WordPress.org

Ready to get started?Download WordPress

Forums

[Plugin: WP Security Scan] CAUTION: SCREWED-UP MY BLOG! (50 posts)

  1. Michael Torbert
    WordPress Virtuoso
    Posted 6 years ago #

    ClaytonJames,

    First, I want to clear up your misconception. WP Security Scan (assuming you don't receive any errors) needs to be left activated. It doesn't just provide information. In the current version, it hides your WordPress version and turns of database errors, both of which are vital defenses against attacks.

    I would like to debug why you are receiving 404 errors. I've not had anyone else report this. Please email me with the URL to your website and a list of plugins installed/activated.

  2. Kelson
    Member
    Posted 6 years ago #

    I'd suggest clarifying the version/error hiding in the plugin docs and descriptions. Right now, they seem to suggest that activating it as-needed is sufficient.

  3. burne
    Member
    Posted 6 years ago #

    directories == 755
    files == 644

    Yes. No. Maybe.

    There's no single correct answer. It depends on what your hoster is doing on his webserver. Apache under a separate account with no shared groups, Apache under a separate account with a shared group ('webusers' or someting like that) or some form of SUID/SGID hosting. Having a single solution to a question with at least possible correct answers is way too broad from a security-viewpoint.

  4. raygene
    Member
    Posted 5 years ago #

    directories == 755
    files == 644

    It's supposed to be the standard for WP installations but then again some plugins require 777 for certain folders. 755 is a safe bet for most but do read your plugins instructions.

    Great work in progress Michael.

    Cheers,
    Gene

  5. folgerj
    Member
    Posted 5 years ago #

    Well it killed my entire blog!
    It had me change my prefex from wp-blog to something else then it logged me out and logged me in with a brand new password and now there is nothing there. No posts and no nothing...
    Permissions aren't my problem...
    I'm assuming that it renamed it in my mysql database on the host because of the two letter change is the same way it was in the files.. I'm going to start digging but this things is really dangerous!!
    DON'T USE IT!!!

  6. folgerj
    Member
    Posted 5 years ago #

    Well I mean DEAD... There is no activating anything. After it told me that I was able to be hacked if I left my installation with wp-??? I did as it said and put in jp... Then I had a real secure blank blog with no plugins and no themes... I'm assuming if I go on my server and rename all my wp-??? files to jp-??? and it may work again..
    Here is where my blog used to be. http://www.vistaphotos.net/vista
    Thanks
    So far I'm just getting errors..

  7. Michael Torbert
    WordPress Virtuoso
    Posted 5 years ago #

    Folgerj,

    Before you start spouting off to people that this plugin broke your blog and "don't use it," make sure you're doing things correctly.

    Just by looking at the error message on your site, I see that you renamed "wp-settings" to "jp-settings.php".

    I'm not sure why you did this, but it's entirely wrong and nowhere in the plugin or its documentation can I find where it tells you to do that.

  8. folgerj
    Member
    Posted 5 years ago #

    Well all my files on my server database for the blog were renamed to jp-XXX
    So I tried to get back in touch with all my files in the database by trying this... Since I can't rename my database files on the server... Now I wish I knew mysql so I knew how to rename the database file names.
    Anyway I'm in the process of reloading all the files in my directory from a previous backup to the original names.
    The plugin said this change wp on the database needed to be changed to something else to prevent a hacker from exploiting it.
    Well after the plugin renamed all the database files, I now have nothing to worry about since there is no blog to hack...
    J

  9. Michael Torbert
    WordPress Virtuoso
    Posted 5 years ago #

    You shouldn't be renaming database files. Maybe you mean database tables? If you mean WordPress files which begin with "wp-" you shouldn't be renaming those either.

  10. folgerj
    Member
    Posted 5 years ago #

    Well the plugin renamed the tables from wp-xxx to jp-xxx then I recevied an email about my new installation of wordpress and using the password provided I logged into to find nothing but a blank blog... with hello world in it.
    I never made a back up of my database.. (my bad) so I can't reinstall that so unless I can somehow rename all the tables back to default I'll be starting a years worth all over...
    Sorry if I sound upset but losing all that work is somehow disturbing..
    J

  11. Michael Torbert
    WordPress Virtuoso
    Posted 5 years ago #

    Don't take it out on the plugin just because you messed up. There is nothing in the plugin that would cause WordPress to believe it's a new installation. You obviously had no clue what you were doing, messed things up, didn't back up, and now are spaming the WordPress forums with incorrect accusations about the plugin destroying your blog.

    Did you read the documentation and/or email the author of the plugin? I doubt it.

    I help people out for free every day on these forums with WordPress issues, but I have absolutely no tolerance for such behavior.
    You should always back up before doing anything, you should never do anything that you have no clue how to do, you should read documentation and follow instructions.

  12. folgerj
    Member
    Posted 5 years ago #

    I was obviously in error in several areas but the fact that I only made a change the plugin said to change the prefix which it said it would do once I typed it in. So I typed it in and let it do it's work then it logged me out (or something did) and I'm at the admin login window with admin filled in and a password so I logged in to find nothing.
    Your right it's my fault.. I'd became lax since 90% of all my plugins work great. but I've learned my lesson and now I have to figure out how to change all those table back to the default.
    You've been too kind, really. The next time I'm looking for assistance I'll just shoot myself in the foot instead. Much less painless...
    :-(

  13. Michael Torbert
    WordPress Virtuoso
    Posted 5 years ago #

    I was obviously in error in several areas but the fact that I only made a change the plugin said to change the prefix which it said it would do once I typed it in. So I typed it in and let it do it's work then it logged me out (or something did) and I'm at the admin login window with admin filled in and a password so I logged in to find nothing.

