axtonc
Forum Replies Created
-
Thanks
Here are the error messages when running under Desktop Server:Warning: call_user_func() expects parameter 1 to be a valid callback, no array or string given in C:\Users\MyDocs\Documents\Websites\www.myDTSsite.dev\wp-includes\functions.php on line 2538
Call Stack
# Time Memory Function Location
1 0.0038 202368 {main}( ) ..\index.php:0
2 0.0048 246032 require_once( ‘C:\Users\MyDocs\Documents\Websites\www.myDTSsite.dev\wp-admin\admin.php’ ) ..\index.php:10
3 0.0052 258600 require_once( ‘C:\Users\MyDocs\Documents\Websites\www.myDTSsite.dev\wp-load.php’ ) ..\admin.php:31
4 0.0056 266056 require_once( ‘C:\Users\MyDocs\Documents\Websites\www.myDTSsite.dev\wp-config.php’ ) ..\wp-load.php:37
5 0.0064 344048 require_once( ‘C:\Users\MyDocs\Documents\Websites\www.myDTSsite.dev\wp-settings.php’ ) ..\wp-config.php:90
6 1.5139 20450824 do_action( ) ..\wp-settings.php:413
7 1.5140 20452096 call_user_func_array:{C:\Users\MyDocs\Documents\Websites\www.myDTSsite.dev\wp-includes\plugin.php:525} ( ) ..\plugin.php:525
8 1.5140 20452160 AIO_WP_Security->aiowps_wp_loaded_handler( ) ..\plugin.php:525
9 1.5140 20452296 AIOWPSecurity_WP_Loaded_Tasks->__construct( ) ..\wp-security-core.php:219
10 1.5149 20494336 AIOWPSecurity_Process_Renamed_Login_Page::renamed_login_init_tasks( ) ..\wp-security-wp-loaded-tasks.php:16
11 1.5150 20494832 wp_die( ) ..\wp-security-process-renamed-login-page.php:106
12 1.5150 20495216 call_user_func:{C:\Users\MyDocs\Documents\Websites\www.myDTSsite.dev\wp-includes\functions.php:2538} ( ) ..\functions.php:2538( ! ) Warning: Cannot modify header information – headers already sent by (output started at C:\Users\MyDocs\Documents\Websites\www.myDTSsite.dev\wp-includes\functions.php:2538) in C:\Users\MyDocs\Documents\Websites\www.myDTSsite.dev\wp-includes\pluggable.php on line 1224
Call Stack
# Time Memory Function Location
1 0.0038 202368 {main}( ) ..\index.php:0
2 0.0048 246032 require_once( ‘C:\Users\MyDocs\Documents\Websites\www.myDTSsite.dev\wp-admin\admin.php’ ) ..\index.php:10
3 1.5458 22378080 auth_redirect( ) ..\admin.php:84
4 1.5466 22378704 wp_redirect( ) ..\pluggable.php:1084
5 1.5468 22385760 header ( ) ..\pluggable.php:1224Hi
Both the theme developer and I have been doing some testing on the redirect of the renamed login page issue. In all cases I have deactivated all plugins except yours.
The theme developers can’t reproduce the problem at all. But I found that with some other themes I tested there was no problem but with one theme (annoyingly the one I am using – which is a very popular theme with a high number of other users) I do still get this problem both on my hosted server and with a version on Desktop Server. However with the Desktop Server I do at least get some error messages.
I have taken a screen shot of these and the theme developers support have looked at this and say there are no references to their theme or functions.
Is there some way I can send you the screen shot so you can see these messages?
ThanksI don’t think its the membership module – as I said I disabled that.
However I have just tried switching from my theme to a default wordpress theme and that issue with wp-admin goes away – so I will get in touch with the theme developer and see if they are the cause of this issue.
I’ll get back to you with an update.
Thanks for your help so far.I don’t have any cache plugin installed nor any other security plugins (just yours). I do however have a membership plugin. There is a “sign-in” link in the footer but there are no login fields on the site as standard. the membership plugin creates a login page on the fly if you go to a “blocked” page – which is the method I am using – i.e. the sign-in link points to a blocked page. I have however now shut down that option but am still getting hit by these multiple login attempts.
