Title: davebach's Replies | WordPress.org

---

# davebach

  [  ](https://wordpress.org/support/users/davebach/)

 *   [Profile](https://wordpress.org/support/users/davebach/)
 *   [Topics Started](https://wordpress.org/support/users/davebach/topics/)
 *   [Replies Created](https://wordpress.org/support/users/davebach/replies/)
 *   [Reviews Written](https://wordpress.org/support/users/davebach/reviews/)
 *   [Topics Replied To](https://wordpress.org/support/users/davebach/replied-to/)
 *   [Engagements](https://wordpress.org/support/users/davebach/engagements/)
 *   [Favorites](https://wordpress.org/support/users/davebach/favorites/)

 Search replies:

## Forum Replies Created

Viewing 15 replies - 1 through 15 (of 38 total)

1 [2](https://wordpress.org/support/users/davebach/replies/page/2/?output_format=md)
[3](https://wordpress.org/support/users/davebach/replies/page/3/?output_format=md)
[→](https://wordpress.org/support/users/davebach/replies/page/2/?output_format=md)

 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[YARPP - Yet Another Related Posts Plugin] Security Issue highlighted](https://wordpress.org/support/topic/security-issue-highlighted/)
 *  [davebach](https://wordpress.org/support/users/davebach/)
 * (@davebach)
 * [3 years, 2 months ago](https://wordpress.org/support/topic/security-issue-highlighted/#post-16667101)
 * I came here looking for similar information since now iThemes Security is highlighting
   two vulnerabilities…. Contributor+ Stored XSS vulnerability and Local File Inclusion.
   Very odd and such a shame since the plugin has so many users and has been updated
   somewhat recently.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Better Font Awesome] A new version is needed](https://wordpress.org/support/topic/a-new-version-is-needed/)
 *  [davebach](https://wordpress.org/support/users/davebach/)
 * (@davebach)
 * [3 years, 9 months ago](https://wordpress.org/support/topic/a-new-version-is-needed/#post-15960274)
 * Wordpress.org says this plugin has over 100,000 installs! Hopefully someone smart
   can take a look at this and maybe tell us all to change one line of code to secure
   the vulnerability until an official change can be made!?
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Quotes Collection] Abandoned Plugin](https://wordpress.org/support/topic/abandoned-plugin-54/)
 *  [davebach](https://wordpress.org/support/users/davebach/)
 * (@davebach)
 * [4 years, 8 months ago](https://wordpress.org/support/topic/abandoned-plugin-54/#post-14978737)
 * Thanks for the update. Good luck with your personal commitments. Set up a donate
   link when you get your site up and running again!
 * Dave
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Quotes Collection] Finding the plugin author IS A LEGIT SUPPORT TOPIC](https://wordpress.org/support/topic/finding-the-plugin-author-is-a-legit-support-topic/)
 *  [davebach](https://wordpress.org/support/users/davebach/)
 * (@davebach)
 * [4 years, 8 months ago](https://wordpress.org/support/topic/finding-the-plugin-author-is-a-legit-support-topic/#post-14956198)
 * I concur with my fellow WordPress users.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Quotes Collection] Abandoned Plugin](https://wordpress.org/support/topic/abandoned-plugin-54/)
 *  [davebach](https://wordpress.org/support/users/davebach/)
 * (@davebach)
 * [4 years, 8 months ago](https://wordpress.org/support/topic/abandoned-plugin-54/#post-14956171)
 * I’d like to see a replacement for this as well. The “next” button has not been
   working for some time, but at least it was still somewhat random. But unfortunately
   I’ve been getting this email for a few days now:
 * > `Howdy!
   > Since WordPress 5.2 there is a built-in feature that detects when a plugin 
   > or theme causes a fatal error on your site, and notifies you with this automated
   > email.
   > In this case, WordPress caught an error with one of your plugins, Quotes Collection.`
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [URGENT: Sites automatically updating to Alpha version 5.5.3-alpha-49449](https://wordpress.org/support/topic/urgent-sites-automatically-updating-to-alpha-version-5-5-3-alpha-49449/)
 *  [davebach](https://wordpress.org/support/users/davebach/)
 * (@davebach)
 * [5 years, 7 months ago](https://wordpress.org/support/topic/urgent-sites-automatically-updating-to-alpha-version-5-5-3-alpha-49449/page/2/#post-13602951)