    If that were the case, then you should have emailed the plugin author that there's a potential bug. But the fact is, that isn't all you did.
    You changed file names. Obviously, WordPress isn't going to work if you start changing file names.

    Your right it's my fault.. I'd became lax since 90% of all my plugins work great.

    Of 17,000 downloads, only a small handful of people have had issues with the plugin. Most of the problems were immediately after the initial public release of the plugin, while it was in beta, all of which have long since been fixed with no further complaints. There is currently only one known possible bug, which doesn't cause anything harmful to happen to the WordPress installation and affects very few users.
    The fact is, you didn't follow the instructions, you had no idea what you were doing, and you changed file names. This doesn't mean that the plugin doesn't work.

  14. folgerj
    Member
    Posted 5 years ago #

    Well we'll see, I just figured out how to change my table names back so when my back up is complete on the server, I will hopefully be able to make some headway again... but I doubt it will be that simple... I've learned wp just like everyone else... one mistake at a time... just hoping we don't make any tactical errors that kill our blogs...
    If I get it back then deleting this plugin will be at the top of my order of battle.

  15. Michael Torbert
    WordPress Virtuoso
    Posted 5 years ago #

    In the future, before running a plugin and making crazy changes that aren't called for anywhere in the plugin or in its documentation... I'd highly recommend reading the instructions and/or emailing the plugin author for assistance. Most plugin authors are happy to provide support (although they generally appreciate if you read their documentation first).
    Just for future reference, never change file names of core WordPress files. I'm still not sure why you decided to do that.

  16. folgerj
    Member
    Posted 5 years ago #

    I hate to continue beating this house further but I only executed what it said no more no less. It said to type in a new prefix and I did.. it said hit the button titled "rename" and I did.. from there it all went down hill.
    I've renamed all the tables and I'm slowly rebuilding my blog. I'll try not to make any more errors that cause me to wander this way...
    Thanks for the help... you really motivated me to excel and figure it out for myself.

    As for renaming the directory files? I was at a loss for what it had just done to me. And at the time it seemed like a good idea.

    I see in the docs that the owner?? (You perchance? or are there more Marines running around) it says For some people the database table name prefix changing functionality of WP Security Scan doesn’t work. In that case you may use the following instructions to change it manually.

    In my case it worked to well because when I hit rename it did a terrific job... :-)
    I have to get up at O dark thirty so I'll sign off.

  17. Michael Torbert
    WordPress Virtuoso
    Posted 5 years ago #

    Claiming that you didn't do anything else is pointless.

    I saw the error message from your site that said it was looking for a file you renamed.

    The plugin doesn't rename any files. You even said in an earlier post that you renamed files from wp- to jp-. Never in the history of WordPress has anyone ever said to do that.
    You misunderstood that the purpose was to rename the database tables from wp_ to something other than wp_.
    The plugin's code can not change any file names, and it can not overwrite any content in the database. It is not possible.

    You're correct that for a very few users, the automatic table renaming functionality doesn't work (I told you this a few posts ago). However, it just simply doesn't do anything, and gives you a message as such. That has nothing to do with your issue.

    I'll say again, you should have read the documentation and/or asked before doing something that you obviously had no clue about, leading you to change WordPress core filenames.

    Considering that the website in my profile is the same website for the plugin and also that WP Security Scan is under my profile, yes, obviously I'm the author of the plugin.

  18. folgerj
    Member
    Posted 5 years ago #

    Really aside from the renaming of files,,, that was all me and no blame on your software for that. It's late and I didn't have any ideas...

    But it did do just what it's supposed to do and go out in the database and change all the tables prefixes... and it worked damn fine too.

    What happened after that I really don't know. but when it renamed the tables something happened and it took me down a merry path... not one that I wanted to go do this late...
    For the record I changed the files on my server not the tables. one part was my fault in response to it's changing my database tables... I'm not a database geek so I called them files.. sorry and it caused confusion. But what it did to my blog was real everything after it's damage was my fault and it caused me a few hours to correct the files.
    I'm now reconfiguring the blog so it's not too pathetic looking.
    Jeff

  19. mellthy
    Member
    Posted 5 years ago #

    I've ended with a "screwed" site so I might post my wishes here.

    It's all about changing the DB prefix. I suggest to check if wp-config.php is writable before doing the DB edits. Mine wasn't but DB has changed. WP naturally couldn't find any tables and rendered "install" page.

    I changed the config file manually (or I could change the permission of course). But a newbie could feel rather desperate if something like this happens and he/she doesn't grab it.

    Hope I didn't miss above proposed improvement somewhere in previous posts.

    Keep up the good work,
    m.

  20. Michael Torbert
    WordPress Virtuoso
    Posted 5 years ago #

    Mellthy,

    The plugin does check to see if wp-config.php is writable, if it isn't it tells you to do it. If this didn't happen, please email me at michael (AT) semperfiwebdesign (DOT) com to report a bug.

    Forums are a great thing, but I specifically ask in the documentation and in the plugin (where a link is provided) to email me with any bugs, comments, or suggestions. I can't possibly monitor every forum post, especially when ones like this are filled 80% with people who are incorrect and just venting their unrelated frustrations.
    I don't believe you fall into that category. If this is the case, please email me so we can determine if a bug exists in the situation you describe.

Topic Closed

This topic has been closed to new replies.

About this Topic