Johmai
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: Rename wp-login.php for securityRule#1 sounds right to me too.
I now have good custom HTACCESS. It’s somewhat bulky but at least I have custom settings which are my own and make me feel safer.Note: If you’re not using HTACCESS and your plugins tell you that a brute-force attempt occurred, what will you do with the information it gathers?
It’s like knowing They’re Coming for You and that that playout is going to repeat itself infinitely and that you’re expected to feel fortunate when when you’re not struck.Jeff Starr’s knowledge base is helpful when you want to be proactive.
Forum: Fixing WordPress
In reply to: Rename wp-login.php for security@swordspres – if you knew HTACCESS you could play with redirects.
The redirect from “yourdomain.com/wp-admin/” to “yourdomain.com/wp-admin/your-secret-login.php” is not necessary – I don’t get redirected.but i can’t understand why WordPress doesn’t introduce a native brute-force feature. I hate editing core files to increase security or running external plugins.
Yes.
Forum: Hacks
In reply to: Warning Error – creating default object from empty valueMy issue is similar.
I duplicated a live site on local (WAMP) setup.Everything looks fine but the dashboard says:
“Creating default object from empty value in D:\wamp\www\test\wp-admin\includes\update.php on line 90”I do not know what this means or how to fix it.
Please ignore me if this is irrelevant but help me if you can.
Thank you.
Forum: Fixing WordPress
In reply to: dashboard appears broken and looks differentEveryone: mine turned out to be related to an htacess line I copied from my guru to fight script injections.
Forum: Fixing WordPress
In reply to: dashboard appears broken and looks differentEdit: successfully turned on all plugins with bulk action.
This means the front is looking fine – it always did, even while dashboard is broken.
It also means finding the bad plugin is more difficult (if it is a plugin).My reason for postponing the update in the 1st place is complex.
I’m more that willing to update now but it doesn’t feel right to update something that’s not working properly…Don’t know what to do!
Forum: Fixing WordPress
In reply to: dashboard appears broken and looks differentUnfortunately I cannot provide url because even if I shortenit it’s going to be here eternally.
Anyway, what will you be able to tell by seeing the front?I have confirmed that it wasn’t hacked.
I’ve disabled all plugins and reverted to default theme.
I notice when re-enabling plugins it redirects to page not found.
This means it is now impossible to turn on plugins one-by-one to find the broken one.I’ve also replaced the wp-config, wp-includes and wp-admin with ones from most recent backup.
Should I just use a really fresh one instead of trying to retrieve from backup?Thanks esmi for advice.
Forum: Fixing WordPress
In reply to: dashboard appears broken and looks differentNo, absolutely not. I have excellent security.
But let’s assume that’s the case, how would I know for sure?Forum: Fixing WordPress
In reply to: Rename wp-login.php for security@chris Olbekson, why do you say renaming will cause more problems?
Like what sort of problems?I just cannot come to terms with the fact that the login is in plain view.
If there’s a lock-down on the amount of attempts allowed, won’t it be easy for unscrupulous persons to effectively lock out legitimate users by using incorrect passwords all the time?
And even more important, how can I display sidebar on 404 page?
I’m also struggling to do this.
@alchymyth, my child theme for twenty eleven uses 2 sidebars which are brought about by code in functions.php.
How do I include/call them?
This:<?php get_sidebar(); ?>does nothing…And because I cannot edit the 404.php as I would edit a post, it’s not possible to simply specify to use “sidebar template” – which would ordinarily secure 2 sidebars in place.
Please help.
Forum: Fixing WordPress
In reply to: Rename wp-login.php for securityThank you, that’s an honest answer.
What is the user auth system – is that standard?Forum: Fixing WordPress
In reply to: "injects" code when toggle between html & visual editorHi kmessinger, I’ve had several cups on this one.
Please note, I’m NOT confusing Java with JavaScript – both are required.
Forum: Fixing WordPress
In reply to: "injects" code when toggle between html & visual editorIt’s not my PC.
What if you’re right – what do I do with the stuff on WAMP then?
I cannot start all over again and I’m not sure my files will be safe if I reinstall WAMP.
There has to be a search&remove tool to locate the problem either in WAMP itself or in WP base code.Forum: Fixing WordPress
In reply to: "injects" code when toggle between html & visual editorIs the idea to move across the exact WP install from WAMP or to use a new install?
I’m checking instantWP now and the problems are not recurring, needless to say, precisely because the particular WPinstall that it comes with is not mine.
I don’t see how it can indicate the problem because the problem resides in my other install on WAMP.Forum: Fixing WordPress
In reply to: "injects" code when toggle between html & visual editorCan I check/scan WAMP?
How do I play with WP without WAMP?Forum: Fixing WordPress
In reply to: "injects" code when toggle between html & visual editor@jan,
I can’t redo WAMP now. I’ve run numerous pc scans – I’m clean.
So do you think it gets inserted outside of the WP code base?
If not, is there an easy way I can use search queries and kill the findings using Grep?I also found this directive in root .htaccess (and I didn’t write it):
RewriteEngine on
# Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} in.admedia\.com [NC]
RewriteRule .* – [F]