Title: bernbe01's Replies | WordPress.org --- # bernbe01 [ ](https://wordpress.org/support/users/bernbe01/) * [Profile](https://wordpress.org/support/users/bernbe01/) * [Topics Started](https://wordpress.org/support/users/bernbe01/topics/) * [Replies Created](https://wordpress.org/support/users/bernbe01/replies/) * [Reviews Written](https://wordpress.org/support/users/bernbe01/reviews/) * [Topics Replied To](https://wordpress.org/support/users/bernbe01/replied-to/) * [Engagements](https://wordpress.org/support/users/bernbe01/engagements/) * [Favorites](https://wordpress.org/support/users/bernbe01/favorites/) Search replies: ## Forum Replies Created Viewing 15 replies - 1 through 15 (of 347 total) 1 [2](https://wordpress.org/support/users/bernbe01/replies/page/2/?output_format=md) [3](https://wordpress.org/support/users/bernbe01/replies/page/3/?output_format=md)… [22](https://wordpress.org/support/users/bernbe01/replies/page/22/?output_format=md) [23](https://wordpress.org/support/users/bernbe01/replies/page/23/?output_format=md) [24](https://wordpress.org/support/users/bernbe01/replies/page/24/?output_format=md) [→](https://wordpress.org/support/users/bernbe01/replies/page/2/?output_format=md) * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Kadence Security – Password, Two Factor Authentication, and Brute Force Protection] Hacked sites with iThemes Security](https://wordpress.org/support/topic/hacked-sites-with-ithemes-security/) * [bernbe01](https://wordpress.org/support/users/bernbe01/) * (@bernbe01) * [9 years, 8 months ago](https://wordpress.org/support/topic/hacked-sites-with-ithemes-security/#post-7677918) * i found an exploit toolkit that had been uploaded to another site that was allowing this mass exploit with what appears to be a buffer overflow * files to look for if you run into this: 1337w0rm.php adminer.php cendol.php cikree.php idx_config/*txt jadi.php mk (1).php pler.php rabbit_grab/*.txt * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Kadence Security – Password, Two Factor Authentication, and Brute Force Protection] Hacked sites with iThemes Security](https://wordpress.org/support/topic/hacked-sites-with-ithemes-security/) * [bernbe01](https://wordpress.org/support/users/bernbe01/) * (@bernbe01) * [9 years, 8 months ago](https://wordpress.org/support/topic/hacked-sites-with-ithemes-security/#post-7677915) * i am running into this as well. it appears they are only able to compromise sites that have a default table prefix. is this true for you as well? * i think they know a hole in wp that is not yet disclosed…. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] Recommended Setup for MySQL Replication](https://wordpress.org/support/topic/recommended-setup-for-mysql-replication/) * Thread Starter [bernbe01](https://wordpress.org/support/users/bernbe01/) * (@bernbe01) * [10 years, 8 months ago](https://wordpress.org/support/topic/recommended-setup-for-mysql-replication/#post-6475060) * Marking as resolved * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] Recommended Setup for MySQL Replication](https://wordpress.org/support/topic/recommended-setup-for-mysql-replication/) * Thread Starter [bernbe01](https://wordpress.org/support/users/bernbe01/) * (@bernbe01) * [10 years, 8 months ago](https://wordpress.org/support/topic/recommended-setup-for-mysql-replication/#post-6475059) * I have switched my slave to be Percona’s drop in replacement for MySQL as it has replication enhancements specifically for this type of issue. * My slave has been fully synchronized since. * I followed this tutorial to do the in-place mysql replacement: [https://www.digitalocean.com/community/tutorials/how-to-install-a-fresh-percona-server-or-replace-mysql](https://www.digitalocean.com/community/tutorials/how-to-install-a-fresh-percona-server-or-replace-mysql) * Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) In reply to: [WordPress error in header](https://wordpress.org/support/topic/wordpress-error-in-header/) * [bernbe01](https://wordpress.org/support/users/bernbe01/) * (@bernbe01) * [11 years, 2 months ago](https://wordpress.org/support/topic/wordpress-error-in-header/page/2/#post-5824407) * however you are accessing the files currently will work to back up the files. do you have a cpanel? if you’re unsure about the database, a quick phone call to your host and they should easily be able to guide you through that on thier system. for the files, using ftp is generally the most common method, but however you can access them works * yes there are tons of [back up