5high
Forum Replies Created
-
Also please can you let me know if any of the following security settings (these are setting options in Better WP Security) will effect how this plugin works?…
Server Tweaks:
1. Protect Files
Prevent public access to readme.html, readme.txt, wp-config.php, install.php, wp-includes, and .htaccess. These files can give away important information on your site and serve no purpose to the public once WordPress has been successfully installed.
(Warning: This feature is known to cause conflicts with some plugins and themes.)2. Disable Directory Browsing
Prevents users from seeing a list of files in a directory when no index file is present.
(Warning: This feature is known to cause conflicts with some server configurations in which this feature has already been enabled in Apache.)3. Filter Request Methods
Filter out hits with the trace, delete, or track request methods.
(Warning: This feature is known to cause conflicts with some plugins and themes.)4. Filter Suspicious Query Strings
Filter out suspicious query strings in the URL. These are very often signs of someone trying to gain access to your site but some plugins and themes can also be blocked.
(Warning: This feature is known to cause conflicts with some plugins and themes.)5. Filter Non-English Characters
Filter out non-english characters from the query string. This should not be used on non-english sites and only works when “Filter Suspicious Query String” has been selected.
(Warning: This feature is known to cause conflicts with some plugins and themes.)Header Tweaks:
6. Remove EditURI header
Removes the RSD (Really Simple Discovery) header. If you don’t integrate your blog with external XML-RPC services such as Flickr then the “RSD” function is pretty much useless to you.
(Warning: This feature is known to cause conflicts with some 3rd party application and services that may want to interact with WordPress.)I’m just trying to improve my wp security, having had these issues with the .htaccess file changes, and am trying to follow recommended ‘wp hardening’ strategies. Might also be useful for others to know this info too?
I look forward to your comments – many thanks.
Forum: Plugins
In reply to: [Fast Secure Contact Form] rewrite to htaccess file shut down siteAlso please can you let me know if any of the following security settings (these are setting options in Better WP Security) will effect how this plugin works?…
Server Tweaks:
1. Protect Files
Prevent public access to readme.html, readme.txt, wp-config.php, install.php, wp-includes, and .htaccess. These files can give away important information on your site and serve no purpose to the public once WordPress has been successfully installed.
(Warning: This feature is known to cause conflicts with some plugins and themes.)2. Disable Directory Browsing
Prevents users from seeing a list of files in a directory when no index file is present.
(Warning: This feature is known to cause conflicts with some server configurations in which this feature has already been enabled in Apache.)3. Filter Request Methods
Filter out hits with the trace, delete, or track request methods.
(Warning: This feature is known to cause conflicts with some plugins and themes.)4. Filter Suspicious Query Strings
Filter out suspicious query strings in the URL. These are very often signs of someone trying to gain access to your site but some plugins and themes can also be blocked.
(Warning: This feature is known to cause conflicts with some plugins and themes.)5. Filter Non-English Characters
Filter out non-english characters from the query string. This should not be used on non-english sites and only works when “Filter Suspicious Query String” has been selected.
(Warning: This feature is known to cause conflicts with some plugins and themes.)Header Tweaks:
6. Remove EditURI header
Removes the RSD (Really Simple Discovery) header. If you don’t integrate your blog with external XML-RPC services such as Flickr then the “RSD” function is pretty much useless to you.
(Warning: This feature is known to cause conflicts with some 3rd party application and services that may want to interact with WordPress.)I’m just trying to improve my wp security, having had these issues with the .htaccess file changes, and am trying to follow recommended ‘wp hardening’ strategies. Might also be useful for others to know this info too?
I look forward to your comments – many thanks.
Forum: Plugins
In reply to: [Enhanced Menu Editor] rewrite to htaccess file shut down siteAlso please can you let me know if any of the following security settings (these are setting options in Better WP Security) will effect how this plugin works?…
Server Tweaks:
1. Protect Files
Prevent public access to readme.html, readme.txt, wp-config.php, install.php, wp-includes, and .htaccess. These files can give away important information on your site and serve no purpose to the public once WordPress has been successfully installed.
(Warning: This feature is known to cause conflicts with some plugins and themes.)2. Disable Directory Browsing
Prevents users from seeing a list of files in a directory when no index file is present.
(Warning: This feature is known to cause conflicts with some server configurations in which this feature has already been enabled in Apache.)3. Filter Request Methods
Filter out hits with the trace, delete, or track request methods.
(Warning: This feature is known to cause conflicts with some plugins and themes.)4. Filter Suspicious Query Strings
Filter out suspicious query strings in the URL. These are very often signs of someone trying to gain access to your site but some plugins and themes can also be blocked.
(Warning: This feature is known to cause conflicts with some plugins and themes.)5. Filter Non-English Characters
Filter out non-english characters from the query string. This should not be used on non-english sites and only works when “Filter Suspicious Query String” has been selected.
(Warning: This feature is known to cause conflicts with some plugins and themes.)Header Tweaks:
6. Remove EditURI header
Removes the RSD (Really Simple Discovery) header. If you don’t integrate your blog with external XML-RPC services such as Flickr then the “RSD” function is pretty much useless to you.
(Warning: This feature is known to cause conflicts with some 3rd party application and services that may want to interact with WordPress.)I’m just trying to improve my wp security, having had these issues with the .htaccess file changes, and am trying to follow recommended ‘wp hardening’ strategies. Might also be useful for others to know this info too?
