secconsult
Forum Replies Created
-
Forum: Plugins
In reply to: [MVIS Security Center] Can't Use: Maximum execution time exceededAlright, please let me know which version of XAMPP you are using and for which operating system, then I’ll try to reproduce the error.
Forum: Plugins
In reply to: [MVIS Security Center] Can't Use: Maximum execution time exceededThat’s interesting, did the process ever complete?
So the problem is apparently caused by a call to md5() in a do while loop.
if (PHP_VERSION >= '5') { $hash = md5($salt . $password, TRUE); do { $hash = md5($hash . $password, TRUE); } while (--$count); }One quick solution should be to change one line in wp-content/plugins/mvis-security-center/inc/mvl_config.php line 4
$password_list = array(‘123’, …) to
$password_list = array();
This way the loop should not be executed, but you won’t have the weak password check for your wordpress users.Unfortunately, I don’t know why this problem is occurring, but I will look into it some more.
Thanks for your feedback,
StefanForum: Plugins
In reply to: [MVIS Security Center] Can't Use: Maximum execution time exceededHello Justin,
actually that should be the case, you would have to accept the terms and conditions and click on “Continue” before the tests are run.
As shown here http://i48.tinypic.com/1rfasj.pngSo this error message arises as soon as you click on the link in the dashboard and you are not presented with the screen as shown in the link above?
I have just used a fresh install of the latest 3.5 WordPress (max_execution_time set to 30) and everything seems to work fine. Did you experience any other problems with your setup? Did increasing the max_execution_time solve the problem?
Forum: Plugins
In reply to: [MVIS Security Center] Can't Use: Maximum execution time exceededHello Justin,
sorry for the late response!
This problem can arise when the inital check performed by the plugin takes more than 30 seconds.Please try either:
1. Adapting the wp-config.php:
set_time_limit(60);Important β If you are making changes in wp-config.php, then add this line above the β/* Thatβs all, stop editing! Happy blogging. */β comment.
2. Adapting the /.htaccess file of your WordPress installation
php_value max_execution_time 603. Adapting the php.ini file
max_execution_time = 60;Preferably the changes are made in the wp-config.php file.
Please let me know if that solves the issue.
Thanks,
StefanForum: Plugins
In reply to: [MVIS Security Center] Tried to secure site and lost access to dashboardHello Jules and sorry for the late response!
I am glad that you worked everything out.
Let me know if there is anything I can help you with.
Hello Renate,
I will close this thread for now, please get back to me if the problem persists.
Thank you,
StefanHello Renate,
were you successfully able to register?
Please let me know then I can close this thread.Thank you,
StefanHello Renate,
are you using Javascript blocking extensions like NoScript or is Javascript disabled in your browser? Javascript is used to show you information if any fields in the registration form are not conforming with expected input.
Most commonly the problems are within the username and the password.
E.g. the username you choose for mvis has to be a valid e-mail address, the password needs to be at least 8 characters long and contain at least one numbers as well as one special character (!”$%/()._-=?)
I hope that solves the problem, please let me know if it worked out.
Cheers,
StefanHello Renate,
thanks for your feedback. I am already investigating the problem and get back to you as soon as possible.
Regarding the pricing I can not disclose this information in the public forum yet, but if you drop me an e-mail provided in the “Feedback, Bugs or Feature Requests?” link, I can give you some more information privately.
Cheers,
StefanForum: Plugins
In reply to: [MVIS Security Center] Hard-coded wp-content URLs break resource loadinggreat, thanks again for the feedback Ian.
Forum: Plugins
In reply to: [MVIS Security Center] Fatal error on activationPleasure π
Forum: Plugins
In reply to: [MVIS Security Center] Hard-coded wp-content URLs break resource loadingHello Ian,
thanks for pointing that out, I was not aware of it.
Trunk is now updated to use plugins_url() to determine the wp-content directory and all hardcoded references to wp-content have been removed.
Cheers,
StefanForum: Plugins
In reply to: [MVIS Security Center] Fatal error on activationThe trunk is now updated and fixes two instances of this pass by reference.
I am currently adding another feature and will officially tag version 1.1 soon.
Cheers,
StefanForum: Plugins
In reply to: [MVIS Security Center] Fatal error on activationThanks for your the bug report Ian.
Indeed I forgot to remove this pass by reference.
I’ll post an update by today.
Cheers,
StefanForum: Fixing WordPress
In reply to: Permissions on WordPress files as well as security best practicesHello Lars,
in this case things will be considerably easier for you, because you got the power π
Add another user that owns all files and give the webserver user read and execute permissions for the group. This way, if someone were to hack you they would only be getting the rights of the webserver user (which can only read files) andso basically let’s say your user is called lars and your webserver is called www-data then you might want to do:
chown -R lars /var/www/wordpress/
chgrp -R www-data /var/www/wordpress/
chmod -R 750 /var/www/wordpress/ (assuming wordpress is installed in that directory.
This gives your user “lars” full permissions, your webserver all necessary permissions to make WordPress function properly.If you have problems with automatic updating read this passage here: http://codex.wordpress.org/Hardening_WordPress#Regarding_Automatic_Updates
Stefan
