dwinden
Forum Replies Created
-
Exactly.
Would it be possible to include a link to a screenshot which shows that Query Monitor plugin red caution ?
dwinden
You’ve probably been hacked by everyone in the world except me …;-)
Just kidding.There is no need to disable the plugin. Just disable the settings that may impact the site adversely or that you are unsure about until you have a better understanding of how to apply/control those settings properly. It would be even better to first test drive the plugin in a test env.
Anyway the data as displayed under the Details link of the File Changes Detected log entries is as expected. The data is not understandable for an average person using the plugin, but if you switch to the “File Change History” Select Filter: at the top of the log and then click on a Details link you’ll find that the data is displayed in a proper format.
Note the first time the iTSec plugin runs a File Change Detection scan there is no data (stored in the database) to compare with and thus all files are listed as Added. Very normal behavior of the plugin. Nothing to worry about.
Finally a link to some (7) highly recommended video’s.
Skip the actual video offered on this page and scroll to the bottom of the page to find 7 very usefull in-depth video tutorials.dwinden
Thank you for that clarification.
After reading about the Query Monitor plugin in your last post I remembered having seen something similar recently so I went back in the forum history and found this fairly recent topic.
Please ignore my comments in that topic. I now have a better understanding of what is happening than at the time of me posting in that topic.
I guess there is no harm in PHP warnings being displayed in the Query Monitor plugin only and nowhere else.
I don’t think the warning level activated in php config will overrule the @ prepending … but I might be wrong.In any case this has absolutely no impact whatsoever on the functioning of the iTSec plugin. Just a minor cosmetic thing.
dwinden
Where is that PHP error displayed (in the browser or somewhere in a log file) and what PHP version are you using ?
I wonder why you get a PHP Warning when the mkdir() command is prepended with a @ ?
dwinden
1. To enable a French iTSec plugin translation you need to manually add the following 2 translation files to the /wp-content/languages/plugins/better-wp-security folder:
better-wp-security-fr_FR.po
better-wp-security-fr_FR.moIf the /wp-content/languages/plugins/better-wp-security folder does not yet exist create it manually.
2. To solve the empty tabs issue edit the better-wp-security-fr_FR.po file using Poedit and clear the translation for the entry “Security”.
In other words make “Security” untranslated. Save changes.dwinden
According to the FAQ section in the readme.txt:
= Where can I get help if something goes wrong? =
* Official support for this plugin is available for iThemes Security Pro customers. Our team of experts is ready to help.Free support may be available with the help of the community in the WordPress.org support forums (Note: this is community-provided support. iThemes does not monitor the WordPress.org support forums).
dwinden
@jim Reekes
In that case we’ll need to add some debug info to the emails.
To enable debug info add the following constant to the wp-config.php file like this:
define('ITSEC_DEBUG', true );The debug info will be displayed at the bottom of the next emails.
dwinden
@anyoneinterested
On 6 May, 2016, WordPress 4.4.3 was released to the public.
The security vulnerabilities as listed in this topic have been backported to 4.4.3.
dwinden
Right, clearly didn’t realize that and the fact that it is in a MultiSite env.
MS does mean disabling the “Filter Suspicious Query Strings in the URL” setting will disable it for ALL sites in the network …
dwinden
Simply disable the “Filter Suspicious Query Strings in the URL” setting.
There are other far more important security steps to take.Also note that the idea behind the iTSec plugin is to enable only those settings that do not interfere with proper functioning of the site.
dwinden
Enable the “Filter Suspicious Query Strings in the URL” setting and then change the following lines like this in the .htaccess file:
... RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC] # RewriteCond %{QUERY_STRING} ^.*(request|concat|insert|union|declare).* [NC] ...Not a permanent solution but it will help in determining which RewriteCond line is the culprit. I’m putting my money on the second RewriteCond line above because it filters on the string “request” which is included in your forbidden URL.
Note commenting (#) the second RewriteCond line is not enough !
You also need to change [NC,OR] into [NC] at the end of the previous RewriteCond line.dwinden
@jim Reekes
If this is about the Daily Security Digest email add the following line to your wp-config.php file:
define(‘ITSEC_NOTIFY_USE_CRON’, true);
dwinden
Sounds like it may be some sort of plugin conflict.
Ok, so you are using the WPML plugin.
The “client denied by server configuration” messages in the error_log
are most probably irrelevant for this issue.It’s going to be hard to figure this out without access to the env.
A TeamViewer session might help. I’m Dutch by the way.dwinden