Security Alert: 26 BuddyDev accounts compromized in brute force attack.

BuddyDev

Search

Replies

  • Participant
    Level: Enlightened
    Posts: 35
    Michael on January 2, 2025 at 11:16 am in reply to: [Resolved] Exclude from sitewude activity stream per user id #54452

    Thankyou Rajesh, much appreciated.

  • Participant
    Level: Enlightened
    Posts: 35
    Michael on December 28, 2024 at 8:19 pm in reply to: [Resolved] Exclude from sitewude activity stream per user id #54349

    Update: I looked in the database and it seems like the “secondary_item_id” was also being used to hold info for the type “friendship_created”, so both userIDs can be checked, both initiator and accepter.

    I updated my code, it works.

    It’s probably poor code, I am not a coder!

    Could you please check it’s safe.

    Thankyou.

    

function do_not_display_sitewide( $activity_object ) {

	// array of user IDs
	$exclude = array( 1, 2, 3 );

	if( in_array( $activity_object->user_id, $exclude ) )
		return $activity_object->hide_sitewide = true;
	
	if( in_array( $activity_object->secondary_item_id, $exclude ) && $activity_object->type === 'friendship_created')
		return $activity_object->hide_sitewide = true;
}
add_action('bp_activity_before_save', 'do_not_display_sitewide', 1, 1 );
    • This reply was modified 3 weeks, 4 days ago by Michael.
  • Participant
    Level: Enlightened
    Posts: 35
    Michael on December 26, 2024 at 12:26 am in reply to: [Resolved] Exclude from sitewude activity stream per user id #54246

    Sorry, it pasted messy and won’t let me edit.

    Here it is again.

    
function do_not_display_sitewide( $activity_object ) {

	// array of user IDs
    $exclude = array( 1, 2, 3 );

    if( in_array( $activity_object->user_id, $exclude ) )
        $activity_object->hide_sitewide = true;
 
}
add_action('bp_activity_before_save', 'do_not_display_sitewide', 1, 1 );
  • Participant
    Level: Enlightened
    Posts: 35
    Michael on December 18, 2024 at 10:46 pm in reply to: Password Reset via Email address only, not username #53938

    Works great, thankyou!

    The Lost Password form however still displays (initially) the prompt “Please enter your username or email address” and above the input text field it says “Username or Email Address” … any way those can also be modified to indicate it accepts email address only? Just for tidiness sake.

    If not, thankyou anyway, the functionality is great.

  • Participant
    Level: Enlightened
    Posts: 35
    Michael on December 14, 2024 at 1:30 am in reply to: Delete abandoned Buddypress accounts #53722

    Hi Brajesh
    Thankyou, unfortunately my knowledge of SQL queries is too limited to modify your plugin code safely.

    I tried to write a function to do the deletions by looping through the user IDs. Is this a reasonable way to approach it? It works on my test site but please could you review the code to confirm it’s safe to use.

    Code loops through user IDs, checks if user exists, checks the last_activity and if older than 365 days ago then the account gets deleted.

    
function delete_abandoned() {
	
	require_once( ABSPATH.'wp-admin/includes/user.php' );
	$nowTime = time();

	for ( $x = 1; $x <= 1000; $x++ ) {
		
		$user = get_user_by( 'ID', $x );
		
		if ( $user ) {
			$lastTime = strtotime( bp_get_user_last_activity($x) );
			$daysAgo = intval( ($nowTime - $lastTime) / (3600*24) );
			
			if ( $daysAgo > 365 ) {
				wp_delete_user($x);
			}
		}
	}
}
  • Participant
    Level: Enlightened
    Posts: 35
    Michael on July 8, 2024 at 9:54 am in reply to: [Resolved] Coding question: get_userdata() similar function for Buddypress? #52828

    Thanks Ravi, appreciated.

  • Participant
    Level: Enlightened
    Posts: 35
    Michael on June 27, 2024 at 11:00 am in reply to: [Resolved] Delete all blog comments by specific user #52774

    Thanks Ravi!

  • Participant
    Level: Enlightened
    Posts: 35
    Michael on June 26, 2024 at 9:19 am in reply to: [Resolved] Delete all blog comments by specific user #52769

    Hi Ravi,

    Hope you can kindly answer my last question and then this can be noted as “resolved”.

    Thanks!

  • Participant
    Level: Enlightened
    Posts: 35
    Michael on June 21, 2024 at 4:26 pm in reply to: [Resolved] Delete all blog comments by specific user #52749

    Thankyou so much Ravi, that works great on my test environment. Deletes the comments and correctly updates the total comments count per post too. Perfect.

    Re. possible performance issues for large numbers of comments.

    – the particular user has approx. 2000 comments spread over 4 years.
    – would it be safe to do them all at once?
    – or maybe using ‘date_query’ with the get_comments() function, I could delete them in smaller batches.

    What would you recommend?

    Thanks!

  • Participant
    Level: Enlightened
    Posts: 35
    Michael on June 18, 2024 at 10:02 pm in reply to: [Resolved] Delete all blog comments by specific user #52737

    Sorry! Sorry! Sorry!

    The code snippet above was pasted wrong, here’s the correct version:

    
$entries = $wpdb->get_results("SELECT * FROM wp_posts WHERE post_type IN ('post', 'page')");

foreach($entries as $entry)
{
    $post_id = $entry->ID;
    $comment_count = $wpdb->get_var("SELECT COUNT(*) AS comment_cnt FROM wp_comments WHERE comment_post_ID = '$post_id' AND comment_approved = '1'");
    $wpdb->query("UPDATE wp_posts SET comment_count = '$comment_count' WHERE ID = '$post_id'");
}