I look forward to your comments – many thanks.
Forum: Plugins
In reply to: [Dynamic "To Top" Plugin] rewrite to htaccess file shut down siteAlso please can you let me know if any of the following security settings (these are setting options in Better WP Security) will effect how this plugin works?…
Server Tweaks:
1. Protect Files
Prevent public access to readme.html, readme.txt, wp-config.php, install.php, wp-includes, and .htaccess. These files can give away important information on your site and serve no purpose to the public once WordPress has been successfully installed.
(Warning: This feature is known to cause conflicts with some plugins and themes.)2. Disable Directory Browsing
Prevents users from seeing a list of files in a directory when no index file is present.
(Warning: This feature is known to cause conflicts with some server configurations in which this feature has already been enabled in Apache.)3. Filter Request Methods
Filter out hits with the trace, delete, or track request methods.
(Warning: This feature is known to cause conflicts with some plugins and themes.)4. Filter Suspicious Query Strings
Filter out suspicious query strings in the URL. These are very often signs of someone trying to gain access to your site but some plugins and themes can also be blocked.
(Warning: This feature is known to cause conflicts with some plugins and themes.)5. Filter Non-English Characters
Filter out non-english characters from the query string. This should not be used on non-english sites and only works when “Filter Suspicious Query String” has been selected.
(Warning: This feature is known to cause conflicts with some plugins and themes.)Header Tweaks:
6. Remove EditURI header
Removes the RSD (Really Simple Discovery) header. If you don’t integrate your blog with external XML-RPC services such as Flickr then the “RSD” function is pretty much useless to you.
(Warning: This feature is known to cause conflicts with some 3rd party application and services that may want to interact with WordPress.)I’m just trying to improve my wp security, having had these issues with the .htaccess file changes, and am trying to follow recommended ‘wp hardening’ strategies. Might also be useful for others to know this info too?
I look forward to your comments – many thanks.
Forum: Plugins
In reply to: rewrite to htaccess file removed WP info and caused site to failThanks Esmi,
I’ve posted in the forums of all the plugins we use, trying to check which one writes to the htaccess file. So far, it only looks like the Better WP Security one does, but I never seem to get a reply from them…
Though I suppose if it’s a bug in a plugin, then even if the plugin itself doesn’t write to the .htaccess file, it might create a vulnerability for other (uninvited) software to do so?? But I don’t see how I can check for that, as this problem only occurs every month or few months…
However i had a very helpful reply from the Ecwid team who also put me onto a great article: http://wp.smashingmagazine.com/2012/10/09/four-malware-infections-wordpress/ though it was way beyond my abilities. But it did lead me to some other useful stuff like this quick website scan for security issues: http://sitecheck.sucuri.net/scanner/ and this really useful article http://www.creativebloq.com/wordpress/protect-your-wordpress-site-htaccess-4122793 which was excellent.
Perhaps some useful resources for others here too? Otherwise I’ll post here if I find the answer…
Cheers.Forum: Plugins
In reply to: [MC4WP: Mailchimp for WordPress] rewrite to htaccess file shut down siteThanks for that.
Thanks for that.
Thanks – I’ll check the others too!
Forum: Plugins
In reply to: [Ultimate Maintenance Mode] rewrite to htaccess file shut down siteThanks – I’ll check the others too!
Forum: Plugins
In reply to: [Display Widgets] rewrite to htaccess file shut down siteThanks – I’ll check the others too!
Forum: Plugins
In reply to: [WP-PageNavi] rewrite to htaccess file shut down siteThanks – I’ll check the others too!
@ WDG
OK, have looked up ‘user agents’ and will not be touching that section again, as it’s probably beyond me!
However, are you able to answer my previous query…So I looked in my .htaccess file and found this…
RewriteCond %{HTTP_USER_AGENT} ^ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^admin [NC]
RewriteRule ^(.*)$ – [F,L]which I totally deleted, and this then allowed me back in. Phew! I then went back into WP security and removed ‘admin’ from my ban user agent section too.
So,please could anyone tell me:
1. if it was OK to delete all of this section of code in my htaccess file??.. re what I deleted form my htaccess file?
Cheers.OK, I’ve at last ‘got it’! Without putting in the increase in % for .site-content I end up with a large space between the main content text and my sidebar, as it’s reading the original 65.104166667%.
As I’ve reduced the site padding etc too, I’ve now increased it to a total of 94%, so 22% for the sidebar/widget area + 72% for the site-content area, both in the @ media query for > 600px – and it all seems to work great!
Thanks for the help.
Hi batharoy,
well I’ve re-tried today, and found that your suggestion did work. And in fact all of the above ones worked too! So now I just have this:@media screen and (min-width: 600px) { /* reduce width of sidebar area from 26.041666667% ....*/ .right-sidebar.custom-layout .widget-area { clear: right; float: right; width: 24%; } }though it works with just using the .widget-area selector on its own too.
The only reason I could find that it didn’t work before, was that the style.css on the server hadn’t changed in 2 days, yet I had thought I was uploading it frequently yesterday – so don’t know what had happened with Firezilla then.So all sorted – thanks for all suggestions.
Finally, just wanted to know if I should put in the changed (increased) size in % for .site-content? It doesn’t seem to need it, but is this good practice?
Cheers.
thanks for your reply batharoy – I tried it both with and without my current css edits – and no luck.
What really amazes me is that is still shows the css styling as coming from my commented out child selector!
Any other ideas??