 * This happened on 3 of about 20 of my live production sites so far. The reinstall
   button worked. But ugh, how did that happen?
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] wp_wfls_settings table does not exist](https://wordpress.org/support/topic/wp_wfls_settings-table-does-not-exist/)
 *  [davebach](https://wordpress.org/support/users/davebach/)
 * (@davebach)
 * [6 years, 11 months ago](https://wordpress.org/support/topic/wp_wfls_settings-table-does-not-exist/#post-11757503)
 * I have had a similar issue pop up. Due to a rogue plugin update recently, my 
   allotted VPS HDD virtual space filled up overnight with a gigantic error log (
   ahem, Pretty Links). Consequently, I started receiving Backup Buddy errors on
   my websites, all of which I have traced to wfls_2fa_secrets and wfls_settings
   being labeled as “Unknown storage engine ‘InnoDB'” in the WF diagnostics page.
   I’m not sure what to do with this since I have WF installed on about 20 sites.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] Plugins Needs an Update alert](https://wordpress.org/support/topic/plugins-needs-an-update-alert/)
 *  Thread Starter [davebach](https://wordpress.org/support/users/davebach/)
 * (@davebach)
 * [8 years, 8 months ago](https://wordpress.org/support/topic/plugins-needs-an-update-alert/#post-9599759)
 * Thanks for the reply. I do see your point even though it may not completely align
   with the way I prefer. So I will no doubt turn off warnings and leave on critical
   alerts. I can only see my inbox getting further overloaded as I add WF to more/
   new sites.
 * The WF docs say “Wordfence sends email alerts on certain events if you have enabled
   the alerts in this section.” What are the other alerts that will be silenced 
   when I turn it off?
 * Thanks,
    Dave
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Anti-Malware Security and Brute-Force Firewall] Alert for iThemes Sync](https://wordpress.org/support/topic/alert-for-ithemes-sync/)
 *  Thread Starter [davebach](https://wordpress.org/support/users/davebach/)
 * (@davebach)
 * [8 years, 9 months ago](https://wordpress.org/support/topic/alert-for-ithemes-sync/#post-9491668)
 * Thanks for being on top of this.
 * **Note to everyone, please donate.**
 * Dave
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [Hacker registered user](https://wordpress.org/support/topic/hacker-registered-user/)
 *  [davebach](https://wordpress.org/support/users/davebach/)
 * (@davebach)
 * [8 years, 9 months ago](https://wordpress.org/support/topic/hacker-registered-user/page/2/#post-9491413)
 * I had the same issue in the last few days and was notified via google Search 
   Console Team. I found very little information on this type of hack with a Google
   search for wp.service.controller.
 * Thanks to [@ernasx](https://wordpress.org/support/users/ernasx/) and [@dzemens](https://wordpress.org/support/users/dzemens/)
   for those plan summaries. On one of my sites that had been attacked, the damage
   was fairly deep. I’d like to add that I used WPMU Dev’s Defender first since 
   it was installed. It found some files, then Wordfence found more and then GOTMLS
   found even more. I can’t say which is best because of the order I used them in,
   but one piece of software would have been waaay less time consuming. I had a 
   few of the things others mentioned… simply-named php files in the main wp directory(
   the file names seem to be taken from text on the site), php files in wp-content,
   modified wp-config and index files and the favicon files that fake you out.
 * I want to patch the hole, but it’s hard to find a common denominator when you
   tend to use the same plugins again and again. But FOR ME the biggest similarity
   I was leaning toward with with the sites that got hit were that they allowed 
   registration… but not truly open registration… they are used with S2 Member and
   the only sites that use wp-login.php without obscuring the login path. The first
   site allows registration, but only with an invite code from another plugin. The
   amount of invites used equaled the amount of legit users, so the hack/script 
   seemed to get around that (11 wp.service.controller accounts). I also had a plugin
   that allows me to approve accounts; it did not notify me of these clandestine
