Secure Custom Fields

Maelezo

Secure Custom Fields (SCF) turns WordPress sites into a fully-fledged content management system by giving you all the tools to do more with your data.

Use the SCF plugin to take full control of your WordPress edit screens, custom field data, and more.

Add fields on demand.
The SCF field builder allows you to quickly and easily add fields to WP edit screens with only the click of a few buttons! Whether it’s something simple like adding an “author” field to a book review post, or something more complex like the structured data needs of an ecommerce site or marketplace, SCF makes adding fields to your content model easy.

Add them anywhere.
Fields can be added all over WordPress including posts, pages, users, taxonomy terms, media, comments and even custom options pages! It couldn’t be simpler to bring structure to the WordPress content creation experience.

Show them everywhere.
Load and display your custom field values in any theme template file with our hassle-free, developer friendly functions! Whether you need to display a single value or generate content based on a more complex query, the out-of-the-box functions of SCF make templating a dream for developers of all levels of experience.

Any Content, Fast.
Turning WordPress into a true content management system is not just about custom fields. Creating new custom post types and taxonomies is an essential part of building custom WordPress sites. Registering post types and taxonomies is now possible right in the SCF UI, speeding up the content modeling workflow without the need to touch code or use another plugin.

Simply beautiful and intentionally accessible.
For content creators and those tasked with data entry, the field user experience is as intuitive as they could desire while fitting neatly into the native WordPress experience. Accessibility standards are regularly reviewed and applied, ensuring SCF is able to empower as close to anyone as possible.

Documentation and developer guides.
Over 10 plus years of vibrant community contribution alongside an ongoing commitment to clear documentation means that you’ll be able to find the guidance you need to build what you want.

Features

  • Simple & Intuitive
  • Powerful Functions
  • Over 30 Field Types
  • Extensive Documentation
  • Millions of Users

Screenshots

  • Simple & Intuitive

  • Made for Developers

  • All About Fields

  • Registering Custom Post Types

  • Registering Taxonomies

Reviews

Disemba 6, 2024
If you have Advanced Custom Fields Pro uninstall this plugin as it’s not needed. Cloning my prod site to local broke the site since the Pro plugin deactivated and reverted to this ‘secure custom fields’ plugin. When they forked it, they really should have used a new plugin url to stop this behavior happening.
Disemba 4, 2024
I’ve used ACF Pro, and been a staunch WordPress advocate, since 2011. I owe it almost entirely to how easy the original ACF made it to edit sites. I’ve wondered for the last decade why WordPress hasn’t made the effort to add this type of dynamic meta content functionality to the core… and then I wondered why they pushed on Gutenberg despite its obvious failures and shortcomings. The pettiness with which Automattic has addressed their CEO’s beef with WP Engine has made everything very, very clear. I can’t believe I had to check a box stating that I’m not affiliated with WP Engine before being allowed to even log into the site. I’m genuinely embarrassed for WordPress right now. This is all just ludicrous. I don’t know how I can keep supporting a CMS that run by such petty, childish tyrants, who throw tantrums over licensing issues for exactly *ONE* of the many, many companies that exist online and use “WP” in the title. This plugin can never be what ACF once was, regardless. Even if they return control to Advanced Custom Fields (which is obviously what should happen), it’s 100% worth the money to get ACF Pro instead. Not only will you guarantee that your site will continue to be given some of the best support and functionality I’ve seen from a WordPress plugin, you’ll also be rejecting Automattic’s attempts to subvert its own licensing.
Disemba 4, 2024
It doesn’t have the Gallery field type, it doesn’t have the Repeater field type which are the most used in my projects. If you are going to steal someone’s work, at least improve it and add something more, otherwise you will continue to be an incomplete and stolen copy. They didn’t even bother to rename the plugin folder.
Disemba 3, 2024
This has nothing to do with the Advanced Custom Fields plugin I installed years ago on several of my platforms. This got hijacked and pushed onto all my Wordpress installs without my consent. I gladly paid for the Pro version of ACF, to ensure I don’t need to have this on my installations. Big breach of trust from Wordpress, and it’s causing me to gradually move my projects to other platforms.
Soma maoni yote 1.391

Wachangiaji & Wasanidi

“Secure Custom Fields” is open source software. The following people have contributed to this plugin.

Contributors

“Secure Custom Fields” zimetafsiriwa kwa lugha 32. Thank you to the translators for their contributions.

Translate “Secure Custom Fields” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

6.3.10.2

Release Date 29th October 2024

  • Security – Setting a metabox callback for custom post types and taxonomies now requires being an admin, or super admin for multisite installs
  • Security – Field specific ACF nonces are now prefixed, resolving an issue where third party nonces could be treated as valid for AJAX calls
  • Enhancement – A new “Close and Add Field” option is now available when editing a field group, inserting a new field inline after the field being edited
  • Fix – Exporting post types and taxonomies containing metabox callbacks now correctly exports the user defined callback

6.3.9

Release Date 22nd October 2024

  • Version update release

6.3.6.3

Release Date 15th October 2024

  • Security – Editing a Field in the Field Group editor can no longer execute a stored XSS vulnerability. Thanks to Duc Luong Tran (janlele91) from Viettel Cyber Security for the responsible disclosure
  • Security – Post Type and Taxonomy metabox callbacks no longer have access to any superglobal values, hardening the original fix from 6.3.6.2 even further
  • Fix – SCF Fields now correctly validate when used in the block editor and attached to the sidebar

6.3.6.2

Release Date 12th October 2024

  • Security – Harden fix in 6.3.6.1 to cover $_REQUEST as well.
  • Fork – Change name of plugin to Secure Custom Fields.

6.3.6.1

Release Date 7th October 2024

  • Security – SCF defined Post Type and Taxonomy metabox callbacks no longer have access to $_POST data. (Thanks to the Automattic Security Team for the disclosure)