If you go to wp-login that goes to a Page Not Found. But wo-admin results in a sign-in page like this..
http://www.mysitename/mysecrectloginname/?redirect_to=http%3A%2F%2Fwww.mysitename%2Fwp-admin%2F&reauth=1
I have also added the 3 usernames they are using to the block user names list but as they are using multiple ip addresses it only has a limited effect.
Any more advice would be appreciated.
ThanksHi
Thanks for response.
I did already have the Completely Block Access to XMLRPC enabled but not the Disable Pingback feature.
I have now enabled that too and will get back to you as to whether this has any effect.Do you have any advice / comment on my query about about the rename login feature and wp-admin?
RegardsForum: Plugins
In reply to: [All-In-One Security (AIOS) – Security and Firewall] User enumeration riskI don’t yet have an answer to the enumeration issue but have changed the IDs of the admin users and have not had any attempts to hack in since. I have also tested the feature that renames the login page and it seems to work OK with the other plugins I am using.
It would be a bonus if AIO WP-Security included something to address the enumeration issue but that’s just a nice to have I guess.
I’ll mark this issue as resolved now. Thanks for your help.
Forum: Plugins
In reply to: [All-In-One Security (AIOS) – Security and Firewall] User enumeration riskHi
I’ll test the effect of rename login page on a test site – thanks.There is quite a lot on the web about this issue but this article explains it quite well.
http://www.acunetix.com/blog/articles/wordpress-username-enumeration-using-http-fuzzer/
There is also a plugin (Stop User Enumeration)to address the issue but not sure if it would be compatible with other plugins relating to security and login etc.
Forum: Plugins
In reply to: [All-In-One Security (AIOS) – Security and Firewall] User enumeration riskHi mbrsolution
Thanks for fast response.Brute Force – I have only implemented the Honeypot feature but will consider the feature to rename the login page – just worried that it may conflict with WP-Members plugin – any thoughts?
Admin – The Admin user name had already been replaced, but the name discovered did have admin rights.
Pingback – Yes I have implemented Pingback Protection.
I guess rename of Login page should stop the attacks but user names are still discoverable using the domainname.com/?author=n method. Just wondered if All In One would do anything specifically to stop that.
Forum: Plugins
In reply to: [Black Studio TinyMCE Widget] Automatically add paragraphsSorry but I deleted the widgets that were giving the problem and have not been able to recreate it since implementing your fix.
Forum: Plugins
In reply to: [Black Studio TinyMCE Widget] Automatically add paragraphsIf I scrap the the widgets that were originally causing the problem and start again from scratch using the new version then the problem seems to be solved – however note that if text from a “corrupt” widget is copied and pasted to a new one then it still seems to have the problem. However I can live with that as its not likely to occur. Consider this thread resolved for me now. Thanks – it’s a great tool.
Forum: Plugins
In reply to: [Black Studio TinyMCE Widget] Automatically add paragraphsI have uninstalled 2.1.6. and installed the github repo version as mentioned but it doesn’t seem to make any difference.
Forum: Plugins
In reply to: [Black Studio TinyMCE Widget] Automatically add paragraphsI am not really knowledgeable enough to do this. Tried replacing the 2 php files (kept the original ones) class-admin and class-compatibilty-plugins with those on github but got error on class-admin when loging in to wordpress. Are there any instructions on how to apply the dev version?
Forum: Plugins
In reply to: [Black Studio TinyMCE Widget] Automatically add paragraphsI am using version 2.1.6 with WordPress 4.1 within Page Builder 1.5.3 and am getting the same problem with line breaks. If they are added using the visual editor or if they are added as <p></p> in the text editor they just disappear when the widget is updated. I.e they sometimes work once but if the widget is re-opened they then disappear. If there is no text in the widget (it just contains images) then the page break doesn’t seem to work any time.