oriver
Forum Replies Created
-
Hi @wfpeter
Thank you for kindly helping, will use your guidance to look at a .htaccess rewrite rule.
Hi @wfpeter
Thank you for explaining and clarifying this. I looked at URLs that attack attempts were being tried with, and blocked one we never use, but is frequently tried.
Just wondering about website IP address attacks. Wordfence shows attempts made at:
Would love to immediately block any attempts to this. Not sure if this could end up blocking everyone including admins, so couldn’t get to the dashboard to remove, which would only leave cPanel to access by.
I understand Wordfence looks at intent, rather than the URL. The URLs I’m concerned at have tens of attacks a week.
Forum: Fixing WordPress
In reply to: Reducing login attempts by blocking any IPs that try specific URLsHi @t-p
Thank you for your message. Already have one of these in use, and it’s great.
My query was really regarding as an extra precaution – blocking IPs that access those two URLs, but before doing so hoped someone might have had experience themselves with this?
And whether it’s safe to password protect wp-login.php, I’ve done this before and had no problem. But in comparison to password protecting wp-admin there is little on wp-login.php so just looking for someones long-term experience in doing so.
- This reply was modified 3 years, 2 months ago by oriver.
Thank you for your reply. Will hitting ‘activate SSL’ affect the SSL settings etc in anyway? Not really sure what this activation will do.
Forum: Fixing WordPress
In reply to: Disable php Execution Not WorkingAdding to the mystery, I just used a different security plugin with the option to block code execution in wp-content/uploads/ not only did their code remain on .htaccess, but even if I deleted their code and added the one above it still remained in place and was recognised as blocking. But only as long as the plugin was active, for as soon as I deactivated it, the code was deleted once again.
However, inspired by the code this plugin first produced, I’ve made some changes and so far the below code isn’t being deleted from .htaccess
#Begin <Files *.php> deny from all </Files> #EndIf it continues to not be deleted, I’ll mark this as a solution. Still puzzled though as to why wp-includes would accept and work with the .htaccess being: <Files *.php> deny from all </Files>, and with this even working in wp-content/uploads/ but only if a specific plugin was active. Very weird.
Forum: Fixing WordPress
In reply to: Directory Privacy with wp-login.php ‘Powered by WordPress’This seems to have worked. But can cause directory privacy to ask the password protected wp-login.php and wp-admin twice in a row.
For the section home/username/.wpadmin – this must match the location where .htpasswd is saved.
ErrorDocument 401 "Forbidden Access" <Files "wp-login.php"> AuthUserFile /home/username/.wpadmin AuthName "Private Access" AuthType Basic Require valid-user </Files>And yes it appears the above AJAX code does allow ajax to still work even with directory password.
- This reply was modified 3 years, 2 months ago by oriver.
Forum: Fixing WordPress
In reply to: Disable php Execution Not WorkingOriginally I tried using a couple of different security plugins, but kept noticing that it would say it was disabled and then another time would say it wasn’t.
I then tried to do so manually using the guide from https://www.wpbeginner.com/wp-tutorials/how-to-disable-php-execution-in-certain-wordpress-directories/
Which said a .htaccess file was needed in wp-includes and wp-content/uploads. One of these already had a .htaccess file, although nothing was showing, and the other didn’t. I can’t remember which was which.
In wp-includes the code shows and works beautifully. It’s just in wp-content/uploads that there is a problem. I’ve tried creating new, made sure permissions and type were correct, and even copied the .htaccess from wp-includes (which works) over to wp-content/uploads – to see if this would work.
Host won’t help says it not them. Plugins disabled and tested as cause
Forum: Fixing WordPress
In reply to: Directory Privacy with wp-login.php ‘Powered by WordPress’Thank you, I will look into this further.
As it was triggering a ‘powered by wordpress’ login, I had wrongly thought WordPress, but I understand now, thanks to your explanation, that I need to possibly look at Apache and the host provider.
Forum: Fixing WordPress
In reply to: Directory Privacy with wp-login.php ‘Powered by WordPress’Thanks for your response. The difference isn’t between https or http, as we only allow https, it’s just the addition of www. after https, and the use of cancel to bypass directory privacy on wp-login
Not looking to use a plugin, for a few different reasons, and would like to use a direct code.
Just wondering about the above code ‘ErrorDocument 401…’ in conjunction with directory privacy and whether it would still allow the ajax code to work?
Forum: Fixing WordPress
In reply to: WordPress Hardening – Securing wp-includes & wp-adminThank you for your response, seems to work okay so far. Was just unsure, due to such little info online, if this was still a trusted code. But seems to work.
Do you know anything about the Ajax code?
Forum: Everything else WordPress
In reply to: Security 3rd party options not a pluginThanks for the suggestion. We can’t really use CloudFlare right now as we have a paid subscription with another CDN, additionally, Cloudflare won’t let us use are own SSL unless we pay for the business option. Maybe next year we can look at Cloudflare. Just looking at other options in the meantime, thanks.
Forum: Fixing WordPress
In reply to: Author name URL not directing to postsHi,
In case someone else has the same issue, the mapping was going wrong, I could change the URLs to match, but as soon as I hit update it reverted back again.
Decided to delete the admin user and created a new one. No problems with this. Think the mapping got corrupted a few weeks back when changing nickname.
Forum: Fixing WordPress
In reply to: Color change on hover, and separation between categories with commaThank you for your message, I didn’t design the HTML, and they wouldn’t be happy for me to share it. I understand this makes it difficult, and probably impossible to help.
Forum: Fixing WordPress
In reply to: Color change on hover, and separation between categories with commaNo worries, thanks for looking. Maybe someone else will have come across the same.
Forum: Fixing WordPress
In reply to: Color change on hover, and separation between categories with commaThe website isn’t live. Just finalising the last touches to improve accessibility. Unable to provide a link right now to the page. Can you see anything that I’m clearly missing in the coding? Think I’m heading in the right direction, or at least I hope I am.