gore.m
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: Remove feeds from head on theme levelOK thanks you.-)
Forum: Fixing WordPress
In reply to: Remove feeds from head on theme levelThanks you, this was first place I was looking at – of course… but still I cant see any info about what add_theme_support( ‘automatic-feed-links’ ); exactly outputs, fire or is able remove.
Forum: Fixing WordPress
In reply to: Content Security Policy in WordPress?I know and I agree. I forgotten to write “I got it working” – but with lower my demands.
If I understand it right using ‘unsafe-inline’ with CSP is counter-productive.(?)
So…inline JS and CSS were the most painful parts… the best way – and maybe only one – was to use ‘self’ and aggregate all inline JS and CSS by Autoptimize.But than I realised that I would rather dont aggregate cart and checkout page and that I need run
<script> jQuery function </script>before content is loaded (so that I hardcoded it in header template)… and Im in troubles… than I realised: Is not everything escaped yet? So… Do you think is it worth it in my case?Maybe… main problem is that I dont exactly understand how XSS works… is it possible injects anything without input boxes etc?
Thanks you
May I know why html is not compressed?
Is there any possible gzip conflict if I uncheck gzip option in WPFC and instead of that Ill use server gzip?
Thanks youForum: Plugins
In reply to: [WPS Hide Login] WP-Admin = 404 + I can’t log outAre you sure youve changed url like this? If yes, and initial url doesnt workk too, you need to login to FTP and delete wps-hide-login plugin folder from here, than initial login url will work again.
Forum: Plugins
In reply to: [WPS Hide Login] WP-Admin = 404 + I can’t log outI dont think so.
Possibilities are:
1) It is caused by WPML
2) Your (and other plugins) are not compatible with WPML because they are getting wrong URL and poiting to nowhere… Why is language slug included in URL???… if WP doesnt iclude it even if WPML is active?
3) There is something wrong with redirects on some live servers (Im not alone who have same problem), because it works on localhost.But… Im respecting your decision… lets give up it, it is easiest solution (by the way it is not resolved).
Forum: Plugins
In reply to: [WPS Hide Login] WP-Admin = 404 + I can’t log outIm afraid I dont understand you @nicolaskulka too right now .))
If I set up new login to “login”, url is
https://www.example.com/TEMP/cs/login/, if I open this url = 404.
Log out url ishttps://www.example.com/TEMP/cs/login/?action=logout&_wpnonce=688c5e3c9b= 404. I cant log out, Im still logged in.If I remove ‘cs’ slug from url (
https://www.example.com/TEMP/login/) it redirects me tohttps://www.example.com/TEMP/wp-admin/.I can log out only with URL without ‘cs’ slug, but than Im redirected to
https://www.example.com/TEMP/cs/login/?loggedout=true= 404.After that action I can access
https://www.example.com/TEMP/login/but I cant log in, because Im redirected tohttps://www.example.com/TEMP/cs/login/= 404… So I have to delete WPS from FTP.I think it is obvious that URLs with ‘cs’ slug are pointing to nowhere = 404. Hard to tell what is causing this problem, because rest of site works perfect.
I was curious if and how other similar plugins will work… I had similar problems with them, only Hide WP Admin and Login plugin works without problem, I can log-out and log-in if I remove ‘cs’ slug from log-in URL.
- This reply was modified 8 years, 1 month ago by gore.m.
Everytime I think Im with security done, I found out that Im not .-)
Thanks you very much.Thanks you very much,
I was confused by marks like XSS, that are “same” in Wordfence settings. I ended up with “Security Headers” plugin yesterday, that solved this problem. But it is cool to see headers can solve few .htaccess lines .-)
One thing Im still confused are coockies. I inspected coockies and I found out that only one is “secure; HttpOnly”, the rest (included Woocommerce, WPML and others) are not secure.Ive tried :
<IfModule mod_headers.c> Header always edit Set-Cookie (.*) "$1; HTTPOnly; Secure" </IfModule><IfModule mod_headers.c> Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure </IfModule>It didnt changed anything.
Than I find out some conection to line from your code
Header always append X-Frame-Options SAMEORIGIN(I already have it in header) and this tip:@ini_set('session.cookie_httponly', true); @ini_set('session.cookie_secure', true); @ini_set('session.use_only_cookies', true);It didnt changed anything. Is that right?
Thanks you
Forum: Plugins
In reply to: [WPS Hide Login] WP-Admin = 404 + I can’t log outIt is strange… all folders are 755, files 644 (except for htaccess 755 or 777).
Wordfence and WP Super Cache are modifying htaccess without any problem. Can you explain more what did you mean please? Is there anything more I can check?Forum: Plugins
In reply to: [WPS Hide Login] WP-Admin = 404 + I can’t log outI had .htaccess in 755.
Same result with 777:Options: * WordPress redirect * Mixed content fixer SERVER: apache SSL is enabled for this site ** Detecting configuration ** plugin version: 2.5.26 Already on SSL, start detecting configuration SSL type: SERVER-HTTPS-ON ** Configuring SSL ** testing htaccess rules... test page url, enter in browser to check manually: https://www.example.cz/TEMP/wp-content/plugins/really-simple-ssl/testssl/serverhttpson/ssl-test-page.html htaccess rules test failed with error: Too many redirects checking if .htaccess can or should be edited... .htaccess does not contain default Really Simple SSL redirect retrieving redirect rules converting siteurl and homeurl to httpsForum: Plugins
In reply to: [WPS Hide Login] WP-Admin = 404 + I can’t log outOk, RS SSL debug:
Options: * WordPress redirect * Mixed content fixer SERVER: apache SSL is enabled for this site ** Detecting configuration ** plugin version: 2.5.26 Already on SSL, start detecting configuration SSL type: SERVER-HTTPS-ON ** Configuring SSL ** testing htaccess rules... test page url, enter in browser to check manually: https://www.example.cz/TEMP/wp-content/plugins/really-simple-ssl/testssl/serverhttpson/ssl-test-page.html htaccess rules test failed with error: Too many redirects checking if .htaccess can or should be edited... .htaccess does not contain default Really Simple SSL redirect retrieving redirect rules converting siteurl and homeurl to httpsForum: Plugins
In reply to: [WPS Hide Login] WP-Admin = 404 + I can’t log outI thought too, because one plugin noticed me that .htaccess is not writable, but .htaccess is 644 (and WP Fastest cache uses it). Does WPS need to write to .htaccess?
Except for WP fastest cache code there is only:
# BEGIN WordPress <IfModule mod_rewrite.c> RewriteEngine On RewriteBase /TEMP/ RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /TEMP/index.php [L] </IfModule> # END WordPressThere is one more difference from localhost, it is SSL. But 404 link is right it has https:// .
Forum: Plugins
In reply to: [WooCommerce] Registered size instead of woocommerce_gallery_thumbnailThanks you
Forum: Plugins
In reply to: [WPS Hide Login] WP-Admin = 404 + I can’t log outOK, I found out one thing: Everything works fine on localhost, but not on live server.
For to be sure… I reinstalled whole site with fresh localhost backup (Duplicator) and I didnt install (Wordfence, WP super cache, Autoptimize), but 404 error remain.
Only one diffrence I have from localhost isRewriteBase /TEMP/(site is now hidden for testing in ‘TEMP’ folder – works without any problem except for WPML x WPS).