Česlav Przywara
Forum Replies Created
-
Actually, this is the default behavior of WP mailer, when no “From” header is set. I checked WP code base and I think that for your particular problem, the best solution is to use core WP filters:
function fix_wp_mail_from($from_email) { if ( $from_email === 'your-address@gmail.com' ) { $from_email = 'wordpress@your-site.com'; } return $from_email; } add_filter('wp_mail_from', 'fix_wp_mail_from');This snippet solves the same problem you can have with any other plugin that use your admin email address to send email from.
Cheers,
ČeslavHi,
AIOWPSF sends all emails with “From: <admin email>” header and there’s currently no setting to change it. I’ll try to submit a patch, I also consider this a problem – I know about webhosts that only allow to send email from domain of the website.
Cheers,
ČeslavHi,
so, to make this work, I did change group ownership to www-data and permissions to 775 for the folder where WP is installed.
But I feel uneasy leaving it like that… what you think? isn’t it a security concern?On a properly configured webhost this shouldn’t be an issue, even if it’s a shared one. But you would have to ask your provider to be sure.
since my wp-content folder has been moved outside the folder where WP is installed, I think that won’t work to prevent hotlinking… am I right?
Yes, you are right. You should place contents in the #AIOWPS_PREVENT_IMAGE_HOTLINKS block into htaccess file that is in the rootline of your uploads folder (or wp-content folder, if you want to protect assets from theme/plugins as well).
if so, would that be the case for “Enable 6G Firewall Protection” and the other settings in the Firewall section?
In case when WordPress is installed in a subdirectory, Jeff Starr, the author of 6G, recommends to only keep [QUERY STRINGS] section of 6G in WordPress directory (as the rules are designed to protect wp-admin area) and move everything else to root directory, so the other rules (like blocking of bad bots etc.) are applied to front-end requests as well.
I did change .htaccess in the website root (not the same folder where WP is installed) to 777, then tried to apply “Basic Firewall Protection” and again I get the warning that .htaccess is not writable.
Unlike WP core, AIOWPSF always writes its rules to the
.htaccessfile in directory where WP is installed. So if you have WP installed in subdirectory, check file permissions of.htaccessin that subdirectory.Hi,
It is most likely “Advanced Character String Filter” that’s causing the issue. Turn it off under Firewall > Additional Firewall Rules.
Cheers,
ČeslavHi,
The plugin should delete old backup files automatically, but from your description, I can’t tell, if this is working or not on your site. Can you check, if old backup files are deleted properly? In other words, check whether the aiowps_backup folder contains at maximum as many backup files as “Number of Backup Files to Keep” as configured in plugin settings?
I don’t know BackWPup plugin – does it create a backup copy on the same server?
Cheers,
Česlav@dmather, what theme/plugins are you using? I have WP 4.6.1 install with AIOWPSF 4.1.5 and this feature works correctly, meta generator tag is removed.
Cheers,
ČeslavForum: Plugins
In reply to: [All-In-One Security (AIOS) – Security and Firewall] PHP 7.0Hi,
All these issues are reported in code that belongs to phpWhois library that is internally used for whois queries. The library doesn’t seem to be maintained anymore, so an update is not an option. I don’t know if any of the plugin authors is willing to fix these issues. Perhaps finding a replacement would be a better solution.
Anyway, if you don’t use Whois feature, you should have no problems running the plugin on PHP7.
Cheers,
ČeslavHi,
Go to Firewall > Additional Firewall Rules and disable Advanced Character String Filter. Despite what the name says, it block also URLs with some specific strings, like “include.”
Cheers,
ČeslavNo, the data that is sent cannot be used to easily gain access to anything. Any sensitive data is hashed/encrypted by WP by default.
Yes, they can, because username and password are really being sent in plain text when you log in to your WordPress dashboard. So anyone that can hack its way into your home/company router or your ISP’s server can eavesdrop on your connection and get your credentials. Unless you’re on HTTPS.
What you perhaps mean is that passwords are hashed before they are stored in the database.
The easiest way to delete database tables is via phpMyAdmin (just look for “drop tables” function). Make sure you are dropping the correct tables.
As for missing media files: Media metadata are stored in the same tables as post metadata, so if you have pages and posts back, you should have media files as well. Maybe your problem with media has a different source.
First, make sure the
$table_prefixvariable has the correct value (the actual prefix of your database tables). When it does, you shouldn’t see the “Install WordPress” screen anymore, because WordPress will be able to access the database tables.Second, the “Change database prefix” feature of AIOWPSF does not alter database content in any way. But since you mentioned that “I used the backup in phpmyadmin”, it’s possible that you have out-dated content in the database.
If you seem to lost some content and you have backup made by AIOWPSF from the moment just before you renamed the database prefix, you should try to restore from this backup, since it’s the most recent. After you restore from backup and see the “Install WordPress” screen again, go back to point 1). Most likely, tables in the backup had different prefix than you have in
wp-config.php.Hi,
It seems like your database tables (these “files” in phpMyAdmin) have been renamed, but the
$table_prefixconfiguration variable has been not.Try to open your
wp-config.phpfile and look for line with:$table_prefix = 'wp_';
Change it to the prefix you had picked up:
$table_prefix = 'kam';
Cheers,
ČeslavJeff, thanks for fixing it quickly!
Forum: Plugins
In reply to: [All-In-One Security (AIOS) – Security and Firewall] Error with backup DBHi Diego,
Try out the recently released version (4.1.5) of the plugin: database backup function was reworked to be less memory intensive.
Cheers,
Česlav