Blog

Change login cookie lifetime in WordPress

19. July 2022

If you check “Stay logged in” when you log in (see image), WordPress will allow you to work longer in the WordPress backend without having to log in again.

If this checkmark is set, the lifetime of the authentication cookie is increased. However, the time is only extended by about half a month. If you want to stay logged in longer, for example because you want to work with WordPress every day, the following solution is available:

add_filter( 'auth_cookie_expiration', 'cwhf_extend_auth_cookie_to_1_year' );
function cwhf_extend_auth_cookie_to_1_year( $expirein ) {
	return 31556926; // 1 year in seconds
}

The above code must be added to the WordPress code. This is done via the Code Snippets plugin, the functions.php or a

WordPress multisite and cookie settings in wp-config.php

9. July 2022

Error Image: I created a new site in my multisite environment and replaced the subdomain address for that site with its own domain. The domain records are configured correctly, but still I can’t log into the dashboard on the new site.

The multisite or network feature of WordPress has been an essential part of the core system since version 3.0. In the past, you had to access the possibilities of Multisite via plugins first, but today this feature is part of the basic framework of WordPress. With the current version, it is possible to run sites with different domains within one installation, without being limited to subdomain solutions and directories.

Important: For a setup with subdomain or individual domains, the constant COOKIE_DOMAIN must be set. Otherwise the main domain of the installation will be entered as cookie domain in ms-default-constants and the login will not work. The browser sends cookies only to the matching domain!

Solution

In the wp-config.php the line define( ‘COOKIE_DOMAIN’, ” ); should be inserted.

To make sure that the login with defined constant is not nevertheless hindered by existing cookies, the salt keys must be regenerated and the old ones replaced with them.

Update GUIDs in WordPress after domain move

9. July 2022

If you move a WordPress installation with the WordPress Toolkit, the GUIDs are not updated. The GUIDs are used by WordPress in the RSS feeds.

If you want to drag the GUIDs, you can do it again with the following SQL command:

UPDATE wp_posts SET guid = REPLACE (guid, 'https://old-domain.com', 'https://new-domain.com');

wp_posts must of course be replaced by the actual table name if you use a cryptic table prefix.

Remove header (site-header element) in Genesis

7. June 2022

To remove the header from the page completely from the DOM, you need the following code:

add_action( 'genesis_title', 'cw_remove_header_right_widget', 9 );
function cw_remove_header_right_widget() {
    remove_action('genesis_header', 'genesis_header_markup_open', 5);
    remove_action('genesis_header', 'genesis_do_header');
    remove_action('genesis_header', 'genesis_header_markup_close', 15);
}

Remove header on home page in Genesis

With the following code, you can remove the header element on the home page:

add_action( 'genesis_title', 'cw_remove_header_right_widget', 9 );
function cw_remove_header_right_widget() {
    if ( is_front_page() ) {
        remove_action('genesis_header', 'genesis_header_markup_open', 5);
        remove_action('genesis_header', 'genesis_do_header');
        remove_action('genesis_header', 'genesis_header_markup_close', 15);
    }
}

Note: The code was tested with the Genesis sample theme. Should work for most Genesis themes though.

Using Google Fonts in a Data Protection Compliant (DSGVO) Way

7. May 2022

The Munich Regional Court ruled on January 20, 2022 that the integration of fonts via Google servers is not in compliance with data protection laws(link to the ruling, news article on the ruling).

Why not let Google fonts on the website load from Google servers?

When loading Google fonts from Google servers, the IP address of the website visitor is transmitted to the Google server. The IP address belongs to the so-called personal data. Before this data is passed on to third parties, the user’s consent is required.

After judgment of LG Munich v. 20.01.2022, there have already been warnings from page operators (see article of golem.de from 09.08.2022).

Solution 1: Obtain consent from user

Before the Google Fonts are loaded, a so-called Consent dialog (selection dialog for agreeing or disagreeing with data transfer) is displayed. If the visitor agrees, the Google fonts can be loaded from the Google URL. However, if consent is not given, the writings may not be loaded.

Important: The URLs from Google must not be loaded in any case before the consent. This is often done wrong when including the Consent dialog!

The problem with this solution is that when the font is rejected, it is not present and thus the website is displayed for the visitor in the default font (corporate identity not given!). Since there is a better solution (see solution 2) I do not recommend disturbing visitors with dialogs.

Solution 2: Let Google Fonts load from the website (load locally)

Google offers the Google Fonts for download and allows them to be placed on the website’s web hosting server.

How can this be done on your own

Step 1: Use google-webfonts-helper to download the fonts you want to use on your website.

Step 2: If you use a WordPress theme, you have to make the theme stop using the styles that use the Google URLs. Some themes or page builders have an option for this. If this is not the case, it must happen programmatically.

How this works in the Genesis Sample Theme is explained here.

Step 3: The fonts downloaded from step 1 and the style that embeds the fonts are placed in a folder in the web hosting.

Step 4: The style (.css file) is included in the theme.

Ready! Already the Google fonts load from their own address and no longer via Google. Thus, the page is in this point again DSGVO compliant.

WP YouTube Lyte: Embed YouTube videos in a DSGVO-compliant way

20. April 2022

Many website and blog owners ask themselves, how can I embed a YouTube video without taking legal risks. DSGVO compliance has become an important topic, not only since the well-known ruling of 20.01.2022 concerning DSGVO violations when embedding Google Fonts.

This article presents a variant to embed YouTube videos as required by the GDPR. This means that content from YouTube will only be loaded when you confirm. This prevents the unsolicited transmission of data to the Google group, when loading the page.

Attention: The article does not replace the thorough legal clarification of the website regarding data protection. It is only intended to be a guide to the best of our knowledge and belief.

Why not embed YouTube videos directly?

As mentioned above, when embedding YouTube videos without taking precautions for data protection, the visitor’s IP address is transmitted to Google/YouTube. According to DSGVO, the IP address belongs to the so-called personal data and may not be disclosed to third parties without consent and legitimate interest.

How do I embed YouTube videos in a privacy-compliant way?

To prevent the YouTube URL from loading when you open the page, a thumbnail of the video is displayed. When you click on the thumbnail, the video URL is loaded and the video is played.

For better transparency, there should be a note under the video stating that YouTube’s privacy policy applies when playing the video. In addition, YouTube’s privacy policy should be linked or accessible there.

This type of integration implements plugins like “WP YouTube Lyte”. More about this in the next chapter.

Install and activate plugin “WP YouTube Lyte

The installation of WP YouTube Lyte works like any other plugin:

Log in to WordPress.
Select “Plugin” > “Install”.
In the search enter “wp youtube lyte”.
Click on “Install”.
After the installation click on “Activate”.

Configure “WP YouTube Lyte” plugin

After the plugin installation, a new menu item will appear in “WP YouTube Lyte” in WordPress. The settings are made there.