayerSlider conflict with Fast Velocity Minify plugin in WordPress and get your Slider(s) working back.

(1) Go to Settings > Fast Velocity Minify

Step 1 - LayerSlider conflict with Fast Velocity Minify Plugin in WordPress

(2) Click on the Pro tab

Step 2 - LayerSlider conflict with Fast Velocity Minify Plugin in WordPress

(3) Add the following paths under Ignore List
/greensock.js
/layerslider.kreaturamedia.jquery.js
/layerslider.transitions.js

Step 3 - LayerSlider conflict with Fast Velocity Minify Plugin in WordPress

(4) Click on Save Changes

Step 4 - LayerSlider conflict with Fast Velocity Minify Plugin in WordPress

(5) Purge FVM Cache by clicking Delete button under Status tab

Step 5 - LayerSlider conflict with Fast Velocity Minify Plugin in WordPress

That’s it! Now check your site. Your Slider(s) should start to work again.

🗣 Do you need help with a new or existing WordPress site? Get in touch with me to discuss your requirements.

How to fix 403 Forbidden Error in WordPress caused by ModSecurity

403 Forbidden Error in WordPress

✓ What is 403 Forbidden Error

The 403 Forbidden Error is an HTTP status code that is sent back by the server when the client (user) who initiated the request doesn’t have permission to access a specific page or resource.

✓ Causes of 403 Forbidden Error

There are many scenarios that can trigger 403 Forbidden Error in WordPress. The following are the common causes:

• Corrupt .htaccess file
• File permission issues
• Incompatible or faulty plugins

✓ Solution

WPBeginner has written an in-depth article on fixing the 403 Forbidden Error in WordPress that will help you to fix the corrupt .htaccess file, repair folder and file permissions, and finding out the incompatible or faulty plugins. If you’ve tried everything described in that article and you still facing 403 Forbidden Error, then it’s the time now to look into ModSecurity configuration.

What is ModSecurity (mod_security)

ModSecurity is an open-source firewall application (or WAF) supported by different web servers such as Apache, Nginx and IIS, and protects web applications such as WordPress from various code injection attacks. It uses regular expressions and rule sets to block commonly known code injections.

WordPress 403 Forbidden Error and ModSecurity (mod_security)

ModSecurity might give you false-positive results when you work with WordPress posts and comments. When you post (save or update) any data to admin-ajax.php, page.php, post.php (and bb-post.php if you’ve BBPress active) pages, ModSecurity sometimes consider it (of course, falsely) as code injection and respond with 403 Forbidden Error. To fix this, you can either add specific rules for WordPress exclusion into ModSecurity config or disable ModSecurity completely.

• Add specific rules for WordPress exclusion under ModSecurity (mod_security)

Follow the steps given below to whitelist WordPress under ModSecurity.

☑ Find whitelist.conf or exclude.conf file under /usr/local/apache/conf/modsec2/ (CentOS in my case, your’s path can be different)

☑ Add the following rules

<locationmatch "/wp-admin/admin-ajax.php">
SecRuleRemoveById 300013
SecRuleRemoveById 300015
SecRuleRemoveById 300016
SecRuleRemoveById 300017
SecRuleRemoveById 949110
SecRuleRemoveById 980130
</locationmatch>
<locationmatch "/wp-admin/page.php">
SecRuleRemoveById 300013
SecRuleRemoveById 300015
SecRuleRemoveById 300016
SecRuleRemoveById 300017
SecRuleRemoveById 949110
SecRuleRemoveById 980130
</locationmatch>
<locationmatch "/wp-admin/post.php">
SecRuleRemoveById 300013
SecRuleRemoveById 300015
SecRuleRemoveById 300016
SecRuleRemoveById 300017
SecRuleRemoveById 949110
SecRuleRemoveById 980130
</locationmatch>

☑ Add the following rules only if you’ve BBPress installed and active

<locationmatch "/bb-post.php">
SecRuleRemoveById 300013
SecRuleRemoveById 300015
SecRuleRemoveById 300016
SecRuleRemoveById 300017
</locationmatch>

You’re done!

• Disable ModSecurity (mod_security) completely if the above WordPress exclusions doesn’t work

You can disable ModSecurity completely by accessing your web hosting Control Panel (different for each control panel) if you’ve VPS or Dedicated Server. Alternatively, you can ask your web hosting provider to disable it completely for you.

* Don’t forget restart your web server after making changes in ModSecurity configuration or after disabling it.

That’s it! You shouldn’t see 403 Forbidden Error anymore now.