   accounts. With the other site that got hit, you have to pay for an account, but
   presumably they got around that (2 wp.service.controller accounts).
 * That is not to say that a password was not compromised, but I’m the only admin
   account and the sites are 2-factor protected and I’ve done most of the things
   the iThemes Security plugin recommends. And of course many other good-practice
   site and password protections.
 * Anyway, I think I have the sites cleaned. I can temporarily close one site to
   registration, but the other paid site I can’t. So, does anyone know more about
   the wp.service.controller hack and how to protect against it?
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[WP-PostRatings] get_highest_rated_category no longer works after 1.81.1 -> 1.84.1](https://wordpress.org/support/topic/get_highest_rated_category-no-longer-works-after-1-81-1-1-84-1/)
 *  [davebach](https://wordpress.org/support/users/davebach/)
 * (@davebach)
 * [8 years, 12 months ago](https://wordpress.org/support/topic/get_highest_rated_category-no-longer-works-after-1-81-1-1-84-1/#post-9264277)
 * This fixed the same problem for me. I suspect WP 4.7.5 broke it based on when
   I noticed it.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Download Monitor] How can I display the content using a template?](https://wordpress.org/support/topic/how-can-i-display-the-content-using-a-template/)
 *  Thread Starter [davebach](https://wordpress.org/support/users/davebach/)
 * (@davebach)
 * [10 years ago](https://wordpress.org/support/topic/how-can-i-display-the-content-using-a-template/#post-7449584)
 * That did the trick, thanks very much.
 * Dave
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Download Monitor] Changing what is displayed in custom template](https://wordpress.org/support/topic/changing-what-is-displayed-in-custom-template/)
 *  [davebach](https://wordpress.org/support/users/davebach/)
 * (@davebach)
 * [10 years ago](https://wordpress.org/support/topic/changing-what-is-displayed-in-custom-template/#post-7282537)
 * Hi,
 * I just updated from the legacy version. I used to use a template that displayed
   the description, which was converted into what I believe would probably be the_content,
   but in a custom template I can only get this to work:
    `<?php $dlm_download->
   the_short_description(); ?>` not something like this: `<?php $dlm_download->the_content();?
   >`
 * All my short descriptions are empty after the legacy conversion, so how can I
   display the content… I can’t find an example in the included templates.
 * Thanks
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Comments - wpDiscuz] Not All Assets Loading](https://wordpress.org/support/topic/not-all-assets-loading/)
 *  [davebach](https://wordpress.org/support/users/davebach/)
 * (@davebach)
 * [10 years, 1 month ago](https://wordpress.org/support/topic/not-all-assets-loading/#post-7351694)
 * I am getting similar 404 errors on a site that I am not using a CDN with.
 * Lots of 404’s from utils/temp.
 * Dave
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[W3 Total Cache] Error seems to have popped up after 4.5.1 update](https://wordpress.org/support/topic/error-seems-to-have-popped-up-after-451-update/)
 *  Thread Starter [davebach](https://wordpress.org/support/users/davebach/)
 * (@davebach)
 * [10 years, 1 month ago](https://wordpress.org/support/topic/error-seems-to-have-popped-up-after-451-update/#post-7342132)
 * Yes, shared hosting. Turning off just database caching fixed it. Thanks.
 * Two additional sites on the same host have both database and object (and page
   and browser) caches enabled, so I’m not sure why it works on some. Nor do I remember
   why they are on in the first place, it was probably set it and forget it a year
   ago.
 * I have seen that minify does not work with some themes, so perhaps database is
   the same.
 * I also use iThemes Security as israa2010 mentioned, but I couldn’t say if that’s
   a factor since I have that on every site.

Viewing 15 replies - 1 through 15 (of 38 total)

1 [2](https://wordpress.org/support/users/davebach/replies/page/2/?output_format=md)
[3](https://wordpress.org/support/users/davebach/replies/page/3/?output_format=md)
[→](https://wordpress.org/support/users/davebach/replies/page/2/?output_format=md)