Signing code during development is pretty nasty and I would be very happy if you had the option to switch it off during development. This could be done via a setting in wp-config.php for example (if it’s too “insecure” via the UI). If it is deactivated, a corresponding note could be displayed in the WP dashboard.
7 Likes
There was a filter for this. Not sure why it disappeared from docs and if it still works…
bricks/code/disable_signatures
2 Likes
Yay! @thomas why not documented? Is it deprecated?
Please use
bricks/code/echo_function_names
Check the examples.
bricks/code/disable_signatures has already been removed since 1.9.8 as it’s just a temporary hook for users/plugin developers when updated to 1.9.7 (first introduced code signatures)
Regards,
Jenn
Thanks for the information @itchycode. I think the removal of the filter is not helpful though.
bricks/code/echo_function_names does not help me because the code signing is used for all codeblocks. echo_function_names is only for dynamic data like {echo:my_function}. This is no problem with deployment because it can be done inside of the child theme for example.
Here’s an example of one of my projects where I use a code block inside of the “Nav (Nestable)” for having a special submenu structure.
After each deployment the navigation is defect and i need to login and resign the code.
Ops… I am so sorry, I misunderstood and thought you wanted to allow all echo functions when in the development process. (Your title already clearly states code signing 
, my fault)
We decided not to allow skipping code signature in the first place, that’s why we indicated that the hook is only temporary for troubleshooting purposes in the release note.
I don’t like it when I’m forced to do something that hinders my work. Even if I recognise and appreciate the safety aspect. I should have the option to temporarily opt out.
6 Likes
I second this. We should be able to disable it in our dev environment. It is excessive to have to sign each time we make a change.
6 Likes
I agree, should be able to deactivate this when developing.
4 Likes
I agree. Or sign for the next hour.
1 Like
I think there is merit in this idea too.
Maybe we can be ‘authorised’ to execute code when we log in with an admin account. Then anything during the session is automatically signed.
I would be happy if this required 2FA or something similar if it means we can code at will 
1 Like
I would also appreciate a solution for this. Safety is great and all but we should be allowed to disable it.
2 Likes
I agree with MichelyWeb
Every single time we migrate a site we need to resign all the code but there is no warning of this in the UI at all. It’s easy to forget.
The problem is that all the code is usually mission critical and some better processes for surfacing the need to attend to it is required. I’d be happy for a process to run at login for unsigned code and throw up a warning even if that took ages.
2 Likes
Up on this, code signing could use some improvement. Please make it possible to
- Disable code signing during development.
- Sign code blocks globally via a single button
Code block is heavily utilized to some of our templates, and I really hate having to sign 20s - 30s of them every time we deploy a template to a staging site ang having to sign the codes AGAIN when migrating from staging to live site.
I didn’t know that and have never really tested it, I thought that’s just going to reset the secret keys and will require me to sign the codes again one by one.
Agreed, I’ve just bumped into this myself. I’ve just had to upload to a client’s staging server which is only an IP, so no way of getting https. I need to ask them to set up a subdomain and certificate for me now, which has proven a bit of a bottleneck here.
Some capacity to override in these situations would be hugely beneficial.
1 Like