Title: Mopquill's Replies | WordPress.org

---

# Mopquill

  [  ](https://wordpress.org/support/users/mopquill/)

 *   [Profile](https://wordpress.org/support/users/mopquill/)
 *   [Topics Started](https://wordpress.org/support/users/mopquill/topics/)
 *   [Replies Created](https://wordpress.org/support/users/mopquill/replies/)
 *   [Reviews Written](https://wordpress.org/support/users/mopquill/reviews/)
 *   [Topics Replied To](https://wordpress.org/support/users/mopquill/replied-to/)
 *   [Engagements](https://wordpress.org/support/users/mopquill/engagements/)
 *   [Favorites](https://wordpress.org/support/users/mopquill/favorites/)

 Search replies:

## Forum Replies Created

Viewing 7 replies - 1 through 7 (of 7 total)

 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[WooCommerce Tax (formerly WooCommerce Shipping & Tax)] Issue with wp-admin “select all” feature](https://wordpress.org/support/topic/issue-with-wp-admin-select-all-feature/)
 *  [Mopquill](https://wordpress.org/support/users/mopquill/)
 * (@mopquill)
 * [5 years, 9 months ago](https://wordpress.org/support/topic/issue-with-wp-admin-select-all-feature/#post-13405452)
 * Also having this issue in WCS v1.24.2. It appears there’s a [pull request](https://github.com/Automattic/woocommerce-services/pull/2176)
   that resolves this, so I imagine the update that incorporates it should just 
   have the standard WordPress plugin update fixing the issue. 🙂
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [WordPress Root Only Showing Login Form?](https://wordpress.org/support/topic/wordpress-root-only-showing-login-form/)
 *  Thread Starter [Mopquill](https://wordpress.org/support/users/mopquill/)
 * (@mopquill)
 * [7 years, 11 months ago](https://wordpress.org/support/topic/wordpress-root-only-showing-login-form/#post-10427428)
 * This is still unresolved, though I will report back if I discover a solution.
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [WordPress Root Only Showing Login Form?](https://wordpress.org/support/topic/wordpress-root-only-showing-login-form/)
 *  Thread Starter [Mopquill](https://wordpress.org/support/users/mopquill/)
 * (@mopquill)
 * [7 years, 12 months ago](https://wordpress.org/support/topic/wordpress-root-only-showing-login-form/#post-10420133)
 * I did not do anything to make the login form show on the front end. I outlined
   above what I did; I didn’t do any extra steps. I literally installed it and it’s
   doing this. As I mentioned, running into this issue on another site, I made a
   sample site and ran into this right away. I didn’t change the site URL or WordPress
   URL. wp-login.php also shows the login form. And before you ask, my Index options
   are not set to use wp-login.php.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Sucuri Security - Auditing, Malware Scanner and Security Hardening] Core Integrity Checks After Move](https://wordpress.org/support/topic/core-integrity-checks-after-move/)
 *  [Mopquill](https://wordpress.org/support/users/mopquill/)
 * (@mopquill)
 * [10 years, 7 months ago](https://wordpress.org/support/topic/core-integrity-checks-after-move/#post-6529202)
 * > I actually came here tonight (on my free time) per request of a user that asked
   > me via email if I had left the company or something like that because I used
   > to be very responsive in this forum.
 * …and of the posts of people asking for help, you chose to engage me based on 
   an off-handed comment? o.o
 * I don’t know what to tell you, but Apache runs PHP as a basic module under the
   user www-data — standard Debian stuff. And I definitely consider Debian to be
   the most secure distro for web servers. Anyhow, individual users own their files(
   because if www-data owned them, they’d get the 7, which would be the same as 
   having them as 777 relative to a web user being able to write files). I mean,
   just throw up a Debian machine — you don’t need my server config for that. But
   if the server can write to them, *that* is a security issue. You don’t want the
   server having the permissions to write to files that have to do with config, 
   because then if there’s any hole anywhere, they can write to them. That’s why
   the stuff in wp-uploads is typically pictures and whatnot where it wouldn’t cause
   harm.
 * Dude, if you’re claiming the database isn’t safe, then they could just hijack
   whatever they want, log in, and change all the settings. The database is way 