plugins](https://wordpress.org/plugins/search.php?q=back+up) too but the raw db and file method is preferred by me when the site is compromised * Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) In reply to: [integrate WP blog on html site into new WP site?](https://wordpress.org/support/topic/integrate-wp-blog-on-html-site-into-new-wp-site/) * [bernbe01](https://wordpress.org/support/users/bernbe01/) * (@bernbe01) * [11 years, 2 months ago](https://wordpress.org/support/topic/integrate-wp-blog-on-html-site-into-new-wp-site/#post-5814687) * you’re totally right on if the old url is active that it’ll still render * personally, i’d dump my content re-export from source site, choosing “all content” re-import * there is an option during import to “download files attached to posts” which should add them to your media * if still no, maybe play around [with this](https://wordpress.org/plugins/export-featured-images/) plugin, which is old but *might* run, take a backup first 😉 * Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) In reply to: [Videos not showing up in post.](https://wordpress.org/support/topic/videos-not-showing-up-in-post/) * [bernbe01](https://wordpress.org/support/users/bernbe01/) * (@bernbe01) * [11 years, 2 months ago](https://wordpress.org/support/topic/videos-not-showing-up-in-post/#post-5814686) * try disabling *all* plugins * retest * if successful, enable plugins one at a time until you find the culprit * if still error, with plugins deactivated, change to themes to twenty-twelve or twenty-fifteen * retest * post back please with results and a link to a problem page * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [Paying for user role in woocommerce](https://wordpress.org/support/topic/paying-for-user-role-in-woocommerce/) * [bernbe01](https://wordpress.org/support/users/bernbe01/) * (@bernbe01) * [11 years, 2 months ago](https://wordpress.org/support/topic/paying-for-user-role-in-woocommerce/#post-5831750) * no prob! good luck! * please let us know what you find out! it may help a google-er in the future 🙂 * Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) In reply to: [What info is needed to getting quality help from this site on WP](https://wordpress.org/support/topic/what-info-is-needed-to-getting-quality-help-from-this-site-on-wp/) * [bernbe01](https://wordpress.org/support/users/bernbe01/) * (@bernbe01) * [11 years, 2 months ago](https://wordpress.org/support/topic/what-info-is-needed-to-getting-quality-help-from-this-site-on-wp/#post-5839768) * for the client: -how are they collecting the data? -what plugins do they use?- in a perfect world, how would they access this data? -do they want/need third party integration (i.e. to a crm)? -what criteria will they have to search the collected data for matched records (i.e. username, email address)? * if you are new to wordpress or to gravity forms (which it appears they use), you’ll likely have an uphill battle as what they are trying to accomplish is not an “out of the box” solution * for you: -are you familiar with mysql? -have you considered what [@andrew](https://wordpress.org/support/users/andrew/) suggested about talking to the company that set it up? * i don’t know if I’ll be able to help as I’m not super familiar with gravity forms, but those are the questions i’d ask to walk the path you think they are trying to go * good luck! * Forum: [Everything else WordPress](https://wordpress.org/support/forum/miscellaneous/) In reply to: [WP Security Scanning Software – Whats your flavor?](https://wordpress.org/support/topic/wp-security-scanning-software-whats-your-flavor/) * Thread Starter [bernbe01](https://wordpress.org/support/users/bernbe01/) * (@bernbe01) * [11 years, 2 months ago](https://wordpress.org/support/topic/wp-security-scanning-software-whats-your-flavor/#post-5840856) * awesome, i’ll try that out tonight and see how it impacts things if at all * thanks for your time * i’m still open to hearing more pitfalls/advantages/approaches * i forgot to add that on the server side i run fail2ban with some custom jails to monitor known exploit URLs and it acts as a backup for Wordfence’s login blocking if wordfence gets munged up * fail2ban has proven to be configurable and accurate at monitoring many apache logs at once * the servers also have timer based scripted permission resets on all files and folders in webdirs to ensure proper permissions regardless of what clients override too. if they need special perms they have to contact me so I can add an exception * the biggest challenges