Help? Anyone? Slideshow creating site acess problems

andersonfmly
(@andersonfmly)

10 years, 3 months ago

Greetings All –

I’m going to give this one last shot, in the hope of finding someone who can help…

Some numbnut, with nothing better to do, keeps trying to hack into my site. As a result, I keep getting locked out while WordPress resets itself. The workaround is adding htacess to my site. HOWEVER – When I add htaccess, ALL visitors are prompted to log in, apparently BECAUSE the SLIDESHOW PLUGIN is calling to the WP-Admin Directory, instead of the WP-Content or WP-Includes directory. I DO NOT KNOW HOW TO FIX THIS PROBLEM ON MY OWN!!!

I have attempted to contact the author of the plugin, Mr. Boonstra, multiple times, here in this forum and via email – but my plea for help has fallen on deaf ears. I’ve posted my quandry here in the forum a couple of times as well, and received no response.

Please forgive my frustrated tone. I just want my site to work, and I’ve grown weary from not hearing back from the author. Is there ANYONE out there that can shed some light on this?

http://www.lcsocal.org

http://wordpress.org/plugins/slideshow-jquery-image-gallery/

Viewing 6 replies - 1 through 6 (of 6 total)

Handoko
(@handoko-zhang)

10 years, 3 months ago

Hi andersonfmly.

I suggest you to use All In One WP Security & Firewall plugin, I’ve been using it and Slideshow plugin together, no problem so far.

Using All In One WP Security, you can change your login URL, and for further protection you can use Brute Force Attack Prevention feature.

mbrsolution
(@mbrsolution)

10 years, 2 months ago

Hi @andersonfmly, I also agree with @handoko. I am currently using All In One WP Security & Firewall with Slideshow and it works well. The theme uses is Suffusion.

Kind regards

Thread Starter andersonfmly
(@andersonfmly)

10 years, 2 months ago

Thank you both for your suggestions. I will research this option and see if it works for me.

Handoko – I apologize for not responding sooner. I did not receive the usual email notification of a response being posted.

2detension
(@2detension)

10 years, 2 months ago

There is an issue with this pluggin I think. It uses a file located in the wp-admin folder which can leads to serious security concerns.
The author should take a look at it.

Plugin Author Stefan Boonstra
(@stefanboonstra)

10 years, 2 months ago

The slideshow plugin does indeed make a call to an admin file, the “admin-ajax.php” file which is located in the “wp-admin” folder indeed. This file is used by many plugins to get dynamic data without having to reload the page. The slideshow plugin uses it to get its stylesheets.

As the slideshow only gets stylesheet data from this file, there is no security hazard to your website.

To keep the login prompt from appearing, you could make an exception to the “admin-ajax.php” file in your “.htaccess” file.

2detension
(@2detension)

10 years, 2 months ago

Thank you for your explanation.

Yes, it seems you are using it in the right way. But it would be even better if you can get rid of it. Some exploit can be found on it, so this file should not be reachable on the server to improve the overall security.

Anyway, you’re doing a great job with this plugin !