   safer than a world-writable file in a web-facing directory. That’s like… security
   101. I have opened those files, and an exit line shouldn’t be all that stands
   in the way of your configuration printing, especially when that setup makes it
   so mine can’t even write — hell, in the name of security, if for some reason 
   the plugin *can’t* write to the files, it should be falling back to the database
   anyhow.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Sucuri Security - Auditing, Malware Scanner and Security Hardening] Core Integrity Checks After Move](https://wordpress.org/support/topic/core-integrity-checks-after-move/)
 *  [Mopquill](https://wordpress.org/support/users/mopquill/)
 * (@mopquill)
 * [10 years, 7 months ago](https://wordpress.org/support/topic/core-integrity-checks-after-move/#post-6529200)
 * First off, that was just a tongue-in-cheek comment. It’s kind of depressing that
   you’d answer that within a week, but take a month to reply to the issue itself.
 * The server’s mine. It’s configured correctly, and your suggestion as to *why*
   this is happening is incorrect. I can tell you that if the permissions on those
   files are not 777, you can’t do things like manually approve core integrity issues,
   save last-logins (mine are blank despite hundreds of attempts at using the recent
   WordPress XML-RPC exploit), trusted IPs, etc.
 * In any case, I’ve really got to wonder why so many people are having this issue—
   why store these settings in PHP files in wp-uploads (which is just a bizarre 
   way to do it anyhow) where they can be public-facing at all? Why not just put
   them in the database? It’d be faster, more secure, and you wouldn’t have to worry
   about write-errors, or their contents being viewed.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Sucuri Security - Auditing, Malware Scanner and Security Hardening] Core Integrity Checks After Move](https://wordpress.org/support/topic/core-integrity-checks-after-move/)
 *  [Mopquill](https://wordpress.org/support/users/mopquill/)
 * (@mopquill)
 * [10 years, 8 months ago](https://wordpress.org/support/topic/core-integrity-checks-after-move/#post-6529195)
 * I have the same issue. It has something to do with certain files (or the whole
   directory) not being set to 777 in wp-content/uploads/sucuri — which is generally
   good security policy. And here I thought this was a security plugin. 😛
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Wapple Architect Mobile Plugin for WordPress] [Plugin: Wapple Architect Mobile Plugin for WordPress] Ha! Wapple becomes ultra-capitalistic, plaste](https://wordpress.org/support/topic/plugin-wapple-architect-mobile-plugin-for-wordpress-ha-wapple-becomes-ultra-capitalistic-plasters-huge-ad-on-every-page/)
 *  [Mopquill](https://wordpress.org/support/users/mopquill/)
 * (@mopquill)
 * [14 years, 6 months ago](https://wordpress.org/support/topic/plugin-wapple-architect-mobile-plugin-for-wordpress-ha-wapple-becomes-ultra-capitalistic-plasters-huge-ad-on-every-page/#post-2422059)
 * Yeah, I just developed an mobile plugin for a different software that didn’t 
   have one, and then I came to good ol’ WordPress, and had to do the same thing.
   But this is WordPress we’re talking about- why reinvent the wheel? Wapple was
   the first thing that came up, and they don’t mention -anywhere- anything about
   keys or accounts or money. They just tell you about all the features they have,
   and this is a plugin for a free, open-sourced blog software.
 * So, I install it, and I need a dev key. “Okay”, I think, “this is probably an
   anti-spam measure; I can’t blame them at all.” and then I find out they’re going
   to advertise on content that doesn’t belong to them to do something that some
   quick PHP and a list of user agents can do by themselves? All of this on a free
   blogging software? Is the irony lost on them?
 * Anyhow, I don’t know if I’d quite call them capitalistic pigs, but, I’m certainly
   never happy with people trying to bring capitalism into open-source. Especially
   when it’s one facet of it. If everyone had their way, most WordPress sites would
   have like, six copyrights for people/groups that have nothing to do with the 
   content generation of the site, and the owner would be paying several different
   groups monthly just to be able to use their plugins on a free platform.
 * It’s all just nonsense. Have some decency, Wapple. :-/

Viewing 7 replies - 1 through 7 (of 7 total)