84EM
Forum Replies Created
-
@eskapism Yeah I’m not really certain why security vendors are putting such high priority alerts out regarding this. Even OWASP says it is difficult to mitigate and the attack vector is so small that many bug bounty programs won’t even cover it. It seems to me a site visitor would somehow have to successfully save a CSV formula into post content or post/user metadata in order for it to even work. And that seems like a pretty remote possibility…
@eskapism perhaps a method like how Jetpack does it:
https://github.com/Automattic/jetpack/blob/d4068d52c35a30edc01b9356a4764132aeb532fd/projects/packages/forms/src/contact-form/class-contact-form-plugin.php#L1854
PS: Love your plugin.@tgiokdi You’re welcome. 🙂
Add this to your theme’s functions file.
add_filter(‘acf/settings/remove_wp_meta_box’, ‘__return_false’);
It’s now working. Marking this as resolved.
+1 to this
I am looking at having to deploy the Sucuri plugin to nearly 100 sites. Deployment is easy via ManageWP.
But configuration of each site is incredibly tedious and time consuming.
Well this is odd. The usemeta table shows their capabilities as subscriber. I went back to the users screen in WP and refreshed it… no longer showing administrator, they’re a subscriber. Someone else must be in messing around on the site. Sorry for the false alarm.
Forum: Fixing WordPress
In reply to: WordPress Importer timing outExcellent suggestion! I had not heard of this tool. I gave it a try and it works great. Thank you.
Forum: Plugins
In reply to: [Autoptimize] generating gigabytes of cached filesThanks for the quick help. I will give that a try.
Tim — thanks for the info. However I don’t see that this has been resolved. I updated to 5.3.12 and the “Enable email summary” box is still checked.
You can turn off the notifications by going to Wordfence > Options. Scroll the page past “Advanced Options” and there is a section titled “Email Summary”. Uncheck the “Enable email summary” box, and that should disable them.
I’m disappointed that this received no replies in the last 2 weeks. A security plugin that breaks SSL is kind of a big deal (in my mind, anyway).
I am seeing the same thing on all of my sites. It’s saying the failed login attempts were from existing users, but no such users exist. And I did indeed verify that they are not in the users table.