llocally
Forum Replies Created
-
Forum: Plugins
In reply to: [Join My Multisite] Not working for manualThat explains it. Although far from intuitive. If you set none – manual – when you manually add you get a role option so one would assume the role selected at add user applies. Infact it takes the plugin role, which then requires a second edit to set the desired role.
I actually only want external enrolement on a couple of subzites, but as plugin activates on all.
Excuze typos posting from phone
Forum: Plugins
In reply to: [Stop User Enumeration] Adding a slash to url bypasses protectionThanks,
When I retested 1.2.1 on twenty thirteen I get the full archive, and of course the body tag is set.
Regarding author=1 getting bypassed I can’t replicate that using 1.2.1
Does that still happen with 1.2.2?
As you haven’t come back, I assume you fixed your Fail2Ban config files OK.
Forum: Plugins
In reply to: [Stop User Enumeration] Adding a slash to url bypasses protectionThank you for pointing out that a training slash can bypass the check. This is because the check was only being applied when WordPress was redirecting, the . stops that.
Never the less I have fixed the plugin (v 1.2.2) so it now detects author when a redirect fails.
By the way that is the reason that author=1 fails on your system, as there is will be no author=1 on yours (perhaps the original user 1 was admin and now correctly been deleted), so this fix also deals with teh missing author issue.
The reveal of your ‘author’ in the html is theme specific as far as I can see, as it doesn’t occur in the default TwentyThirteen. I would be interested to know what theme you are using.
Your .htaccess solution is correct and good, and what I was using before I wrote this plugin. I wrote the plugin specifically to ban attempts from a WPSCAN and hence the logging to the syslog for Fail2Ban to pick up and ban the IP at firewall. The .htaccess will stop the username from being revealed, but won’t stop WPSCAN continuing to try and enumerate plugins, version etc. and of course using up CPU/Memory in the process.
By the way, it isn’t safe to assume you only have 99,999 users if you run a big multi-site, but for the vast majority it will be fine.
Forum: Plugins
In reply to: [Photospace Gallery] Can't access options pageYes, and therefore doesn’t work in sites where the admin can’t ‘edit theme’ php / css files.
it is caused by this line
add_menu_page('Photospace options', 'Photospace Gallery Options', 'edit_themes', basename(__FILE__), array('photospace_plugin_options', 'display'));which should be better served by a different capability e.g. edit_theme_options which refers to things like background, rather than edit_theme which refers to the capability to edit the actual theme php / css files
add_menu_page('Photospace options', 'Photospace Gallery Options', 'edit_theme_options', basename(__FILE__), array('photospace_plugin_options', 'display'));I would propose the developer makes this small change.
Did you resolve this?
Does the syntax of the [wordpress-userenum] look teh same as the syntax for your other jail.local configs?
Forum: Plugins
In reply to: [Contact Form 7] Contact Form 7 PayPal IntegrationRather than examining the live headers for the parameters you can use the simpler method, read the documentation, less fun I know.
The html query strings parameters can be found here
Thanks for the useful thread, it makes something I was doing very easy.
Forum: Plugins
In reply to: [Front-end Editor] Breaks Woothemes Flex sliderIf it helps, I have narrowed this down to ‘edit text widget content’, unticked and all is well, ticked (with WYSIWYG enabled) causes the issue.
Forum: Plugins
In reply to: [Get Directions Map] Get Directions not showingAs I haven’t heard back, I will close this and assume it is working in the current version.
Forum: Plugins
In reply to: [Get Directions Map] Questions about the plugin.Many thanks for your kind comments.
Regarding translation, it is possible to apply a translation on the directions (subject to the language codes available on map quest), it did advise one chap of code changes he could make for german, however it wouldn’t take me too long to add a language optional parameter.
Regarding the second point, in disable the browser location and request a starting location, I think this is a good idea and one I have been thinking about for a while.
At some stage, I will incorporate both of your suggestions.
Forum: Plugins
In reply to: [MailChimp Widget] Widget Hides after Submissiontesting on 3.6 I get teh ‘hide’ and nothing gets to the subscribe list on mail chimp. I assume this is a broken unsupported plugin noow
Forum: Fixing WordPress
In reply to: WordPress Multisite Always Hangs On Plugin/Theme UpdatesThanks for this post. This was driving me mad on my test server, everything was good on production and I couldn’t work out why. Turning zlib compression off did the trick!
Richard,
OK I have managed to reproduce what happened in live it in a test environment, I couldn’t make it happen except as follows….
Step 1. Install grunion and network activate
Step 2. install jetpack, do not network activate
Step 3. go to a specific sub site and activate jetpack
at this point all is well
step 4. register jetpack with your wordpress.com account, at this point grunion gets deactivated network wideI take the point about grunion no longer being developed outside jetpack (although the current code line is the same).
As an aside, with a multi-site, is iI know you have to activate jetpack individually for each sub-site,but doe sit work using the same wordpress.com account to link to multiple sites? I haven’t got to the point of working out if that creates any issues?
Forum: Plugins
In reply to: [WP fail2ban - Advanced Security] Block enumerate users1. yes, I can’t think of anyway of having different sensitivities in the same filter, so a filter per ‘sensitivity’ would be required.
2. I just fully tested this on my server and it works fine.
First, have you turned on enumeration with
define(‘WP_FAIL2BAN_BLOCK_USER_ENUMERATION’,true);
?Second have you looked in the your syslog (e.g. /var/log/syslog or /var/log/messages) rather than your auth log.
hope that points you in the right direction
Forum: Plugins
In reply to: [WP fail2ban - Advanced Security] Block enumerate usersI actually have three different filters
1. for attempts on admin / administrator
2. the other for general logins
3. one for enumerationFairly simple top create and just change the regex’s
By the way thanks for incorporating, well actually improving, my stop enumeration code.
Alan – aka llocally – aka roibot (must get round to combining my ids)