for me are when i take over hacked sites and clean them, the hackers come at the site tenfold as well as when i *have* to run old wp versions for specific accounts * wordfence has a great feature which will hide version numbers so I obviously turn that on for the few older wp’s i have to maintain * i haven’t taken the leap to MFA yet but based on [@wslade](https://wordpress.org/support/users/wslade/)’ s blog article i’m going to be trying [stealth login page](https://wordpress.org/plugins/stealth-login-page/) on some of the dev sites and see whether users report it as tolerable or not.. i suspect many will not mind this * Forum: [Everything else WordPress](https://wordpress.org/support/forum/miscellaneous/) In reply to: [WP Security Scanning Software – Whats your flavor?](https://wordpress.org/support/topic/wp-security-scanning-software-whats-your-flavor/) * Thread Starter [bernbe01](https://wordpress.org/support/users/bernbe01/) * (@bernbe01) * [11 years, 2 months ago](https://wordpress.org/support/topic/wp-security-scanning-software-whats-your-flavor/#post-5840842) * i’m reading the [great article on your blog](https://hackedwpapp.com/how-to-secure-wordpress-site/) currently. thanks for sharing! * Forum: [Everything else WordPress](https://wordpress.org/support/forum/miscellaneous/) In reply to: [WP Security Scanning Software – Whats your flavor?](https://wordpress.org/support/topic/wp-security-scanning-software-whats-your-flavor/) * Thread Starter [bernbe01](https://wordpress.org/support/users/bernbe01/) * (@bernbe01) * [11 years, 2 months ago](https://wordpress.org/support/topic/wp-security-scanning-software-whats-your-flavor/#post-5840840) * i really appreciate your insights here, thank you * so i’ll take that to mean you always check off high sensitivity scan as well. i’ll have to try that tonight on some sites and see how it affects load. so far wordfence has proven to usually stay under 40 Mb usage at peak on each install * Forum: [Everything else WordPress](https://wordpress.org/support/forum/miscellaneous/) In reply to: [WP Security Scanning Software – Whats your flavor?](https://wordpress.org/support/topic/wp-security-scanning-software-whats-your-flavor/) * Thread Starter [bernbe01](https://wordpress.org/support/users/bernbe01/) * (@bernbe01) * [11 years, 2 months ago](https://wordpress.org/support/topic/wp-security-scanning-software-whats-your-flavor/#post-5840831) * thanks wslade! * in wordfence, do you use any of the optional scan settings? * i.e. scan plugin files against wordpress repo same with themes scan files outside of wordpress treat images as executable * out of paranoia i’ve been turning these on, do you feel these are necessary? * Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) In reply to: [What info is needed to getting quality help from this site on WP](https://wordpress.org/support/topic/what-info-is-needed-to-getting-quality-help-from-this-site-on-wp/) * [bernbe01](https://wordpress.org/support/users/bernbe01/) * (@bernbe01) * [11 years, 2 months ago](https://wordpress.org/support/topic/what-info-is-needed-to-getting-quality-help-from-this-site-on-wp/#post-5839754) * 20GT – are you talking about exporting all filled out form data from the gravity forms plugin? * you want to make a list of every entry for every form and aggregate them all into one filterable list? * if this is not what you are asking please link to two sample pages where the data you are after is collected * Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) In reply to: [Troubleshooting DR Options Moving WordPress Site](https://wordpress.org/support/topic/troubleshooting-dr-options-moving-wordpress-site/) * [bernbe01](https://wordpress.org/support/users/bernbe01/) * (@bernbe01) * [11 years, 2 months ago](https://wordpress.org/support/topic/troubleshooting-dr-options-moving-wordpress-site/#post-5836178) * nice work finding&fixing that! * thanks for updating the thread! feel free to mark it as resolved if you are all set * cheers! Viewing 15 replies - 1 through 15 (of 347 total) 1 [2](https://wordpress.org/support/users/bernbe01/replies/page/2/?output_format=md) [3](https://wordpress.org/support/users/bernbe01/replies/page/3/?output_format=md)… [22](https://wordpress.org/support/users/bernbe01/replies/page/22/?output_format=md) [23](https://wordpress.org/support/users/bernbe01/replies/page/23/?output_format=md) [24](https://wordpress.org/support/users/bernbe01/replies/page/24/?output_format=md) [→](https://wordpress.org/support/users/bernbe01/replies/page/2/?output_format=md)